Błąd "zły obraz"

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
rbrt1991

Użytkownik
Posty: 4
Rejestracja: 17 wrz 2013, 10:41

Błąd "zły obraz"

Post17 wrz 2013, 11:00

Cześć, mam następujący problem:
podczas uruchamiania każdego programu komputerowego, wyskakuje mi błąd "zły obraz" Obrazek
Programy uruchamiają się normalnie, jedynie przed każdym uruchomieniem wyskakuje ten błąd. Nie muszę mówić ile błędów wyskakuje przy uruchamianiu komputera ;)
Windows 7 64 bit
OTL.Txt Dostępne tylko dla zarejestrowanych użytkowników
Extras.Txt Dostępne tylko dla zarejestrowanych użytkowników
help please :)

Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:

Błąd "zły obraz"

Post17 wrz 2013, 22:06

"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"Akamai" = Akamai NetSession Interface
"delta" = Delta toolbar
"FilesFrog Update Checker" = FilesFrog Update Checker
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{5F17164A-FE5F-48B4-916F-56C6C4470D32}" = G Data AntiVirus 2014


Odinstaluj. (UWAGA! Sugeruję pozbyć się G Data tylko ze względu na duże obciążenie komputera - to znakomity antywirus). W przypadku deinstalacji antywirusa, proszę po tej czynności użyć Dostępne tylko dla zarejestrowanych użytkowników.

Logi.


Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&babsrc=SP_def_din2g&affID=121562
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\..\SearchScopes\{41BCEEF5-8EAF-4797-BAE7-38B776101040}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\..\SearchScopes\{69ABAE4C-47BC-4EAD-A2B3-ED08ED617830}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&ctid=ct3135048
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rlz=1I7GGLD_pl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Robert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
O4 - HKLM..\Run: [Onet.pl AutoUpdate] "C:\Program Files (x86)\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexe File not found
O4 - HKU\S-1-5-21-3417662356-3401972834-3553740316-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2013-09-03 10:26:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2013-09-03 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\FilesFrog Update Checker
[2013-04-18 07:08:02 | 001,174,028 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2013-04-08 01:19:40 | 000,024,150 | ---- | C] () -- C:\Users\Robert\.TransferManager.db
[2013-01-15 13:10:06 | 000,000,001 | ---- | C] () -- C:\Users\Robert\AppData\Local\llftool.4.25.agreement
[2012-10-28 15:50:51 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\jEdit
[2012-09-09 10:25:48 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Opera
[2012-12-26 21:21:05 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\AutoUpdate
[2013-09-03 10:28:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BabSolution
[2013-04-07 12:33:16 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Babylon
[2013-04-07 12:33:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Delta
[2012-09-25 20:18:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\IrfanView
[2012-11-02 00:17:11 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\NapiProjekt
[2013-04-07 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\OpenCandy
[2012-09-07 14:01:28 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Opera

:Services
gupdate
gupdatem

:Files
C:\Program Files (x86)\Google\Update
C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

:Commands
[clearallrestorepoints]
[emptytemp]


Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z Dostępne tylko dla zarejestrowanych użytkowników (z opcji Scan, a potem Clean) + nowe logi z OTL.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.

rbrt1991

Użytkownik
Posty: 4
Rejestracja: 17 wrz 2013, 10:41

Błąd "zły obraz"

Post18 wrz 2013, 10:24

dzięki za pomoc!
problem zniknął :)
nie usuwałem antywirusa.
a to logi:


log z usuwania:

Kod: Zaznacz cały

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{41BCEEF5-8EAF-4797-BAE7-38B776101040}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41BCEEF5-8EAF-4797-BAE7-38B776101040}\ not found.
Registry key HKEY_USERS\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{69ABAE4C-47BC-4EAD-A2B3-ED08ED617830}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69ABAE4C-47BC-4EAD-A2B3-ED08ED617830}\ not found.
Registry key HKEY_USERS\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ not found.
File C:\Users\Robert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Onet.pl AutoUpdate deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3417662356-3401972834-3553740316-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&ksportuj do programu Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Wyślij &do programu OneNote\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll deleted successfully.
c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll moved successfully.
Folder C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\ not found.
Folder C:\Users\Robert\AppData\Local\FilesFrog Update Checker\ not found.
C:\Windows\SysWOW64\sig.bin moved successfully.
C:\Users\Robert\.TransferManager.db moved successfully.
C:\Users\Robert\AppData\Local\llftool.4.25.agreement moved successfully.
C:\Users\Gość\AppData\Roaming\jEdit\startup folder moved successfully.
C:\Users\Gość\AppData\Roaming\jEdit\settings-backup folder moved successfully.
C:\Users\Gość\AppData\Roaming\jEdit\modes folder moved successfully.
C:\Users\Gość\AppData\Roaming\jEdit\macros folder moved successfully.
C:\Users\Gość\AppData\Roaming\jEdit\keymaps folder moved successfully.
C:\Users\Gość\AppData\Roaming\jEdit\jars-cache folder moved successfully.
C:\Users\Gość\AppData\Roaming\jEdit\jars folder moved successfully.
C:\Users\Gość\AppData\Roaming\jEdit\DockableWindowManager folder moved successfully.
C:\Users\Gość\AppData\Roaming\jEdit folder moved successfully.
C:\Users\k\AppData\Roaming\Opera\Opera\webserver folder moved successfully.
C:\Users\k\AppData\Roaming\Opera\Opera\styles\user folder moved successfully.
C:\Users\k\AppData\Roaming\Opera\Opera\styles folder moved successfully.
C:\Users\k\AppData\Roaming\Opera\Opera\sessions folder moved successfully.
C:\Users\k\AppData\Roaming\Opera\Opera\pstorage\00\0E folder moved successfully.
C:\Users\k\AppData\Roaming\Opera\Opera\pstorage\00 folder moved successfully.
C:\Users\k\AppData\Roaming\Opera\Opera\pstorage folder moved successfully.
C:\Users\k\AppData\Roaming\Opera\Opera\dictionaries folder moved successfully.
C:\Users\k\AppData\Roaming\Opera\Opera folder moved successfully.
C:\Users\k\AppData\Roaming\Opera folder moved successfully.
C:\Users\Robert\AppData\Roaming\AutoUpdate folder moved successfully.
C:\Users\Robert\AppData\Roaming\BabSolution\Shared folder moved successfully.
C:\Users\Robert\AppData\Roaming\BabSolution folder moved successfully.
C:\Users\Robert\AppData\Roaming\Babylon folder moved successfully.
Folder C:\Users\Robert\AppData\Roaming\Delta\ not found.
C:\Users\Robert\AppData\Roaming\IrfanView folder moved successfully.
C:\Users\Robert\AppData\Roaming\NapiProjekt folder moved successfully.
C:\Users\Robert\AppData\Roaming\OpenCandy\27A517B6C8DF496989130E7910FA3B7C folder moved successfully.
C:\Users\Robert\AppData\Roaming\OpenCandy folder moved successfully.
C:\Users\Robert\AppData\Roaming\Opera\Opera\webserver folder moved successfully.
C:\Users\Robert\AppData\Roaming\Opera\Opera\toolbar folder moved successfully.
C:\Users\Robert\AppData\Roaming\Opera\Opera\styles\user folder moved successfully.
C:\Users\Robert\AppData\Roaming\Opera\Opera\styles folder moved successfully.
C:\Users\Robert\AppData\Roaming\Opera\Opera\sessions folder moved successfully.
C:\Users\Robert\AppData\Roaming\Opera\Opera\dictionaries folder moved successfully.
C:\Users\Robert\AppData\Roaming\Opera\Opera folder moved successfully.
C:\Users\Robert\AppData\Roaming\Opera folder moved successfully.
========== SERVICES/DRIVERS ==========
Error: No service named gupdate was found to stop!
Service\Driver key gupdate not found.
Error: No service named gupdatem was found to stop!
Service\Driver key gupdatem not found.
========== FILES ==========
C:\Program Files (x86)\Google\Update\Install folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96} folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.62 folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D} folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153 folder moved successfully.
C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully.
C:\Program Files (x86)\Google\Update\Download folder moved successfully.
C:\Program Files (x86)\Google\Update\1.3.21.153 folder moved successfully.
C:\Program Files (x86)\Google\Update folder moved successfully.
C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gość
->Temp folder emptied: 327854 bytes
->Temporary Internet Files folder emptied: 26611142 bytes
->Google Chrome cache emptied: 233489288 bytes
 
