OTL Extras logfile created on: 2011-04-02 12:18:40 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Wirusy w komputerze WYKRYWANIE 2011\OTL Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 2,01 Gb Free Space | 20,60% Space Free | Partition Type: NTFS Drive D: | 9,76 Gb Total Space | 1,01 Gb Free Space | 10,39% Space Free | Partition Type: FAT32 Drive E: | 15,61 Gb Total Space | 3,75 Gb Free Space | 24,03% Space Free | Partition Type: FAT32 Drive F: | 39,36 Gb Total Space | 5,48 Gb Free Space | 13,94% Space Free | Partition Type: FAT32 Drive G: | 185,50 Gb Total Space | 161,66 Gb Free Space | 87,15% Space Free | Partition Type: FAT32 Drive H: | 280,20 Gb Total Space | 261,52 Gb Free Space | 93,33% Space Free | Partition Type: NTFS Computer Name: ABC | User Name: abcd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1454471165-630328440-682003330-1003\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5900:TCP" = 5900:TCP:*:Enabled:vnc5900 "5800:TCP" = 5800:TCP:*:Enabled:vnc5800 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{059A00AC-1205-423C-91C7-7E6168D804DA}" = MainConcept DTV Decoder Standard "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{134007CC-7026-46C2-B46F-40D9FD2AF385}" = Technisat DVB-VC80 Redistributable Modules "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min "{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software "{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help "{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX "{DD920AB6-2DB9-48B7-8052-0A4F0C4277BC}" = MarketingReg "{DEAD07C6-D070-43AB-A60D-D9ABE55E296D}_is1" = JPEGCrops 0.6.22 beta "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agnitum Outpost Firewall Pro_is1" = Outpost Firewall Pro 2009 "All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI "ATI Display Driver" = ATI Display Driver "DVD Shrink_is1" = DVD Shrink 3.2 "FastStone Capture" = FastStone Capture 5.3 "Free Download Manager_is1" = Free Download Manager 3.0 "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NOD32" = System Antywirusowy NOD32 "pdfFactory Pro" = pdfFactory Pro "PITy 2010_is1" = PITy 2010 dla Windows kompilacja:1.2.7.1 "Red Eye Remover_is1" = Red Eye Remover 1.7 "Ultravnc2_is1" = UltraVNC 1.0.6.5 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter "Winamp" = Winamp (remove only) "WinRAR archiver" = Archiwizator WinRAR "WinSPatcher_is1" = WinSPatcher XP v10.12 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-03-06 18:27:46 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-03-07 12:53:05 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-03-07 21:51:47 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-03-08 07:12:01 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-03-08 11:40:14 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-03-08 16:40:37 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-03-09 17:10:26 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-03-10 17:44:36 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-03-13 12:58:41 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-03-13 13:31:33 | Computer Name = ABC | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070005 z w wierszu 62 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą [ System Events ] Error - 2011-03-31 11:04:28 | Computer Name = ABC | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-03-31 11:04:44 | Computer Name = ABC | Source = Service Control Manager | ID = 7001 Description = Usługa NetBios przez TCP/IP zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-03-31 11:04:44 | Computer Name = ABC | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2011-03-31 11:04:44 | Computer Name = ABC | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-03-31 11:04:44 | Computer Name = ABC | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-03-31 11:04:44 | Computer Name = ABC | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-03-31 11:04:44 | Computer Name = ABC | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD Fips intelppm IPSec MRxSmb NetBIOS nod32drv RasAcd Rdbss SandBox Tcpip WS2IFSL Error - 2011-03-31 11:43:58 | Computer Name = ABC | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report >