Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
This topic is locked
Member
Please, help me with this infection. I added both files, first and addition - I have no idea what I have to do to fix the problem. All webbrowser are hijacke on my system, I really need help.
Addition.txt 34.9KB
364 downloads
FRST.txt 26.87KB
308 downloads
GeekU Minion
Analysis and research take some time, also sometimes real life gets in the way, please be patient. Limit your internet access to posting here, some infections just wait to steal typed-in passwords. Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good. Paste the logs in your posts, attachments make my work harder and more complicated. Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational. Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt!Move your copy of FRST to the desktop please.Running from D:\instalki\użytki
Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable.
+ R on your keyboard at the same time. Type Notepad and click OK.start
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Run: [nvxasync] => C:\Users\gruby\AppData\Roaming\nvxasync\nvxasync.exe
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: F - F:\Setup.exe -auto
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: {63a5ad51-00bd-11e2-a3f4-60eb694d6c24} - H:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142679040 2015-03-12] () <==== ATTENTION
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Homepage: hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
OPR StartupUrls: "hxxp://www.surfvox.com/"
U3 BcmSqlStartupSvc; No ImagePath
U2 IviRegMgr; No ImagePath
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
2015-03-12 01:04 - 2015-03-12 01:04 - 00000000 _RSHD () C:\Users\gruby\AppData\Roaming\nvxasync
2015-03-12 00:07 - 2015-03-12 00:07 - 00000000 _RSHD () C:\ProgramData\nvxasync
Task: {5D916564-0F78-4564-84E7-56AA8E84120A} - System32\Tasks\Origin => C:\Users\gruby\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
2015-03-12 00:07 - 2015-03-12 00:07 - 142679040 __RSH () C:\ProgramData\nvxasync\cvxasync.exe
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reboot:
end
end icon and select 
Run as Administrator to start the tool.
Member
Thanks Naat
This fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 09:55:45 Run:1
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Run: [nvxasync] => C:\Users\gruby\AppData\Roaming\nvxasync\nvxasync.exe
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: F - F:\Setup.exe -auto
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\MountPoints2: {63a5ad51-00bd-11e2-a3f4-60eb694d6c24} - H:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142679040 2015-03-12] () <==== ATTENTION
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Homepage: hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
OPR StartupUrls: "hxxp://www.surfvox.com/"
U3 BcmSqlStartupSvc; No ImagePath
U2 IviRegMgr; No ImagePath
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]
2015-03-12 01:04 - 2015-03-12 01:04 - 00000000 _RSHD () C:\Users\gruby\AppData\Roaming\nvxasync
2015-03-12 00:07 - 2015-03-12 00:07 - 00000000 _RSHD () C:\ProgramData\nvxasync
Task: {5D916564-0F78-4564-84E7-56AA8E84120A} - System32\Tasks\Origin => C:\Users\gruby\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
2015-03-12 00:07 - 2015-03-12 00:07 - 142679040 __RSH () C:\ProgramData\nvxasync\cvxasync.exe
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reboot:
end
end
*****************
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Windows\CurrentVersion\Run\\nvxasync => value deleted successfully.
"HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63a5ad51-00bd-11e2-a3f4-60eb694d6c24}" => Key deleted successfully.
HKCR\CLSID\{63a5ad51-00bd-11e2-a3f4-60eb694d6c24} => Key not found.
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll not found.
c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll not found.
Opera StartupUrls deleted successfully.
BcmSqlStartupSvc => Service deleted successfully.
IviRegMgr => Service deleted successfully.
moufiltr => Service deleted successfully.
NPF => Service deleted successfully.
RichVideo => Service deleted successfully.
SQLWriter => Service deleted successfully.
vhidmini => Service deleted successfully.
C:\Users\gruby\AppData\Roaming\nvxasync => Moved successfully.
C:\ProgramData\nvxasync => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D916564-0F78-4564-84E7-56AA8E84120A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D916564-0F78-4564-84E7-56AA8E84120A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.
