Windows 7 Forum: konfiguracja, optymalizacja, porady, gadżety •

Windows 7 Forum: konfiguracja, optymalizacja, porady, gadżety • > Pomoc i wsparcie, Windows 7 > Bezpieczeństwo Windows 7 > Logi > Nie działa klawiatura, internet, chrome i avast
Pełna wersja: Nie działa klawiatura, internet, chrome i avast
Aktualnie przeglądasz uproszczoną wersję forum. Kliknij tutaj, by zobaczyć wersję z pełnym formatowaniem.
Stron: 1 2

Aconcagua

06.03.2015, 18:28
Witam,

Do wczoraj wszystko było ładnie i pięknie, a dziś po powrocie z pracy postanowiłem uruchomić komputer i mym oczom ukazały się następujące zjawiska:

1. Po załadowaniu systemu nie działa klawiatura choć w biosie normalnie mogę nią operować.
2. Nie wykrywa internetu (Sieć niezidentyfikowana) choć na laptopie śmiga jak ta lala.
3. Nie włącza się avast
[Obrazek: j1mXpAq.jpg]

4. Nie włącza się chrome
[Obrazek: jl1nGjs.jpg]

Od tygodnia nic nie instalowałem ani nie pobierałem.
Skan Malwarebytes Anti-Malware nic nie ukazuje.

Niech mi to ktoś wyjaśni dlaczego nagle ni z gruchy ni z pietruchy podziały się takie szopki i jak temu zaradzić oprócz wykonania formatu?

LadyInBlue

06.03.2015, 20:11
Może to by spowodowane albo padającym dyskiem albo padającą płytą główną. Daj screen z Crystadiskinfo bądź HD Tune.
Zrób też kopię ważnych dla ciebie danych, póki możesz.

Aconcagua

07.03.2015, 13:29
To jest nowy dysk kupiony pół roku temu.

CrystalDiskInfo
[Obrazek: gZFys59.jpg]

HD Tune
[Obrazek: L2tD05h.jpg]
[Obrazek: OKxF9mf.jpg]

LadyInBlue

07.03.2015, 14:38
Widać, że dysk jest w porządku. Zrób logi za pomocą FRST i daj tutaj.

Aconcagua

07.03.2015, 16:33
FRST - http://pastebin.com/RkXSQz25
Addition - http://pastebin.com/1sZP4Gwz
Shortcut - http://pastebin.com/2PQVVEUm

Nostromo

07.03.2015, 19:15
Odinstaluj porządnie (i wyczyść rejestr) Avast IS 2015 crack,
Jeżeli musisz mieć Avast'a to legalna wersja Avast Antywirus Pro 2015 do uzyskania na rok, za darmo:
http://freeisoft.pl/2014/12/avast-pro-an...ja-na-rok/

Nie popieramy piractwa na forum.

Aconcagua

07.03.2015, 19:45
To ten avast zrobił u mnie takie zamieszanie?
Bo widzę, że kupe od niego wpisów w logach.

Nostromo

07.03.2015, 20:03
To główny podejrzany( Avast+crack!), sam się nie będzie chciał do czysta usunąć więc zrób to za pomocą Revo Uninstaller'a, rejestr możesz wyczyścić CCleanerem lub np. Wise Registry cleanerem.
Następnie zrób skan ADWcleanerem
https://toolslib.net/downloads/viewdownl...dwcleaner/
pobierz, przeskanuj, otwórz log-zrób czyszczenie jak coś znajdzie.
Jeżeli po tym problem nie ustąpi zrobisz logi z OTL.

Aconcagua

07.03.2015, 20:39
Samo odinstalowanie Avasta spowodowało normalną pracę komputera.
Ładne gówno z tych aktywatorów! Oprócz zapory ogniowej nie widziałem różnicy między wersją pro, a zwykłą. Ale mówię sobie "zobaczę" - no to zobaczyłem.
Swoją drogą instalowałem go kilka miesięcy temu i dopiero dzisiaj zaczął odstawiać szopki.
Wielkie dzięki Nostromo i LadyInBlue.
Czy to już wszystko czy jeszcze jakieś skanowanie przepuścić?

LadyInBlue

07.03.2015, 20:50
Możesz przeskanować kompa Malwarebytes Anti-Malware by zobaczyć czy coś przy okazji nie przyczepiło od aktywatora.

Aconcagua

07.03.2015, 21:05
Ajj... ale Chrome jak nie chodził tak dalej nie chodzi Uśmiechnięty

Nostromo

07.03.2015, 21:23
Pisz co już zrobiłeś,
Skan i czyszczenie adwcleaner'em?
Skan MBAM?
Czyszczenie rejestru?

Aconcagua

07.03.2015, 21:26
Skan i czyszczenie adwcleaner'em
Skan MBAM
Skan i czyszczenie CCleanerem

Nostromo

07.03.2015, 21:51
Zrób logi OTL i Extras i wklej na forum w znacznikach code.
http://www.geekstogo.com/forum/files/fil...s-list-it/

Aconcagua

08.03.2015, 01:40
OTL
Kod:
OTL logfile created on:  2015-03-08 01: 30: 14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C: \Users\Armwrestling\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale:  00000415 | Country:  Polska | Language:  PLK | Date Format:  yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 49,01% Memory free
8,00 Gb Paging File | 5,85 Gb Available in Paging File | 73,11% Paging File free
Paging file location(s):  ?: \pagefile.sys [binary data]

%SystemDrive% = C:  | %SystemRoot% = C: \Windows | %ProgramFiles% = C: \Program Files (x86)
Drive C:  | 80,00 Gb Total Space | 34,87 Gb Free Space | 43,59% Space Free | Partition Type:  NTFS
Drive D:  | 425,00 Gb Total Space | 243,35 Gb Free Space | 57,26% Space Free | Partition Type:  NTFS
Drive E:  | 426,41 Gb Total Space | 51,71 Gb Free Space | 12,13% Space Free | Partition Type:  NTFS
Drive G:  | 14,94 Gb Total Space | 7,99 Gb Free Space | 53,48% Space Free | Partition Type:  NTFS

