OTL Extras logfile created on: 2012-10-27 10:37:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EuroStyl 3\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1013,81 Mb Total Physical Memory | 486,39 Mb Available Physical Memory | 47,98% Memory free 2,23 Gb Paging File | 1,85 Gb Available in Paging File | 83,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147,55 Gb Total Space | 30,23 Gb Free Space | 20,49% Space Free | Partition Type: NTFS Computer Name: EUROSTYL-LAP3 | User Name: EuroStyl 3 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{181F722A-29B4-4597-A92B-42E25C47A6EF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{34434D08-4B78-4328-830B-910BEED251F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{392E2F3F-8858-4EE2-9FC8-2FB596A7744E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3C3D3B7E-C8BB-458A-B1E2-DC915CAEABE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{43090196-E21D-4E75-9553-83F905FB0924}" = rport=138 | protocol=17 | dir=out | app=system | "{5DCE3156-17FF-4D41-A387-A8441758C152}" = rport=445 | protocol=6 | dir=out | app=system | "{6993B3B5-39B7-4672-9721-7B62CE126DF0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7CC62C82-D0C4-403D-A246-7F91BF20C7BF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{832677B3-01F0-4885-9199-C25E2B4AE8C1}" = rport=2869 | protocol=6 | dir=out | app=system | "{89BF2CDA-E058-4F75-9FFF-56336A538528}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8EF24C2A-6060-4C6D-AA60-EF427C87F4C0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A9653907-0E30-4BED-84DE-19B052249C7B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B5B0E15B-2DE1-4C9C-B772-B670015E48BF}" = lport=138 | protocol=17 | dir=in | app=system | "{BDA05E32-5345-485C-97D0-F427D4663897}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BE6D9ADF-20EC-46D5-BFD4-87CBB48C6CBC}" = rport=139 | protocol=6 | dir=out | app=system | "{C216678E-EB02-41D5-8C88-364765971624}" = lport=2869 | protocol=6 | dir=in | app=system | "{C4A32F0F-C2A0-4551-9E8C-E569ABABA9F4}" = lport=445 | protocol=6 | dir=in | app=system | "{D870D9F6-231F-4420-A527-8BAE067164E6}" = rport=137 | protocol=17 | dir=out | app=system | "{DA7680F5-9CC7-4B88-8505-F37B11248D93}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EBF84440-9095-42C0-ACD9-1C57B3FF234E}" = lport=137 | protocol=17 | dir=in | app=system | "{EF00DED0-0BEF-466B-BE20-652CE0A90A9F}" = lport=139 | protocol=6 | dir=in | app=system | "{FA83D335-0869-455C-B8FC-B62433722648}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00089EB1-29BB-41D7-8B69-CBC7F75E2660}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{0D2F3BA2-3D03-4964-8571-474C1BB83C08}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{111D8596-AC23-4FA6-A612-B6C4EF306EC2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{154E20DE-45C2-49EA-9AB9-8EE263DC53C2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{186402F6-A468-4C8C-B211-C1939CC56E4B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{30F33E36-BA17-4E77-A58A-33A925C87B6C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{36462B24-C5DE-4D16-A376-FB963D1DF41F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{3A2FF7F0-36E1-405C-A96B-64FD0A049B0C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4C884CC9-6452-448D-B8B4-8809AFA360C3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{51A02B12-44EA-4B8E-9FED-341AE364EEC2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe | "{5257D4D8-3D40-4049-8448-F04656CDD9E4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{72597B3A-7523-46CB-B1D1-F6EDDB450D18}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{81BEC5EE-FDB8-4D69-AE1B-DB3DFC4ED4C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{83D885D7-6D2C-4598-BA5F-C2F559ADB762}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{8DE9BC57-73FD-4FE1-AA79-60934BC0E0F0}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{97A93E8C-A8F3-4133-8613-5CF2ED2A5AF8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{A2A61738-4B80-45AC-9CAA-3E292F8BFA49}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{A3BB97B2-CA48-40F6-9251-8D42CB118BB8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe | "{A3F9405B-FDD0-4CCB-9964-B491E40B4284}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A461CE9D-B0BC-475A-9276-48B7A8B4A910}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A9A8072E-A6A3-493D-A0A4-8F2DDEBC3BD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AB87AE2C-B8A0-4CC2-8E97-2CC448D4E02B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{B10D2F77-264F-4854-98BE-FD62A5F70158}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{B35E88AA-4A6D-4720-BAA8-200F2FB9D010}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{C1B9EADC-9DD6-40AD-A19E-088A56655519}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{C35CA94C-04A4-44A4-B3A3-5837D504ABBC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{C990B3BC-7A0D-4899-A12F-8395ED4C36F2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{D09DB874-E380-4C65-B0CD-609BAA474978}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{D98833FE-49BE-43C7-9D9C-BA8A562E5597}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{E89E3204-CEB4-4E12-8219-DE11C83224B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FB4FA8B3-8A7D-406A-B35D-1794CC4721A3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "TCP