OTL Extras logfile created on: 2010-06-19 09:41:12 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\marzar\Desktop\viry Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 83,63 Gb Free Space | 58,04% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 94,50 Gb Free Space | 65,63% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARZAR-LAPTOP Current User Name: marzar Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software) .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3868899706-1755380393-728579318-1003\SOFTWARE\Classes\] .scr [@ = AutoCADScriptFile] -- C:\Windows\System32\notepad.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3868899706-1755380393-728579318-1003] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B8D5850-17FD-433F-A43C-BFAF6836D6C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{0BC04E3F-52AD-4B8C-8514-6CA204B012BE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{0BEEA51F-526B-4E50-A5C5-060826E4C564}" = rport=138 | protocol=17 | dir=out | app=system | "{14002831-846E-4395-A024-B2B2EC103AF3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{18A9AA90-D4A7-4932-9049-A3FF71E0E840}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1C8CE844-578B-4791-8D31-941D94B2151F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1D0D50AA-7461-41E1-8F8D-A39A7A192268}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{1FAE3898-4D7C-4FFE-85CC-51B204E1C9FE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{284146A7-2972-4DCF-88E5-B015434C15CD}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{3824C5AE-4D10-49C0-BDC9-3029C646D485}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{3E2FAE90-7B0D-4E8D-BA9F-A8B9A6792850}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3E4CA501-9D2F-4A3B-A1CE-B8BB872E6B9D}" = lport=13621 | protocol=17 | dir=in | name=print server utility | "{50C1B876-56E8-4C66-B3E2-722F864B4F2C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{510182B0-8706-4513-B46F-32EDF09191FB}" = lport=445 | protocol=6 | dir=in | app=system | "{63A27084-A017-4C09-A445-CEEA185EBE43}" = lport=69 | protocol=17 | dir=in | name=print server utility tftp | "{68905B87-A9A8-4753-B5A3-974CAD5CB5C9}" = rport=137 | protocol=17 | dir=out | app=system | "{6BBC89E5-2876-4D03-9105-D06DF0166CB4}" = lport=2869 | protocol=6 | dir=in | app=system | "{6EF66DF5-8F9F-4E96-8B91-8E4DCEAB2C79}" = lport=13364 | protocol=17 | dir=in | name=print server utility | "{716A7870-C002-4750-811C-0E21DC6FB5A6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{85296528-8DC2-40B9-A6F9-52BDBCC74720}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{85EC531F-E24D-4409-AD02-906CB2E313A9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{873F2F8B-84CD-431B-BF80-BE4ED86FCBCF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{889E1075-CD2C-4C13-85C1-9C2BF1915F0E}" = lport=139 | protocol=6 | dir=in | app=system | "{90570CC9-4F2C-45AE-838D-6DF0177CBE00}" = rport=445 | protocol=6 | dir=out | app=system | "{91F386B6-34C1-44C6-921D-303E41514290}" = lport=137 | protocol=17 | dir=in | app=system | "{97FAD67E-CAD3-4EFD-B2E1-E7D9DE32139D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9F2BEE98-D9D6-4B5B-84F5-17FBCCDA909A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{A0CF5A1C-8DD6-4B1A-8412-FBAFA75E80E9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A24C342D-B569-4F0C-9438-3BC7418BA9BA}" = rport=139 | protocol=6 | dir=out | app=system | "{A4986D32-1DE3-4B47-8836-13B6623887D0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B3E3C2A7-4942-4648-BDF9-690893D052D3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BE7758A0-98CB-488E-B065-878D2F959A6C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{BFD5DEAA-3FF1-47E5-B51B-BC6D06D0ACB0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{D28F70DE-E39B-42FE-8702-A1F28B4B7D4A}" = lport=13107 | protocol=17 | dir=in | name=print server utility | "{DE979BB4-7FB1-4CF3-8FD2-AB0C5913DBA6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DF196679-7D25-49E7-9373-9446F4F3A51A}" = lport=138 | protocol=17 | dir=in | app=system | "{E86B0BC8-B77A-4B5F-BDBA-11785466D007}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{EBBFDCB0-796B-458B-9D72-631C25E9DB5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F8864AC1-7149-419E-92E3-19F051E168E3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FF2B3F9B-F35F-4E89-93DA-393EA067F56C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01698B20-1D6F-41CE-BBF7-C6D2DBAF520D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{05572EF9-3807-4676-9576-2BCC0036925C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{08701385-C6C3-4F3B-9DFF-3A7CD751D9A9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0AA71ADD-D809-4A28-82F3-75220ECBB660}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0EB280CD-A557-4132-B0F8-9D58A8CD7E36}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0EDDA0C5-FABE-4F96-9753-15BE5854F4E9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{13C346C8-2835-425F-9FA7-C734EF753198}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{158736F8-9175-42CD-A6B3-A11C99A521DE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{159C953F-50B4-40A8-B9E2-BB5C7AA375E2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1CA6B51F-64C0-4A5E-B4A0-C59DA128B8AC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1D1919C1-9688-4382-BFAE-753351DC5686}