OTL Extras logfile created on: 2012-11-20 23:07:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ceglarek.ceglarek-PC\Desktop\wirus 20.11.2012 Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,91% Memory free 6,19 Gb Paging File | 5,82 Gb Available in Paging File | 94,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 48,55 Gb Free Space | 51,56% Space Free | Partition Type: NTFS Drive D: | 129,94 Gb Total Space | 45,60 Gb Free Space | 35,09% Space Free | Partition Type: NTFS Computer Name: CEGLAREK-PC | User Name: ceglarek | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1" [HKEY_USERS\S-1-5-21-2390917667-422551507-1069974073-1000\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "FirewallOverride" = 1 "FirstRunDisabled" =  "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{65DDFB91-99C5-46DB-A4D4-DEBB5996BE94}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{8E6D5343-56D2-4122-876E-D976715F1B88}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{23EB7838-83DC-408E-9CD0-D465FB376158}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{915F39E2-37C2-4229-9A3B-39FFF256091F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{F22F97F6-6042-4A75-B588-8EA6B934E464}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{1A15AA67-CD1C-4B41-A17F-AFFFCAA4E765}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{735C9BE5-1257-46C4-86BF-AB68F204C560}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{AD8F9178-2C25-44D4-8EFD-F32B2C2342F7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{854C47D1-C2A0-4492-8655-C3F8D49C1045}" = Nero 8 Essentials "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DEAD07C6-D070-43AB-A60D-D9ABE55E296D}_is1" = JPEGCrops 0.7.5 beta "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "Fotosizer" = Fotosizer 1.25 "GoldWave v5.58" = GoldWave v5.58 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.5 (Full) "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 15.0.1 (x86 pl)" = Mozilla Firefox 15.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-10-29 06:23:05 | Computer Name = ceglarek-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2012-10-29 06:23:05 | Computer Name = ceglarek-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2012-10-29 06:23:05 | Computer Name = ceglarek-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2012-10-29 06:23:05 | Computer Name = ceglarek-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2012-11-07 05:24:59 | Computer Name = ceglarek-PC | Source = VSS | ID = 12289 Description = Error - 2012-11-07 05:25:00 | Computer Name = ceglarek-PC | Source = System Restore | ID = 8193 Description = Error - 2012-11-07 05:25:00 | Computer Name = ceglarek-PC | Source = System Restore | ID = 8210 Description = Error - 2012-11-08 04:57:10 | Computer Name = ceglarek-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd BabylonToolbarsrv.exe, wersja 1.8.3.0, sygnatura czasowa 0x507b0bf9, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x00ac1e58, identyfikator procesu 0x192c, godzina rozpoczęcia aplikacji 0x01cdbd8f0972bda0. Error - 2012-11-09 18:09:13 | Computer Name = ceglarek-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2012-11-09 18:09:13 | Computer Name = ceglarek-PC | Source = Windows Search Service | ID = 3013 Description = [ System Events ] Error - 2012-11-20 17:43:59 | Computer Name = ceglarek-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2012-11-20 17:51:06 | Computer Name = ceglarek-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2012-11-20 17:51:55 | Computer Name = ceglarek-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2012-11-20 17:55:06 | Computer Name = ceglarek-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2012-11-20 17:55:57 | Computer Name = ceglarek-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2012-11-20 18:01:03 | Computer Name = ceglarek-PC | Source = DCOM | ID = 10005 Description = Error - 2012-11-20 18:01:10 | Computer Name = ceglarek-PC | Source = DCOM | ID = 10005 Description = Error - 2012-11-20 18:01:16 | Computer Name = ceglarek-PC | Source = DCOM | ID = 10005 Description = Error - 2012-11-20 18:01:17 | Computer Name = ceglarek-PC | Source = DCOM | ID = 10005 Description = Error - 2012-11-20 18:02:07 | Computer Name = ceglarek-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >