aneciok12345 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Witam jestem nowa na tym forum. Mam problem z gadżetami przy wykasowaniu antywirusa McAfee i zmianie go na Avasta...przejrzałam to forum http://www.fixitpc.p...__fromsearch__1 i postepowałam tak jak pisał Belfegor...tylko że po wklejeniu w Look wyskoczył mi taki raport: SystemLook 30.07.11 by jpshortstuff Log created at 21:17 on 19/01/2013 by Marek Administrator - Elevation successful Invalid Context: regHKEY_CLASSES_ROOT\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{34a13fc7-86ab-42e6-a32c-b50666f04ff9}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{34a13fc7-86ab-42e6-a32c-b50666f04ff9}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32 -= EOF =- Pomóżcie co mam zrobić żeby gadżety zaczęły znowu działać. Odnośnik do komentarza
Anonim8 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Wykonaj import do rejestru opisany w poście n4 w temacie który przytaczasz. Odnośnik do komentarza
aneciok12345 Opublikowano 21 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Po wykonaniu polecenia z prawokliku ukazał się taki komunikat : Nie można zaimportować C:\User\Marek\Desktop\fix.reg: błąd przy dostępie do rejestru. Odnośnik do komentarza
Anonim8 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Pobierz MiniReg tool64bit http://traxter-online.net/kasowanie-kluczy-rejestru/ Uruchom i okienko programu wklej: HKEY_CLASSES_ROOT\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{34a13fc7-86ab-42e6-a32c-b50666f04ff9}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{34a13fc7-86ab-42e6-a32c-b50666f04ff9}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32 Zaznacz opcję Unlock Keys i kliknij Go. Zamknij programik I zaimportuj do rejestru plik Fix.reg > Restart Odnośnik do komentarza
aneciok12345 Opublikowano 21 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 niestety kiedy chcę otworzyć aplikację pokazuje sie komunikat: ostrzeżenie o niebezpieczeństwie i że system Windows zablokował dostęp do tego pliku...nic nie mogę zrobić z tą aplikacją Odnośnik do komentarza
diox Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Zignoruj ostrzeżenie i rób dalej polecenia zadane przez Belfegora. Odnośnik do komentarza
aneciok12345 Opublikowano 21 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 nie mogę go zignorować....jedyną opcją jest OK po czym mnie wyrzuca i nie mogę nic zrobić Odnośnik do komentarza
Anonim8 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Wykonaj logi z OTL i GMER https://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1 Odnośnik do komentarza
aneciok12345 Opublikowano 21 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 OTL logfile created on: 2013-01-21 12:37:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marek\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 56,13% Memory free 7,89 Gb Paging File | 5,76 Gb Available in Paging File | 73,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 359,16 Gb Free Space | 85,15% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 25,76 Gb Free Space | 88,86% Space Free | Partition Type: NTFS Computer Name: MAREK-KOMPUTER | User Name: Marek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-01-21 12:35:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marek\Downloads\OTL.exe PRC - [2013-01-19 09:56:33 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013-01-14 19:38:06 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe PRC - [2012-11-28 16:04:05 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012-11-28 16:04:05 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012-11-05 13:25:39 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe PRC - [2012-11-05 13:25:39 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe PRC - [2012-10-30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-06-28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2012-01-10 19:47:33 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011-06-15 12:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE PRC - [2011-02-18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-02-18 09:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011-01-29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010-12-14 19:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010-05-08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010-05-08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2006-12-23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006-12-23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe ========== Modules (No Company Name) ========== MOD - [2013-01-15 15:26:22 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7b0ad24d45e2a3f5f54f5f71748d8545\IAStorUtil.ni.dll MOD - [2013-01-15 15:26:22 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8c4058d017d39a61458f635112f4e394\IAStorCommon.ni.dll MOD - [2013-01-15 12:49:52 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013-01-15 12:49:18 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013-01-15 12:49:09 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013-01-15 12:48:46 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013-01-15 12:48:38 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013-01-15 12:48:35 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013-01-15 12:48:32 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013-01-15 12:48:18 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012-11-28 16:04:05 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012-11-28 16:04:05 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll MOD - [2012-11-28 16:04:05 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll MOD - [2012-01-10 19:47:33 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2012-01-10 10:53:50 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010-11-13 03:03:49 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-08-20 04:08:20 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp331.ax ========== Services (SafeList) ========== SRV:64bit: - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011-11-02 04:01:19 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010-12-14 19:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-01-14 19:38:08 