User: k
->Java cache emptied: 0 bytes
->Opera cache emptied: 908005 bytes
->Flash cache emptied: 996 bytes
 
User: Public
 
User: Robert
->Temp folder emptied: 6359151 bytes
->Temporary Internet Files folder emptied: 64634987 bytes
->Java cache emptied: 4353744 bytes
->Google Chrome cache emptied: 261220622 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1030366 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85396 bytes
RecycleBin emptied: 997977406 bytes
 
Total Files Cleaned = 1 523,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09182013_094837

Files\Folders moved on Reboot...
File\Folder C:\Users\Robert\AppData\Local\Temp\hsperfdata_Robert\2840 not found!
C:\Users\Robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



log z ADWCleaner:

Kod: Zaznacz cały

# AdwCleaner v3.004 - Report created 18/09/2013 at 09:59:32
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Robert - R
# Running from : C:\Users\Robert\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BrowserProtect

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Robert\Qtrax
Folder Deleted : C:\Users\Robert\AppData\Roaming\file scout
Folder Deleted : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
File Deleted : C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
File Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\BrowserProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\a28c8db03cb849
Key Deleted : HKLM\SOFTWARE\a28c8db03cb849
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3966 octets] - [18/09/2013 09:58:38]
AdwCleaner[S0].txt - [3603 octets] - [18/09/2013 09:59:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3663 octets] ##########


no i nowe logi z OTL:
otl.txt

Kod: Zaznacz cały

OTL logfile created on: 2013-09-18 10:04:02 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,87% Memory free
8,00 Gb Paging File | 5,32 Gb Available in Paging File | 66,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 3,65 Gb Free Space | 3,13% Space Free | Partition Type: NTFS
Drive D: | 344,53 Gb Total Space | 122,96 Gb Free Space | 35,69% Space Free | Partition Type: NTFS
 
