Skype wirus 2012

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
squid

Użytkownik
Posty: 2
Rejestracja: 30 mar 2012, 19:21

Skype wirus 2012

Post30 mar 2012, 21:44

Witam. Nabawiłem się infekcji wirusa, dokładnie chodzi o to, że skype szaleje, rozsyła wiadomosci z linkami cos na styl FB do moich znajomych, zawiesza sie zaraz po starcie, touchpad nie reaguje, nic nie moge odpalic, czasami sie udalo coś zdziałać. Gdy odpalalem neta witała mnie goła du*a :D nod potrafil skanowac kompa cały dzien i sie zawieszał i tyle.
Pomyslalem, odpalilem combofixa, pousuwał jakis syf i moge korzystac z lapka normalnie. Ale chcialbym zebyscie sprawdzili moj log z OTL czy jeszcze czegos nie ma.

Plik OTL.TXT:

Kod: Zaznacz cały

OTL logfile created on: 2012-03-30 21:33:57 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Power\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,95 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 48,86% Memory free
7,89 Gb Paging File | 5,80 Gb Available in Paging File | 73,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 149,31 Gb Free Space | 22,81% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 2,42 Gb Free Space | 8,35% Space Free | Partition Type: NTFS
Drive H: | 3,74 Gb Total Space | 3,54 Gb Free Space | 94,64% Space Free | Partition Type: FAT32
 
Computer Name: POWER-KOMPUTER | User Name: Power | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-03-30 19:07:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Power\Downloads\OTL.exe
PRC - [2012-03-18 11:10:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-02-15 17:06:51 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-10-19 06:46:22 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-05-12 18:03:10 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2011-01-29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011-01-12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-12-21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-12-21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010-08-12 15:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010-05-18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012-03-18 11:10:42 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-01-07 13:23:43 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011-10-19 06:46:22 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011-02-16 19:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011-02-16 19:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011-05-12 18:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:[b]64bit:[/b] - [2011-05-02 16:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:[b]64bit:[/b] - [2011-05-02 16:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:[b]64bit:[/b] - [2011-05-02 16:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:[b]64bit:[/b] - [2010-09-22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2010-08-12 15:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2010-08-12 15:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-02-15 17:06:51 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-01-12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010-12-21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010-12-21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010-11-16 15:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010-05-18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010-03-18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012-01-06 16:17:55 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2012-01-06 14:50:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011-10-19 06:55:55 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:[b]64bit:[/b] - [2011-10-19 06:55:53 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:[b]64bit:[/b] - [2011-10-19 06:53:42 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:[b]64bit:[/b] - [2011-10-19 06:53:42 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:[b]64bit:[/b] - [2011-10-19 06:44:25 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:[b]64bit:[/b] - [2011-10-19 06:44:25 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:[b]64bit:[/b] - [2011-10-18 21:42:43 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-10-18 21:42:43 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-10-15 10:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:[b]64bit:[/b] - [2011-08-31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011-05-13 02:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:[b]64bit:[/b] - [2011-05-13 02:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:[b]64bit:[/b] - [2011-05-13 02:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2011-05-13 02:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:[b]64bit:[/b] - [2011-05-13 02:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:[b]64bit:[/b] - [2011-05-13 02:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:[b]64bit:[/b] - [2011-05-09 22:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:[b]64bit:[/b] - [2011-05-01 16:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Sterownik karty Intel(R)
DRV:[b]64bit:[/b] - [2011-03-23 16:13:58 | 008,199,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:[b]64bit:[/b] - [2011-03-21 07:42:52 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2011-01-29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:[b]64bit:[/b] - [2011-01-12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010-12-13 05:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:[b]64bit:[/b] - [2010-12-01 07:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-10-20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:[b]64bit:[/b] - [2010-10-15 10:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:[b]64bit:[/b] - [2010-10-09 15:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:[b]64bit:[/b] - [2010-08-31 19:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:[b]64bit:[/b] - [2010-08-07 18:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:[b]64bit:[/b] - [2010-07-29 14:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2010-07-29 14:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:[b]64bit:[/b] - [2010-07-29 14:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2010-07-29 14:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2010-07-29 14:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:[b]64bit:[/b] - [2010-07-27 10:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:[b]64bit:[/b] - [2009-07-21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=24c065c9-3969-11e1-a155-001e690af76d
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{4484FD26-4C09-442F-AC45-63012B60C7BD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
 
