alonso utworzono 10 lutego 2010 utworzono 10 lutego 2010 [log]OTL logfile created on: 2010-02-10 17:16:04 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Komputer\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 64,00 Mb Available Physical Memory | 13,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30,27 Gb Total Space | 11,73 Gb Free Space | 38,75% Space Free | Partition Type: NTFS Drive D: | 40,75 Gb Total Space | 10,74 Gb Free Space | 26,35% Space Free | Partition Type: NTFS Drive E: | 40,76 Gb Total Space | 2,70 Gb Free Space | 6,62% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 699,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOWAK Current User Name: Komputer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-02-10 17:05:39 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Pulpit\OTL.exe PRC - [2009-12-21 06:45:56 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winampa.exe PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-10-28 13:44:08 | 011,539,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-10-28 12:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-08-28 13:13:02 | 000,832,808 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 21:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 21:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 21:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 21:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 21:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 21:51:40 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 21:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 21:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 21:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 21:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2006-06-29 15:45:06 | 001,581,056 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe PRC - [2005-11-08 23:00:38 | 000,128,920 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe PRC - [2005-02-24 00:32:00 | 000,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2005-01-28 13:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2005-01-18 00:56:28 | 000,139,264 | ---- | M] (ToCA EDIT) -- C:\Documents and Settings\Komputer\Pulpit\rbrcamhack3.0\rbrcamhack3[1].0\CamHack.exe PRC - [2004-11-04 19:28:24 | 000,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2004-09-13 15:49:00 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2004-09-07 16:25:12 | 001,151,090 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe PRC - [2004-09-07 14:25:58 | 001,400,944 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe PRC - [2004-07-20 14:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2004-01-26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe PRC - [2003-10-31 19:42:40 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe PRC - [2003-10-16 18:07:12 | 000,626,688 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\NeostradaTP.exe PRC - [2003-10-16 18:07:12 | 000,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe PRC - [2003-10-16 18:07:12 | 000,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\Watch.exe PRC - [2003-10-16 18:07:10 | 000,200,704 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\ComComp.exe PRC - [2003-10-16 18:07:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-02-10 17:05:39 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Pulpit\OTL.exe MOD - [2008-04-14 21:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 21:51:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2008-04-14 21:51:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2008-04-14 21:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 21:50:58 | 000,668,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2008-04-14 21:50:58 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2008-04-14 21:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 21:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 21:50:58 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll MOD - [2008-04-14 21:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 21:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 21:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 21:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 21:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll MOD - [2008-04-14 21:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 21:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 21:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 21:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 21:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 21:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 21:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 21:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 21:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 21:50:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll MOD - [2008-04-14 21:50:42 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2008-04-14 21:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 21:50:42 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll MOD - [2008-04-14 21:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 21:50:40 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll MOD - [2008-04-14 21:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-14 21:50:38 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll MOD - [2008-04-14 21:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 21:50:36 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll MOD - [2008-04-14 21:50:36 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2008-04-14 21:50:34 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2008-04-14 21:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 21:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 21:50:28 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll MOD - [2008-04-14 21:50:18 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll MOD - [2008-04-14 21:50:18 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll MOD - [2008-04-14 21:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 21:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 21:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 21:50:04 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll MOD - [2008-04-14 21:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 21:50:00 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2008-04-14 21:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 21:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2005-02-24 00:32:00 | 000,127,043 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2004-09-29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004-09-07 16:25:12 | 001,151,090 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2004-07-20 14:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) SRV - [2003-07-28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-01-08 21:49:34 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - [2010-01-08 21:47:58 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2006-08-08 09:54:30 | 000,182,528 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHFF04.sys -- (SaiHFF04) DRV - [2006-08-08 09:54:30 | 000,016,512 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiIFF04.sys -- (SaiIFF04) Immersion's HID USB Driver (FF04) DRV - [2006-06-29 15:45:06 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2005-02-24 00:32:00 | 003,454,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2004-12-14 19:33:52 | 000,051,120 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2004-12-14 19:33:52 | 000,021,744 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2004-12-14 19:33:52 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2004-12-14 16:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2004-12-07 09:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2004-11-24 10:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2004-11-24 10:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004-10-21 04:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004-09-07 16:27:38 | 000,028,544 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2004-09-07 16:27:22 | 000,091,136 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2004-07-20 14:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2003-12-08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003-12-08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2003-12-05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll () IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-24 19:19:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-24 19:19:10 | 000,000,000 | ---D | M] [2010-01-24 19:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Extensions [2010-01-24 19:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\rxri9zu4.default\extensions [2010-01-24 21:39:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Komputer\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft) O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe () O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D) O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D) O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-01-01 00:15:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004-07-06 11:25:12 | 000,022,486 | R--- | M] () - G:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2004-07-06 11:25:12 | 000,000,113 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{802f3141-3f11-11d8-a4c5-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{802f3141-3f11-11d8-a4c5-806d6172696f}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-10 17:05:32 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Pulpit\OTL.exe [2010-02-10 10:53:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Komputer\Recent [2010-02-09 18:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\GTR2 [2010-02-09 17:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\Nowy folder (3) [2010-02-06 12:48:41 | 009,089,880 | ---- | C] (Opera Software ASA ) -- C:\Documents and Settings\Komputer\Pulpit\Opera_1000_int_Setup.exe [2010-02-06 12:38:47 | 007,562,568 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\Komputer\Pulpit\Opera_964_int_Setup.exe [2010-02-06 12:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010-02-06 