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-11-28 16:04:05 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012-11-05 13:25:39 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2012-10-19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-10-01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011-02-18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010-05-08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-11-28 16:04:05 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012-10-15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012-06-04 13:42:44 | 000,071,680 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser) DRV:64bit: - [2012-06-04 13:42:44 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm) DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012-01-10 19:57:31 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2012-01-10 19:57:29 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2012-01-10 19:54:57 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2012-01-10 19:54:57 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2011-11-02 05:53:45 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011-11-02 03:24:06 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011-10-01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011-10-01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011-10-01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011-10-01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011-09-29 04:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-09-29 04:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-06-15 04:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs) DRV:64bit: - [2011-04-08 02:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011-03-26 00:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011-03-25 11:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011-03-10 10:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011-02-18 09:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011-01-29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010-12-15 04:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010-12-15 04:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010-12-15 04:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010-12-15 04:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010-12-15 04:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010-11-24 12:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-10-21 07:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010-10-20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-10-14 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010-09-30 09:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010-08-16 10:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt) DRV:64bit: - [2010-05-22 14:49:30 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010-04-30 16:53:10 | 000,252,928 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010-03-25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010-03-20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2009-07-21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{08472CD8-C904-4928-A35C-FD223F73F9FC}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{1731CEB5-A36C-4791-9F3D-D629D4900D4B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_plPL508 IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_plPL508PL509 IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={99C61A1A-2D39-4785-8D7C-5FFB027EDE05}&mid=a581d11818a747d09834b56e7123d74e-8e42cb82703438332533b159e47bf0cee9366e59&lang=pl&ds=xn011&pr=sa&d=2012-11-28 16:04:10&v=13.2.0.4&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012-11-30 15:09:20 | 000,000,000 | ---D | M] [2012-11-04 21:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marek\AppData\Roaming\mozilla\Firefox\extensions [2012-11-04 21:09:30 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Marek\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} ========== Chrome ========== CHR - homepage: http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Marek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: uTorrentControl_v2 = C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.18.20_0\ CHR - Extension: avast! WebRep = C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Skype Click to Call = C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: AVG Secure Search = C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: AVG Secure Search = C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not found O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ALLYouTubeDownloader) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~2\ALLYOU~1\ALLYOU~1.DLL (ALLCinema Ltd.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not found O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-736246588-2598391611-2892298584-1001..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe (ALLCinema) O4 - HKU\S-1-5-21-736246588-2598391611-2892298584-1001..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..Trusted Domains: sidebar.exe ([]* in Lokalny intranet) O15 - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..Trusted Domains: sidebar.exe ([]https in Zaufane witryny) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01819651-0089-4508-B166-6F6DCB0B4268}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14481D7D-6151-4E0A-8A6C-8A7EB3EBBF60}: NameServer = 89.108.202.20 89.108.195.20 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7843d4e4-45fa-11e2-bb69-642737c73ebd}\Shell - "" = AutoRun O33 - MountPoints2\{7843d4e4-45fa-11e2-bb69-642737c73ebd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{7843d4fc-45fa-11e2-bb69-642737c73ebd}\Shell - "" = AutoRun O33 - MountPoints2\{7843d4fc-45fa-11e2-bb69-642737c73ebd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-01-20 19:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013-01-20 19:48:15 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2013-01-20 19:48:13 | 000,059,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2013-01-20 19:48:12 | 000,984,144 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013-01-20 19:48:12 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2013-01-20 19:47:47 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2013-01-20 19:47:46 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2013-01-19 12:01:21 | 000,370,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2013-01-19 12:01:17 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2013-01-19 10:13:59 | 000,000,000 | R--D | C] -- C:\Users\Marek\Desktop\zdjęcia [2013-01-18 15:43:26 | 000,071,680 | ---- | C] (Silicon Laboratories) -- C:\windows\SysNative\drivers\silabser.sys [2013-01-18 15:43:26 | 000,027,336 | ---- | C] (Silicon Laboratories) -- C:\windows\SysNative\drivers\silabenm.sys [2013-01-18 15:43:26 | 000,000,000 | ---D | C] -- C:\SiLabs [2013-01-18 13:45:30 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2013-01-18 13:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013-01-18 13:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013-01-18 08:43:45 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WdfCoinstaller01005.dll [2013-01-18 08:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silabs [2013-01-18 08:43:12 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Silabs [2013-01-15 09:40:59 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013-01-15 09:40:59 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013-01-15 09:40:35 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013-01-15 09:40:33 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013-01-15 09:40:24 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013-01-15 09:40:24 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013-01-15 09:40:24 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013-01-15 09:40:24 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013-01-15 09:40:24 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013-01-15 09:40:24 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013-01-15 09:40:23 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013-01-15 09:40:23 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013-01-15 09:40:23 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013-01-15 09:40:23 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013-01-15 09:40:23 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013-01-15 09:40:23 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013-01-15 09:40:23 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013-01-15 09:40:23 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013-01-15 09:40:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013-01-15 09:40:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013-01-15 09:40:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013-01-15 09:40:23 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013-01-15 09:40:23 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013-01-15 09:40:22 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013-01-15 09:40:22 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013-01-15 09:40:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013-01-15 09:40:22 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013-01-15 09:40:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013-01-15 09:40:20 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013-01-15 09:40:20 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013-01-15 09:40:20 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013-01-15 09:40:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013-01-15 09:40:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013-01-15 09:40:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013-01-15 09:40:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013-01-15 09:40:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013-01-15 09:39:32 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013-01-15 09:39:30 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013-01-15 09:39:30 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013-01-15 09:39:30 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013-01-15 09:39:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013-01-15 09:39:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013-01-15 09:39:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013-01-15 09:39:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013-01-15 09:39:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013-01-15 09:39:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013-01-15 09:39:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013-01-15 09:39:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013-01-15 09:39:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013-01-15 09:39:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013-01-15 09:39:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013-01-15 09:39:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013-01-15 09:39:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013-01-15 09:39:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013-01-15 09:39:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013-01-15 09:39:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013-01-15 09:39:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013-01-15 09:39:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013-01-15 09:39:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013-01-15 09:39:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013-01-15 09:39:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013-01-15 09:39:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013-01-15 09:39:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-01-15 09:39:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013-01-15 09:39:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013-01-15 09:39:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013-01-15 09:39:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013-01-15 09:39:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013-01-15 09:39:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013-01-15 09:39:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013-01-15 09:39:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013-01-15 09:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013-01-15 09:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013-01-15 09:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013-01-15 09:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013-01-15 09:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013-01-15 09:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013-01-15 09:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013-01-15 09:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013-01-15 09:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013-01-15 09:39:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013-01-15 09:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013-01-15 09:39:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013-01-15 09:39:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013-01-15 09:39:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013-01-15 09:39:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013-01-15 09:39:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013-01-15 09:39:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013-01-15 09:39:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013-01-15 09:39:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-01-15 09:39:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013-01-15 09:39:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013-01-15 09:39:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013-01-15 09:38:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2012-12-31 14:36:33 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Local\{B8FC948A-17AC-4246-8205-A59A6ADB7C56} [2012-12-28 17:56:17 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012-12-28 17:56:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012-12-26 16:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative [2012-12-26 16:21:28 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\windows\SysWow64\pncrt.dll [2012-12-26 16:21:28 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll [2012-12-26 16:21:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll [2012-12-26 16:21:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll [2012-12-26 16:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Alternative [2012-12-26 16:21:27 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Roaming\Real [2012-12-26 16:21:27 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Local\Real [2012-12-26 16:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Real ========== Files - Modified Within 30 Days ========== [2013-01-21 12:35:00 | 000,000,930 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013-01-21 11:55:00 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013-01-21 11:09:39 | 001,551,208 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013-01-21 11:09:39 | 000,698,368 | ---- | M] () -- C:\windows\SysNative\perfh015.dat [2013-01-21 11:09:39 | 000,616,464 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013-01-21 11:09:39 | 000,135,188 | ---- | M] () -- C:\windows\SysNative\perfc015.dat [2013-01-21 11:09:39 | 000,106,586 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013-01-21 11:06:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013-01-21 09:12:39 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-21 09:12:39 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-21 09:11:34 | 000,002,782 | ---- | M] () -- C:\Users\Marek\Desktop\fix.reg [2013-01-21 09:06:00 | 000,349,295 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013-01-21 09:05:35 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013-01-21 09:04:55 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys [2013-01-20 19:48:17 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013-01-20 19:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013-01-19 11:15:32 | 102,315,992 | ---- | M] () -- C:\Users\Marek\Desktop\avast_free_antivirus_setup.exe [2013-01-18 15:47:59 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf [2013-01-18 08:48:28 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_silabser_01005.Wdf [2013-01-15 12:47:13 | 000,290,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013-01-14 19:38:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013-01-14 19:38:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012-12-25 08:54:06 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ========== Files Created - No Company Name ========== [2013-01-21 09:11:34 | 000,002,782 | ---- | C] () -- C:\Users\Marek\Desktop\fix.reg [2013-01-20 19:48:17 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013-01-19 11:02:56 | 102,315,992 | ---- | C] () -- C:\Users\Marek\Desktop\avast_free_antivirus_setup.exe [2013-01-18 15:47:59 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf [2013-01-18 13:45:30 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2013-01-18 08:48:28 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_silabser_01005.Wdf [2012-12-28 17:56:18 | 000,000,930 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012-12-25 08:54:06 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-11-05 13:26:29 | 000,151,552 | ---- | C] () -- C:\windows\KMService.exe [2012-11-05 13:26:29 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe [2012-11-04 21:30:55 | 001,549,394 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012-11-04 16:54:30 | 000,644,608 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2012-11-04 16:54:30 | 000,258,048 | ---- | C] () -- C:\windows\SysWow64\libFLAC.dll [2012-01-10 20:04:12 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin [2012-01-10 20:04:12 | 000,000,512 | ---- | C] () -- C:\windows\current.bin [2012-01-10 19:47:36 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2012-01-10 19:47:36 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2012-01-10 19:47:36 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2012-01-10 19:47:36 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2012-01-10 19:47:31 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2012-01-10 19:38:33 | 000,001,803 | ---- | C] () -- C:\windows\vm331Rmv.ini [2012-01-10 19:38:33 | 000,001,803 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini [2012-01-10 19:33:23 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2012-01-10 19:24:11 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012-01-10 19:20:39 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2012-01-10 19:19:26 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012-01-10 19:15:57 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012-01-10 19:15:56 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012-01-10 19:15:54 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011-11-01 22:57:32 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012-11-16 12:10:10 | 000,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Gadu-Gadu 10 [2012-11-23 18:34:48 | 000,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\ipla [2012-12-05 18:52:39 | 000,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Navigator [2012-11-04 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\OpenCandy [2012-11-16 10:07:53 | 000,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\OpenFM [2013-01-18 18:46:32 | 000,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\SoftGrid Client [2012-11-04 21:31:39 | 000,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\TP [2012-11-04 17:27:02 | 000,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\TuneUp Software [2012-12-23 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > OTL Extras logfile created on: 2013-01-21 12:37:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marek\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,95 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 56,13% Memory free 7,89 Gb Paging File | 5,76 Gb Available in Paging File | 73,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 359,16 Gb Free Space | 85,15% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 25,76 Gb Free Space | 88,86% Space Free | Partition Type: NTFS Computer Name: MAREK-KOMPUTER | User Name: Marek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2A07E46C-4A98-448E-A349-D90D9C94AFAC}" = lport=445 | protocol=6 | dir=in | app=system | "{389AA2FC-18E4-460C-9076-85A6831D4CDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4072DD98-EA1C-4D83-8307-D24930E4E329}" = rport=138 | protocol=17 | dir=out | app=system | "{496F15EE-9D27-4756-B79D-0BD4FF87720B}" = rport=139 | protocol=6 | dir=out | app=system | "{652E2ECD-BBA4-4346-B9B1-35BCAB15DD10}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B9BD13D-3B44-4ACA-BFDE-C1F12EC58FEF}" = rport=137 | protocol=17 | dir=out | app=system | "{6D54B1AA-8AAB-4A26-B21C-9E3ACCCD3E7A}" = lport=10243 | protocol=6 | dir=in | app=system | "{6DC5A870-FC36-4B9E-808E-C2787FB84395}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6DD3D781-234B-40DB-B10D-1F4E38DF8915}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{73D82D3C-A22C-486E-BCBB-13BF51BF5D04}" = lport=137 | protocol=17 | dir=in | app=system | "{81735A16-C57E-43C5-8694-1375665043DB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{837B7AAB-CFBE-4E17-A7CE-AC534B659A57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8453DF86-8684-4D69-BED1-8219A37A769D}" = lport=2869 | protocol=6 | dir=in | app=system | "{87FFF1CC-8D32-48D3-9715-0C40729B6883}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8B51029D-B21E-436D-AE91-5DB99DB95907}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{99D131FA-309F-47FF-9C7A-D0B8312E6DAE}" = rport=445 | protocol=6 | dir=out | app=system | "{9ACBBD0F-4D6D-45D5-B57B-65F4B3F21732}" = lport=139 | protocol=6 | dir=in | app=system | "{A30BCFC0-2121-4A17-AA4B-F6EBFD2AD151}" = lport=138 | protocol=17 | dir=in | app=system | "{ADDB8007-BD2B-4548-8C5D-5F69CE490AAA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AE9D8228-4722-4156-B0E1-EF1EE4442086}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF1FF4C9-106F-4FDE-AA4A-6E6C27BDEB54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D24F060E-2715-4C4A-A3CF-6C3A0690239F}" = rport=10243 | protocol=6 | dir=out | app=system | "{E7B1C25A-6DA8-49CE-9E5D-778557F357AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F491D7FE-6B74-463F-A62A-AAB5EB2BA37B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F649EC2E-D5D2-402F-A504-34A6B8FB9C3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04358BEE-F741-4A32-A277-202C9E36463E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{06E5C17B-16D0-4EC8-9FE2-838ABDC4989C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0DCFC794-676A-42FF-8C66-FA1C3585DF7F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0FB18B52-B73A-4DE3-A059-3968CCD3BE8B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{1326E718-A1ED-4F8D-8E76-5CC44935B094}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2C26E600-4E44-4A3B-A7E1-672500A235EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2F987ECF-F9B3-40AD-AB2E-5E1D01FA8E3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{324C8BC0-9F13-478E-A6E1-F2FE48EC643B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{38ADA655-BDE9-48F3-98DF-A8E4F63ADAEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{471D09E2-71E6-426C-8EF9-A08823200E5E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{50C8834F-A3B0-4E13-A203-F84CC054BD22}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5121D0FA-B3FA-433A-8373-1285EB4EFBE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5EF80405-12C4-4CAA-886F-EDA18F180FEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6014423A-B068-4ADE-B16D-7C96C8AB8A59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{740C5353-87A7-4640-80AD-54834790550C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{75EFAC33-91E9-487A-90FF-42367737ADF6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{875A3F96-6C74-45CB-A589-F07BED10AA5F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8A554264-E6C9-4281-A8C5-CF8F42658DF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B6B9035-303C-4AB6-BDA2-764D3A046001}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9461461A-B178-4BFD-AD8C-AD8A63ADD669}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{98F8FC0D-D674-47B8-924A-94C07448D679}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{ACE9CEAB-53D6-4E53-BB26-7713E6B4D2B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AD1E7C5E-F3AB-472D-A385-D2D526B78C3D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B7B6B7C7-562A-4F83-B96C-77EDB1D8D1C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{CFE398CF-2E01-43CC-BBFC-75FC1BCA6232}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D662C6E4-C023-4F84-86A9-4FF7CB97202D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FDBDD4DC-5FC8-458F-BC9D-504DCE57FE09}" = protocol=6 | dir=out | app=system | "TCP Query User{607EE41D-C8D5-48FF-8720-B45EA7236369}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{654A1BA7-0B36-4291-9C28-9B402B0C13A0}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | "TCP Query User{CB55C58F-03C7-4C00-84C7-59859E6306F1}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | "TCP Query User{F2D4D401-25D4-4399-B210-E32D41904E63}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | "UDP Query User{038BCA74-86C7-48DE-BDA0-18B5E0615922}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | "UDP Query User{6BEF9C69-8BCC-430C-B51F-40D4867FCCAE}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | "UDP Query User{6DEE90F4-243A-49A0-B4EB-7B4F4B634FFD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{F4A0576F-E427-43D5-8C59-94B68263D570}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1BD5AAA8-26CE-D799-83B3-EABFEB6BED5D}" = ccc-utility64 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{31CC4F72-FF2D-EBC2-54D9-2A6D1963B0F6}" = WMV9/VC-1 Video Playback "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E52008D-8FAA-1500-3643-A08AFA29942E}" = ATI Catalyst Install Manager "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "ATI Uninstaller" = ATI Uninstaller "CNXT_AUDIO_HDA" = Conexant HD Audio "EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) "Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{067CFF71-695E-5F28-7D90-8A92B5F61885}" = CCC Help Chinese Traditional "{09D2C7C0-03EB-0F81-2483-0886FE5943A1}" = CCC Help Dutch "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{13097B97-5C84-5824-5FB8-F1E62227E28C}" = CCC Help Norwegian "{164E05D3-4D05-7470-DDA6-AE112FFF1DEA}" = CCC Help English "{17CADFFE-31AF-48F0-1E47-F8A2CD2EE6DB}" = CCC Help German "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CC6AD9D-2202-481A-32AC-45570AA69554}" = CCC Help Turkish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{229E6F7D-0FDC-A8A4-E1DF-E83BBBE27726}" = CCC Help Hungarian "{22CDE016-1579-17D9-4BB7-E01CBAFB9B22}" = CCC Help Greek "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3B4F7DB3-E92A-2402-3345-2E2CE0546D84}" = CCC Help Portuguese "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4617A4F6-4E7C-34C0-DFA9-F414BAAD196E}" = Catalyst Control Center InstallProxy "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{659B6305-01B7-3393-4F07-590A996754AE}" = Catalyst Control Center Profiles Mobile "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{689D3FDD-5ACA-C48E-5D3F-221702A00436}" = CCC Help Polish "{68C70AD0-D958-46C5-9A48-EA7139186065}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_2 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_2) "{6AF21B1C-7F23-F2E1-CD11-93FF2CA0E138}" = Catalyst Control Center Localization All "{6D6E266B-6126-4164-AB4D-3695FD7263D5}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_3 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_3) "{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C982AC-A6D5-2B6D-E5CD-8C4A961D912B}" = CCC Help Spanish "{77E5C17D-9EF4-E07F-81BC-100AF9979953}" = CCC Help Japanese "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{88D66DC6-1B8B-D287-BBF9-C9D8A49BA82D}" = CCC Help Korean "{89A8D389-ED19-D81E-A214-217748BE753F}" = PX Profile Update "{8B55A173-D141-489D-B179-14CADD01F020}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 "{8B79BE84-5FAE-B7AA-667E-D89B4D966A5E}" = CCC Help Czech "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{938C3CBC-6BCF-AA99-9849-67C83D394F0F}" = CCC Help Italian "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A307FB9E-8B2A-7493-8408-DE7F5A823B24}" = CCC Help Finnish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAB93551-3FFE-42B2-8315-96252BBC1045}" = Nero 7 Essentials "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Polish "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B1766E2F-79F7-86F9-54D6-E6AB837302D5}" = CCC Help Swedish "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6F38B0B-CBF4-A39D-4C8C-23033A5E71F8}" = CCC Help Danish "{B84C2D45-CC8D-0DE1-233A-28EC05E9EBE3}" = CCC Help French "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C3123C68-1207-B19E-9F5F-7D6DDA7F40CA}" = Catalyst Control Center "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D80E2B07-A6EF-049D-24E4-8EEEEDCB375A}" = CCC Help Russian "{DA0D8CFC-7D96-3DF3-1869-744510633148}" = CCC Help Thai "{DC19A9FD-0B2A-2BEA-A4EB-D4FBBD180930}" = CCC Help Chinese Standard "{DDAD6F85-C4AD-46B2-23B5-D5A126424F1E}" = Catalyst Control Center Graphics Previews Common "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Podręcznik użytkownika "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1" = ALLMediaServer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALL YouTube Downloader_is1" = ALL YouTube Downloader "ALLPlayer_is1" = ALLPlayer V5.X "Ares" = Ares 2.1.9 "avast" = avast! Free Antivirus "AVG Secure Search" = AVG Security Toolbar "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "ipla" = ipla 2.4 "NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151) "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "PCNavigator10_is1" = PC Navigator 10 10.0.49-2 "PLAY ONLINE" = PLAY ONLINE "RealAlt_is1" = Real Alternative 1.9.0 Lite "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) "Time Stopper3.00" = Time Stopper "uTorrent" = µTorrent "VeriFace" = VeriFace "Winamp" = Winamp "WinLiveSuite" = Podstawowe programy Windows Live ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-736246588-2598391611-2892298584-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Detektor Winampa ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-01-18 10:57:45 | Computer Name = Marek-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Mini GPS viewer_PC.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x45e7db33 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000003 Identyfikator procesu powodującego błąd: 0x16b8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdf58c20ad04c7 Ścieżka aplikacji powodującej błąd: F:\Mini GPS Viewer\Mini GPS viewer_PC\Mini GPS viewer_PC.