OTL Extras logfile created on: 2011-09-25 18:12:09 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\ Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 254,41 Mb Total Physical Memory | 127,13 Mb Available Physical Memory | 49,97% Memory free 624,98 Mb Paging File | 444,31 Mb Available in Paging File | 71,09% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,63 Gb Total Space | 0,73 Gb Free Space | 3,94% Space Free | Partition Type: NTFS Computer Name: JOKO-7966C40E56 | User Name: Właściciel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiSpywareOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 -- (Sports Interactive) "C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\Screamer Radio\screamer.exe" = C:\Program Files\Screamer Radio\screamer.exe:*:Enabled:Screamer Radio -- (Steamcore.se) "C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Documents and Settings\Trzy\Pulpit\TDSSKiller.exe" = C:\Documents and Settings\Trzy\Pulpit\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool -- () "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary "C:\Program Files\DAEMON Tools Lite\daemon.exe" = C:\Program Files\DAEMON Tools Lite\daemon.exe:*:Enabled:DAEMON Tools main application -- (DT Soft Ltd) "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{033FAD4E-C48B-11D5-BCEF-005004748D87}" = 64x Drivers "{0773A806-0853-4B4D-8771-55BEF03E242B}" = Dell OpenManage Client Instrumentation "{0780B80B-7B91-42AA-95CF-61387CA9933F}" = SekretNIK "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 "{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1 "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver) "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{481EA8F8-CAC0-4137-9CF8-DD0297593E61}" = TP-LINK Wireless Client Utility "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{771150EF-63F1-11D6-B60A-0800460222F0}" = Conexant-Ambit® SoftK56 Data/Fax Modem Driver for Microsoft® Windows® XP & 2000 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder "{AAFD22B6-A6C7-4134-AF4E-080BCBCD3493}" = Sagem Wi-Fi 11g USB adapter (utility) "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime "{E6E88DF4-E0F1-4AA7-912D-74223AA6B70F}" = DriverScan "{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = livebox tp "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "7-Zip" = 7-Zip 4.58 beta "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audacity_is1" = Audacity 1.2.6 "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem "Defraggler" = Defraggler "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Football Manager 2008" = Football Manager 2008 "Gadu-Gadu 10" = Gadu-Gadu 10 "I8kfanGUI" = I8kfanGUI V3.1 "Icy Tower v1.3.1_is1" = Icy Tower v1.3.1 "ie8" = Windows Internet Explorer 8 "IrfanView" = IrfanView (remove only) "Mozilla Firefox 6.0.2 (x86 pl)" = Mozilla Firefox 6.0.2 (x86 pl) "RAR Password Cracker" = RAR Password Cracker 4.12 "Registry Shower 2007_is1" = Registry Shower 2007 3.4M "SubEdit-Player_is1" = SubEdit-Player "uTorrent" = µTorrent "wList" = wList 2.1.0 "Xvid_is1" = Xvid 1.2.1 final uninstall [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2052111302-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ System Events ] Error - 2011-09-24 13:02:30 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi Netman. Error - 2011-09-25 01:16:27 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%3 Error - 2011-09-25 08:06:36 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi stisvc. Error - 2011-09-25 09:16:04 | Computer Name = JOKO-7966C40E56 | Source = ipnathlp | ID = 32003 Description = Translator adresów sieciowych (NAT) nie może zażądać wykonania operacji przez moduł tłumaczący, pracujący w trybie jądra. Może to wskazywać na błąd konfiguracji, niewystarczające zasoby lub na błąd wewnętrzny. Dane zawierają kod błędu. Error - 2011-09-25 09:16:25 | Computer Name = JOKO-7966C40E56 | Source = ipnathlp | ID = 32003 Description = Translator adresów sieciowych (NAT) nie może zażądać wykonania operacji przez moduł tłumaczący, pracujący w trybie jądra. Może to wskazywać na błąd konfiguracji, niewystarczające zasoby lub na błąd wewnętrzny. Dane zawierają kod błędu. Error - 2011-09-25 09:18:48 | Computer Name = JOKO-7966C40E56 | Source = ipnathlp | ID = 32003 Description = Translator adresów sieciowych (NAT) nie może zażądać wykonania operacji przez moduł tłumaczący, pracujący w trybie jądra. Może to wskazywać na błąd konfiguracji, niewystarczające zasoby lub na błąd wewnętrzny. Dane zawierają kod błędu. Error - 2011-09-25 09:18:48 | Computer Name = JOKO-7966C40E56 | Source = ipnathlp | ID = 32003 Description = Translator adresów sieciowych (NAT) nie może zażądać wykonania operacji przez moduł tłumaczący, pracujący w trybie jądra. Może to wskazywać na błąd konfiguracji, niewystarczające zasoby lub na błąd wewnętrzny. Dane zawierają kod błędu. Error - 2011-09-25 11:24:05 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą DLT. Error - 2011-09-25 11:24:05 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi DLT z powodu następującego błędu: %%1053 Error - 2011-09-25 11:24:05 | Computer Name = JOKO-7966C40E56 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%3 < End of report >