12:31:23 | 011,650,440 | ---- | C] (Opera Software ASA ) -- C:\Documents and Settings\Komputer\Pulpit\Opera_1010_in_Setup.exe [2010-02-04 15:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\swedish_rally [2010-02-04 11:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\Snow_Mod [2010-02-03 19:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\.jpi_cache [2010-02-03 19:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\.java [2010-01-29 15:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\Kubus Fatalisa - Corsa s1600 [2010-01-28 19:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie [2010-01-24 20:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\CTdeveloping [2010-01-24 20:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2010-01-24 20:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\VeryPDF PDF2Word v3.0 [2010-01-24 19:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Mozilla [2010-01-24 19:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla [2010-01-24 19:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010-01-24 19:17:40 | 009,035,208 | ---- | C] (Mozilla) -- C:\Documents and Settings\Komputer\Pulpit\Firefox Setup 3.6.exe [2010-01-24 18:05:35 | 000,000,000 | ---D | C] -- C:\Games [2010-01-22 21:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar [2010-01-22 15:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\Nowy folder (2) [2010-01-20 20:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync [2010-01-20 20:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010-01-20 20:38:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW [2010-01-20 20:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010-01-16 13:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\Set [2004-01-01 00:19:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2004-01-01 00:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2004-01-01 00:19:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2004-01-01 00:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-10 17:05:39 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Pulpit\OTL.exe [2010-02-10 14:47:02 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-02-10 14:47:02 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-02-10 14:47:02 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-02-10 14:47:02 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-02-10 14:47:01 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-02-10 14:42:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-10 14:42:51 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-02-10 14:42:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-10 14:41:22 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Komputer\NTUSER.DAT [2010-02-10 14:41:22 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Komputer\ntuser.ini [2010-02-10 14:41:11 | 003,740,110 | -H-- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-09 18:25:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-07 17:07:43 | 292,872,899 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\RBRMontekland09.exe [2010-02-06 12:50:52 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-02-06 12:49:56 | 009,089,880 | ---- | M] (Opera Software ASA ) -- C:\Documents and Settings\Komputer\Pulpit\Opera_1000_int_Setup.exe [2010-02-06 12:46:57 | 000,012,716 | ---- | M] () -- C:\Documents and Settings\Komputer\Moje dokumenty\cc_20100206_124631LUTY.reg [2010-02-06 12:40:29 | 007,562,568 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\Komputer\Pulpit\Opera_964_int_Setup.exe [2010-02-06 12:34:08 | 011,650,440 | ---- | M] (Opera Software ASA ) -- C:\Documents and Settings\Komputer\Pulpit\Opera_1010_in_Setup.exe [2010-02-04 14:23:26 | 036,001,519 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\swedish_rally.rar [2010-02-04 11:12:49 | 000,029,945 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\Snow_Mod.rar [2010-02-03 19:18:09 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Komputer\.plugin140_03.trace [2010-02-03 17:37:29 | 000,047,376 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\144829.jpg [2010-01-30 17:30:13 | 058,808,722 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\MLynky_test_2.wmv [2010-01-29 15:54:44 | 006,615,326 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\Kubus Fatalisa - Corsa s1600.rar [2010-01-24 20:39:44 | 000,000,212 | ---- | M] () -- C:\WINDOWS\pdf2word.INI [2010-01-24 20:37:03 | 002,303,689 | ---- | M] () -- C:\Documents and Settings\Komputer\Moje dokumenty\C__Documents and Settings_Komputer_Ustawienia lokalne_Dane aplikacji_Opera_Opera_cache_opr03LM4.pdf [2010-01-24 19:19:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010-01-24 19:19:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-01-24 19:18:56 | 009,035,208 | ---- | M] (Mozilla) -- C:\Documents and Settings\Komputer\Pulpit\Firefox Setup 3.6.exe [2010-01-24 18:07:22 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\Run ORF-Ski Challenge 2010.lnk [2010-01-22 18:03:40 | 014,563,010 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\Fabia KC Model.zip [2010-01-21 16:15:32 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-01-20 