Computer Name:  SHREK | User Name:  Armwrestling | Logged in as Administrator.
Boot Mode:  Normal | Scan Mode:  Current user | Include 64bit Scans
Company Name Whitelist:  Off | Skip Microsoft Files:  Off | No Company Name Whitelist:  On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015-03-08 01: 28: 27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C: \Users\Armwrestling\Downloads\OTL.exe
PRC - [2015-02-07 14: 10: 41 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C: \Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
PRC - [2015-01-26 20: 05: 56 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C: \Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-11-11 00: 25: 09 | 000,076,152 | ---- | M] () -- C: \Windows\SysWOW64\PnkBstrA.exe
PRC - [2008-11-18 12: 15: 30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C: \Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015-02-07 14: 10: 41 | 016,852,144 | ---- | M] () -- C: \Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
MOD - [2015-01-26 20: 05: 55 | 003,925,104 | ---- | M] () -- C: \Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009-03-26 13: 46: 42 | 000,148,480 | ---- | M] () -- C: \Windows\SysWOW64\APOMngr.DLL
MOD - [2009-02-06 17: 52: 24 | 000,073,728 | ---- | M] () -- C: \Windows\SysWOW64\CmdRtr.DLL


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV: [b]64bit: [/b] - [2014-07-11 10: 10: 12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C: \Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV: [b]64bit: [/b] - [2014-07-10 17: 49: 37 | 001,616,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C: \Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV: [b]64bit: [/b] - [2014-07-10 17: 46: 13 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C: \Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV: [b]64bit: [/b] - [2009-07-14 02: 40: 01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C: \Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015-01-28 22: 28: 45 | 001,910,128 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C: \Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015-01-26 20: 05: 55 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C: \Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-11-18 21: 23: 34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C: \Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014-11-11 00: 25: 09 | 000,076,152 | ---- | M] () [Auto | Running] -- C: \Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014-08-03 16: 02: 34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C: \Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2014-07-02 18: 44: 41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C: \Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014-04-11 22: 08: 08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C: \Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014-04-03 19: 21: 48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C: \Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009-06-10 22: 23: 09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C: \Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-11-18 12: 15: 30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C: \Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV: [b]64bit: [/b] - [2014-09-03 16: 06: 37 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C: \Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV: [b]64bit: [/b] - [2014-07-10 17: 44: 53 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV: [b]64bit: [/b] - [2014-07-10 17: 44: 53 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV: [b]64bit: [/b] - [2014-07-10 17: 38: 35 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C: \Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV: [b]64bit: [/b] - [2014-07-10 17: 36: 34 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV: [b]64bit: [/b] - [2014-07-10 17: 36: 34 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV: [b]64bit: [/b] - [2014-07-10 17: 33: 40 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV: [b]64bit: [/b] - [2014-07-10 17: 33: 40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C: \Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV: [b]64bit: [/b] - [2014-05-02 15: 07: 06 | 000,672,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV: [b]64bit: [/b] - [2014-05-02 15: 07: 04 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C: \Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV: [b]64bit: [/b] - [2011-09-29 10: 30: 34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV: [b]64bit: [/b] - [2010-11-21 04: 23: 48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV: [b]64bit: [/b] - [2010-11-21 04: 23: 48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV: [b]64bit: [/b] - [2010-11-21 04: 23: 48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV: [b]64bit: [/b] - [2010-11-21 04: 23: 47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV: [b]64bit: [/b] - [2009-12-30 09: 21: 26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV: [b]64bit: [/b] - [2009-08-13 21: 10: 18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV: [b]64bit: [/b] - [2009-07-14 02: 52: 20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV: [b]64bit: [/b] - [2009-07-14 02: 48: 04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV: [b]64bit: [/b] - [2009-07-14 02: 45: 55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV: [b]64bit: [/b] - [2009-07-14 01: 01: 09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV: [b]64bit: [/b] - [2009-06-10 21: 34: 33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV: [b]64bit: [/b] - [2009-06-10 21: 34: 28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV: [b]64bit: [/b] - [2009-06-10 21: 34: 23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV: [b]64bit: [/b] - [2009-06-10 21: 31: 59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C: \Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV: [b]64bit: [/b] - [2009-04-21 13: 12: 50 | 001,288,192 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C: \Windows\SysNative\drivers\P17.sys -- (P17)
DRV - [2009-07-14 02: 19: 10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C: \Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE: [b]64bit: [/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE: [b]64bit: [/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE: [b]64bit: [/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http: //www.google.com
IE: [b]64bit: [/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE: [b]64bit: [/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE: [b]64bit: [/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:  "URL" = http: //www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C: \Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http: //www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:  "URL" = http: //www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http: //www.google.pl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 0E 16 88 39 AF CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9C833882-489A-442C-931E-55166DBD4AEC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:  "URL" = http: //www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9C833882-489A-442C-931E-55166DBD4AEC}:  "URL" = https: //www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.hiddenOneOffs:  "Allegro,Wikipedia (pl)"
FF - prefs.js..browser.search.highlightCount:  0
FF - prefs.js..browser.search.isUS:  false
FF - prefs.js..browser.startup.homepage:  "chrome: //fastdial/content/fastdial.html"
FF - prefs.js..extensions.enabledAddons:  %7Bce7e73df-6a44-4028-8079-5927a588c948%7D: 1.1.2
FF - prefs.js..extensions.enabledAddons:  fastdial%40telega.phpnet.us: 4.12
FF - prefs.js..extensions.enabledAddons:  brief%40mozdev.org: 1.7.3
FF - prefs.js..extensions.enabledAddons:  %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D: 2.3
FF - prefs.js..extensions.enabledAddons:  secureLogin%40blueimp.net: 1.0.6
FF - prefs.js..extensions.enabledAddons:  %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D: 0.8.17
FF - prefs.js..extensions.enabledAddons:  netvideohunter%40netvideohunter.com: 1.17
FF - prefs.js..extensions.enabledAddons:  %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D: 35.0.1
FF - user.js - File not found