Computer Name: R | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-09-17 10:34:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL.exe
PRC - [2013-08-24 19:49:56 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-05-25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013-03-22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013-03-22 05:04:17 | 001,444,304 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2013-02-25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013-02-25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2012-09-18 17:55:09 | 001,397,144 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012-09-11 13:40:13 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2012-09-11 13:40:13 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013-08-24 19:49:53 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
MOD - [2013-08-24 19:49:52 | 013,594,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
MOD - [2013-08-24 19:49:51 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
MOD - [2013-08-24 19:49:01 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libglesv2.dll
MOD - [2013-08-24 19:49:00 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libegl.dll
MOD - [2013-08-24 19:48:58 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll
MOD - [2013-03-13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012-11-14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012-08-27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-08-27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-04-24 03:42:48 | 002,556,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2013-03-22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013-02-25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013-02-25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2012-09-11 13:40:13 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013-09-03 10:56:12 | 000,107,128 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:[b]64bit:[/b] - [2013-09-03 10:45:39 | 000,062,808 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:[b]64bit:[/b] - [2013-09-03 10:45:14 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:[b]64bit:[/b] - [2013-09-03 10:45:13 | 000,065,368 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:[b]64bit:[/b] - [2013-09-03 10:45:12 | 000,130,392 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:[b]64bit:[/b] - [2013-09-03 10:45:12 | 000,060,248 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:[b]64bit:[/b] - [2012-12-13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012-07-04 14:48:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:[b]64bit:[/b] - [2012-07-03 12:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:[b]64bit:[/b] - [2012-07-03 12:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:[b]64bit:[/b] - [2012-03-26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2012-03-09 18:15:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012-03-09 18:15:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2012-03-02 17:03:00 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:[b]64bit:[/b] - [2012-03-02 17:03:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:[b]64bit:[/b] - [2012-03-02 17:03:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:[b]64bit:[/b] - [2012-03-02 17:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:[b]64bit:[/b] - [2012-03-02 17:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:[b]64bit:[/b] - [2012-03-02 17:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:[b]64bit:[/b] - [2012-03-02 17:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009-08-12 13:45:30 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-06-06 02:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:[b]64bit:[/b] - [2009-05-01 10:13:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2007-08-09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2005-09-23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-03-12 10:46:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013-03-08 11:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Plants vs Zombies = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [jEdit Server] C:\Program Files\jEdit\jedit.exe (Contributors)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E4EFEF7-AD9D-41F7-BA27-E94783487703}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38372CEC-5105-4B74-BA40-F5D07544CC23}: DhcpNameServer = 217.116.100.100 217.116.104.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3E4106-5AE1-491F-90BD-C47D2411F57E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC3211A9-AB9A-49AE-AF62-2BF95BC1D9D5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCEDB0C3-281A-47DC-B48A-68EED879AA49}: DhcpNameServer = 89.108.202.21 89.108.195.21
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9ba22de0-c48f-11e2-9b94-90e6ba78dd3f}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba22de0-c48f-11e2-9b94-90e6ba78dd3f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{cdf724b5-3957-11e2-91d3-90e6ba78dd3f}\Shell - "" = AutoRun
O33 - MountPoints2\{cdf724b5-3957-11e2-91d3-90e6ba78dd3f}\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013-09-18 09:58:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-09-18 09:48:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-09-18 09:26:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\callan ksiazki
[2013-09-17 11:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013-09-17 11:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-09-17 11:04:42 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013-09-17 11:04:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-09-17 11:04:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-09-17 11:04:32 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-09-17 11:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013-09-17 11:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013-09-16 15:12:44 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\laptop sprzedaz