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{1FF05F00-2150-459E-B780-7AD2711C5701}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{210B7ED4-666D-4D86-A937-F1C55C622C52}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{245D92E8-5BC0-4455-8EC7-218FBCFDF87A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2A00AEE0-331F-42FB-8E6B-C351FA6A7DAE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{32664747-69C4-4D6E-B13D-7F6978880A91}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{348417EE-38CE-4FDB-A637-CBDBD3551A51}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{358A3330-2F63-43A0-9AEC-64DB2F4D627D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{39E76E25-D08C-4245-BA8E-780F709406C0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3A6E3B4F-C4E5-4D1C-BFCE-3CB46D3CC4BC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3FC711BE-71F2-4A4A-8709-9B8CF2090C47}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{40E0E3C7-8CA9-455A-9E5F-477657C661DD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{44582712-2E44-49C1-943F-D2886A0631B6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4D74C7A4-95B0-4495-AA7B-09F4AFEE8C44}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | "{599F2DF8-57F6-4495-834B-50FB2B6D2C71}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{64C1B932-50EF-4790-A594-11584BB24144}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6585B294-721C-441A-9B3B-ADF18EDCB4E5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{665C7918-7F5E-43FB-B375-2D0A06DD6B43}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{681DF7B3-A0D2-4463-846F-CFBE48ED75CF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6B80F0D0-839C-42DE-827E-1B74FC98411A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6CA0AF67-FA29-4784-BD17-06818A51D353}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | "{6D206E74-3E67-44A0-96EF-C1994BA793E0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{770255B3-0E64-42A4-8925-2372BA12B8FA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{78EDD010-F4C3-4785-91E0-59A4D43B5538}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7A7AF657-B128-4066-9A39-FB0849D8BF0C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7AD3D184-A8D4-4190-A8E4-89F8F8227FBF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{84B9995C-A56C-4D73-87DA-34612D2B9EAD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{863DDCE0-1302-4089-B7E2-51A8F6DF32B2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8AB52E09-7E04-46FF-8692-D02370BC7319}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8D5D68F2-F8BD-457D-8BDD-5E84F8D95400}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{959F451F-11DF-4D86-97C0-B26770685B03}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{96B23CB8-90E5-49D1-AC21-28016703C91E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9FFE77DA-1DDF-4001-B93B-1DE41BF973D5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A2C48867-A1B1-4437-8D16-4E3279A6793D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A93821C8-12CD-4C55-86AD-CAB9F5FFD80D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AD7054A8-6E91-467B-87F1-120FB2B35C29}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AF4C2721-7F44-4801-BFEC-70FD7E96C659}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B4A9101C-CCA4-4A9E-A7ED-D08908589FD8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B4B5FCBB-BD5D-4EA1-9A37-C372468BBF6C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BC11D4ED-A29E-495D-91E2-BB7ED728AF54}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C658F0AF-86AE-4B1A-BDDE-778E73A8F3CA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CA26297A-87D0-4F1F-B485-F1A379FE4273}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CED79914-3F94-4052-BB10-8BDBA55EDBF1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CF670CC6-E210-4613-85F6-708C8418D694}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D566C7C8-B212-40CD-9E50-33CD38DAAE6A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D57A4D3C-2B9E-411F-83D8-C2EE0B305158}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DB98A577-61EC-4282-9D26-B0EC2701BF12}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{E48B9DD0-ACFC-479F-A1D0-1BA103E37933}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EBC19711-5F0B-4920-BE3E-55A9E06011D8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{F0A5C46F-9C4B-4274-8FAC-6DD88308FA7B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F40C31D3-2987-4B8F-AC06-FBCE4194AB71}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FE44CF6C-8CC1-48FF-A641-1C6147CE2C39}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{1D9B1D96-0475-4CEF-9DA5-8D58305DB12A}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{2160C7B5-6BDE-4C3D-93CA-E085C87B9DF1}D:\marcin\gry\stalker\xr_3da.exe" = protocol=6 | dir=in | app=d:\marcin\gry\stalker\xr_3da.exe | "TCP Query User{29F18588-C9CE-4C36-AF9C-BEC5F698BFC4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{7FCF5ABE-BE5C-4AC0-8DBD-8D01E0753DEC}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{197B0762-9780-4E0B-A48B-9237350BB557}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{6D49C819-AF99-40A1-A1A1-D84F872A949B}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{9A8D50B7-B89C-435F-9D5E-F6DBAF726EEB}D:\marcin\gry\stalker\xr_3da.exe" = protocol=17 | dir=in | app=d:\marcin\gry\stalker\xr_3da.exe | "UDP Query