Query User{44BED2F6-4EC6-4A14-87DA-5DE0C29EE3D7}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{FB78E13B-8EF1-4E2A-83FE-46136CB3202C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4A41FAC6-0D67-4563-B3B9-F2D360EC89B9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{5EA8430A-77ED-4B0C-BB6B-37D7CCBF1B33}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12787065-3D5B-414e-B7A8-859E74785034}" = SF_CDC_Software "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = blueconnect "{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012 "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{EB87675F-5281-4767-A54B-31931794C23D}" = OpenOffice.org 3.3 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FB79A6DF-44D2-40a6-9FFC-34BDEEBD980B}" = HP Deskjet Printer Driver Software 8.0.C "{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1" = ALLMediaServer "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer_is1" = ALLPlayer V5.X "AVG" = AVG 2012 "AVG Secure Search" = AVG Security Toolbar "Gadu-Gadu 10" = Gadu-Gadu 10 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 15.0 (x86 pl)" = Mozilla Firefox 15.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151) "RealAlt_is1" = Real Alternative 1.9.0 Lite "SMSERIAL" = Motorola SM56 Data Fax Modem "Super Kulki_is1" = Super Kulki "WinRAR archiver" = WinRAR archiver [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2193788909-4097780176-1674778850-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 16.0.1 (x86 pl)" = Mozilla Firefox 16.0.1 (x86 pl) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-09-25 09:20:43 | Computer Name = EuroStyl-Lap3 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd plugin-container.exe, wersja 15.0.1.4631, sygnatura czasowa 0x5047f97b, moduł powodujący błąd xul.dll, wersja 15.0.1.4631, sygnatura czasowa 0x5047f93b, kod wyjątku 0xc0000005, przesunięcie błędu 0x0003d0a4, identyfikator procesu 0x674, godzina rozpoczęcia aplikacji 0x01cd9af0d258a12f. Error - 2012-10-06 08:35:57 | Computer Name = EuroStyl-Lap3 | Source = System Restore | ID = 8193 Description = Error - 2012-10-06 08:35:57 | Computer Name = EuroStyl-Lap3 | Source = VSS | ID = 12305 Description = Error - 2012-10-06 08:35:57 | Computer Name = EuroStyl-Lap3 | Source = VSS | ID = 12293 Description = Error - 2012-10-06 08:35:58 | Computer Name = EuroStyl-Lap3 | Source = System Restore | ID = 8210 Description = Error - 2012-10-07 01:09:40 | Computer Name = EuroStyl-Lap3 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd DOSBox.exe, wersja 0.74.0.0, sygnatura czasowa 0x4bea7d36, moduł powodujący błąd DOSBox.exe, wersja 0.74.0.0, sygnatura czasowa 0x4bea7d36, kod wyjątku 0xc0000005, przesunięcie błędu 0x00128203, identyfikator procesu 0x150c, godzina rozpoczęcia aplikacji 0x01cda3fcc52deda0. Error - 2012-10-11 21:03:36 | Computer Name = EuroStyl-Lap3 | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2012-10-12 04:58:44 | Computer Name = EuroStyl-Lap3 | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2012-10-15 08:14:12 | Computer Name = EuroStyl-Lap3 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd soffice.bin, wersja 3.3.9556.500, sygnatura czasowa 0x4d061efd, moduł powodujący błąd svlmi.dll, wersja 3.3.9556.500, sygnatura czasowa 0x4f144aaf, kod wyjątku 0xc0000005, przesunięcie błędu 0x00025d3f, identyfikator procesu 0x9e4, godzina rozpoczęcia aplikacji 0x01cdaab55eee7564. Error - 2012-10-27 04:24:53 | Computer Name = EuroStyl-Lap3 | Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 2012-10-25 04:05:01 | Computer Name = EuroStyl-Lap3 | Source = Dhcp | ID = 1002 Description = Serwer DHCP 0.0.0.0 odmówił dzierżawy adresu IP 192.168.1.2 dla karty sieciowej o adresie 001B77A5D98D. (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-10-25 07:27:50 | Computer Name = EuroStyl-Lap3 | Source = DCOM | ID = 10010 Description = Error - 2012-10-27 04:06:09 | Computer Name = EuroStyl-Lap3 | Source = DCOM | ID = 10010 Description = Error - 2012-10-27 04:06:39 | Computer Name = EuroStyl-Lap3 | Source = DCOM | ID = 10010 Description = Error - 2012-10-27 04:24:02 | Computer Name = EuroStyl-Lap3 | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 10:09:15 na 2012-10-27 było nieoczekiwane. Error - 2012-10-27 04:24:45 | Computer Name = EuroStyl-Lap3 | Source = DCOM | ID = 10005 Description = Error - 2012-10-27 04:24:53 | Computer Name = EuroStyl-Lap3 | Source = DCOM | ID = 10005 Description = Error - 2012-10-27 04:24:54 | Computer Name = EuroStyl-Lap3 | Source = DCOM | ID = 10005 Description = Error - 2012-10-27 04:24:55 | Computer Name = EuroStyl-Lap3 | Source = DCOM | ID = 10005 Description = Error - 2012-10-27 04:25:18 | Computer Name = EuroStyl-Lap3 | Source = DCOM | ID = 10005 Description = < End of report >