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 6a66870b-617f-11e2-9396-642737c73ebd Error - 2013-01-18 11:09:44 | Computer Name = Marek-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Mini GPS viewer_PC.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x45e7db33 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000006 Identyfikator procesu powodującego błąd: 0x139c Godzina uruchomienia aplikacji powodującej błąd: 0x01cdf58dcc840024 Ścieżka aplikacji powodującej błąd: F:\Mini GPS Viewer\Mini GPS viewer_PC\Mini GPS viewer_PC.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 16e1c15b-6181-11e2-9396-642737c73ebd Error - 2013-01-18 11:10:27 | Computer Name = Marek-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Mini GPS viewer_PC.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x45e7db33 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000006 Identyfikator procesu powodującego błąd: 0xc1c Godzina uruchomienia aplikacji powodującej błąd: 0x01cdf58de2a08870 Ścieżka aplikacji powodującej błąd: F:\Mini GPS Viewer\Mini GPS viewer_PC\Mini GPS viewer_PC.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 30905a0f-6181-11e2-9396-642737c73ebd Error - 2013-01-18 13:46:36 | Computer Name = Marek-Komputer | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 2013-01-18 13:46:36 | Computer Name = Marek-Komputer | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 2013-01-18 13:46:36 | Computer Name = Marek-Komputer | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 2013-01-18 13:46:36 | Computer Name = Marek-Komputer | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 2013-01-18 13:46:36 | Computer Name = Marek-Komputer | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 2013-01-18 13:46:36 | Computer Name = Marek-Komputer | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 2013-01-18 13:46:36 | Computer Name = Marek-Komputer | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC [ System Events ] Error - 2012-12-24 08:05:39 | Computer Name = Marek-Komputer | Source = DCOM | ID = 10010 Description = Error - 2012-12-24 08:05:47 | Computer Name = Marek-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Windows Update zakończyła działanie; wystąpił następujący błąd: %%-2147467243 Error - 2012-12-24 09:10:19 | Computer Name = Marek-Komputer | Source = DCOM | ID = 10010 Description = Error - 2012-12-24 15:50:12 | Computer Name = Marek-Komputer | Source = DCOM | ID = 10010 Description = Error - 2012-12-24 17:01:58 | Computer Name = Marek-Komputer | Source = DCOM | ID = 10010 Description = Error - 2012-12-25 04:39:40 | Computer Name = Marek-Komputer | Source = DCOM | ID = 10010 Description = Error - 2012-12-25 14:47:36 | Computer Name = Marek-Komputer | Source = DCOM | ID = 10010 Description = Error - 2012-12-26 06:22:08 | Computer Name = Marek-Komputer | Source = DCOM | ID = 10010 Description = Error - 2012-12-26 06:52:46 | Computer Name = Marek-Komputer | Source = DCOM | ID = 10010 Description = Error - 2012-12-26 08:00:19 | Computer Name = Marek-Komputer | Source = DCOM | ID = 10010 Description = < End of report > A tego GMER nie mogę znaleźć Odnośnik do komentarza
diox Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Nie możesz znaleźć linku? GMER: https://www.fixitpc.pl/topic/60-diagnostyka-infekcje-typu-rootkit/page__p__318?do=findComment&comment=318 . Odnośnik do komentarza
diox Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Link: https://www.fixitpc.pl/topic/60-diagnostyka-infekcje-typu-rootkit/page__p__318?do=findComment&comment=318 . Odnośnik do komentarza
Anonim8 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Dobra już zostaw tego GMERA. Odinstalowałaś McAfee a w jego miejsce wszedł Avast. Niepotrzebnie, przynajmniej do czasu rozwiązania problemu. Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej: :OTL IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found IE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-11-28 16:04:10&v=13.2.0.4&sap=dsp&q={searchTerms} O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not found O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not found :Files C:\Users\Marek\AppData\Roaming\OpenCandy :Commands [emptytem] Kliknij w Wykonaj skrypt 2. Z panelu Programów odinstaluj Avasta i AVG Secure Search" = AVG Security Toolbar 3. Ponów operację z MiniReg Tool Odnośnik do komentarza
aneciok12345 Opublikowano 21 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Error: Unable to interpret <:OTLIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value foundIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-11-28 16:04:10&v=13.2.0.4&sap=dsp&q={searchTerms}O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not foundO2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not found:FilesC:\Users\Marek\AppData\Roaming\OpenCandy:Commands[emptytem]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 01212013_133543 wynik skryptu Odnośnik do komentarza
Anonim8 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 sorki > moja wina > zmien linijkę końcową skryptu na :Commands [emptytemp] i powtórz Odnośnik do komentarza
aneciok12345 Opublikowano 21 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Error: Unable to interpret <:OTLIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value foundIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-11-28 16:04:10&v=13.2.0.4&sap=dsp&q={searchTerms}O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not foundO2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not found:FilesC:\Users\Marek\AppData\Roaming\OpenCandy:OTLIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value foundIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-11-28 16:04:10&v=13.2.> in the current context! Error: Unable to interpret <0.4&sap=dsp&q={searchTerms}O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not foundO2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not found:FilesC:\Users\Marek\AppData\Roaming\OpenCandy> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 01212013_135803 ale nadal nie mogę uruchomić MiniReg Tool cały czas ten sam problem Odnośnik do komentarza
Anonim8 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Odinstalowałaś Avasta? Odnośnik do komentarza