FF: [b]64bit: [/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  C: \Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF: [b]64bit: [/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1:  C: \Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF: [b]64bit: [/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  disabled File not found
FF: [b]64bit: [/b] - HKLM\Software\MozillaPlugins\[url=http: //windows7forum.pl/microsoft-33418-u]Microsoft[/url].com/NpCtrl,version=1.0:  C: \Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  C: \Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1:  C: \Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2:  C: \Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2:  C: \Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  disabled File not found
FF - HKLM\Software\MozillaPlugins\[url=http: //windows7forum.pl/microsoft-33418-u]Microsoft[/url].com/NpCtrl,version=1.0:  C: \Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision:  C: \Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming:  C: \Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  C: \Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  C: \Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components:  C: \Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins:  C: \Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components:  C: \Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins:  C: \Program Files (x86)\Mozilla Firefox\plugins

[2014-08-03 18: 00: 04 | 000,000,000 | ---D | M] (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\Extensions
[2015-03-07 20: 42: 46 | 000,000,000 | ---D | M] (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\Firefox\Profiles\ce8j0zs7.default\extensions
[2014-09-23 16: 18: 34 | 000,000,000 | ---D | M] (Fast Dial) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\Firefox\Profiles\ce8j0zs7.default\extensions\fastdial@te​lega.phpnet.us
[2015-03-06 16: 56: 35 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C: \Users\Armwrestling\AppData\Roaming\mozilla\Firefox\Profiles\ce8j0zs7.default\extensions\netvideohun​ter@netvideohunter.com
[2014-08-03 21: 33: 27 | 000,000,000 | ---D | M] (LastPass) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\Firefox\Profiles\ce8j0zs7.default\extensions\support@las​tpass.com
[2014-10-06 23: 04: 12 | 000,244,979 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\brief@mozde​v.org.xpi
[2015-01-13 21: 26: 44 | 000,127,486 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\elemhidehel​per@adblockplus.org.xpi
[2015-02-06 19: 10: 25 | 002,558,942 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\firebug@sof​tware.joehewitt.com.xpi
[2014-08-03 21: 33: 44 | 000,067,503 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\firefox-autofill@googlegroups.com.xpi
[2014-08-03 21: 32: 47 | 000,077,652 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\giorgio@gil​estro.tk.xpi
[2015-01-28 19: 26: 37 | 000,060,432 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\jid0-G6461UajDjhNAwSukoedlkhD0XA@jetpack.xpi
[2014-08-03 21: 33: 47 | 000,667,234 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\jid1-cwbvBTE216jjpg@jetpack.xpi
[2015-02-18 20: 20: 32 | 000,020,158 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi
[2014-11-10 23: 38: 29 | 000,121,573 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\secureLogin​@blueimp.net.xpi
[2014-08-03 21: 33: 34 | 000,001,552 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\unseen@tang​rs.xpi
[2015-01-28 23: 50: 28 | 000,065,568 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\{455D905​A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2015-02-26 21: 07: 48 | 000,120,672 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\{7b1bf0b​6-a1b9-42b0-b75d-252036438bdc}.xpi
[2014-08-06 18: 02: 43 | 000,073,612 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\{ce7e73d​f-6a44-4028-8079-5927a588c948}.xpi
[2015-02-07 19: 14: 11 | 000,985,112 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\{d10d0bf​8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014-10-29 22: 33: 24 | 000,304,000 | ---- | M] () (No name found) -- C: \Users\Armwrestling\AppData\Roaming\mozilla\firefox\profiles\ce8j0zs7.default\extensions\{e4a8a97​b-f2ed-450b-b12d-ee082ba24781}.xpi
[2015-01-26 20: 05: 51 | 000,000,000 | ---D | M] (No name found) -- C: \Program Files (x86)\mozilla firefox\browser\extensions
[2015-01-26 20: 05: 56 | 000,000,000 | ---D | M] (Default) -- C: \Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider:   (Enabled)
CHR - default_search_provider:  search_url =
CHR - default_search_provider:  suggest_url =
CHR - plugin:  Error reading preferences file
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.10.3_0\
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18.1_0\
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.91_0\
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggnaiafdfnjpjanhfndcafhdiampgpb\2.1.5_0\
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension:  No name found = C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8_0\