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=125
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=24c065c9-3969-11e1-a155-001e690af76d&q={searchTerms}
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\..\SearchScopes\{4484FD26-4C09-442F-AC45-63012B60C7BD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=24c065c9-3969-11e1-a155-001e690af76d&q="
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012-02-13 19:15:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-03-18 11:10:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-02-06 20:44:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-02-13 19:15:47 | 000,000,000 | ---D | M]
 
[2012-01-06 15:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Power\AppData\Roaming\mozilla\Extensions
[2012-02-08 16:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Power\AppData\Roaming\mozilla\Firefox\Profiles\7xfkzx1l.default\extensions
[2012-01-07 21:52:52 | 000,000,792 | ---- | M] () -- C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\7xfkzx1l.default\searchplugins\startsear.xml
[2012-02-02 19:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012-03-18 11:10:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-01-15 12:54:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011-10-03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011-12-09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011-12-21 07:04:32 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2011-12-21 07:04:32 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2011-12-21 07:04:32 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2011-12-21 07:04:32 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2011-12-21 07:04:32 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-12-21 07:04:32 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=24c065c9-3969-11e1-a155-001e690af76d&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Power\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Power\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: vshare plugin = C:\Users\Power\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
 
O1 HOSTS File: ([2012-03-30 19:35:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:[b]64bit:[/b] - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:[b]64bit:[/b] - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [TNOD UP] "C:\Program Files\ESET\ESET Smart Security\TNODUP.exe" /i File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001..\Run: [HW_OPENEYE_OUC_PLAY ONLINE] C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EC4F8E3-F624-42AA-886E-DBD70F0BB122}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4B64B62-E218-4D31-B1F5-5D3E1CC276CE}: NameServer = 89.108.195.21 217.17.34.10
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-03-30 19:35:14 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012-03-30 19:19:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012-03-30 19:19:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012-03-30 19:19:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012-03-30 19:13:48 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012-03-30 19:13:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-29 18:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012-03-27 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Power\AppData\Local\ElevatedDiagnostics
[2012-03-14 23:23:36 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012-03-14 23:23:35 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012-03-14 23:23:34 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012-03-14 13:42:48 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012-03-14 13:42:36 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012-03-14 13:42:35 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012-03-14 13:42:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012-03-14 13:42:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012-03-14 13:42:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012-03-09 21:28:41 | 000,000,000 | ---D | C] -- C:\Users\Power\AppData\Roaming\PLAY ONLINE
[2012-03-09 21:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE
[2012-03-09 21:27:28 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfCoInstaller01007.dll
[2012-03-09 21:27:28 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_juwwanecm.sys
[2012-03-09 21:27:28 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jucdcacm.sys
[2012-03-09 21:27:28 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jubusenum.sys
[2012-03-09 21:27:28 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jucdcecm.sys
[2012-03-09 21:27:28 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_juextctrl.sys
[2012-03-09 21:27:23 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\windows\SysNative\drivers\mod7700.sys
[2012-03-09 21:27:23 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ewusbnet.sys
[2012-03-09 21:27:23 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ewusbmdm.sys
[2012-03-09 21:27:23 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\SysNative\drivers\ewdcsc.sys
[2012-03-09 21:27:23 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_usbenumfilter.sys
[2012-03-09 21:27:16 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_hwusbdev.sys
