OTL Extras logfile created on: 2013-02-15 17:40:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,91 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,68% Memory free 5,83 Gb Paging File | 4,53 Gb Available in Paging File | 77,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,73 Gb Total Space | 11,05 Gb Free Space | 22,67% Space Free | Partition Type: NTFS Drive D: | 547,34 Gb Total Space | 511,08 Gb Free Space | 93,37% Space Free | Partition Type: NTFS Computer Name: KOMPUTERD | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3451766347-887292059-1258022473-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{062F6145-B604-4225-B29F-84EA8307FDE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{09F8A9B8-A30A-4489-B9E5-BCD4C561DA5B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{2BD8CD45-38EC-41FA-9463-354923CC8360}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4F9F6A40-D6A6-4A63-892C-B01471F405A6}" = lport=137 | protocol=17 | dir=in | app=system | "{55B3B80E-6445-427E-AD67-C1B4FD866C9B}" = lport=10243 | protocol=6 | dir=in | app=system | "{5E14BCBD-7032-44A5-8B76-B52792C84C4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5EFB91B0-82F4-40E2-8CFB-22DFB2FBC949}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{68AC3F77-47A9-442D-B8E6-0EB7E6E5A382}" = lport=445 | protocol=6 | dir=in | app=system | "{69790427-B888-446C-9F01-F5C70D70CE72}" = rport=445 | protocol=6 | dir=out | app=system | "{69D7B6CD-E84F-4858-83B7-2631BD708343}" = rport=138 | protocol=17 | dir=out | app=system | "{6A8CC175-860A-41E4-853C-8BC668809864}" = rport=10243 | protocol=6 | dir=out | app=system | "{7DC6D89E-8444-4170-A744-DA9D47310C5B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8277ABD2-E536-4398-BA9F-5EE981CB023A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8327C08C-F745-45D3-936B-FAD4FA1F4155}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8A20EB97-A54B-4F71-9487-696E4C7AC4DB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9614B4E2-5F51-4799-A981-AEA6A045ED25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9A7A45B2-8542-4727-A306-5C18A67448D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A13CBC60-FA23-4811-904B-E4E18B7D2E7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A9C5EA42-D142-4A0E-9064-011A4D1BA0E3}" = rport=139 | protocol=6 | dir=out | app=system | "{AD28174C-8A05-4B05-841A-19BBCEF1E64A}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office14\outlook.exe | "{B5D9911C-CAFD-490C-B971-E611DE978648}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BD8B738F-C716-4581-BF02-126556AB747F}" = lport=138 | protocol=17 | dir=in | app=system | "{C0902C47-FFD3-4969-971F-BAEEFF352E66}" = lport=2869 | protocol=6 | dir=in | app=system | "{CB5B8099-C229-4271-AACC-939E34BB4247}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0C6D141-6169-4A07-BAE1-86688C2156DF}" = lport=139 | protocol=6 | dir=in | app=system | "{D2B83169-2871-47F7-9521-A018246766A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D93B3E5E-F8EF-485C-85EF-8E4E50BD4FC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DA7DE66C-4D55-4AAE-A12C-03F345DD99CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DCD73A36-4EC1-40C6-8DF7-1F58368CBC11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E902B896-E053-4950-98CB-5858C172D3C6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F5DB883A-3959-462D-B076-B769B36940AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FA83F45E-5E87-4FAF-B152-E297A67A86B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FCE703F9-DBD6-4D89-88A3-545C58378FEF}" = rport=137 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C5C81D3-4F4F-4752-BE27-A40B96ACDBA1}" = protocol=6 | dir=in | app=d:\gry\pro cycling manager - season 2010\pcm.exe | "{11D0E2AC-B2E2-41BA-B4D4-B295F3C8F9F2}" = protocol=6 | dir=in | app=d:\gry\football manager 2011\fm.exe | "{159754EB-1B12-4B03-9AE7-AD7F94C0563C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1EF16366-1F14-48D7-B8A1-2C3C82FA3104}" = protocol=6 | dir=in | app=d:\gry\pro cycling manager - season 2010\autorun\exe\autorun.exe | "{2057B751-EDAA-4C2B-A5DD-0B23011C1885}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2E30D26A-E514-455E-9216-1CD7F5E7D920}" = protocol=17 | dir=in | app=d:\gry\nba 2k12\nba2k12.exe | "{37B49D40-172D-4478-90E6-4C325DD61E24}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3D9429EC-147A-4134-A3F5-737BD5256899}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4800F344-ECBA-4C1E-8A1E-48A939A98E81}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | "{5905A377-D797-4082-8F2F-D9B2FBBC9FB3}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{5A9FC846-B289-4B99-AF2E-E247DFA74A11}" = protocol=17 | dir=in | app=d:\gry\pro cycling manager - season 2009\pcm.exe | "{623EA82E-7396-4DED-A256-F6F4ADB42C0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6771BC0E-04FA-408C-838A-5743822FC188}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6C0C31BD-740D-48F8-AB7F-3905CD314486}" = protocol=17 | dir=in | app=d:\gry\pro cycling manager - season 2009\autorun\exe\autorun.exe | "{713BD694-ECD9-45C8-96D0-062C6D08EA67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{713F7D89-17B3-4D6D-9D8A-27390D0DD019}" = protocol=17 | dir=in | app=d:\microsoft office\office14\groove.exe | "{7A83BE2B-A610-4444-A0A1-09C3EBB0EF43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7BF608BC-E225-4E5F-BFDF-0490572BC639}" = protocol=17 | dir=in | app=d:\gry\pro cycling manager - season 2010\autorun\exe\autorun.exe | "{82CE8000-E064-4D3E-96E5-FBB4639FD3F6}" = protocol=6 | dir=out | app=system | "{864AF06E-2880-4642-9269-A2A07F0B8DC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{882A44B1-4F37-4947-BE13-4487F775F2AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B63C705-557E-4949-AC21-E57B514B4583}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B9D88C7-E017-44A7-B123-048536B95E83}" = protocol=6 | dir=in | app=d:\gry\pro cycling manager - season 2009\autorun\exe\autorun.exe | "{8E6940C8-EBF6-4D07-B5FB-E65809EBD2F6}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\7zs12b5.tmp\symnrt.exe | "{91D0FF2F-395E-4094-9F94-7C381171DE84}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{96F5A8E7-A1DB-42E6-BC65-6CD611F1BE30}" = protocol=6 | dir=in | app=d:\gry\nba 2k12\nba2k12.exe | "{97D3AC2B-3C82-47BD-80B2-E123986A68E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9C37F68E-FFAE-4956-93C6-848E0726E16A}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\7zs12b5.tmp\symnrt.exe | "{9D158B28-4B2B-488A-988D-8441E708D45A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B09EE1E3-C3FB-4601-8CAE-F3EFC0995B91}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B3A04C16-0370-4654-9243-CDBC0FA0DE9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BD09B125-DE79-449B-B391-7D3889C97A06}" = protocol=6 | dir=in | app=d:\microsoft office\office14\onenote.exe | "{C6508733-B3A4-4175-803C-C449F5D4986E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D55D57C3-8DA2-48A6-87D4-8C2B5A461A99}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | "{D88D76D4-6FA6-45FF-845D-58333056EE03}" = protocol=6 | dir=in | app=d:\microsoft office\office14\groove.exe | "{DD654522-2A69-47E5-827C-EB159E60B137}" = dir=in | app=c:\users\admin\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{ED10E949-EFAA-453A-B2C0-678412050C34}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EEFA7E0C-6CF5-4D77-BDB0-0471D7964802}" = protocol=6 | dir=in | app=d:\gry\pro cycling manager - season 2009\pcm.exe | "{F0E7F3F7-CEE2-4EA3-B764-033841EA30FB}" = protocol=17 | dir=in | app=d:\gry\football manager 2011\fm.exe | "{F2587C7A-36DA-46C8-BB22-8EF99F2C215A}" = protocol=17 | dir=in | app=d:\gry\pro cycling manager - season 2010\pcm.exe | "{F534E3C8-D670-4272-9694-D79408E32BF3}" = protocol=17 | dir=in | app=d:\microsoft office\office14\onenote.exe | "{FA195C0F-1E4F-4117-8CB5-1C842B604A2C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FAA3751E-BEAE-447F-A62A-12A250ADEE7B}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{FDD20EFB-FD3C-458D-864B-3F133D339889}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{3AB09937-3E6D-46D3-B742-A421DC7B9193}C:\users\admin\appdata\local\temp\2df8.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\2df8.tmp\kmservice.exe | "TCP Query User{41DEB4B3-FB66-4DDB-BC26-530765D3B974}C:\users\admin\appdata\local\temp\536c.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\536c.tmp\kmservice.exe | "TCP Query User{492D6565-6BEA-491B-BBCD-22133054DEB0}D:\gry\tom clancy’s rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=d:\gry\tom clancy’s rainbow six vegas 2\binaries\r6vegas2_game.exe | "TCP Query User{8C93E1FA-92D7-4813-9A01-6190C7A5ED58}D:\gry\magic the gathering dotp 2012\magic_2012.exe" = protocol=6 | dir=in | app=d:\gry\magic the gathering dotp 2012\magic_2012.exe | "TCP Query User{916AFF2D-D671-4B6A-B92E-A05B00FBD6D4}D:\gry\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "TCP Query User{AFBFF7ED-001D-4DCC-B49E-7C9DDD9DEA8A}D:\gry\pro cycling manager - season 2010\pcm.exe" = protocol=6 | dir=in | app=d:\gry\pro cycling manager - season 2010\pcm.exe | "TCP Query User{CE92E468-E3B8-468F-B8E2-0954AA350AC6}D:\gry\fifa manager 11\manager11.exe" = protocol=6 | dir=in | app=d:\gry\fifa manager 11\manager11.exe | "TCP Query User{D214E628-EEB8-4AA4-AF33-EB6E7D84EB32}D:\gry\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa 11 demo\game\fifa.exe | "TCP Query User{D8077AC6-AB47-46C0-B360-1E9A74A0CC21}C:\users\admin\appdata\local\temp\9665.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\9665.tmp\kmservice.exe | "TCP Query User{DF1D6AE7-8425-4DAA-AAD8-0C38DF9F5812}D:\gry\nba 2k11\nba2k11.exe" = protocol=6 | dir=in | app=d:\gry\nba 2k11\nba2k11.exe | "TCP Query User{EBB8A27C-6086-4822-BFCD-6FB0E2CDEB74}D:\downloads\soldat.1.5.full.pl.wgnr\soldat.1.5.full.pl.install\soldat.exe" = protocol=6 | dir=in | app=d:\downloads\soldat.1.5.full.pl.wgnr\soldat.1.5.full.pl.install\soldat.exe | "TCP Query User{FC351AAD-3054-43C9-B147-364C93C7F441}D:\downloads\nba_2k11_eu_1.0.1_fairlight\nba2k11.exe" = protocol=6 | dir=in | app=d:\downloads\nba_2k11_eu_1.0.1_fairlight\nba2k11.exe | "UDP Query User{078F535D-3630-456D-9EEC-900DF4E745EA}D:\gry\tom clancy’s rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=d:\gry\tom clancy’s rainbow six vegas 2\binaries\r6vegas2_game.exe | "UDP Query User{15600945-6880-4426-A3B9-B03238998D5A}D:\downloads\nba_2k11_eu_1.0.1_fairlight\nba2k11.exe" = protocol=17 | dir=in | app=d:\downloads\nba_2k11_eu_1.0.1_fairlight\nba2k11.exe | "UDP Query User{1972FD1C-471B-431E-8BA6-D4D7F9483CD2}C:\users\admin\appdata\local\temp\536c.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\536c.tmp\kmservice.exe | "UDP Query User{2C397642-16D3-4553-A94C-B846072BC055}C:\users\admin\appdata\local\temp\9665.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\9665.tmp\kmservice.exe | "UDP Query User{66F25879-3AED-4A16-95DD-848C3C0288BE}D:\gry\pro cycling manager - season 2010\pcm.exe" = protocol=17 | dir=in | app=d:\gry\pro cycling manager - season 2010\pcm.exe | "UDP Query User{6AEEEFD6-CB29-47E7-BF0C-E85B3B702777}D:\downloads\soldat.1.5.full.pl.wgnr\soldat.1.5.full.pl.install\soldat.exe" = protocol=17 | dir=in | app=d:\downloads\soldat.1.5.full.pl.wgnr\soldat.1.5.full.pl.install\soldat.exe | "UDP Query User{78DF4A50-C4F7-49B7-80DE-B778CFADCB61}D:\gry\magic the gathering dotp 2012\magic_2012.exe" = protocol=17 | dir=in | app=d:\gry\magic the gathering dotp 2012\magic_2012.exe | "UDP Query User{9609282F-151C-45C0-82B6-0132B03F72A6}D:\gry\fifa manager 11\manager11.exe" = protocol=17 | dir=in | app=d:\gry\fifa manager 11\manager11.exe | "UDP Query User{BFE77923-DB41-43FD-A13A-1FA6348DAB65}D:\gry\nba 2k11\nba2k11.exe" = protocol=17 | dir=in | app=d:\gry\nba 2k11\nba2k11.exe | "UDP Query User{C2558F1A-E3A1-4A16-98AA-0DF5F58D829E}D:\gry\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa 11 demo\game\fifa.exe | "UDP Query User{D7D60E68-E2BF-48F1-8BA4-B5969936FE9E}D:\gry\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa 11\game\fifa.exe | "UDP Query User{E884E7CD-B59F-434A-92FD-2E1FE74A25AE}C:\users\admin\appdata\local\temp\2df8.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\2df8.tmp\kmservice.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2010 "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 267.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 267.