- Kod: Zaznacz wszystko
Gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-26 23:49:33
Windows 5.1.2600 Dodatek Service Pack 2
Running: rh95ee1j.exe; Driver: C:\DOCUME~1\Mateusz\USTAWI~1\Temp\kwpdapod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\windows\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6CD9000, 0x1C5D58, 0xE8000020]
pnidata C:\windows\system32\DRIVERS\secdrv.sys unknown last section [0xAA5BEF00, 0x24000, 0x48000000]
---- User code sections - GMER 1.0.15 ----
.text E:\Program Files\Winamp\winamp.exe[3656] USER32.dll!SetScrollInfo 77D3902C 7 Bytes JMP 0424B623 E:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text E:\Program Files\Winamp\winamp.exe[3656] USER32.dll!GetScrollPos 77D3F66F 5 Bytes JMP 0424B5D3 E:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text E:\Program Files\Winamp\winamp.exe[3656] USER32.dll!SetScrollRange 77D3F6BB 5 Bytes JMP 0424B679 E:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text E:\Program Files\Winamp\winamp.exe[3656] USER32.dll!SetScrollPos 77D3F780 5 Bytes JMP 0424B64E E:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text E:\Program Files\Winamp\winamp.exe[3656] USER32.dll!GetScrollRange 77D3F7B7 5 Bytes JMP 0424B5F8 E:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text E:\Program Files\Winamp\winamp.exe[3656] USER32.dll!ShowScrollBar 77D40142 5 Bytes JMP 0424B6A7 E:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text E:\Program Files\Winamp\winamp.exe[3656] USER32.dll!GetScrollInfo 77D43A2F 7 Bytes JMP 0424B5AB E:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text E:\Program Files\Winamp\winamp.exe[3656] USER32.dll!EnableScrollBar 77D87BAD 7 Bytes JMP 0424B583 E:\Program Files\Winamp\Plugins\gen_jumpex.dll
OTL
- Kod: Zaznacz wszystko
OTL logfile created on: 2010-03-26 22:36:51 - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mateusz\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1 023,00 Mb Total Physical Memory | 486,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 25,67 Gb Free Space | 65,73% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 41,60 Gb Free Space | 71,00% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 44,55 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive F: | 39,82 Gb Total Space | 27,97 Gb Free Space | 70,23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OSTROWSK-84F016
Current User Name: Mateusz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010-03-26 22:31:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Pulpit\OTL.exe
PRC - [2010-03-19 09:11:22 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010-02-19 18:26:45 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-23 17:14:30 | 014,100,888 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files\ipla\ipla.exe
PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009-03-09 16:50:48 | 001,433,952 | ---- | M] (Nullsoft) -- E:\Program Files\Winamp\winamp.exe
PRC - [2009-01-29 23:11:32 | 000,052,392 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2007-11-14 11:54:24 | 002,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-10-15 12:12:22 | 000,079,360 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe
PRC - [2007-08-21 13:52:54 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007-08-21 13:52:36 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006-03-03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-01-26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003-10-16 19:07:12 | 000,626,688 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\NeostradaTP.exe
PRC - [2003-10-16 19:07:12 | 000,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe
PRC - [2003-10-16 19:07:12 | 000,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\Watch.exe
PRC - [2003-10-16 19:07:10 | 000,200,704 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\ComComp.exe
PRC - [2003-10-16 19:07:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010-03-26 22:31:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Pulpit\OTL.exe
MOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll
MOD - [2004-08-03 23:44:10 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2004-08-03 23:44:02 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2004-08-03 23:43:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll
MOD - [2004-08-03 23:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Auto | Stopped] -- -- (ASKUpgrade)
SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2006-03-03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-03-02 12:41:49 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009-02-25 23:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-02-17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007-01-25 16:37:16 | 004,027,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2003-12-08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003-12-08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll ()
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?o=13928&l=dis"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-02 12:34:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-19 18:26:56 | 000,000,000 | ---D | M]
[2009-04-03 14:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Extensions
[2010-03-25 22:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\dzgluoj0.default\extensions
[2009-05-29 20:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\dzgluoj0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009-05-29 20:25:46 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\dzgluoj0.default\searchplugins\ask.xml