O1 HOSTS File:  ([2015-01-23 17: 16: 57 | 000,001,114 | ---- | M]) - C: \Windows\SysNative\drivers\etc\hosts
O1 - Hosts:  127.0.0.1 mirillis.com
O1 - Hosts:  127.0.0.1 ns386119.ovh.net
O1 - Hosts:  127.0.0.1 mirillis.pl
O1 - Hosts:  127.0.0.1 www.mirillis.com
O1 - Hosts:  127.0.0.1 serwer2.paka-service.com
O1 - Hosts:  127.0.0.1 actiponrecorder.com
O1 - Hosts:  127.0.0.1 static.gadu-gadu.pl
O1 - Hosts:  127.0.0.1 adserver.gadu-gadu.pl
O1 - Hosts:  96.8.113.203 karachan.org
O1 - Hosts:  96.8.113.203 www.karachan.org
O2 - BHO:  (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C: \Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO:  (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C: \Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run:  [P17RunE] C: \Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  SoftwareSASGeneration = 1
O13[b]64bit: [/b] - gopher Prefix:  missing
O13 - gopher Prefix:  missing
O16 - DPF:  {D4B68B83-8710-488B-A692-D74B50BA558E} http: //ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF:  {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http: //ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF:  {F6ACF75C-C32C-447B-9BEF-46B766368D29} http: //ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:  DhcpNameServer = 171.25.182.2 171.25.182.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{101361F9-115F-42AE-8034-2272B3AC5E23}:  DhcpNameServer = 171.25.182.2 171.25.182.1
O20: [b]64bit: [/b] - HKLM Winlogon:  Shell - (explorer.exe) - C: \Windows\explorer.exe (Microsoft Corporation)
O20: [b]64bit: [/b] - HKLM Winlogon:  UserInit - (C: \Windows\system32\userinit.exe) - C: \Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon:  Shell - (explorer.exe) - C: \Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon:  UserInit - (userinit.exe) - C: \Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21: [b]64bit: [/b] - SSODL:  WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL:  WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom:  AutoRun - 1
O34 - HKLM BootExecute:  (autocheck autochk /k: I /k: J *)
O35: [b]64bit: [/b] - HKLM\..comfile [open] -- "%1" %*
O35: [b]64bit: [/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37: [b]64bit: [/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37: [b]64bit: [/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows:  (ServerDll=winsrv: UserServerDllInitialization,3)
O38 - SubSystems\\Windows:  (ServerDll=winsrv: ConServerDllInitialization,2)
O38 - SubSystems\\Windows:  (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015-03-07 20: 22: 01 | 000,000,000 | ---D | C] -- C: \AdwCleaner
[2015-03-07 15: 49: 59 | 000,000,000 | ---D | C] -- C: \FRST
[2015-03-06 17: 17: 29 | 000,000,000 | ---D | C] -- C: \Users\Armwrestling\AppData\Local\ElevatedDiagnostics
[2015-02-07 11: 17: 00 | 000,000,000 | ---D | C] -- C: \Users\Public\Documents\NativeFus_Log
[2015-02-07 11: 16: 55 | 000,000,000 | ---D | C] -- C: \Users\Armwrestling\Documents\SelfMV
[2015-02-07 11: 16: 53 | 000,000,000 | ---D | C] -- C: \Users\Armwrestling\Documents\samsung
[2015-02-07 11: 16: 51 | 000,000,000 | ---D | C] -- C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2015-02-07 11: 16: 46 | 000,000,000 | ---D | C] -- C: \Users\Armwrestling\AppData\Roaming\Samsung
[2015-02-07 11: 16: 45 | 000,144,664 | ---- | C] (MAPILab Ltd. & Add-in Express Ltd.) -- C: \Windows\SysWow64\secman.dll
[2015-02-07 11: 16: 39 | 000,000,000 | ---D | C] -- C: \Program Files (x86)\Samsung
[1 C: \Windows\*.tmp files -> C: \Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015-03-08 01: 31: 49 | 000,026,576 | -H-- | M] () -- C: \Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015-03-08 01: 31: 49 | 000,026,576 | -H-- | M] () -- C: \Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015-03-08 01: 25: 00 | 000,001,048 | ---- | M] () -- C: \Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015-03-08 01: 23: 27 | 000,001,044 | ---- | M] () -- C: \Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015-03-08 01: 23: 18 | 000,067,584 | --S- | M] () -- C: \Windows\bootstat.dat
[2015-03-08 01: 23: 16 | 3220,033,536 | -HS- | M] () -- C: \hiberfil.sys
[2015-03-07 20: 46: 22 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C: \Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015-03-07 13: 04: 31 | 001,668,226 | ---- | M] () -- C: \Windows\SysNative\PerfStringBackup.INI
[2015-03-07 13: 04: 31 | 000,739,694 | ---- | M] () -- C: \Windows\SysNative\perfh015.dat
[2015-03-07 13: 04: 31 | 000,653,526 | ---- | M] () -- C: \Windows\SysNative\perfh009.dat
[2015-03-07 13: 04: 31 | 000,155,268 | ---- | M] () -- C: \Windows\SysNative\perfc015.dat
[2015-03-07 13: 04: 31 | 000,121,398 | ---- | M] () -- C: \Windows\SysNative\perfc009.dat
[2015-02-07 14: 10: 41 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C: \Windows\SysWow64\FlashPlayerApp.exe
[2015-02-07 14: 10: 41 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C: \Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015-02-07 11: 14: 13 | 000,137,456 | ---- | M] () -- C: \Users\Armwrestling\Desktop\Bez tytułu.png
[2015-02-07 10: 54: 08 | 000,000,000 | -H-- | M] () -- C: \Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[1 C: \Windows\*.tmp files -> C: \Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015-02-07 10: 54: 08 | 000,000,000 | -H-- | C] () -- C: \Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014-11-11 00: 19: 59 | 000,280,904 | ---- | C] () -- C: \Windows\SysWow64\PnkBstrB.exe
[2014-11-11 00: 19: 58 | 000,076,152 | ---- | C] () -- C: \Windows\SysWow64\PnkBstrA.exe
[2014-11-11 00: 19: 57 | 002,580,552 | ---- | C] () -- C: \Windows\SysWow64\pbsvc.exe
[2014-08-21 23: 09: 19 | 000,641,024 | ---- | C] () -- C: \Windows\SysWow64\ficvdec_x86.dll
[2014-08-03 18: 14: 46 | 000,216,064 | ---- | C] ( ) -- C: \Windows\SysWow64\lagarith.dll
[2014-08-03 18: 14: 45 | 000,650,752 | ---- | C] () -- C: \Windows\SysWow64\xvidcore.dll
[2014-08-03 18: 14: 45 | 000,243,200 | ---- | C] () -- C: \Windows\SysWow64\xvidvfw.dll
[2014-08-03 18: 14: 44 | 000,218,200 | ---- | C] () -- C: \Windows\SysWow64\unrar.dll
[2014-08-03 18: 14: 42 | 000,112,640 | ---- | C] () -- C: \Windows\SysWow64\ff_vfw.dll
[2014-08-03 16: 02: 05 | 000,148,480 | ---- | C] () -- C: \Windows\SysWow64\APOMngr.DLL
[2014-08-03 16: 02: 05 | 000,073,728 | ---- | C] () -- C: \Windows\SysWow64\CmdRtr.DLL
[2014-07-11 09: 43: 05 | 001,606,314 | ---- | C] () -- C: \Windows\SysWow64\PerfStringBackup.INI

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 05: 55: 00 | 000,000,227 | RHS- | M] () -- C: \Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C: \Windows\SysNative\shell32.dll -- [2014-07-10 17: 51: 43 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-07-10 17: 51: 43 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C: \Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02: 40: 51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04: 24: 25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C: \Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02: 41: 56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



EXTRAS
Kod:
OTL Extras logfile created on:  2015-03-08 01: 30: 14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C: \Users\Armwrestling\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale:  00000415 | Country:  Polska | Language:  PLK | Date Format:  yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 49,01% Memory free
8,00 Gb Paging File | 5,85 Gb Available in Paging File | 73,11% Paging File free
Paging file location(s):  ?: \pagefile.sys [binary data]

%SystemDrive% = C:  | %SystemRoot% = C: \Windows | %ProgramFiles% = C: \Program Files (x86)
Drive C:  | 80,00 Gb Total Space | 34,87 Gb Free Space | 43,59% Space Free | Partition Type:  NTFS
Drive D:  | 425,00 Gb Total Space | 243,35 Gb Free Space | 57,26% Space Free | Partition Type:  NTFS
Drive E:  | 426,41 Gb Total Space | 51,71 Gb Free Space | 12,13% Space Free | Partition Type:  NTFS
Drive G:  | 14,94 Gb Total Space | 7,99 Gb Free Space | 53,48% Space Free | Partition Type:  NTFS