21:07:51 | 000,017,856 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-01-20 20:39:34 | 000,000,385 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2010-01-20 20:39:12 | 000,000,608 | ---- | M] () -- C:\WINDOWS\win.ini [2010-01-17 16:15:11 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\tsm_jackson_sorensen_2__www.przeklej.pl.doc [2010-01-15 18:41:34 | 000,031,032 | ---- | M] () -- C:\Documents and Settings\Komputer\Moje dokumenty\cc_20100115_184124O.reg [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-07 15:36:28 | 292,872,899 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\RBRMontekland09.exe [2010-02-06 16:07:26 | 014,846,068 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\track-43_N_textures.rbz [2010-02-06 12:50:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-02-06 12:46:41 | 000,012,716 | ---- | C] () -- C:\Documents and Settings\Komputer\Moje dokumenty\cc_20100206_124631LUTY.reg [2010-02-04 14:14:45 | 036,001,519 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\swedish_rally.rar [2010-02-04 11:12:49 | 000,029,945 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\Snow_Mod.rar [2010-02-03 19:18:08 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Komputer\.plugin140_03.trace [2010-02-03 17:37:29 | 000,047,376 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\144829.jpg [2010-01-30 17:08:01 | 058,808,722 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\MLynky_test_2.wmv [2010-01-29 15:53:34 | 006,615,326 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\Kubus Fatalisa - Corsa s1600.rar [2010-01-24 20:39:44 | 000,000,212 | ---- | C] () -- C:\WINDOWS\pdf2word.INI [2010-01-24 20:37:03 | 002,303,689 | ---- | C] () -- C:\Documents and Settings\Komputer\Moje dokumenty\C__Documents and Settings_Komputer_Ustawienia lokalne_Dane aplikacji_Opera_Opera_cache_opr03LM4.pdf [2010-01-24 19:19:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010-01-24 19:19:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-01-24 18:07:22 | 000,001,567 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\Run ORF-Ski Challenge 2010.lnk [2010-01-22 17:55:47 | 014,563,010 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\Fabia KC Model.zip [2010-01-20 20:39:34 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-01-17 16:15:11 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\tsm_jackson_sorensen_2__www.przeklej.pl.doc [2010-01-15 18:41:32 | 000,031,032 | ---- | C] () -- C:\Documents and Settings\Komputer\Moje dokumenty\cc_20100115_184124O.reg [2010-01-10 20:46:00 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2010-01-09 09:39:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010-01-08 21:49:34 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys [2010-01-08 21:47:58 | 000,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-01-08 21:47:58 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9661.sys [2005-02-24 00:32:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2004-01-01 00:52:32 | 001,998,848 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF04.Dll [2004-01-01 00:52:32 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF04_10.dll [2004-01-01 00:52:32 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF04_0C.dll [2004-01-01 00:52:32 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF04_0A.dll [2004-01-01 00:52:32 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF04_07.dll [2004-01-01 00:52:32 | 000,006,656 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF04_09.dll [2004-01-01 00:52:32 | 000,006,656 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF04_0402.dll [2004-01-01 00:44:09 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2004-01-01 00:43:33 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2004-01-01 00:42:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2004-01-01 00:40:33 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini [2004-01-01 00:40:33 | 000,000,514 | ---- | C] () -- C:\WINDOWS\setup.ini [2004-01-01 00:35:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL [2004-01-01 00:35:36 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2004-01-01 00:35:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll [2004-01-01 00:21:42 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2003-01-07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2010-01-09 19:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-02-09 22:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-01-24 21:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\CTdeveloping [2010-01-08 21:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\EurekaLog [2010-01-08 21:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Gadu-Gadu 10 [2010-02-10 14:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\ipla [2010-01-09 19:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Nowe Gadu-Gadu [2010-01-09 21:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\OpenFM [2010-01-08 20:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Opera [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] [log]OTL Extras logfile created on: 2010-02-10 17:16:04 