OTL Extras logfile created on: 2012-09-26 16:42:38 - Run 1 OTL by OldTimer - Version 3.2.68.0 Folder = D:\Documents and Settings\DON IGUNIO\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,50 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,66% Memory free 5,34 Gb Paging File | 4,96 Gb Available in Paging File | 92,96% Paging File free Paging file location(s): d:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 97,65 Gb Total Space | 64,74 Gb Free Space | 66,30% Space Free | Partition Type: NTFS Drive D: | 200,43 Gb Total Space | 115,35 Gb Free Space | 57,55% Space Free | Partition Type: NTFS Drive E: | 457,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: CEFARM-3EC9E7DF | User Name: DON IGUNIO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-448539723-838170752-839522115-1003\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Black Mirror III/PL-Polish_is1" = Black Mirror III "CCleaner" = CCleaner "F-Secure Product 277" = Bezpieczny Internet "GameDesire-Bingo" = GameDesire-Bingo "GameDesire-GameDesire Card Games" = GameDesire-GameDesire Card Games "GameDesire-Poker" = GameDesire-Poker "ImgBurn" = ImgBurn "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.65.0.1400 "Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 15.0.1 (x86 pl)" = Mozilla Firefox 15.0.1 (x86 pl) "Mozilla Thunderbird 10.0.2 (x86 pl)" = Mozilla Thunderbird 10.0.2 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenAL" = OpenAL "Przeklęte Ziemie: Początek" = Przeklęte Ziemie: Początek "Side 9 Screensaver" = Side 9 Screensaver "SubEdit-Player_is1" = SubEdit-Player "Torchlight II (c) Runic Games_is1" = Torchlight II (c) Runic Games version 1 "VDOTool_is1" = VDOTool 6.1 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-09-11 11:34:53 | Computer Name = CEFARM-3EC9E7DF | Source = F-Secure Anti-Virus | ID = 103 Description = 112 2012-09-11 17:34:53+02:00 cefarm-3ec9e7df CEFARM-3EC9E7DF\DON IGUNIO F-Secure Anti-Virus Web Traffic Scanning Failure Reason: http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_au_aih.exe Object name: Action: Scanning failure was only reported. Error - 2012-09-11 11:34:53 | Computer Name = CEFARM-3EC9E7DF | Source = F-Secure Anti-Virus | ID = 103 Description = 113 2012-09-11 17:34:53+02:00 cefarm-3ec9e7df CEFARM-3EC9E7DF\DON IGUNIO F-Secure Anti-Virus Web Traffic Scanning Failure Reason: http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_au_aih.exe Object name: Action: Scanning failure was only reported. Error - 2012-09-11 11:34:53 | Computer Name = CEFARM-3EC9E7DF | Source = F-Secure Anti-Virus | ID = 103 Description = 114 2012-09-11 17:34:53+02:00 cefarm-3ec9e7df CEFARM-3EC9E7DF\DON IGUNIO F-Secure Anti-Virus Web Traffic Scanning Failure Reason: http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_au_aih.exe Object name: Action: Scanning failure was only reported. Error - 2012-09-11 11:34:53 | Computer Name = CEFARM-3EC9E7DF | Source = F-Secure Anti-Virus | ID = 103 Description = 115 2012-09-11 17:34:53+02:00 cefarm-3ec9e7df CEFARM-3EC9E7DF\DON IGUNIO F-Secure Anti-Virus Web Traffic Scanning Failure Reason: http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_au_aih.exe Object name: Action: Scanning failure was only reported. Error - 2012-09-11 11:34:53 | Computer Name = CEFARM-3EC9E7DF | Source = F-Secure Anti-Virus | ID = 103 Description = 116 2012-09-11 17:34:53+02:00 cefarm-3ec9e7df CEFARM-3EC9E7DF\DON IGUNIO F-Secure Anti-Virus Web Traffic Scanning Failure Reason: http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_au_aih.exe Object name: Action: Scanning failure was only reported. Error - 2012-09-11 11:34:53 | Computer Name = CEFARM-3EC9E7DF | Source = F-Secure Anti-Virus | ID = 103 Description = 117 2012-09-11 17:34:53+02:00 cefarm-3ec9e7df CEFARM-3EC9E7DF\DON IGUNIO F-Secure Anti-Virus Web Traffic Scanning Failure Reason: http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_au_aih.exe Object name: Action: Scanning failure was only reported. Error - 2012-09-23 12:47:29 | Computer Name = CEFARM-3EC9E7DF | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca setup.tmp, wersja 51.52.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-09-24 04:08:17 | Computer Name = CEFARM-3EC9E7DF | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 15.0.1.4631, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-09-24 04:23:46 | Computer Name = CEFARM-3EC9E7DF | Source = F-Secure Anti-Virus | ID = 103 Description = 1 2012-09-24 10:23:46+02:00 cefarm-3ec9e7df CEFARM-3EC9E7DF\DON IGUNIO F-Secure Anti-Virus Web Traffic Scanning Alert Infection: http://polishcities.mobi/deriving/rewrite_naughty_workers.php?bbghbavu=0634373633&fomotf=47&pwfqipyh=38080302090b330b0b33&zwpfweel=03020003000600050a Object name: Exploit.PDF-JS.GO Action: Malicious content was blocked. Error - 2012-09-25 09:02:43 | Computer Name = CEFARM-3EC9E7DF | Source = F-Secure Anti-Virus | ID = 103 Description = 1 2012-09-25 15:02:43+02:00 cefarm-3ec9e7df CEFARM-3EC9E7DF\DON IGUNIO F-Secure Anti-Virus Web Traffic Scanning Failure Reason: http://updates5.emsisoft.com/updates/2BCCCDFF4B5FC7EBD1EDD96F205FC0B9.zip.dat Object name: Action: Scanning failure was only reported. [ System Events ] Error - 2012-09-23 12:52:08 | Computer Name = CEFARM-3EC9E7DF | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 2012-09-23 12:52:17 | Computer Name = CEFARM-3EC9E7DF | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 2012-09-23 12:52:26 | Computer Name = CEFARM-3EC9E7DF | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 2012-09-23 12:59:37 | Computer Name = CEFARM-3EC9E7DF | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2012-09-23 14:52:32 | Computer Name = CEFARM-3EC9E7DF | Source = Windows Update Agent | ID = 16 Description = Nie można połączyć się: system Windows nie może połączyć się z usługą aktualizacji automatycznych i z tego powodu nie można pobrać i zainstalować aktualizacji zgodnie z ustalonym harmonogramem. System Windows będzie nadal próbował uzyskać połączenie. Error - 2012-09-25 07:51:03 | Computer Name = CEFARM-3EC9E7DF | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2012-09-25 08:33:12 | Computer Name = CEFARM-3EC9E7DF | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2012-09-25 14:16:04 | Computer Name = CEFARM-3EC9E7DF | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2012-09-25 15:17:55 | Computer Name = CEFARM-3EC9E7DF | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2012-09-25 18:44:48 | Computer Name = CEFARM-3EC9E7DF | Source = Windows Update Agent | ID = 16 Description = Nie można połączyć się: system Windows nie może połączyć się z usługą aktualizacji automatycznych i z tego powodu nie można pobrać i zainstalować aktualizacji zgodnie z ustalonym harmonogramem. System Windows będzie nadal próbował uzyskać połączenie. < End of report >