[2009-08-06 13:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-05-19 08:24:10 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2010-02-19 18:26:51 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-02-19 18:26:51 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-02-19 18:26:51 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-02-19 18:26:51 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-02-19 18:26:51 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-02-19 18:26:51 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2009-06-20 19:32:57 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe ()
O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D)
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Mateusz\Menu Start\Programy\Autostart\neostrada tp.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010-03-26 22:31:48 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Pulpit\OTL.exe
[2010-03-26 22:30:36 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Mateusz\Pulpit\SPTDinst-v162-x86.exe
[2010-03-26 17:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2010-03-17 16:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\prawdopodoiebstwo
[2010-03-09 20:13:48 | 000,000,000 | ---D | C] -- C:\windows\ShellNew
[2009-07-20 17:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2009-07-20 16:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2009-03-23 19:59:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-03-23 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-03-23 19:58:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-03-23 19:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010-03-26 22:37:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\dds.scr
[2010-03-26 22:31:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Pulpit\OTL.exe
[2010-03-26 22:30:41 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Mateusz\Pulpit\SPTDinst-v162-x86.exe
[2010-03-26 22:16:00 | 000,001,038 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-03-26 20:51:51 | 000,159,883 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Odpowiedzi_Matematyka.zip
[2010-03-26 20:51:47 | 000,194,557 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Arkusze_Matematyka.zip
[2010-03-26 17:33:20 | 000,984,842 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010-03-26 17:33:20 | 000,448,004 | ---- | M] () -- C:\windows\System32\perfh015.dat
[2010-03-26 17:33:20 | 000,392,296 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010-03-26 17:33:20 | 000,074,230 | ---- | M] () -- C:\windows\System32\perfc015.dat
[2010-03-26 17:33:20 | 000,058,596 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010-03-26 17:29:24 | 000,000,972 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2010-03-26 17:29:07 | 000,001,034 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-03-26 17:29:06 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010-03-26 17:29:03 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010-03-26 16:27:56 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Mateusz\NTUSER.DAT
[2010-03-26 16:27:50 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Mateusz\ntuser.ini
[2010-03-26 15:29:23 | 000,769,496 | ---- | M] (DialCom24) -- C:\Documents and Settings\Mateusz\Pulpit\bankbrowser_3_5.exe
[2010-03-25 16:59:55 | 002,109,216 | -H-- | M] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-24 22:22:56 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2010-03-22 22:45:07 | 001,646,735 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\polibuda.jpg
[2010-03-17 16:04:55 | 006,999,188 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\prawdopodoiebstwo.rar
[2010-03-10 18:30:22 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\Skra już nie raz i nie dwa razy podała pomocną dłoń w kierunku warszawskiej drużyny.doc
[2010-03-03 14:16:26 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-02 23:43:48 | 000,133,917 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\9m.jpg
[2010-02-27 15:17:46 | 004,345,033 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\kltowicz2.pdf
[2010-02-26 20:43:23 | 011,048,376 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\veetle-0.9.16.exe
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010-03-26 22:37:10 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\dds.scr
[2010-03-26 20:51:50 | 000,159,883 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Odpowiedzi_Matematyka.zip
[2010-03-26 20:51:46 | 000,194,557 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Arkusze_Matematyka.zip
[2010-03-22 22:45:32 | 001,646,735 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\polibuda.jpg
[2010-03-17 16:04:48 | 006,999,188 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\prawdopodoiebstwo.rar
[2010-03-10 18:30:22 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\Skra już nie raz i nie dwa razy podała pomocną dłoń w kierunku warszawskiej drużyny.doc
[2010-03-02 23:42:13 | 000,133,917 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\9m.jpg
[2010-02-27 15:16:45 | 004,345,033 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\kltowicz2.pdf
[2010-02-26 20:39:34 | 011,048,376 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\veetle-0.9.16.exe
[2009-09-02 19:32:59 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2009-07-10 11:42:41 | 000,000,539 | ---- | C] () -- C:\windows\kaillera.ini
[2009-04-04 20:09:21 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2009-04-04 20:09:21 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2009-04-04 20:09:21 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2009-03-25 17:58:28 | 000,000,039 | ---- | C] () -- C:\windows\Irremote.ini