[2012-03-09 21:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PLAY ONLINE
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012-03-30 21:02:00 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-30 19:35:20 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012-03-30 19:25:59 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-30 19:25:59 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-30 19:24:47 | 001,662,556 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012-03-30 19:24:47 | 000,737,980 | ---- | M] () -- C:\windows\SysNative\perfh015.dat
[2012-03-30 19:24:47 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012-03-30 19:24:47 | 000,154,636 | ---- | M] () -- C:\windows\SysNative\perfc015.dat
[2012-03-30 19:24:47 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012-03-30 19:17:56 | 000,263,664 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012-03-30 19:17:26 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-30 19:17:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012-03-30 19:17:05 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-28 16:27:47 | 000,282,864 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2012-03-28 16:27:47 | 000,282,864 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012-03-28 16:27:37 | 000,280,904 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2012-03-28 15:57:24 | 000,020,757 | ---- | M] () -- C:\Users\Power\Documents\2012-03-28.hrf
[2012-03-25 09:42:50 | 000,020,248 | ---- | M] () -- C:\Users\Power\Documents\2012-03-25.hrf
[2012-03-18 12:10:47 | 000,019,821 | ---- | M] () -- C:\Users\Power\Documents\2012-03-18.hrf
[2012-03-15 07:31:25 | 000,430,792 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012-03-13 14:30:47 | 001,638,694 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012-03-12 22:44:18 | 000,001,122 | ---- | M] () -- C:\Users\Power\Desktop\Cyberlink Power2Go.lnk
[2012-03-09 21:27:42 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\PLAY ONLINE.lnk
[2012-03-09 21:27:30 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012-03-09 08:20:27 | 000,019,833 | ---- | M] () -- C:\Users\Power\Documents\2012-03-09.hrf
[2012-03-04 11:28:00 | 000,019,822 | ---- | M] () -- C:\Users\Power\Documents\2012-03-04.hrf
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-03-30 19:19:27 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012-03-30 19:19:27 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012-03-30 19:19:27 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012-03-30 19:19:27 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012-03-30 19:19:27 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012-03-28 15:57:24 | 000,020,757 | ---- | C] () -- C:\Users\Power\Documents\2012-03-28.hrf
[2012-03-25 09:42:50 | 000,020,248 | ---- | C] () -- C:\Users\Power\Documents\2012-03-25.hrf
[2012-03-18 12:10:47 | 000,019,821 | ---- | C] () -- C:\Users\Power\Documents\2012-03-18.hrf
[2012-03-09 21:27:42 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\PLAY ONLINE.lnk
[2012-03-09 21:27:30 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012-03-09 08:20:27 | 000,019,833 | ---- | C] () -- C:\Users\Power\Documents\2012-03-09.hrf
[2012-03-04 11:28:00 | 000,019,822 | ---- | C] () -- C:\Users\Power\Documents\2012-03-04.hrf
[2012-01-10 20:14:42 | 000,282,864 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012-01-10 20:14:39 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012-01-06 21:01:25 | 000,000,144 | ---- | C] () -- C:\Users\Power\AppData\Roaming\default.rss
[2012-01-06 21:01:09 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2011-10-19 07:02:30 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011-10-19 07:02:30 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011-10-19 06:46:48 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011-10-19 06:46:48 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011-10-19 06:46:48 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011-10-19 06:46:48 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011-10-19 06:46:43 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011-10-19 06:44:26 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2011-10-19 06:44:26 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2011-10-19 06:44:26 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2011-10-19 06:44:26 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2011-10-19 06:44:26 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2011-10-19 06:33:04 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011-10-19 06:30:59 | 001,638,694 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011-10-19 06:01:47 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011-10-19 06:01:46 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011-08-31 20:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011-08-31 20:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011-08-31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2012-02-05 13:38:12 | 000,002,087 | ---- | M] ()(C:\Users\Power\Desktop\?????? ?????? 3.lnk) -- C:\Users\Power\Desktop\Полный Привод 3.lnk
[2012-02-05 13:38:12 | 000,002,087 | ---- | C] ()(C:\Users\Power\Desktop\?????? ?????? 3.lnk) -- C:\Users\Power\Desktop\Полный Привод 3.lnk