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{E62381A7-B1C1-4121-8262-84D38C77786C}" = COMODO Internet Security "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{23D51AF4-E674-4F4C-A937-F98E458A37AB}_is1" = Testy B 2011b "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery "{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0015-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROPLUS_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{0844B6E1-0A6F-4D81-8BCF-48F883F521FE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6606F321-8216-466E-981E-B75A14C46894}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6AF8887A-72F7-4FA0-ABE4-396172B64550}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "DjVu" = LizardTech DjVu Control (autoinstall) "foobar2000" = foobar2000 v1.1.6 "Foxit Reader_is1" = Foxit Reader 5.0 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0 "Maturalny Quiz Operonu - Gram i Zdam - Wiedza o ~0A595B13_is1" = Maturalny Quiz Operonu - Gram i Zdam - Wiedza o Społeczeństwie "Mozilla Firefox 18.0.2 (x86 pl)" = Mozilla Firefox 18.0.2 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Polish Your English - intro" = Polish Your English - intro "RealAlt_is1" = Real Alternative 2.0.2 "SolSuite_is1" = SolSuite 2012 v12.2 "Testy maturalne 2011" = Testy maturalne 2011 1.0 "Totalcmd" = Total Commander (Remove or Repair) "VLC media player" = VLC media player 2.0.4 "WinGimp-2.0_is1" = GIMP 2.6.11 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3451766347-887292059-1258022473-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-01-30 16:45:31 | Computer Name = komputerd | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-01-31 11:51:55 | Computer Name = komputerd | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-01-31 12:19:40 | Computer Name = komputerd | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-01-31 13:58:42 | Computer Name = komputerd | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-02-01 03:50:34 | Computer Name = komputerd | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-02-15 09:08:55 | Computer Name = komputerd | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-02-15 09:09:21 | Computer Name = komputerd | Source = Google Update | ID = 20 Description = Error - 2013-02-15 09:15:30 | Computer Name = komputerd | Source = Google Update | ID = 20 Description = Error - 2013-02-15 12:07:10 | Computer Name = komputerd | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2013-02-15 12:12:18 | Computer Name = komputerd | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. [ System Events ] Error - 2013-02-01 03:50:58 | Computer Name = komputerd | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lirsgt z powodu następującego błędu: %%577 Error - 2013-02-15 09:09:15 | Computer Name = komputerd | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi atksgt z powodu następującego błędu: %%577 Error - 2013-02-15 09:09:15 | Computer Name = komputerd | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lirsgt z powodu następującego błędu: %%577 Error - 2013-02-15 09:46:16 | Computer Name = komputerd | Source = Service Control Manager | ID = 7023 Description = Usługa Usługa powiadomień SPP zakończyła działanie; wystąpił następujący błąd: %%5 Error - 2013-02-15 10:46:16 | Computer Name = komputerd | Source = Service Control Manager | ID = 7023 Description = Usługa Usługa powiadomień SPP zakończyła działanie; wystąpił następujący błąd: %%5 Error - 2013-02-15 11:46:16 | Computer Name = komputerd | Source = Service Control Manager | ID = 7023 Description = Usługa Usługa powiadomień SPP zakończyła działanie; wystąpił następujący błąd: %%5 Error - 2013-02-15 12:07:34 | Computer Name = komputerd | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi atksgt z powodu następującego błędu: %%577 Error - 2013-02-15 12:07:34 | Computer Name = komputerd | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lirsgt z powodu następującego błędu: %%577 Error - 2013-02-15 12:12:39 | Computer Name = komputerd | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi atksgt z powodu następującego błędu: %%577 Error - 2013-02-15 12:12:39 | Computer Name = komputerd | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lirsgt z powodu następującego błędu: %%577 < End of report >