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Komputer\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 64,00 Mb Available Physical Memory | 13,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30,27 Gb Total Space | 11,73 Gb Free Space | 38,75% Space Free | Partition Type: NTFS Drive D: | 40,75 Gb Total Space | 10,74 Gb Free Space | 26,35% Space Free | Partition Type: NTFS Drive E: | 40,76 Gb Total Space | 2,70 Gb Free Space | 6,62% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 699,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOWAK Current User Name: Komputer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- File not found "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher "{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00 "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext "{3947442A-1409-45fc-A885-FB1CF937675D}" = 1400 "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92C7D009-A464-4948-A980-7A3E28CB2F49}" = Richard Burns Rally "{A07BAED2-DA9A-436A-83F1-80BA23FA9E4B}" = 1400_Help "{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03 "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software "{DE66E6E1-BFBC-4586-A03C-686598F4CA3C}" = 1400Trb "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast!" = avast! Antivirus "CCleaner" = CCleaner "eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook! "HP Photo & Imaging" = HP Image Zone 4.7 "HPExtendedCapabilities" = HP Extended Capabilities 4.7 "InCD!UninstallKey" = InCD "ipla" = ipla 2.1.1 "Java Web Start" = Java Web Start "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "NeostradaTP.exe" = Neostrada TP "Nero - Burning Rom!UninstallKey" = Nero OEM "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "NVIDIA Drivers" = NVIDIA Drivers "PCI Audio Driver" = PCI Audio Driver "RBR Lamer Pack 1.2" = RBR Lamer Pack 1.2 "RBRHradek" = RBR Hradek (remove only) "RBRMontekland" = RBR Montekland 0.9 (remove only) "RBRPribram1" = RBR Pribram (remove only) "RBRPribram2" = RBR Pribram 2 (remove only) "RBRProspectRidge2A" = RBR Prospect Ridge 2A (remove only) "RBRPTDRallySprint11" = RBR PTD RallySprint 1.1 (remove only) "RBRReversedTracks" = RBR Reversed Tracks (remove only) "RBRSchool2" = RBR School stage 2 (remove only) "RBRSosnova" = RBR Sosnova (remove only) "RBRTM" = RBR Tournament plugin (remove only) "VeryPDF PDF2Word v3.0_is1" = VeryPDF PDF2Word v3.0 "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "Windows Media Format Runtime" = Windows Media Format Runtime "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "sc10-ORF_MAIN" = ORF-Ski Challenge 2010 "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-02-03 15:47:28 | Computer Name = NOWAK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd winamp.exe, wersja 5.5.7.2810, moduł powodujący błąd ml_bookmarks.dll, wersja 0.0.0.0, adres błędu 0x0000128b. Error - 2010-02-06 11:35:37 | Computer Name = NOWAK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gtr2.exe, wersja 1.0.0.0, moduł powodujący błąd gtr2.exe, wersja 1.0.0.0, adres błędu 0x00230aab. Error - 2010-02-06 11:36:00 | Computer Name = NOWAK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gtr2.exe, wersja 1.0.0.0, moduł powodujący błąd gtr2.exe, wersja 1.0.0.0, adres błędu 0x00230aab. Error - 2010-02-06 11:36:30 | Computer Name = NOWAK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gtr2.exe, wersja 1.0.0.0, moduł powodujący błąd gtr2.exe, wersja 1.0.0.0, adres błędu 0x00230aab. Error - 2010-02-06 11:37:49 | Computer Name = NOWAK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gtr2.exe, wersja 1.0.0.0, moduł powodujący błąd gtr2.exe, wersja 1.0.0.0, adres błędu 0x00230aab. Error - 2010-02-09 08:25:58 | Computer Name = NOWAK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd comcomp.exe, wersja 5.5.0.391, moduł powodujący błąd comcomp.exe, wersja 5.5.0.391, adres błędu 0x00008c4c. Error - 2010-02-09 13:40:39 | Computer Name = NOWAK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca GTR2.exe, wersja 1.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. < End of report > [/log] [log]Logfile of random's system information tool 1.06 (written by random/random) Run by Komputer at 2010-02-10 17:23:36 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 12 GB (39%) free of 31 GB Total RAM: 511 MB (11% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:23:48, on 2010-02-10 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\WINDOWS\Mixer.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Neostrada TP\Watch.exe C:\Documents and Settings\Komputer\Pulpit\rbrcamhack3.0\rbrcamhack3[1].0\CamHack.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Komputer\Pulpit\OTL.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\Documents and Settings\Komputer\Pulpit\RSIT.exe C:\Program Files\trend micro\Komputer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Komputer\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{45EFD4DE-B5E9-4BF4-AB6F-2410BC039C05}: NameServer = 194.204.159.1 194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip\..