< End of report >


Plik EXTRAS.TXT

Kod: Zaznacz cały

OTL Extras logfile created on: 2012-03-30 21:33:57 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Power\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,95 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 48,86% Memory free
7,89 Gb Paging File | 5,80 Gb Available in Paging File | 73,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 149,31 Gb Free Space | 22,81% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 2,42 Gb Free Space | 8,35% Space Free | Partition Type: NTFS
Drive H: | 3,74 Gb Total Space | 3,54 Gb Free Space | 94,64% Space Free | Partition Type: FAT32
 
Computer Name: POWER-KOMPUTER | User Name: Power | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1302737212-4183008127-2058033999-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64BCE6BA-9DE0-4D52-837A-94E29471BA16}" = ESET Smart Security
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.6.0 (64-bit)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TNod" = TNod User & Password Finder
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{03A53004-E3E0-421A-A96A-3EB297E626C6}_is1" = Полный Привод 3 (Только Удаление)
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5731cb72-1e98-48bb-b964-ec59a1cbe96f}" = Nero 9 Trial
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Historie z bezludnej wyspy
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CA1CD8C-2D65-491E-9467-00A3ACA4A0A9}" = Tropico 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{a5d9a981-1c60-4340-8622-c3827bf8f3ef}" =
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Polish
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BCE8A70E-413A-4F18-8B05-C3E98C2693A5}" = Kajko i Kokosz – Twierdza Czarnoksiężnika
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C49F8E1C-0BAE-4836-A670-AE76BA32BE90}" = ChomikBox
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Podręcznik użytkownika
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"FIFA MANAGER 12" = FIFA MANAGER 12
"Gadu-Gadu 10" = Gadu-Gadu 10
"Google Chrome" = Google Chrome
"Hattrick Organizer" = Hattrick Organizer (remove only)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl)
"NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Origin" = Origin
"PITy 2011_is1" = PITy 2011 dla Windows kompilacja:1.3.3.2
"PLAY ONLINE" = PLAY ONLINE
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"Serious Sam 3_is1" = Serious Sam 3 1.0
"Ulisess Seguridad 10.0.1" = Ulisess Seguridad 10.0.1
"VeriFace" = VeriFace
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"WinLiveSuite" = Podstawowe programy Windows Live
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1302737212-4183008127-2058033999-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2012-03-13 10:54:37 | Computer Name = Power-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-03-13 12:32:20 | Computer Name = Power-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: bf3.exe, wersja: 1.0.0.0, sygnatura
 czasowa: 0x4f26de8a  Nazwa modułu powodującego błąd: bf3.exe, wersja: 1.0.0.0, sygnatura
 czasowa: 0x4f26de8a  Kod wyjątku: 0xc0000005  Przesunięcie błędu: 0x00b48c40  Identyfikator
 procesu powodującego błąd: 0x1294  Godzina uruchomienia aplikacji powodującej błąd:
 0x01cd012a29233f68  Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Origin
 Games\Battlefield 3\bf3.exe  Ścieżka modułu powodującego błąd: C:\Program Files (x86)\Origin
 Games\Battlefield 3\bf3.exe  Identyfikator raportu: 1a2cf12f-6d2a-11e1-af47-001e690af76d
 
Error - 2012-03-14 07:36:07 | Computer Name = Power-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-03-14 09:32:29 | Computer Name = Power-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Program Files (x86)\Nero\Nero
 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest”. Błąd w pliku manifestu lub w pliku
 zasad „” w wierszu .  Wersja składnika wymagana przez aplikację powoduje konflikt
 z inną wersją składnika, która jest już aktywna.  Składniki powodujące konflikt:  Składnik
 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Składnik
 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 2012-03-15 01:31:36 | Computer Name = Power-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-03-15 05:22:55 | Computer Name = Power-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-03-15 12:11:39 | Computer Name = Power-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-03-15 15:07:29 | Computer Name = Power-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-03-16 01:29:21 | Computer Name = Power-Komputer | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-03-16 02:21:40 | Computer Name = Power-Komputer | Source = SideBySide | ID = 16842832
Description = Nie można wygenerować kontekstu aktywacji dla „C:\Program Files (x86)\Nero\Nero
 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest”. Błąd w pliku manifestu lub w pliku
 zasad „” w wierszu .  Wersja składnika wymagana przez aplikację powoduje konflikt
 z inną wersją składnika, która jest już aktywna.  Składniki powodujące konflikt:  Składnik
 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Składnik
 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ System Events ]
Error - 2012-03-11 02:55:02 | Computer Name = Power-Komputer | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie
 można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.
 