User{CD438B22-B919-417F-B6FE-A132A1C043BC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{0240C3B0-AD14-4AB4-966A-484E8D14477F}" = Bezpieczeństwo rodzinne usługi Windows Live "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300 "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{10A44844-4465-456E-8C97-80BDD4F68845}" = Asystent rejestrowania za pomocą identyfikatora Windows Live "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{2A5FBE73-76DA-4A31-BD86-1B0E01DC33F8}" = Windows Live Messenger "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2BED6AD7-DD60-43BA-B65F-BEFC8CAD5B78}" = Windows Live Movie Maker Beta "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{317BC450-737D-4333-A164-5BE333F08F16}" = OpenOffice.ux.pl 3.2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{38697498-F4AA-4A8A-81F6-C09446AD020D}" = Print Server Utilities "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{5783F2D7-8001-0415-0002-0060B0CE6BBA}" = AutoCAD 2010 - Polski "{5783F2D7-8001-0415-1002-0060B0CE6BBA}" = Pakiet językowy programu AutoCAD 2010 - polski "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8BD6DD52-2F49-4E35-B678-71E1E7D286DB}" = ESET NOD32 Antivirus "{8FDC4F3F-1DD7-433E-841E-E20C294609B4}" = Windows Live Sync "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A7388312-4FBB-48E5-8DC0-B63DA02658AE}" = Windows Live Toolbar "{A8DE8C34-7F51-4cc8-B326-C425793EE741}" = Kroniki Riddicka: Ucieczka z Butcher Bay "{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish "{B6892A3F-51F5-4BA4-92E5-3F4A1A10720D}" = Podstawowe programy Windows Live "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF589477-3D27-4C6F-82A3-78547ACAC55D}" = Galeria fotografii usługi Windows Live "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{DB4690C5-9015-401D-A96C-A49909B7C372}" = Poczta usługi Windows Live "{DD49053A-0140-44EF-AE75-C4BC1FDB8286}" = Windows Live Writer "{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 "{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64 "{E7044E25-3038-4A76-9064-344AC038043E}" = Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Applian FLV Player2.0.24" = Applian FLV Player "AutoCAD 2010 - Polski" = AutoCAD 2010 - Polski "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.0.0.928 "CDisplay_is1" = CDisplay 1.8 "deLight3D" = deLight3D 1.4 "DivX Setup.divx.com" = DivX Setup "ffdshow_is1" = ffdshow v1.1.3356 [2010-04-11] "FreeCommander_is1" = FreeCommander 2009.02 "Gadu-Gadu 10" = Gadu-Gadu 10 "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64 "IE7Pro" = IE7Pro "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "iPlus manager_is1" = iPlus manager 2.1 "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MoorHunt_is1" = MoorHunt 0.6.6.6 "MozBackup" = MozBackup 1.4.10 "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "MPE" = MyPhoneExplorer "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OpenVPN" = OpenVPN 2.1_rc15 "ProInst" = Intel PROSet Wireless "RealAlt_is1" = Real Alternative 1.9.0 Lite "SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch "SubEdit-Player_is1" = SubEdit-Player "Sweet Home 3D_is1" = Sweet Home 3D version 2.3 "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "TeamViewer 5" = TeamViewer 5 "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-06-04 14:47:00 | Computer Name = Marzar-Laptop | Source = LoadPerf | ID = 3012 Description = Error - 2010-06-04 14:47:00 | Computer Name = Marzar-Laptop | Source = LoadPerf | ID = 3011 Description = Error - 2010-06-06 14:53:26 | Computer Name = Marzar-Laptop | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 2010-06-06 14:53:26 | Computer Name = Marzar-Laptop | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 2010-06-06 14:53:31 | Computer Name = Marzar-Laptop | Source = WinMgmt | ID = 10 Description = Error - 2010-06-06 15:00:20 | Computer Name = Marzar-Laptop | Source = LoadPerf | ID = 3012 Description = Error - 2010-06-06 15:00:20 | Computer Name = Marzar-Laptop | Source = LoadPerf | ID = 3012 Description = Error - 2010-06-06 15:00:20 | Computer Name = Marzar-Laptop | Source = LoadPerf | ID = 3011 Description = Error - 2010-06-07 05:25:23 | Computer Name = Marzar-Laptop | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 2010-06-07 05:25:23 | Computer Name = Marzar-Laptop | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. [ System Events ] Error - 2010-06-19 02:19:18 | Computer Name = Marzar-Laptop | Source = Service Control Manager | ID = 7026 Description = Error - 2010-06-19 02:21:49 | Computer Name = Marzar-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2010-06-19 02:21:49 | Computer Name = Marzar-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2010-06-19 02:21:49 | Computer Name = Marzar-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2010-06-19 02:22:17 | Computer Name = Marzar-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2010-06-19 02:23:25 | Computer Name = Marzar-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2010-06-19 03:03:55 | Computer Name = Marzar-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2010-06-19 03:03:55 | Computer Name = Marzar-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2010-06-19 03:03:55 | Computer Name = Marzar-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 2010-06-19 03:04:30 | Computer Name = Marzar-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report >