Computer Name:  SHREK | User Name:  Armwrestling | Logged in as Administrator.
Boot Mode:  Normal | Scan Mode:  Current user | Include 64bit Scans
Company Name Whitelist:  Off | Skip Microsoft Files:  Off | No Company Name Whitelist:  On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit: [/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C: \Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C: \Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C: \Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C: \Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C: \Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit: [/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error:  Key error.
htmlfile [edit] -- Reg Error:  Key error.
htmlfile [open] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C: \Windows\System32\rundll32.exe" "C: \Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C: \Windows\System32\rundll32.exe" "C: \Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error:  Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error:  Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error:  Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C: \Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error:  Key error.
htmlfile [edit] -- Reg Error:  Key error.
htmlfile [open] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error:  Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error:  Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error:  Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C: \Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error:  Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit: [/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit: [/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit: [/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit: [/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr​ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard​Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr​ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall​Rules]
"{064E7E2B-AEEF-40C9-B6DC-29B21BF1BDC4}" = rport=138 | protocol=17 | dir=out | app=system |
"{09B914DC-8A62-4F8D-8B09-07EF0A0F0199}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BE2F275-7D6E-4E38-A0F5-3C7548B22EAB}" = lport=139 | protocol=6 | dir=in | app=system |
"{0C585D7E-3752-44FF-83F7-884724F8F8F4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{136C7DBB-A043-47C0-8DA3-4F1C09F1F0D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1556EF7C-6E07-4EFD-9AB5-6DD377239F43}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1BD58609-C2E3-4F05-BCFA-F9D45E85A26B}" = rport=139 | protocol=6 | dir=out | app=system |
"{1DB8BEA9-14C4-437B-A034-27F203C7288E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{21E85788-7D4E-4930-82C4-E539CF068600}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2FC94680-6C91-461A-A924-354B78AB3691}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37541C76-AFFB-4B1E-97FF-DC75BDD7200C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{460ABE11-14FA-4A98-9427-98AE2B56E7E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{50522FDA-F47C-44A2-BCFA-1B444DD9E893}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52ACC46D-6257-42B9-9E40-E3B129749883}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{669E7641-A4EA-4558-91BD-76E438C0D9AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78B2E04B-9971-4984-96E1-842B2CA5070C}" = rport=137 | protocol=17 | dir=out | app=system |
"{794AF30E-21A6-487E-923C-9CDA8E2CB19D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{978AEF88-2FF4-4D42-805F-C4D8F2760F7C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A40AA435-AB1A-40F2-B9A8-CEAA0D64292A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A6187AD7-1968-4E5E-838C-C59F366FAB7B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB6D0EFD-F993-4E3F-8031-4E83870E30EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3ADAB12-4FE1-4229-9FAC-B72EF2D595B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4BF9964-EEA2-4243-9D81-D02B3E7E0F86}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA436601-6868-4A9C-9ED7-14E5C3AE1BC5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBB5B816-B6A9-4272-9899-4E6A5123FBFB}" = lport=5353 | protocol=17 | dir=in | app=c: \program files (x86)\google\chrome\application\chrome.exe |
"{E1B727B9-C712-4BF3-8F16-EC44473B246E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1D485C4-0A5B-4905-A223-3ACF4C1AAD87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E238D898-2044-4A31-8148-D3CA94615650}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB27F47F-A923-4E58-8E98-DD761F612609}" = lport=138 | protocol=17 | dir=in | app=system |
"{F213D4EB-F206-42F4-AFAD-8C83A50656E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F48D4DF5-84C6-4B41-B37A-200D94CFD758}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD1A0AD7-528F-44BD-87D8-7D7D1FDCB2C4}" = lport=445 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall​Rules]
"{0BAE8C91-CD4D-4F48-AD15-433A2639E28A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{114D849C-9DF2-4424-8C0F-9C30EE1E1D4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15B172DB-1EFF-43A0-83C2-17D19D33D890}" = protocol=6 | dir=in | app=d: \programy\zainstalowane\stare\steam\steam.exe |
"{18D2B115-0505-44E8-8281-80200AB5E356}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C10CC90-3FC4-4D33-87E2-2699785260FC}" = protocol=6 | dir=in | app=d: \programy\zainstalowane\stare\steam\bin\steamwebhelper.exe |
"{208A3859-39B0-49FB-B871-D14161EF604A}" = dir=in | app=c: \program files (x86)\skype\phone\skype.exe |
"{25B15D61-3D70-4F5F-88AA-B0FB7C68A024}" = protocol=6 | dir=in | app=d: \gry\fifa 14\game\fifa14.exe |
"{2D17153F-C00A-4BD7-9F08-AC4107E8B586}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36E015B2-6D08-4374-8FB1-174EAF4F04A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A1F3B77-12C8-477D-84A8-6FD68A9FF7E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3BBA291A-F83A-4990-B5B8-06E4FE884150}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D44776A-977D-4AF8-8E92-03CF80535F86}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E22C49E-FD8F-49AD-8DEE-A4AB004A5217}" = protocol=17 | dir=in | app=d: \programy\zainstalowane\stare\steam\bin\steamwebhelper.exe |
"{41EFB0C3-96B8-473F-BC57-4EE07C0A89C5}" = protocol=17 | dir=in | app=d: \programy\zainstalowane\stare\steam\steam.exe |