\{45EFD4DE-B5E9-4BF4-AB6F-2410BC039C05}: NameServer = 194.204.159.1 194.204.152.34 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6527 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Komputer\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-10-28 42088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-09-07 1400944] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-24 5537792] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-02-24 86016] "RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2003-10-31 32768] "C-Media Mixer"=Mixer.exe /startup [] "WooCnxMon"=C:\PROGRA~1\NEOSTR~1\CnxMon.exe [2003-10-16 24576] "SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816] "WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2003-10-16 20480] "WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [2003-10-16 53248] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-12-21 39424] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "IPLA!"=C:\Program Files\ipla\ipla.exe [2009-12-23 14100888] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{802f3141-3f11-11d8-a4c5-806d6172696f}] shell\AutoRun\command - F:\Setup.exe ======List of files/folders created in the last 1 months====== 2010-02-10 17:23:39 ----D---- C:\Program Files\trend micro 2010-02-10 17:23:36 ----D---- C:\rsit 2010-02-09 17:44:13 ----A---- C:\WINDOWS\system32\ptpusb.dll 2010-02-09 17:44:12 ----A---- C:\WINDOWS\system32\ptpusd.dll 2010-02-06 12:35:09 ----D---- C:\WINDOWS\system32\appmgmt 2010-01-24 20:58:57 ----D---- C:\Documents and Settings\Komputer\Dane aplikacji\CTdeveloping 2010-01-24 20:48:58 ----D---- C:\Program Files\PDFCreator 2010-01-24 20:39:44 ----A---- C:\WINDOWS\pdf2word.INI 2010-01-24 20:39:06 ----D---- C:\Program Files\VeryPDF PDF2Word v3.0 2010-01-24 19:19:15 ----D---- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla 2010-01-24 19:19:09 ----D---- C:\Program Files\Mozilla Firefox 2010-01-24 18:05:35 ----D---- C:\Games 2010-01-20 20:39:34 ----A---- C:\WINDOWS\ODBC.INI 2010-01-20 20:38:48 ----D---- C:\Program Files\Microsoft ActiveSync 2010-01-20 20:38:42 ----D---- C:\Program Files\Common Files\DESIGNER 2010-01-20 20:38:13 ----D---- C:\WINDOWS\SHELLNEW 2010-01-20 20:38:13 ----D---- C:\Program Files\Microsoft Office ======List of files/folders modified in the last 1 months====== 2010-02-10 17:23:44 ----D---- C:\WINDOWS\Prefetch 2010-02-10 17:23:39 ----RD---- C:\Program Files 2010-02-10 14:47:02 ----D---- C:\WINDOWS\system32 2010-02-10 14:47:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-02-10 14:43:55 ----D---- C:\WINDOWS\Temp 2010-02-10 14:43:08 ----D---- C:\Program Files\Neostrada TP 2010-02-10 14:42:51 ----D---- C:\Documents and Settings\Komputer\Dane aplikacji\ipla 2010-02-10 14:41:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-10 11:35:17 ----D---- C:\WINDOWS 2010-02-09 22:49:18 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM 2010-02-09 17:51:28 ----D---- C:\WINDOWS\security 2010-02-09 17:51:26 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-07 16:40:07 ----D---- C:\WINDOWS\Help 2010-02-06 12:50:52 ----SHD---- C:\WINDOWS\Installer 2010-02-06 12:50:52 ----HD---- C:\Config.Msi 2010-02-06 12:50:51 ----D---- C:\Program Files\Opera 2010-02-03 20:55:22 ----D---- C:\Documents and Settings\Komputer\Dane aplikacji\Winamp 2010-02-03 16:10:03 ----SD---- C:\Documents and Settings\Komputer\Dane aplikacji\Microsoft 2010-01-29 20:42:47 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2010-01-24 21:39:37 ----D---- C:\WINDOWS\WinSxS 2010-01-21 20:07:35 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-21 20:07:29 ----D---- C:\WINDOWS\system32\drivers 2010-01-20 20:39:12 ----A---- C:\WINDOWS\win.ini 2010-01-20 20:38:59 ----D---- C:\Program Files\Common Files\Microsoft Shared 2010-01-20 20:38:58 ----RSD---- C:\WINDOWS\Fonts 2010-01-20 20:38:42 ----D---- C:\Program Files\Common Files 2010-01-20 20:38:40 ----HD---- C:\WINDOWS\inf 2010-01-20 20:38:15 ----D---- C:\Program Files\Common Files\System 2010-01-20 20:38:13 ----D---- C:\WINDOWS\pchealth 2010-01-20 20:37:53 ----D---- C:\WINDOWS\system ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408] R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-10-21 35840] R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-07 28544] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160] R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600] R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120] R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2006-06-29 379726] R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2010-01-08 223128] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-24 3454144] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-24 33408] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-24 12928] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-07 91136] S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744] S3 MSICPL;MSICPL; \??