Error - 2012-03-12 13:15:15 | Computer Name = Power-Komputer | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Uruchomienie modułu rozszerzalności sieci WLAN nie powiodło się.    Ścieżka
 modułu: C:\windows\System32\IWMSSvc.dll  Kod błędu: 21 
 
Error - 2012-03-12 13:16:03 | Computer Name = Power-Komputer | Source = DCOM | ID = 10010
Description =
 
Error - 2012-03-13 08:27:11 | Computer Name = Power-Komputer | Source = DCOM | ID = 10010
Description =
 
Error - 2012-03-14 17:20:13 | Computer Name = Power-Komputer | Source = DCOM | ID = 10010
Description =
 
Error - 2012-03-17 07:15:40 | Computer Name = Power-Komputer | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie
 można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.
 
Error - 2012-03-19 10:13:48 | Computer Name = Power-Komputer | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 07:09:01 na ?2012-?03-?19 było
nieoczekiwane.
 
Error - 2012-03-20 01:21:07 | Computer Name = Power-Komputer | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 2012-03-21 11:59:24 | Computer Name = Power-Komputer | Source = DCOM | ID = 10010
Description =
 
Error - 2012-03-21 18:10:51 | Computer Name = Power-Komputer | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
Na górę
Awatar użytkownika
greh

Globalny Moderator
Posty: 2879
Rejestracja: 24 sty 2009, 17:34
Lokalizacja: Racibórz
Kontaktowanie:
Skontaktuj się z greh

Skype wirus 2012

Post30 mar 2012, 22:26

Combofix to nie zabawka, nie należy go używac ot tak sobie, bo masz ochotę.
Ale skoro już go użyłeś uzupełnij logi o te z Combofixa.
Dostępne tylko dla zarejestrowanych użytkowników

Zignorowanie PW od moda powoduje chorobę, zwaną żółtaczką.
Ludzie! Piszcie po polsku. Jest różnica czy robisz komuś ŁASKĘ, czy LASKE.
Na górę
squid

Użytkownik
Posty: 2
Rejestracja: 30 mar 2012, 19:21

Skype wirus 2012

Post01 kwie 2012, 16:26

Zdaje sobie z tego sprawe, ale nigdy mi krzywdy nie zrobił, zawsze w kryzysowych sytuacjach prosiłem go o pomoc :)