"{5CB0F598-4714-450B-9AB3-C4F42CC39873}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{640AA4F0-7507-4EA3-B4D2-F7CBABCD80D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6592DB1C-E5E3-40FE-803C-550E6ABA8599}" = protocol=17 | dir=in | app=d: \gry\battlefield 3\bf3.exe |
"{68CB2050-C68C-423E-B8E0-80FB1A446FEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6E3A7CFE-6A18-4B2C-B07B-06B1FFE4E5A4}" = protocol=17 | dir=in | app=c: \windows\syswow64\pnkbstrb.exe |
"{79ECC16D-AE82-430C-8594-B59584DE78EB}" = protocol=6 | dir=in | app=d: \gry\battlefield 3\bf3.exe |
"{7E691C2C-E40E-4EBB-BADC-6A5C4B0B7A46}" = protocol=6 | dir=in | app=c: \windows\syswow64\pnkbstra.exe |
"{89A38312-8BF8-4BE7-B639-B9023A8AC974}" = protocol=17 | dir=in | app=c: \windows\syswow64\pnkbstra.exe |
"{8FA0050E-24DB-4029-B09C-DB2F6BF5284B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B266C0D-9DCA-4112-90DF-4A8089566ECA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9E5B82A-BF92-412F-8DC4-4413110B65D6}" = protocol=17 | dir=in | app=c: \program files (x86)\napiprojekt\napisy.exe |
"{ADF8EC0C-D58A-4C7F-995A-E7650557FD8C}" = protocol=6 | dir=in | app=c: \program files (x86)\mozilla firefox\firefox.exe |
"{AE11AD43-372C-43E2-ACA4-8FF31757AD71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B11E5289-97BB-4CD1-96CA-8AD284AE2A85}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B2C0875D-1BF7-442D-B171-DA71D09FC07C}" = protocol=6 | dir=out | app=system |
"{B89232D3-960A-4302-82CF-8BB42EE9FB3C}" = protocol=17 | dir=in | app=d: \gry\fifa 14\game\fifa14.exe |
"{C0824271-9F0A-404C-9A91-473A17ABCA52}" = protocol=6 | dir=in | app=c: \program files (x86)\napiprojekt\napisy.exe |
"{C2A81301-3571-42BA-B815-C1239D2BB3B4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6235E2B-7D52-48FA-9ECC-D059188AD819}" = protocol=6 | dir=in | app=c: \windows\syswow64\pnkbstrb.exe |
"{CC201235-0416-4AB7-B654-7227CAFA86A2}" = protocol=17 | dir=in | app=c: \program files (x86)\mozilla firefox\firefox.exe |
"{DBC4923A-0736-4DDD-8B93-85C4B5DDD791}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E45BDE59-D477-44AF-83FE-E239699DA233}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE9EEF2A-8A55-41D2-88D2-8694611DDEBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0EB5DA36-8E1B-4405-9DC1-9F4807DE8F6D}D: \dysk d\pobrane\fscapture75\fscapture.exe" = protocol=6 | dir=in | app=d: \dysk d\pobrane\fscapture75\fscapture.exe |
"TCP Query User{21AA690B-EC79-43A5-92CC-FEFA996E4CA4}C: \program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c: \program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{23D3DC69-A118-406A-88BA-100BFC351697}C: \program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c: \program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{599B8E84-E9DF-4D49-89AA-F487F375B273}D: \gry\call of duty modern warfare 3\call of duty- modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d: \gry\call of duty modern warfare 3\call of duty- modern warfare 3\iw5mp.exe |
"TCP Query User{6CA9747A-115F-474C-BB2C-3B418C5AF8DF}D: \programy\zainstalowane\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d: \programy\zainstalowane\sopcast\sopcast.exe |
"TCP Query User{CA540153-283C-43FA-8679-13BBB584A1E3}D: \dysk d\soldat\soldat.exe" = protocol=6 | dir=in | app=d: \dysk d\soldat\soldat.exe |
"TCP Query User{CD7DB683-3938-49E1-B7D4-D198B7304A9D}D: \programy\zainstalowane\stare\skype\phone\skype.exe" = protocol=6 | dir=in | app=d: \programy\zainstalowane\stare\skype\phone\skype.exe |
"TCP Query User{E2F78811-5C5E-44C0-84F2-266E129F5195}K: \pobrane\programy\utorrent 2.2.1 build 25302 pl + dht patch + portable\utorrent\utorrent.exe" = protocol=6 | dir=in | app=k: \pobrane\programy\utorrent 2.2.1 build 25302 pl + dht patch + portable\utorrent\utorrent.exe |
"TCP Query User{FD09A422-5227-45B7-8446-7030B22B6A0C}D: \dysk d\soldat\soldat.exe" = protocol=6 | dir=in | app=d: \dysk d\soldat\soldat.exe |
"UDP Query User{119218ED-2DDE-41B6-B12B-6CA370B3604E}D: \dysk d\soldat\soldat.exe" = protocol=17 | dir=in | app=d: \dysk d\soldat\soldat.exe |
"UDP Query User{1E11AEFA-0048-44F0-8F53-DDE67E84AA65}C: \program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c: \program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{33AF3377-FE95-44DD-85D5-B16C862CCE7F}D: \programy\zainstalowane\stare\skype\phone\skype.exe" = protocol=17 | dir=in | app=d: \programy\zainstalowane\stare\skype\phone\skype.exe |
"UDP Query User{4E63671C-1117-49EC-82C7-4E0DC63E9A20}D: \dysk d\pobrane\fscapture75\fscapture.exe" = protocol=17 | dir=in | app=d: \dysk d\pobrane\fscapture75\fscapture.exe |
"UDP Query User{54EE6B4F-1E6F-432D-BA2A-F93402D1432E}D: \gry\call of duty modern warfare 3\call of duty- modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d: \gry\call of duty modern warfare 3\call of duty- modern warfare 3\iw5mp.exe |
"UDP Query User{79C7447E-A8DC-418D-B675-C896FA1A6DAD}D: \programy\zainstalowane\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d: \programy\zainstalowane\sopcast\sopcast.exe |
"UDP Query User{DA078269-B002-404A-9F95-714EBE3F60EB}D: \dysk d\soldat\soldat.exe" = protocol=17 | dir=in | app=d: \dysk d\soldat\soldat.exe |
"UDP Query User{DA34766B-F528-4B03-AC33-B4A91B294DF9}K: \pobrane\programy\utorrent 2.2.1 build 25302 pl + dht patch + portable\utorrent\utorrent.exe" = protocol=17 | dir=in | app=k: \pobrane\programy\utorrent 2.2.1 build 25302 pl + dht patch + portable\utorrent\utorrent.exe |
"UDP Query User{EF2E080B-25FD-4331-B8D2-BD7C2728B8AA}C: \program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c: \program files (x86)\gadu-gadu 10\gg.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit:  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 5.10 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.22
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"AIMP3" = AIMP3
"AudioCS" = Creative Audio Control Panel
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"Gadu-Gadu 10" = Gadu-Gadu 10
"Google Chrome" = Google Chrome
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.6.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 pl)" = Mozilla Firefox 35.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NapiProjekt_is1" = NapiProjekt (2.2.0.2399)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Soldat_is1" = Soldat 1.6.8
"SopCast" = SopCast 3.9.3
"SuperMemo UX - Extreme English Basic " = SuperMemo UX - Extreme English Basic
"WaveStudio 7" = Creative WaveStudio 7