[2009-03-24 12:35:42 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-23 23:20:22 | 000,594,450 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2009-03-23 23:20:22 | 000,217,088 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009-03-23 23:20:20 | 000,005,120 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009-03-23 23:20:20 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2009-03-23 23:18:34 | 000,152,064 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009-03-23 23:18:34 | 000,019,968 | ---- | C] () -- C:\windows\System32\cpuinf32.dll
[2009-03-23 23:18:32 | 000,856,064 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009-03-23 21:21:36 | 000,000,427 | ---- | C] () -- C:\windows\ODBC.INI
[2009-03-23 21:12:22 | 000,000,169 | ---- | C] () -- C:\windows\RtlRack.ini
[2009-03-23 21:08:51 | 000,000,164 | ---- | C] () -- C:\windows\avrack.ini
[2009-03-23 21:08:42 | 000,147,456 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2009-03-23 20:10:21 | 000,077,824 | R--- | C] () -- C:\windows\System32\HPZIDS01.dll
[2009-03-23 20:03:42 | 000,005,606 | ---- | C] () -- C:\windows\System32\stci.dll
[2007-11-29 23:30:28 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007-11-29 23:28:24 | 000,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2007-11-29 23:28:24 | 000,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest
[2007-11-28 22:52:32 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2004-08-03 23:44:00 | 000,081,920 | ---- | C] () -- C:\windows\System32\ieencode.dll
[2001-07-07 03:00:02 | 000,003,234 | ---- | C] () -- C:\windows\System32\HPTCPMON.INI
[1999-01-22 17:46:58 | 000,065,536 | ---- | C] () -- C:\windows\System32\MSRTEDIT.DLL
[color=#E56717]========== LOP Check ==========[/color]
[2010-01-28 17:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2009-12-20 11:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2009-03-23 21:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu
[2009-12-15 17:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu 10
[2010-02-06 01:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\GanymedeNet
[2010-03-22 22:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Image Zone Express
[2010-03-26 17:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\ipla
[2010-03-26 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Microgaming
[2009-12-20 11:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\OpenFM
[2009-03-23 20:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Opera
[2009-08-25 00:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\uTorrent
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2010-03-26 22:36:51 - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Mateusz\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1 023,00 Mb Total Physical Memory | 486,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 25,67 Gb Free Space | 65,73% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 41,60 Gb Free Space | 71,00% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 44,55 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive F: | 39,82 Gb Total Space | 27,97 Gb Free Space | 70,23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OSTROWSK-84F016
Current User Name: Mateusz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Odkurz tutaj] -- C:\Program Files\Odkurzacz\odkurzacz.exe %1 (Franmo Software)
Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{16913489-B5E3-403E-AFD3-2B19BBE464D4}" = Opera 9.24
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{806B582D-E9FD-40CD-8315-1C64C17B7564}" = Tłumacz Komputerowy - Angielski 2
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90260415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04
"{FAB3A0EF-C845-4AFF-BE3C-98EB480F1045}" = Nero 8
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"Deluxe Ski Jump_is1" = Deluxe Ski Jump 2.1
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Everest Poker" = Everest Poker (Remove Only)
"Expekt Poker" = Expekt Poker
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"Google Chrome" = Google Chrome
"Google Updater" = Aktualizator Google
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer cenzura! Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"InstallShield_{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04
"ipla" = ipla 2.1.1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.58
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"NeostradaTP.exe" = Neostrada TP
"Niezbędnik CD_is1" = Niezbędnik CD
"Odkurzacz 11.3_is1" = Odkurzacz 11.3
"ParadiseCasino - Polish" = ParadiseCasino - Polish
"Testy B 2009_is1" = Testy B 2009
"TruePoker" = TruePoker
"TruePoker (High Res)" = TruePoker (High Res)
"Unibet Poker" = Unibet Poker
"VirtualCloneDrive" = VirtualCloneDrive
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = Archiwizator WinRAR
"YouTube Video Downloader_is1" = YouTube Video Downloader V2.0
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BankBrowser" = BankBrowser
"uTorrent" = µTorrent
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2010-02-04 15:24:07 | Computer Name = OSTROWSK-84F016 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący
błąd dbghelp.dll, wersja 5.1.2600.2180, adres błędu 0x0001295d.
Error - 2010-02-05 13:09:26 | Computer Name = OSTROWSK-84F016 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winword.exe, wersja 9.0.0.2823, moduł powodujący
błąd winword.exe, wersja 9.0.0.2823, adres błędu 0x0064efb9.