Kod: Zaznacz cały

ComboFix 12-03-30.06 - Power 2012-03-30  19:23:38.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.4040.2417 [GMT 2:00]
Uruchomiony z: H:\ComboFixnew.exe
AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Zapora osobista *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Power\AppData\Roaming\Microsoft\chipset.dat
c:\users\Power\AppData\Roaming\Microsoft\DirectX.dat
c:\users\Power\AppData\Roaming\Microsoft\DivX.exe
c:\users\Power\AppData\Roaming\Microsoft\DTlite.exe
c:\users\Power\AppData\Roaming\Microsoft\jusched.exe
c:\users\Power\AppData\Roaming\Microsoft\Setup.dat
c:\users\Power\AppData\Roaming\Microsoft\SoundMans.exe
c:\users\Power\AppData\Roaming\Microsoft\System.dat
c:\users\Power\AppData\Roaming\Microsoft\update.exe
c:\users\Power\AppData\Roaming\Microsoft\waiter.dat
c:\users\Power\AppData\Roaming\Microsoft\Windows.dat
c:\users\Power\AppData\Roaming\Microsoft\Windows\Recent\Open.url
c:\windows\s.bat
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-02-28 do 2012-03-30  )))))))))))))))))))))))))))))))
.
.
2012-03-30 17:35 . 2012-03-30 17:35   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2012-03-30 17:35 . 2012-03-30 17:35   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-03-29 16:24 . 2012-03-29 16:24   --------   d-----w-   c:\programdata\DivX
2012-03-27 14:05 . 2012-03-14 03:27   8669240   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{492C3C75-77DF-456A-95B5-44817F96E1E8}\mpengine.dll
2012-03-27 14:02 . 2012-03-27 14:02   --------   d-----w-   c:\users\Power\AppData\Local\ElevatedDiagnostics
2012-03-18 09:10 . 2012-03-18 09:10   592824   ----a-w-   c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 09:10 . 2012-03-18 09:10   44472   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 21:23 . 2011-11-19 15:20   5559152   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-14 21:23 . 2011-11-19 14:50   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:23 . 2011-11-19 14:50   3913584   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 11:42 . 2012-02-03 04:34   3145728   ----a-w-   c:\windows\system32\win32k.sys
2012-03-14 11:42 . 2012-02-10 06:36   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-03-14 11:42 . 2012-02-10 05:38   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-03-14 11:42 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-03-14 11:42 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:42 . 2012-02-17 04:58   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:42 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:42 . 2012-01-25 06:38   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-03-14 11:42 . 2012-01-25 06:38   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:42 . 2012-01-25 06:33   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-03-09 19:28 . 2012-03-24 07:20   --------   d-----w-   c:\users\Power\AppData\Roaming\PLAY ONLINE
2012-03-09 19:27 . 2010-11-04 16:52   93696   ----a-w-   c:\windows\system32\drivers\ew_jucdcacm.sys
2012-03-09 19:27 . 2010-10-09 13:49   85504   ----a-w-   c:\windows\system32\drivers\ew_jubusenum.sys
2012-03-09 19:27 . 2010-09-26 17:01   29184   ----a-w-   c:\windows\system32\drivers\ew_juextctrl.sys
2012-03-09 19:27 . 2010-09-26 17:01   55296   ----a-w-   c:\windows\system32\drivers\ew_jucdcecm.sys
2012-03-09 19:27 . 2010-09-03 16:36   196608   ----a-w-   c:\windows\system32\drivers\ew_juwwanecm.sys
2012-03-09 19:27 . 2008-03-27 15:51   1490656   ----a-w-   c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-03-09 19:27 . 2010-08-31 17:09   256000   ----a-w-   c:\windows\system32\drivers\ewusbnet.sys
2012-03-09 19:27 . 2010-08-07 16:49   121600   ----a-w-   c:\windows\system32\drivers\ewusbmdm.sys
2012-03-09 19:27 . 2010-05-10 13:22   999936   ----a-w-   c:\windows\system32\drivers\mod7700.sys
2012-03-09 19:27 . 2010-03-20 11:06   13952   ----a-w-   c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-03-09 19:27 . 2010-01-18 17:48   32768   ----a-w-   c:\windows\system32\drivers\ewdcsc.sys
2012-03-09 19:27 . 2010-07-27 08:52   117248   ----a-w-   c:\windows\system32\drivers\ew_hwusbdev.sys
2012-03-09 19:26 . 2012-03-24 07:20   --------   d-----w-   c:\program files (x86)\PLAY ONLINE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 14:27 . 2012-01-10 19:43   282864   ----a-w-   c:\windows\SysWow64\PnkBstrB.xtr
2012-03-28 14:27 . 2012-01-10 18:14   282864   ----a-w-   c:\windows\SysWow64\PnkBstrB.exe
2012-03-28 14:27 . 2012-01-10 18:14   280904   ----a-w-   c:\windows\SysWow64\PnkBstrB.ex0
2012-02-23 08:18 . 2010-11-21 03:27   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-15 15:06 . 2012-01-10 18:14   76888   ----a-w-   c:\windows\SysWow64\PnkBstrA.exe
2012-01-15 10:54 . 2012-01-15 10:54   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-01-07 11:23 . 2012-01-06 17:30   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 14:17 . 2012-01-06 14:17   279616   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-04 10:44 . 2012-02-16 05:37   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 05:37   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-01-06 808824]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HW_OPENEYE_OUC_PLAY ONLINE"="c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe" [2009-04-14 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-10-19 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 04:40]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 04:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-19 04:46   1508192   ----a-w-   c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-19 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-19 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-19 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-19 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2916584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=125
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://startsear.ch/?aff=1&cf=24c065c9-3969-11e1-a155-001e690af76d
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E4B64B62-E218-4D31-B1F5-5D3E1CC276CE}: NameServer = 89.108.195.21 217.17.34.10
FF - ProfilePath - c:\users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\7xfkzx1l.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=24c065c9-3969-11e1-a155-001e690af76d&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ALLUpdate - c:\program files (x86)\ALLPlayer\ALLUpdate.exe
Wow6432Node-HKCU-Run-Java - c:\users\Power\AppData\Roaming\Microsoft\jusched.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TNOD UP - c:\program files\ESET\ESET Smart Security\TNODUP.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-03-30  19:45:24
ComboFix-quarantined-files.txt  2012-03-30 17:45
.
Przed: 159 223 083 008 bajtów wolnych
Po: 161 863 061 504 bajtów wolnych
.
- - End Of File - - DB08D383C382C84E0409BFD6FD05C949