aneciok12345 Opublikowano 21 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Tak. Avast odinstalowany Odnośnik do komentarza
Anonim8 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Czy wykonałaś skrypt po deinstalacji Avasta czy przed? Wykonaj nowy skan OTL i przedstaw wyniki. Czy na tym lapku pracujesz jedynie Ty czy ktoś inny jest szefem? Odnośnik do komentarza
picasso Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 aneciok12345 Pierwszy post: zły log z SystemLook, przecież nie ma komendy :reg eksportującej klucze. Dlatego jest "Invalid Context". Dodaj dane co i gdzie. Czyli w SystemLook x64 masz wkleić to: :reg HKEY_CLASSES_ROOT\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{34a13fc7-86ab-42e6-a32c-b50666f04ff9}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{34a13fc7-86ab-42e6-a32c-b50666f04ff9}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32 Belfegor Post numer 2 = FIX.REG się przecież nie wykona od ręki. Te klucze nie mają uprawnień. . Odnośnik do komentarza
aneciok12345 Opublikowano 21 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 przeważnie ja na nim pracuje, ale od czasu do czasu mój chłopak szuka jakiś informacji. Skan już się robi. A skrypt był robiony przed deinstalacją Avast. Wszystko robię w takiej kolejności jak piszesz Odnośnik do komentarza
Anonim8 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 Belfegor Post numer 2 = FIX.REG się przecież nie wykona od ręki. Te klucze nie mają uprawnień. Wykona się po zastosowaniu MiniRegTool i dobrze o tym wiesz. Przestań mnie opier ć jak psy dziada w ciasnej ulicy. To że autorka nie wkleja dokładnie skryptu nie jest moją winą. pozdro, szacun Odnośnik do komentarza
picasso Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 No ale ja mówię o poście dwa. MiniRegTool to jest dopiero w poście 4, nie ma też o tym wzmianki w temacie do którego było odwołanie. Co do słowa na "o...". Nie widzę powodu, by nie zwrócić uwagi. To nie jest pierwszy raz, gdy próbujesz importować fIX.REG do tych kluczy bez uprzedniej rekonfiguracji uprawnień. . Odnośnik do komentarza
aneciok12345 Opublikowano 21 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 wkleiłam w Look to co napisali Administratorzy i wyszło takie coś: SystemLook 30.07.11 by jpshortstuff Log created at 14:30 on 21/01/2013 by Marek Administrator - Elevation successful ========== reg ========== [HKEY_CLASSES_ROOT\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32] @="C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{34a13fc7-86ab-42e6-a32c-b50666f04ff9}\InprocServer32] @="C:\Windows\System32\jscript9.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32] @="C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32] @="C:\Windows\system32\vbscript.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32] @="C:\Windows\system32\vbscript.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InprocServer32] @="C:\Windows\System32\jscript.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32] @="C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32] @="C:\Windows\System32\jscript.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32] @="C:\Windows\System32\jscript.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32] @="C:\windows\SysWow64\jscript9.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{34a13fc7-86ab-42e6-a32c-b50666f04ff9}\InprocServer32] @="C:\Windows\SysWOW64\jscript9.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32] @="C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32] @="C:\Windows\SysWOW64\vbscript.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32] @="C:\Windows\SysWOW64\vbscript.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InProcServer32] @="C:\windows\SysWow64\jscript.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32] @="C:\windows\SysWow64\jscript.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32] @="C:\windows\SysWow64\jscript.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InProcServer32] @="C:\windows\SysWow64\jscript.dll" "ThreadingModel"="Both" -= EOF =- . Error: Unable to interpret <:OTLIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value foundIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-11-28 16:04:10&v=13.2.0.4&sap=dsp&q={searchTerms}O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not foundO2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not found:FilesC:\Users\Marek\AppData\Roaming\OpenCandy:OTLIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value foundIE - HKU\S-1-5-21-736246588-2598391611-2892298584-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-11-28 16:04:10&v=13.2.> in the current context! Error: Unable to interpret <0.4&sap=dsp&q={searchTerms}O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not foundO2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121105162026.dll File not found:FilesC:\Users\Marek\AppData\Roaming\OpenCandy> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 01212013_135803 OTL.Txt Odnośnik do komentarza
picasso Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 1. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej po kolei te komendy: regsvr32 jscript9.dll regsvr32 vbscript.dll regsvr32 jscript.dll C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\vbscript.dll Reset systemu. 2. Nowy skan SystemLook na warunki: :reg HKEY_CLASSES_ROOT\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 HKEY_CLASSES_ROOT\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InProcServer32 aneciok12345 i proszę używaj opcję Załączniki do doczepiania długich logów i nie twórz posta pod postem, gdy nikt jeszcze nie odpisał. . Odnośnik do komentarza
Anonim8 Opublikowano 21 Stycznia 2013 Zgłoś Udostępnij Opublikowano 21 Stycznia 2013 To nie jest pierwszy raz, gdy próbujesz importować fIX.REG do tych kluczy bez uprzedniej rekonfiguracji uprawnień. Dlatego zadałem MiniRegTool - przestań być taka dokładna. Jest masa przykładów na forum gdzie popełniłaś błedy. Importuje takie pliki reg do swojego systemu na żywca bo przydzieliłem uprawnienia. Nie odsyłałem do twojego tutka bo uzanłem, że tak będzie łatwiej w tym przypadku. wykończ te gadżety, bo w Chęcinach kiepska pogoda Odnośnik do komentarza
Rekomendowane odpowiedzi