Error - 2010-02-15 12:06:25 | Computer Name = OSTROWSK-84F016 | Source = Google Update | ID = 20
Description =
Error - 2010-02-21 16:42:25 | Computer Name = OSTROWSK-84F016 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 10.0.0.10353, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-02-27 19:17:54 | Computer Name = OSTROWSK-84F016 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd opera.exe, wersja 9.24.8816.0, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x066670da.
Error - 2010-03-06 15:02:52 | Computer Name = OSTROWSK-84F016 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.2180, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-03-07 18:26:56 | Computer Name = OSTROWSK-84F016 | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
Error - 2010-03-09 15:14:39 | Computer Name = OSTROWSK-84F016 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-03-14 15:19:17 | Computer Name = OSTROWSK-84F016 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.0.3685, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-03-26 17:29:18 | Computer Name = OSTROWSK-84F016 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca ATF-Cleaner.exe, wersja 3.0.0.2, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
[ System Events ]
Error - 2010-03-25 18:44:00 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ASKUpgrade z powodu następującego błędu:
%%2
Error - 2010-03-25 18:44:00 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu: %%2
Error - 2010-03-26 03:14:27 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ASKUpgrade z powodu następującego błędu:
%%2
Error - 2010-03-26 03:14:27 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu: %%2
Error - 2010-03-26 05:36:56 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ASKUpgrade z powodu następującego błędu:
%%2
Error - 2010-03-26 05:36:56 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu: %%2
Error - 2010-03-26 09:50:24 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ASKUpgrade z powodu następującego błędu:
%%2
Error - 2010-03-26 09:50:24 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu: %%2
Error - 2010-03-26 12:29:18 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ASKUpgrade z powodu następującego błędu:
%%2
Error - 2010-03-26 12:29:18 | Computer Name = OSTROWSK-84F016 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu: %%2
< End of report >
DDS
- Kod: Zaznacz wszystko
DDS (Ver_10-03-17.01) - NTFSx86
Run by Mateusz at 22:51:57,68 on 2010-03-26
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.578 [GMT 1:00]
============== Running Processes ===============
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\ipla\ipla.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Mateusz\Pulpit\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.neostrada.pl
uWindow Title = Neostrada TP
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\progra~1\neostr~1\SEARCH~1.DLL
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: IEPluginBHO Class: {f5cc7f02-6f4e-4462-b5b1-394a57fd3e0d} - c:\documents and settings\mateusz\dane aplikacji\gadu-gadu 10\_userdata\ggbho.2.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /tray
uRun: [Odkurzacz-MCD] c:\program files\odkurzacz\odk_mcd.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [Gadu-Gadu 10] "c:\program files\gadu-gadu 10\gg.exe"
uRun: [IPLA!] c:\program files\ipla\ipla.exe /autorun
mRun: [WooCnxMon] c:\progra~1\neostr~1\CnxMon.exe
mRun: [WOOWATCH] c:\progra~1\neostr~1\Watch.exe
mRun: [WOOTASKBARICON] c:\progra~1\neostr~1\TaskbarIcon.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
StartupFolder: c:\docume~1\mateusz\menust~1\programy\autost~1\NEOSTR~1.LNK -
IE: &Winamp Search - c:\documents and settings\all users\dane aplikacji\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: { - c:\program files\messenger\msmsgs.exe
IE: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {C9B19DFB-B4D9-4459-832B-5D946728CD7C} = 213.241.79.37 87.204.204.204
Notify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mateusz\daneap~1\mozilla\firefox\profiles\dzgluoj0.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13928&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - plugin: c:\documents and settings\mateusz\dane aplikacji\gadu-gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
============= SERVICES / DRIVERS ===============
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\askupgrade.exe --> c:\program files\askbardis\bar\bin\ASKUpgrade.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
=============== Created Last 30 ================
2010-03-09 19:13:48 0 d-----w- c:\windows\ShellNew
==================== Find3M ====================
2010-03-26 16:33:20 74230 ----a-w- c:\windows\system32\perfc015.dat
2010-03-26 16:33:20 448004 ----a-w- c:\windows\system32\perfh015.dat
============= FINISH: 22:52:09,65 ===============
Attach.txt
http://wklej.org/id/304616/