-- 01 kwi 2012, 15:26 --

Kolejny problem. Wirusa niby nie ma. Ale laptop za nic nie chce korzystać z lepszej karty graficznej ... Geforce gt 555 m . Niby ją wykrywa, odpalam gre za pomocą wydajnego procesora graficznego ale grać nie idzie (lagi niesamowite). W panelu nvidia : aktywość karty graficznej - brak. Stery zaktualizowane ale niestety nic to nie dalo.. nie mam juz pomysłów. Na obudowie przełącznik ustawiony, lampka sie swieci..
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

Skype wirus 2012

Post01 kwie 2012, 20:54

Pomyslalem, odpalilem combofixa, pousuwał jakis syf i moge korzystac z lapka normalnie.


OK. Usuniemy Go teraz. Podepnij dysk widniejący pod literą H. Następnie wejdź w START -> Uruchom -> "H:\ComboFixnew.exe" /uninstall.

Logi w kodzie.


Logi wklejaj na -> Dostępne tylko dla zarejestrowanych użytkowników. Ułatwi to pomoc sprawdzającemu.

"vShare.tv plugin" = vShare.tv plugin 1.3
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)


To zbędne oprogramowanie. VShare to okropna wtyczka. Natomiast Alcohol jest zbędny, bo masz Daemon`a. Odinstaluj to oprogramowanie.

Logi.


Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Dostępne tylko dla zarejestrowanych użytkowników [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Dostępne tylko dla zarejestrowanych użytkowników [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{4484FD26-4C09-442F-AC45-63012B60C7BD}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001\..\SearchScopes\{4484FD26-4C09-442F-AC45-63012B60C7BD}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=24c065c9-3969-11e1-a155-001e690af76d&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012-01-07 21:52:52 | 000,000,792 | ---- | M] () -- C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\7xfkzx1l.default\searchplugins\startsear.xml
[2011-10-03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
CHR - Extension: vshare plugin = C:\Users\Power\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [TNOD UP] "C:\Program Files\ESET\ESET Smart Security\TNODUP.exe" /i File not found
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

:Files
C:\Program Files (x86)\Google\Update
C:\windows\temp
c:\users\UpdatusUser\AppData\Local\temp
c:\users\Default\AppData\Local\temp
C:\windows\tasks\*.job

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a5d9a981-1c60-4340-8622-c3827bf8f3ef}]

:Commands
[clearallrestorepoints]
[emptytemp]


Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.

SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
O4 - HKU\S-1-5-21-1302737212-4183008127-2058033999-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)


To zbędniki w autostarcie. Usuniemy je za pomocą Autoruns. Ale powoli. Na razie podaj nam log z Autoruns -> http://www.hotfix.pl/optymalizacja-auto ... s-a128.htm.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę

  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 4 gości