[2013-09-05 12:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MetaQuotes
[2013-09-05 12:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4 at FOREX.com
[2013-09-05 12:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaTrader 4 at FOREX.com
[2013-09-03 10:56:14 | 000,016,944 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013-09-03 10:56:12 | 000,107,128 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013-09-03 10:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2014
[2013-09-03 10:30:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Programs
[2013-09-03 10:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Odkurzacz
[2013-09-03 10:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Odkurzacz
[2013-09-02 12:51:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft Games
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013-09-18 10:00:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-09-18 10:00:32 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2013-09-18 10:00:00 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-09-18 10:00:00 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-09-17 13:08:44 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-09-17 13:08:44 | 000,687,828 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-09-17 13:08:44 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-09-17 13:08:44 | 000,131,382 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-09-17 13:08:44 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-09-17 11:04:24 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013-09-17 11:04:24 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013-09-17 11:04:24 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013-09-17 11:04:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-09-17 11:04:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-09-17 11:04:24 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-09-17 10:40:37 | 000,047,924 | ---- | M] () -- C:\Users\Robert\Desktop\zły obraz.jpg
[2013-09-16 15:04:10 | 001,925,120 | ---- | M] () -- C:\Users\Robert\Desktop\image_2.jpeg
[2013-09-16 15:04:10 | 001,855,488 | ---- | M] () -- C:\Users\Robert\Desktop\image_3.jpeg
[2013-09-16 15:04:10 | 001,826,816 | ---- | M] () -- C:\Users\Robert\Desktop\image_1.jpeg
[2013-09-16 15:04:10 | 001,773,568 | ---- | M] () -- C:\Users\Robert\Desktop\image_4.jpeg
[2013-09-16 15:04:10 | 001,609,728 | ---- | M] () -- C:\Users\Robert\Desktop\image_5.jpeg
[2013-09-16 15:04:10 | 001,605,632 | ---- | M] () -- C:\Users\Robert\Desktop\image.jpeg
[2013-09-13 12:25:05 | 000,052,284 | ---- | M] () -- C:\Users\Robert\Desktop\funny-buddha-face.JPG
[2013-09-09 10:32:52 | 000,076,201 | ---- | M] () -- C:\Users\Robert\Desktop\zdjęcie (1).JPG
[2013-09-05 12:34:21 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\MetaTrader 4 at FOREX.com.lnk
[2013-09-03 10:56:14 | 000,016,944 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013-09-03 10:56:12 | 000,107,128 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013-09-03 10:45:39 | 000,062,808 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013-09-03 10:45:17 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\G Data AntiVirus 2014.lnk
[2013-09-03 10:45:14 | 000,064,856 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013-09-03 10:45:13 | 000,065,368 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013-09-03 10:45:12 | 000,130,392 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013-09-03 10:45:12 | 000,060,248 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013-09-03 10:29:46 | 000,001,065 | ---- | M] () -- C:\Users\Robert\Desktop\Odkurzacz.lnk
[2013-09-02 10:10:54 | 000,057,937 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-09-17 19:58:46 | 000,136,559 | ---- | C] () -- C:\Users\Robert\Desktop\Callan Book 1 [Stage 1].pdf
[2013-09-17 10:40:37 | 000,047,924 | ---- | C] () -- C:\Users\Robert\Desktop\zły obraz.jpg
[2013-09-16 15:05:26 | 001,925,120 | ---- | C] () -- C:\Users\Robert\Desktop\image_2.jpeg
[2013-09-16 15:05:26 | 001,855,488 | ---- | C] () -- C:\Users\Robert\Desktop\image_3.jpeg
[2013-09-16 15:05:26 | 001,826,816 | ---- | C] () -- C:\Users\Robert\Desktop\image_1.jpeg
[2013-09-16 15:05:26 | 001,773,568 | ---- | C] () -- C:\Users\Robert\Desktop\image_4.jpeg
[2013-09-16 15:05:26 | 001,609,728 | ---- | C] () -- C:\Users\Robert\Desktop\image_5.jpeg
[2013-09-16 15:05:26 | 001,605,632 | ---- | C] () -- C:\Users\Robert\Desktop\image.jpeg
[2013-09-13 12:25:02 | 000,052,284 | ---- | C] () -- C:\Users\Robert\Desktop\funny-buddha-face.JPG
[2013-09-09 10:32:47 | 000,076,201 | ---- | C] () -- C:\Users\Robert\Desktop\zdjęcie (1).JPG
[2013-09-05 12:34:21 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\MetaTrader 4 at FOREX.com.lnk
[2013-09-03 10:45:17 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\G Data AntiVirus 2014.lnk
[2013-09-03 10:29:46 | 000,001,065 | ---- | C] () -- C:\Users\Robert\Desktop\Odkurzacz.lnk
[2013-06-07 21:10:23 | 000,006,144 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-02-05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013-02-05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013-02-05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013-02-05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013-01-15 12:53:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2013-01-15 12:53:03 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2013-01-13 22:26:41 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013-01-13 22:26:41 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012-09-11 13:40:33 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2012-09-11 13:40:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-03-09 18:14:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-03-09 18:14:56 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



