Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02 Ran by Artur at 2014-09-04 15:36:28 Run:1 Running from C:\Documents and Settings\Artur\Moje dokumenty\Pobrane\Nowy folder Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [] => [X] HKU\S-1-5-21-57989841-413027322-725345543-1004\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 Startup: C:\Documents and Settings\Artur\Menu Start\Programy\Autostart\Rejestrowanie produktów Corela.lnk URLSearchHook: HKCU - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL No File FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-14] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19443604.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19443604.sys => ""="Driver" Folder: C:\WINDOWS\Installer\{BBC198B0-3E79-1E86-92E7-272D711E2AA1} File: C:\Windows\System32\msiexec.exe File: C:\Windows\System32\msi.dll File: C:\Windows\System32\msihnd.dll Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\MSIServer /s EmptyTemp: ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-57989841-413027322-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun => value deleted successfully. C:\Documents and Settings\Artur\Menu Start\Programy\Autostart\Rejestrowanie produktów Corela.lnk => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{08C06D61-F1F3-4799-86F8-BE1A89362C85} => value deleted successfully. "HKCR\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}" => Key deleted successfully. HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\19443604.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\19443604.sys" => Key deleted successfully. ========================= Folder: C:\WINDOWS\Installer\{BBC198B0-3E79-1E86-92E7-272D711E2AA1} ======================== ====== End of Folder: ====== ========================= File: C:\Windows\System32\msiexec.exe ======================== MD5: 7f7bc88c8fb6b52989e0e93084b5e678 Creation and modification date: 2004-08-04 14:00 - 2008-05-19 02:57 Size: 0095744 Attributes: ----A Company Name: Microsoft Corporation Internal Name: msiexec Original Name: msiexec.exe Product Name: Windows Installer - Unicode Description: Windows® installer File Version: 4.5.6001.22159 (vistasp1_ldr.080415-1732) Product Version: 4.5.6001.22159 Copyright: © Microsoft Corporation. All rights reserved. ====== End Of File: ====== ========================= File: C:\Windows\System32\msi.dll ======================== MD5: 1fa6b05e25b553ee6b9c507ab0f86b76 Creation and modification date: 2004-08-04 14:00 - 2008-04-14 23:50 Size: 2843136 Attributes: ----A Company Name: Microsoft Corporation Internal Name: msi Original Name: msi.dll Product Name: Windows Installer - Unicode Description: Windows Installer File Version: 3.1.4001.5512 Product Version: 3.1.4001.5512 Copyright: © Microsoft Corporation. All rights reserved. ====== End Of File: ====== ========================= File: C:\Windows\System32\msihnd.dll ======================== MD5: e1425a4a7f1f6f2028bf110388408737 Creation and modification date: 2004-08-04 14:00 - 2008-04-14 23:50 Size: 0271360 Attributes: ----A Company Name: Microsoft Corporation Internal Name: msihnd Original Name: msihnd.dll Product Name: Windows Installer - Unicode Description: Windows® installer File Version: 3.1.4001.5512 Product Version: 3.1.4001.5512 Copyright: © Microsoft Corporation. All rights reserved. ====== End Of File: ====== ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\MSIServer /s ========= ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer Description REG_SZ Dodaje, modyfikuje i usuwa aplikacje dostarczane jako pakiet Instalatora Windows (*.msi). Jeśli ta usługa zostanie wyłączona, wszelkie usługi jawnie od niej zależne przestaną się uruchamiać. Type REG_DWORD 0x20 Start REG_DWORD 0x3 ErrorControl REG_DWORD 0x1 ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\msiexec.exe /V DisplayName REG_SZ Instalator Windows DependOnService REG_MULTI_SZ RpcSs\0\0 DependOnGroup REG_MULTI_SZ \0 ObjectName REG_SZ LocalSystem HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\Security Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\Enum 0 REG_SZ Root\LEGACY_MSISERVER\0000 Count REG_DWORD 0x1 NextInstance REG_DWORD 0x1 ========= End of Reg: ========= EmptyTemp: => Removed 4.8 GB temporary data. The system needed a reboot. ==== End of Fixlog ====