\F:\install4\MSICPL.sys [] S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys [] S3 SaiHFF04;SaiHFF04; C:\WINDOWS\system32\DRIVERS\SaiHFF04.sys [2006-08-08 182528] S3 SaiIFF04;Immersion's HID USB Driver (FF04); C:\WINDOWS\system32\DRIVERS\SaiIFF04.sys [2006-08-08 16512] S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys [] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-09-07 1151090] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-02-24 127043] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- [/log] [log]info.txt logfile of random's system information tool 1.06 2010-02-10 17:23:51 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 50 FREE MP3s +1 Free Audiobook!-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe" Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 ASUSDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup CCleaner-->"C:\Program Files\CCleaner\uninst.exe" DVD Solution-->"C:\Program Files\Uninstall_CDS.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone Express-->MsiExec.exe /X{8F7A4D82-B168-4F89-99C2-B9873EC877AF} HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1} InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL ipla 2.1.1-->C:\Program Files\ipla\uninst.exe Java 2 Runtime Environment, SE v1.4.0_03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall Neostrada TP-->C:\PROGRA~1\NEOSTR~1\SondageDesinstallation.exe Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exe NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI Opera 10.00-->MsiExec.exe /X{2085F05D-24C5-4E27-B7B4-A51DE890FFC9} PCI Audio Driver-->cmuninst.exe PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall RBR Hradek (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRHradekUninst.exe" RBR Lamer Pack 1.2-->"C:\Program Files\SCi Games\Richard Burns Rally\uninstall RBR LAMER Pack.exe" RBR Montekland 0.9 (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRMonteklandUninst.exe" RBR Pribram (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRPribram1Uninst.exe" RBR Pribram 2 (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRPribram2Uninst.exe" RBR Prospect Ridge 2A (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRPR2AUninst.exe" RBR PTD RallySprint 1.1 (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRRallySprint11Uninst.exe" RBR Reversed Tracks (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRRevUninst.exe" RBR School stage 2 (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRSch2uninst.exe" RBR Sosnova (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRSosnovaUninst.exe" RBR Tournament plugin (remove only)-->"C:\Program Files\SCi Games\Richard Burns Rally\RBRTMuninst.exe" Richard Burns Rally-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92C7D009-A464-4948-A980-7A3E28CB2F49}\setup.exe" -l0x9 SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel VeryPDF PDF2Word v3.0-->"C:\Program Files\VeryPDF PDF2Word v3.0\unins000.exe" Winamp Toolbar-->"C:\Program Files\Winamp Toolbar\uninstall.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll ======System event log====== Computer Name: NOWAK Event Code: 7036 Message: Usługa Pml Driver HPZ12 weszła w stan uruchomienia. Record Number: 9203 Source Name: Service Control Manager Time Written: 20100203172859.000000+060 Event Type: informacje User: Computer Name: NOWAK Event Code: 7035 Message: Do usługi Pml Driver HPZ12 został pomyślnie wysłany kod sterowania uruchom. Record Number: 9202 Source Name: Service Control Manager Time Written: 20100203172859.000000+060 Event Type: informacje User: NOWAK\Komputer Computer Name: NOWAK Event Code: 7036 Message: Usługa Pml Driver HPZ12 weszła w stan zatrzymania. Record Number: 9201 Source Name: Service Control Manager Time Written: 20100203172658.000000+060 Event Type: informacje User: Computer Name: NOWAK Event Code: 7036 Message: Usługa Pml Driver HPZ12 weszła w stan uruchomienia. Record Number: 9200 Source Name: Service Control Manager Time Written: 20100203172658.000000+060 Event Type: informacje User: Computer Name: NOWAK Event Code: 7035 Message: Do usługi Pml Driver HPZ12 został pomyślnie wysłany kod sterowania uruchom. Record Number: 9199 Source Name: Service Control Manager Time Written: 20100203172658.000000+060 Event Type: informacje User: NOWAK\Komputer =====Application event log===== Computer Name: NOWAK Event Code: 1000 Message: Liczniki wydajności dla usługi WmiApRpl (WmiApRpl) zostały pomyślnie załadowane. Dane rekordu zawierają nowe wartości indeksu przypisane do tej usługi. Record Number: 560 Source Name: LoadPerf Time Written: 20100130090348.000000+060 Event Type: informacje User: Computer Name: NOWAK Event Code: 1001 Message: Liczniki wydajności dla usługi WmiApRpl (WmiApRpl) zostały pomyślnie usunięte. Dane rekordu zawierają nowe wartości wpisów Last Counter (ostatni licznik) i Last Help (ostatnia Pomoc) do Rejestru systemowego. Record Number: 559 Source Name: LoadPerf Time Written: 20100130090348.000000+060 Event Type: informacje User: Computer Name: NOWAK Event Code: 102 Message: wuaueng.dll (2632) SUS20ClientDataStore: Aparat bazy danych uruchomił nowe wystąpienie (0). Record Number: 558 Source Name: ESENT Time Written: 20100130090036.000000+060 Event Type: informacje User: Computer Name: NOWAK Event Code: 100 Message: wuauclt (2632) Aparat bazy danych 5.01.2600.5512 został uruchomiony. Record Number: 557 Source Name: ESENT Time Written: 20100130090036.000000+060 Event Type: informacje User: Computer Name: NOWAK Event Code: 1800 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 556 Source Name: SecurityCenter Time Written: 20100130085947.000000+060 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2c02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log] [log]GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-10 17:50:23 Windows 5.1.2600 Dodatek Service Pack 3 Running: u5pb4yuq.exe; Driver: C:\DOCUME~1\Komputer\USTAWI~1\Temp\uxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEBB2E6B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEBB2E574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEBB2EA52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEBB2E14C] SSDT sptd.sys ZwEnumerateKey [0xF8496C22] SSDT sptd.sys ZwEnumerateValueKey [0xF8496F9A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEBB2E64E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEBB2E08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEBB2E0F0] SSDT sptd.sys ZwQueryKey [0xF8497064] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEBB2E76E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEBB2E72E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEBB2E8AE] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501C90 4 Bytes JMP E442EBB2 .text ntkrnlpa.exe!ZwCallbackReturn + 2740 80501F68 4 Bytes CALL 94570B1F ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? C:\WINDOWS\System32\Drivers\SPTD9661.SYS Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F6F4A4F0 16 Bytes [27, 5D, F8, A0, AF, 1B, FE, ...] .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F6F4A501 31 Bytes [90, F4, F6, 22, AD, 89, B1, ...] ? C:\WINDOWS\System32\Drivers\dtscsi.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8492AD2] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8492C0E] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8492B96] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F849376C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8493642] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 823974D0 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Fastfat \FatCdrom 81F38390 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\dmio \Device\DmControl\DmIoDaemon 82397EB0 Device \Driver\dmio \Device\DmControl\DmConfig 82397EB0 Device \Driver\dmio \Device\DmControl\DmPnP 82397EB0 Device \Driver\dmio \Device\DmControl\DmInfo 82397EB0 Device \Driver\00000049 \Device\00000046 sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{45EFD4DE-B5E9-4BF4-AB6F-2410BC039C05} 81DD8290 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 823970E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 823970E8 Device \Driver\Cdrom \Device\CdRom0 821A2EB0 Device \FileSystem\Rdbss \Device\FsWrap 81DDE290 Device \Driver\Ftdisk \Device\HarddiskVolume3 823970E8 Device \Driver\Cdrom \Device\CdRom1 821A2EB0 Device \Driver\nvatabus \Device\00000068 823979C0 Device \Driver\nvatabus \Device\00000069 823979C0 Device \Driver\NetBT \Device\NetBt_Wins_Export 81DD8290 Device \FileSystem\InCDfs \Device\InCDfsComm 821A10E8 Device \Driver\NetBT \Device\NetbiosSmb 81DD8290 Device \Driver\NetBT \Device\NetBT_Tcpip_{70DD63C2-62BC-4E66-88FD-40A26B99C76A} 81DD8290 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Disk \Device\Harddisk0\DR0 82397708 AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\nvatabus \Device\NvAta0 823979C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81DDF290 Device \Driver\nvatabus \Device\NvAta1 823979C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector 81DDF290 Device \Driver\nvatabus \Device\NvAta2 823979C0 Device \FileSystem\Npfs \Device\NamedPipe 8202C528 Device \Driver\Ftdisk \Device\FtControl 823970E8 Device \FileSystem\Msfs \Device\Mailslot 820B87C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1 81ECDEB0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 81ECDEB0 Device \FileSystem\Fastfat \Fat 81F38390 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\InCDfs \GLOBAL??\BsUDF 821A10E8 Device \FileSystem\Cdfs \Cdfs 81DDC290 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 696050602 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1802942453 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 403348336 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0xEA 0x5B 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1D 0xC7 0xC2 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0x65 0xEA 0x1A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0xEA 0x5B 0xD3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1D 0xC7 0xC2 0x2A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0x65 0xEA 0x1A ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\opr04ADF 6259 bytes File C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\opr04ADC 1104 bytes File C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\opr04ADD 35 bytes File C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\opr04ADE 2803 bytes ---- EOF - GMER 1.0.15 ---- [/log]
Psycholandia komentarz 13 lutego 2010 komentarz 13 lutego 2010 Uruchom OTL i klik na CleanUP. Czysto.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.