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2015-03-06 12: 00: 40 | Computer Name = Shrek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd:  chrome.exe, wersja:  40.0.2214.111,
sygnatura czasowa:  0x54d1cb7f  Nazwa modułu powodującego błąd:  chrome.dll, wersja:
40.0.2214.111, sygnatura czasowa:  0x54d1c75d  Kod wyjątku:  0x80000003  Przesunięcie
błędu:  0x00539dfa  Identyfikator procesu powodującego błąd:  0xf0  Godzina uruchomienia
aplikacji powodującej błąd:  0x01d05826b0d5394f  Ścieżka aplikacji powodującej błąd:
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe  Ścieżka modułu powodującego
błąd:  C: \Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dll
Identyfikator
raportu:  ef582718-c419-11e4-92ac-001d7d00a50f

Error - 2015-03-06 12: 01: 42 | Computer Name = Shrek | Source = WinMgmt | ID = 10
Description =

Error - 2015-03-06 12: 02: 07 | Computer Name = Shrek | Source = SideBySide | ID = 16842811
Description = Nie można wygenerować kontekstu aktywacji dla "C: \Program Files\AVAST
Software\Avast\aswEngLdr.dll". Błąd w pliku manifestu lub w pliku zasad "C: \Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4​035446b41.manifest"
w wierszu 0.  Nieprawidłowa składnia XML.

Error - 2015-03-06 12: 03: 08 | Computer Name = Shrek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd:  chrome.exe, wersja:  40.0.2214.111,
sygnatura czasowa:  0x54d1cb7f  Nazwa modułu powodującego błąd:  chrome.dll, wersja:
40.0.2214.111, sygnatura czasowa:  0x54d1c75d  Kod wyjątku:  0x80000003  Przesunięcie
błędu:  0x00539dfa  Identyfikator procesu powodującego błąd:  0x390  Godzina uruchomienia
aplikacji powodującej błąd:  0x01d0582709a8bbae  Ścieżka aplikacji powodującej błąd:
C: \Program Files (x86)\Google\Chrome\Application\chrome.exe  Ścieżka modułu powodującego
błąd:  C: \Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dll
Identyfikator
raportu:  47adb0b2-c41a-11e4-92ac-001d7d00a50f

Error - 2015-03-06 12: 06: 27 | Computer Name = Shrek | Source = SideBySide | ID = 16842811
Description = Nie można wygenerować kontekstu aktywacji dla "C: \Program Files\AVAST
Software\Avast\afwServ.exe". Błąd w pliku manifestu lub w pliku zasad "C: \Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4​035446b41.manifest"
w wierszu 0.  Nieprawidłowa składnia XML.

Error - 2015-03-06 12: 06: 32 | Computer Name = Shrek | Source = SideBySide | ID = 16842811
Description = Nie można wygenerować kontekstu aktywacji dla "C: \Program Files\AVASTS~1\Avast\1045\Base.dll".
Błąd w pliku manifestu lub w pliku zasad "C: \Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4​035446b41.manifest"
w wierszu 0.  Nieprawidłowa składnia XML.

Error - 2015-03-06 12: 06: 34 | Computer Name = Shrek | Source = SideBySide | ID = 16842811
Description = Nie można wygenerować kontekstu aktywacji dla "C: \Program Files\AVAST
Software\Avast\avastui.exe". Błąd w pliku manifestu lub w pliku zasad "C: \Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4​035446b41.manifest"
w wierszu 0.  Nieprawidłowa składnia XML.

Error - 2015-03-06 12: 08: 18 | Computer Name = Shrek | Source = WinMgmt | ID = 10
Description =

Error - 2015-03-06 12: 08: 36 | Computer Name = Shrek | Source = SideBySide | ID = 16842811
Description = Nie można wygenerować kontekstu aktywacji dla "C: \Program Files\AVAST
Software\Avast\aswEngLdr.dll". Błąd w pliku manifestu lub w pliku zasad "C: \Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4​035446b41.manifest"
w wierszu 0.  Nieprawidłowa składnia XML.

Error - 2015-03-06 12: 09: 56 | Computer Name = Shrek | Source = SideBySide | ID = 16842811
Description = Nie można wygenerować kontekstu aktywacji dla "C: \Program Files\AVAST
Software\Avast\afwServ.exe". Błąd w pliku manifestu lub w pliku zasad "C: \Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4​035446b41.manifest"
w wierszu 0.  Nieprawidłowa składnia XML.

[ System Events ]
Error - 2015-03-07 15: 17: 55 | Computer Name = Shrek | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! HardwareID z powodu następującego
błędu:    %%193

Error - 2015-03-07 15: 17: 55 | Computer Name = Shrek | Source = HTTP | ID = 15005
Description =

Error - 2015-03-07 15: 17: 55 | Computer Name = Shrek | Source = Service Control Manager | ID = 7023
Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie;
wystąpił następujący błąd:    %%-2147024891

Error - 2015-03-07 15: 17: 57 | Computer Name = Shrek | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego:    aswKbd  aswNdisFlt  aswRdr  aswSnx  aswSP

Error - 2015-03-07 15: 19: 27 | Computer Name = Shrek | Source = NetBT | ID = 4307
Description = Zainicjowanie nie powiodło się, ponieważ transport odmówił otwarcia
adresów początkowych.

Error - 2015-03-07 15: 19: 27 | Computer Name = Shrek | Source = NetBT | ID = 4307
Description = Zainicjowanie nie powiodło się, ponieważ transport odmówił otwarcia
adresów początkowych.