Pozdrawiam;)

Logi wklejasz/wrzucasz na:
Dostępne tylko dla zarejestrowanych użytkowników
a na forum podajesz link do nich.
XMan.

Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:

Błąd "zły obraz"

Post18 wrz 2013, 14:07

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)


1. Użyj Dostępne tylko dla zarejestrowanych użytkowników.
2. Uruchom Dostępne tylko dla zarejestrowanych użytkowników i za jego pomocą przesuń plik mdnsNSP.dll z okna Keep do Remove (w linku opis jak to się robi). I restart komputera.
3. Po resecie wywal katalog Bonjour.

ADWCleaner.


Naciśnij w Nim przycisk Uninstall.

Logi.


Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe" File not found
[2013-09-18 09:58:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner

:Commands
[clearallrestorepoints]
[emptytemp]


Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.

rbrt1991

Użytkownik
Posty: 4
Rejestracja: 17 wrz 2013, 10:41

Błąd "zły obraz"

Post18 wrz 2013, 14:48

może to prymitywne, że nie umiem tego zrobić, ale już przy pierwszym kroku nie moge sobie poradzić ze ściągnięciem Turn Off Bonjour. Kiedy na stronie klikam "download", przekierowuje mnie na stronę Dostępne tylko dla zarejestrowanych użytkowników i... nic. o co chodzi?:)

Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:

Błąd "zły obraz"

Post18 wrz 2013, 14:51

rbrt1991 pisze:może to prymitywne, że nie umiem tego zrobić, ale już przy pierwszym kroku nie moge sobie poradzić ze ściągnięciem Turn Off Bonjour. Kiedy na stronie klikam "download", przekierowuje mnie na stronę Dostępne tylko dla zarejestrowanych użytkowników i... nic. o co chodzi?:)


Yhym ;) . Spróbuj Dostępne tylko dla zarejestrowanych użytkowników.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.

Awatar użytkownika
XMan

Globalny Moderator
Posty: 13385
Rejestracja: 30 lis 2008, 00:40

Błąd "zły obraz"

Post18 wrz 2013, 15:49

rbrt1991 pisze:może to prymitywne, że nie umiem tego zrobić, ale już przy pierwszym kroku nie moge sobie poradzić ze ściągnięciem Turn Off Bonjour. Kiedy na stronie klikam "download", przekierowuje mnie na stronę Dostępne tylko dla zarejestrowanych użytkowników i... nic. o co chodzi?:)

Do czego to jest Tobie potrzebne :?:
3. Po resecie wywal katalog Bonjour.

Dostępne tylko dla zarejestrowanych użytkowników
Q. Dlaczego mój system raportów Bonjour jako spyware / malware?

W celu zapewnienia Państwu dokładnych informacji na temat usług w sieci lokalnej, Bonjour musi pracować w sposób ciągły w tle. Niektóre systemy zabezpieczeń nie zostały jeszcze zaktualizowane do uznania Bonjour jako legalnego oprogramowania systemu.


Po zainstalowaniu jeżeli jest koniecznie potrzebny zastosuj się do p/w kroków oraz:
przeskanuj komputer programem Dostępne tylko dla zarejestrowanych użytkowników
Zaktualizuj bazę wirusów.
Pełne skanowanie
(nie instaluj wersji PRO tylko Freeware)
W razie wykrycia infekcji usuń zainfekowane pliki.
Po skanowaniu wrzuć z niego raport na:
Dostępne tylko dla zarejestrowanych użytkowników
Na forum podaj link do niego.
Kto pyta - nie błądzi, kto szuka - znajduje.
Obrazek
Dostępne tylko dla zarejestrowanych użytkowników

rbrt1991

Użytkownik
Posty: 4
Rejestracja: 17 wrz 2013, 10:41

Błąd "zły obraz"

Post18 wrz 2013, 17:33

i znowu mam problem... chcąc uruchomić program LPSfix wyskakuje mi błąd...


Obrazek

Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:

Błąd "zły obraz"

Post18 wrz 2013, 18:55

rbrt1991 pisze:i znowu mam problem... chcąc uruchomić program LPSfix wyskakuje mi błąd...


Obrazek


Program ten ma zostać uruchomiony jako Administrator.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.



  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 9 gości