OTL Extras logfile created on: 2016-08-06 08:48:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AS-ED\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,53% Memory free 5,99 Gb Paging File | 5,18 Gb Available in Paging File | 86,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 19,91 Gb Free Space | 33,99% Space Free | Partition Type: NTFS Drive D: | 9,76 Gb Total Space | 5,43 Gb Free Space | 55,63% Space Free | Partition Type: NTFS Drive E: | 161,37 Gb Total Space | 60,88 Gb Free Space | 37,73% Space Free | Partition Type: NTFS Drive F: | 68,36 Gb Total Space | 67,49 Gb Free Space | 98,73% Space Free | Partition Type: NTFS Computer Name: AS-ED-KOMPUTER | User Name: AS-ED | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software) [HKEY_USERS\S-1-5-21-1462958219-1592882257-2837737144-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{115E28EF-2420-43EA-A87D-9693692F804E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "{11F68C70-1700-4813-A4AF-158A8C4667AF}" = lport=10243 | protocol=6 | dir=in | app=system | "{13998D2C-5B6A-43A0-9FFB-4D2DC4A11911}" = lport=445 | protocol=6 | dir=in | app=system | "{3734ECD3-0B3A-42B8-8161-90928812F014}" = rport=138 | protocol=17 | dir=out | app=system | "{3A7C744B-800C-4C25-8292-5C41C9EFBBF8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{40D13D5B-4CA7-4C39-B708-158A3E1B46C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D12E73E-986D-4D5B-B06A-D0481C4E545B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{57D1E9FD-2228-484D-A429-B9E346468B78}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B2A32ED-5152-44D7-BCA3-39A4248BDD5D}" = lport=137 | protocol=17 | dir=in | app=system | "{7BC3073E-0AE2-4253-8D88-9F0ED2696007}" = lport=138 | protocol=17 | dir=in | app=system | "{84135F3A-1A6F-4C8F-ADCC-848C67C587B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8B977D9D-59B3-4F64-B2A6-575BDE5EECFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A276862F-0C5E-43EC-BA59-EA4F6B81268D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A9E6B02F-A282-4D66-83E0-601F4D898AC2}" = rport=10243 | protocol=6 | dir=out | app=system | "{B14119F0-C16D-4196-8A0C-FABAA9CEF381}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B9B320AD-E160-4E6E-A099-0954FBB2BBC2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C95DA8FB-C102-4631-AB15-0B98F4ED3DFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0573D2D-C5B9-4B72-B404-BBD22BC04A56}" = lport=2869 | protocol=6 | dir=in | app=system | "{D7BAEAAB-BBAE-4E8B-8AF4-45FE6B2C4F6F}" = rport=139 | protocol=6 | dir=out | app=system | "{D84C92E3-E7CA-46C1-BFAF-A232E67A0D91}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DCBA2AB4-AD4F-46E4-B221-9384FD70DE24}" = rport=137 | protocol=17 | dir=out | app=system | "{E05A4E47-01E1-4F9C-A1F8-B1542D7034A8}" = rport=445 | protocol=6 | dir=out | app=system | "{F062A5DF-6993-447C-BF0E-72DF63E1D509}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FB8C7C86-39AB-4F57-A41A-1542A2402F92}" = lport=139 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12E6E3E1-B5CF-4B80-BE76-329BAA05B1D4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | "{1EE302B6-F997-4287-81D4-3B57243804E9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | "{223CECDA-E5A4-4AC9-855B-DFA1B4BA693E}" = protocol=6 | dir=out | app=system | "{34553C62-4A7D-457C-B38A-48A881202F64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3CE1924D-BA2A-41CF-855B-AAD4E89A1F72}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4E8EF846-55F4-4FB3-AE58-5B56B9A32E38}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{5540CFB7-8D57-4A0A-9AB2-A23862310332}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5DA6DE72-1322-40B5-90CA-3D808E378189}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5FDCD751-B8CC-4B16-9719-FEF0E0AA6C8B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6892587F-FF1E-48AF-A346-0A1C57B2C5B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6EBD0CAB-13B6-4024-816D-603B5BB0388E}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{701FA858-F500-48C3-A114-974213481D6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7642EEAE-77AD-4EC8-AED7-54EADF186F56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C3FBDCA-0B11-497D-BBD6-88EF4A0158FB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{889DDC38-FFB7-4E65-A552-8767C97E3498}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | "{959C663A-1425-4058-810F-B26CE6C57125}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | "{9D245EA1-C087-43FD-B84C-56D1429A5E49}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{9F6D50C9-8973-4B52-A7C9-5C384F8483A8}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{A8F78642-88E4-4BE8-BC73-25F4C2F0FEA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B3C75136-A95A-4C76-92B3-A9EB86EFB29F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | "{C63ED6B6-D312-4591-A334-8EA8AEEBC4C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C832F63D-9C95-4C30-8B95-83492FFB4E2F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | "{D07653B9-71E3-46E5-9A42-9FF300E0F293}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | "{D827523C-2C81-4E91-932F-16ED60C3C2EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DBC37761-442D-47AB-AA3F-186598FCC751}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E41F1A0C-A3D0-415F-A302-B3CE11715A32}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | "{EB797B85-1CB7-4061-B6E7-35E20B93D3FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FA2469C4-2B3D-421B-AFAF-DF8040C51205}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{3D1E63F7-C7F0-4477-B640-EAA186AA4622}C:\users\as-ed\appdata\local\temp\temp1_bh163_km_7_server2008r2_g600t600.zip\bh163_km_7_server2008r2_g600t600\win32\polish\install.exe" = protocol=6 | dir=in | app=c:\users\as-ed\appdata\local\temp\temp1_bh163_km_7_server2008r2_g600t600.zip\bh163_km_7_server2008r2_g600t600\win32\polish\install.exe | "TCP Query User{72C71CA3-2A03-4CF2-9842-FEC959CDB933}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{964DFA17-A10A-458B-B284-48238847AF89}C:\users\as-ed\appdata\local\temp\rar$exa0.132\bh211gdiwin8x86_6002pl\install.exe" = protocol=6 | dir=in | app=c:\users\as-ed\appdata\local\temp\rar$exa0.132\bh211gdiwin8x86_6002pl\install.exe | "UDP Query User{7F930715-E75E-4366-8CF2-B9E79B2195F8}C:\users\as-ed\appdata\local\temp\temp1_bh163_km_7_server2008r2_g600t600.zip\bh163_km_7_server2008r2_g600t600\win32\polish\install.exe" = protocol=17 | dir=in | app=c:\users\as-ed\appdata\local\temp\temp1_bh163_km_7_server2008r2_g600t600.zip\bh163_km_7_server2008r2_g600t600\win32\polish\install.exe | "UDP Query User{CE6D0DF4-D6D9-41C9-AC84-D278604D6E22}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{E5F62CEA-6505-436F-9D2B-15C7F6D9F788}C:\users\as-ed\appdata\local\temp\rar$exa0.132\bh211gdiwin8x86_6002pl\install.exe" = protocol=17 | dir=in | app=c:\users\as-ed\appdata\local\temp\rar$exa0.132\bh211gdiwin8x86_6002pl\install.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1EB9429A-A874-4BF0-961D-BDAAFB1641A6}" = Microsoft SQL Server 2005 Backward compatibility "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (INSERTGT) "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Polish "{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}" = OpenOffice 4.1.1 "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C83B8B35-C2C4-3302-9A6E-C2AF1A59E8D6}" = Microsoft .NET Framework 4.5.1 (PLK) "{E23CCB2B-5D54-4478-88BC-AD32F98F4C7C}" = InsERT GT "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player NPAPI" = Adobe Flash Player 22 NPAPI "Google Chrome" = Google Chrome "Huawei E3372" = Huawei E3372 "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.1.4.1018 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 47.0 (x86 pl)" = Mozilla Firefox 47.0 (x86 pl) "Mozilla Thunderbird 45.2.0 (x86 pl)" = Mozilla Thunderbird 45.2.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Opera 39.0.2256.48" = Opera Stable 39.0.2256.48 "Picasa 3" = Picasa 3 "TeamViewer 9" = TeamViewer 9 "WinRAR archiver" = WinRAR 5.10 (32-bitowy) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2015-10-26 04:56:27 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-10-27 05:14:50 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-10-28 05:06:06 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-10-29 05:05:39 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-10-30 05:12:33 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-10-31 05:09:57 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-11-02 05:32:35 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-11-03 05:07:02 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-11-04 04:29:10 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-11-05 05:08:30 | Computer Name = AS-ED-Komputer | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2016-08-06 01:43:51 | Computer Name = AS-ED-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2016-08-06 01:43:51 | Computer Name = AS-ED-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa Adobe Acrobat Update Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2016-08-06 01:43:51 | Computer Name = AS-ED-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa Huawei E3372 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2016-08-06 01:43:52 | Computer Name = AS-ED-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa SQL Server Browser niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2016-08-06 01:43:52 | Computer Name = AS-ED-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa SQL Server VSS Writer niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2016-08-06 01:43:52 | Computer Name = AS-ED-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa SQL Server (INSERTGT) niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2016-08-06 01:43:52 | Computer Name = AS-ED-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2016-08-06 01:43:52 | Computer Name = AS-ED-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2016-08-06 01:44:22 | Computer Name = AS-ED-Komputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2016-08-06 01:53:19 | Computer Name = AS-ED-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 07:51:43 na ?2016-?08-?06 było nieoczekiwane. < End of report >