Error - 2015-03-07 15: 20: 05 | Computer Name = Shrek | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2015-03-07 15: 20: 05 | Computer Name = Shrek | Source = DCOM | ID = 10005
Description =

Error - 2015-03-07 15: 20: 05 | Computer Name = Shrek | Source = Service Control Manager | ID = 7001
Description = Usługa Host urządzenia UPnP zależy od usługi Odnajdywanie SSDP, której
nie można uruchomić z powodu następującego błędu:    %%0

Error - 2015-03-07 15: 20: 05 | Computer Name = Shrek | Source = Service Control Manager | ID = 7001
Description = Usługa Host urządzenia UPnP zależy od usługi Odnajdywanie SSDP, której
nie można uruchomić z powodu następującego błędu:    %%0


< End of report >

Wziąłem jeszcze przeczyściłem wszystko Wise Registry Cleanerem.

Illidan

09.03.2015, 18:05
System jest czysty,ale przeleć jeszcze dla pewności go "AdwCleaner",jak coś ten program znajdzie to usuń,bo jedynie coś w przeglądarkach może jeszcze być.Pokaż log z usuwania.Do aktualizacji:
Skype™ 6.22,
Java 8 Update 25,
Do "OTL" wklej tylko w pole "Własne opcje skanowania/Skrypt":
Cytat::Commands
[emptytemp]
Wykonaj skrypt i pokaż po restarcie z tego raport.Ta opcja wyczyści pliki tymczasowe w systemie.

Aconcagua

09.03.2015, 21:34
AdwCleaner:

Kod:
# AdwCleaner v4.111 - Logfile created 09/03/2015 at 19: 02: 55
# Updated 18/02/2015 by Xplode
# Database :  2015-03-05.1 [Server]
# Operating system :  Windows 7 Ultimate Service Pack 1 (x64)
# Username :  Armwrestling - SHREK
# Running from :  C: \Users\Armwrestling\Downloads\adwcleaner_4.111.exe
# Option :  Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0.1 (x86 pl)

[ce8j0zs7.default\prefs.js] - Line Deleted :  user_pref("extensions.quick_start.enable_search1", false);
[ce8j0zs7.default\prefs.js] - Line Deleted :  user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [2739 bytes] - [07/03/2015 20: 22: 25]
AdwCleaner[R1].txt - [2799 bytes] - [07/03/2015 20: 40: 54]
AdwCleaner[R2].txt - [1189 bytes] - [07/03/2015 20: 45: 49]
AdwCleaner[R3].txt - [1249 bytes] - [09/03/2015 19: 00: 49]
AdwCleaner[S0].txt - [3307 bytes] - [07/03/2015 20: 43: 14]
AdwCleaner[S1].txt - [1198 bytes] - [09/03/2015 19: 02: 55]

########## EOF - C: \AdwCleaner\AdwCleaner[S1].txt - [1257  bytes] ##########

Kwarantanna od wszystkich skanowań:
Kod:
C: \Users\Armwrestling\AppData\Roaming\Mozilla\Firefox\Profiles\ce8j0zs7.default\user.js->C: \AdwCleaner\Quarantine\C\Users\Armwrestling\AppData\Roaming\Mozilla\Firefox\Profiles\ce8j0zs7.defaul​t\user.js.vir
C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage->C: \AdwCleaner\Quarantine\C\Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage.vir
C: \Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal->C: \AdwCleaner\Quarantine\C\Users\Armwrestling\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal.vir
C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk->C: \AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk.vir
C: \Users\Armwrestling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk->C: \AdwCleaner\Quarantine\C\Users\Armwrestling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.vir
C: \Users\Armwrestling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk->C: \AdwCleaner\Quarantine\C\Users\Armwrestling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk.vir
C: \Users\Armwrestling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk->C: \AdwCleaner\Quarantine\C\Users\Armwrestling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk.vir
C: \Users\Armwrestling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->C: \AdwCleaner\Quarantine\C\Users\Armwrestling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk.vir

OTL:
Kod:
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User:  All Users

User:  Armwrestling
->Temp folder emptied:  3390047 bytes
->Temporary Internet Files folder emptied:  911684 bytes
->Java cache emptied:  48013 bytes
->FireFox cache emptied:  364914122 bytes
->Google Chrome cache emptied:  475036166 bytes
->Flash cache emptied:  3098 bytes

User:  Default
->Temp folder emptied:  0 bytes
->Temporary Internet Files folder emptied:  0 bytes

User:  Default User
->Temp folder emptied:  0 bytes
->Temporary Internet Files folder emptied:  0 bytes

User:  Public

%systemdrive% .tmp files removed:  0 bytes
%systemroot% .tmp files removed:  0 bytes
%systemroot%\System32 .tmp files removed:  0 bytes
%systemroot%\System32 (64bit) .tmp files removed:  0 bytes
%systemroot%\System32\drivers .tmp files removed:  0 bytes
Windows Temp folder emptied:  17378142 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied:  128 bytes
RecycleBin emptied:  0 bytes

Total Files Cleaned = 822,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03092015_211604

Files\Folders moved on Reboot...
File move failed. C: \Users\Armwrestling\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8395f8fd8a83d_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C: \Users\Armwrestling\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8395f8fd8a83d_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C: \Users\Armwrestling\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C: \Users\Armwrestling\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Jave zaktualizowałem, Skype usunąłem bo nie korzystam, a nowych beznadziejnych wersji nie będę instalował.

Illidan

10.03.2015, 07:31
Dobrze, czyszczenie dokonane. Co do Skype to nowe wersje nie są wcale takie złe. Jedyny mankament to pojawienie się reklam. Zawsze można skorzystać jeszcze z dobrego polskiego multikomunikatora WTW, obsługuje on protokół Skype też.
Jest poprawa po czyszczeniu? System działa lepiej?

Aconcagua

10.03.2015, 08:02
System chodzi tak samo jak po odinstalowaniu avasta (czyli dobrze) tylko chrome dalej przestaje działać

Illidan

10.03.2015, 16:38
Co dokładnie dzieje się z Chrome?
Stron: 1 2
Windows 7 Forum: konfiguracja, optymalizacja, porady, gadżety • > Pomoc i wsparcie, Windows 7 > Bezpieczeństwo Windows 7 > Logi > Nie działa klawiatura, internet, chrome i avast
Przekierowanie