OTL Extras logfile created on: 2012-05-09 13:41:52 - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\4\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,61% Memory free 5,60 Gb Paging File | 4,82 Gb Available in Paging File | 86,15% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 46,58 Gb Total Space | 1,86 Gb Free Space | 3,98% Space Free | Partition Type: NTFS Drive D: | 204,33 Gb Total Space | 124,45 Gb Free Space | 60,91% Space Free | Partition Type: NTFS Drive E: | 3,59 Gb Total Space | 2,77 Gb Free Space | 77,00% Space Free | Partition Type: FAT32 Computer Name: 4-738229A91A604 | User Name: 4 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-776561741-706699826-682003330-1003\SOFTWARE\Classes\] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DoNotAllowExceptions" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\K2T\WTW\wtw.exe" = C:\Program Files\K2T\WTW\wtw.exe:*:Enabled:WTW Instant Messenger -- (K2T.eu, Kaworu) "D:\Counter- Strike\hl.exe" = D:\Counter- Strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes] "C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper "C:\Program Files\Opera Next\opera.exe" = C:\Program Files\Opera Next\opera.exe:*:Enabled:Opera Internet Browser "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ""SubEdit-Player"" = "SubEdit-Player" "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A958D2C-4D3D-44CD-8834-AFB85F5C4467}_is1" = RMFon "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2D39FF4-EEA3-41B4-BAD0-D9163E7A2D88}" = PlusOffice 2009 "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B06.0707.01 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1180-6883-2514-0226-24hPoker-PROD" = 24hPoker "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Any Video Converter_is1" = Any Video Converter 3.2.1 "avast" = avast! Free Antivirus "CCleaner" = CCleaner "Counter-Strike 1.6 v32" = Counter-Strike 1.6 v32 "Gadu-Gadu" = Gadu-Gadu 7.7 "Gadu-Gadu 10" = Gadu-Gadu 10 "GamersFirst LIVE!" = GamersFirst LIVE! "GamersFirst War Rock" = War Rock "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Indeo® Software" = Indeo® Software "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.61.0.1400 "Mario Forever v 2.16 !" = Mario Forever v 2.16 ! "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Opera 11.60.1185" = Opera 11.60 "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3 "Revo Uninstaller" = Revo Uninstaller 1.89 "Sniper Ghost Warrior_is1" = Sniper Ghost Warrior "TeamSpeak 3 Client" = TeamSpeak 3 Client "ToolTipFixer" = ToolTipFixer 2.0 "Tunatic" = Tunatic "Unlocker" = Unlocker 1.8.9 "Usbfix" = UsbFix By El Desaparecido "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WheelMouse" = iOfficeWorks 7.80 "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-776561741-706699826-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "Warcraft III" = Warcraft III [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-03-16 12:38:13 | Computer Name = 4-738229A91A604 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd warrock.exe, wersja 0.0.0.0, moduł powodujący błąd , wersja 0.0.0.0, adres błędu 0x00000000. Error - 2012-03-23 07:04:49 | Computer Name = 4-738229A91A604 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca soffice.bin, wersja 3.0.9358.500, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-03-24 12:56:08 | Computer Name = 4-738229A91A604 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.19190, adres błędu 0x002536ed. Error - 2012-03-24 12:56:11 | Computer Name = 4-738229A91A604 | Source = Application Error | ID = 1001 Description = Pakiet błędów -1458471313. Error - 2012-03-27 04:26:12 | Computer Name = 4-738229A91A604 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2012-03-28 17:20:44 | Computer Name = 4-738229A91A604 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.19190, adres błędu 0x002536ed. Error - 2012-03-31 12:52:11 | Computer Name = 4-738229A91A604 | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2012-03-31 13:40:14 | Computer Name = 4-738229A91A604 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd msxml3.dll, wersja 8.100.1052.0, adres błędu 0x000a1425. Error - 2012-04-07 06:27:32 | Computer Name = 4-738229A91A604 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd msxml3.dll, wersja 8.100.1052.0, adres błędu 0x000a1425. Error - 2012-04-08 04:47:02 | Computer Name = 4-738229A91A604 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd FlashPlayerUpdateService.exe, wersja 11.2.202.228, moduł powodujący błąd FlashPlayerUpdateService.exe, wersja 11.2.202.228, adres błędu 0x0000abd8. [ System Events ] Error - 2012-05-07 16:38:27 | Computer Name = 4-738229A91A604 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 84.38.85.13 dla karty sieciowej o adresie 001FD034BFA5 został zabroniony przez serwer DHCP 192.168.100.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-05-07 16:39:50 | Computer Name = 4-738229A91A604 | Source = Dhcp | ID = 1000 Description = Komputer utracił połączenie dla swojego adresu IP 192.168.100.2 na karcie sieciowej o adresie sieciowym 001FD034BFA5. Error - 2012-05-08 04:14:19 | Computer Name = 4-738229A91A604 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 84.38.85.13 dla karty sieciowej o adresie 001FD034BFA5 został zabroniony przez serwer DHCP 192.168.100.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-05-08 04:14:30 | Computer Name = 4-738229A91A604 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi avgntflt z powodu następującego błędu: %%2 Error - 2012-05-08 04:14:33 | Computer Name = 4-738229A91A604 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: pavboot SASKUTIL Error - 2012-05-08 04:15:20 | Computer Name = 4-738229A91A604 | Source = Dhcp | ID = 1000 Description = Komputer utracił połączenie dla swojego adresu IP 192.168.100.2 na karcie sieciowej o adresie sieciowym 001FD034BFA5. Error - 2012-05-08 04:28:00 | Computer Name = 4-738229A91A604 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi avgntflt z powodu następującego błędu: %%2 Error - 2012-05-08 04:28:04 | Computer Name = 4-738229A91A604 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: pavboot SASKUTIL Error - 2012-05-09 04:30:35 | Computer Name = 4-738229A91A604 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi avgntflt z powodu następującego błędu: %%2 Error - 2012-05-09 04:30:35 | Computer Name = 4-738229A91A604 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: pavboot SASKUTIL < End of report >