"C:\ProgramData\nvxasync\cvxasync.exe" => File/Directory not found.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {FD71AA28-E0C1-4141-91F1-B6831A74481F}.
Unable to cancel {D86BBA9E-72A0-43FD-A857-E15428AEA4C5}.
Unable to cancel {B113290D-B4D6-4E7E-935D-DD7E5D477014}.
Unable to cancel {2D70B401-65D7-4ABD-A7A8-F2315AF74392}.
0 out of 4 jobs canceled.
========= End of CMD: =========
EmptyTemp: => Removed 137 MB temporary data.
The system needed a reboot.
==== End of Fixlog 09:55:53 ====
GeekU Minion
Scan with Gmer icon and select Run as Administrator to start the tool. If you encounter any problems, try running GMER in Safe Mode. If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning. Scan with Farbar Recovery Scan Tool icon and select Run as Administrator to start the tool.
Member
My name is Jakub, by the way
gmer scan
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-03-12 10:31:53
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: 8mm4ivww.exe; Driver: C:\Users\gruby\AppData\Local\Temp\fgddqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1548] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074d28799 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1548] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074fd1465 2 bytes [FD, 74]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1548] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074fd14bb 2 bytes [FD, 74]
.text ... * 2
.text C:\windows\system32\taskhost.exe[1408] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077096f80 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskhost.exe[1408] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text C:\windows\system32\taskhost.exe[1408] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text C:\windows\system32\taskhost.exe[1408] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff417490 5 bytes JMP 000007fffd7f0138
.text C:\windows\system32\taskhost.exe[1408] C:\windows\system32\WINMM.dll!waveOutReset 000007fef8fda38c 5 bytes JMP 000007fefd7f02b8
.text C:\windows\system32\taskhost.exe[1408] C:\windows\system32\WINMM.dll!waveOutPause 000007fef8ff4b60 5 bytes JMP 000007fefd7f0238
.text C:\windows\system32\taskhost.exe[1408] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef8ff4ba0 5 bytes JMP 000007fefd7f01b8
.text C:\windows\system32\Dwm.exe[2072] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077096f80 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\Dwm.exe[2072] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd80a900 5 bytes JMP 000007fffd7e0038
.text C:\windows\system32\Dwm.exe[2072] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd80c5e0 5 bytes JMP 000007fffd7e00b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077096f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\WINMM.dll!waveOutReset 000007fef8fda38c 5 bytes JMP 000007fefd7f02b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\WINMM.dll!waveOutPause 000007fef8ff4b60 5 bytes JMP 000007fefd7f0238
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef8ff4ba0 5 bytes JMP 000007fefd7f01b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2904] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff417490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[2972] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077096f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[2972] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd80a900 5 bytes JMP 000007fffd7e0038
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[2972] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd80c5e0 5 bytes JMP 000007fffd7e00b8
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[2972] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff417490 5 bytes JMP 000007fffd7e0138
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077096f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\WINMM.dll!waveOutReset 000007fef8fda38c 5 bytes JMP 000007fefd7f02b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\WINMM.dll!waveOutPause 000007fef8ff4b60 5 bytes JMP 000007fefd7f0238
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef8ff4ba0 5 bytes JMP 000007fefd7f01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3044] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff417490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[2104] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077096f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[2104] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[2104] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[2104] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff417490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[3176] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExA 0000000074d248e3 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[3176] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW 0000000074d248fb 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[3176] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000074d2492d 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[3176] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3224] C:\windows\system32\KERNEL32.dll!LoadLibraryW 0000000077096f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3224] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3224] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3224] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff417490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[3316] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077096f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[3316] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[3316] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[3316] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff417490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3552] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000074d248e3 5 bytes JMP 00000001002627c0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3552] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000074d248fb 5 bytes JMP 00000001002628a0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3552] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000074d2492d 5 bytes JMP 0000000100262830
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3552] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 0000000100262900
.text C:\windows\system32\wbem\unsecapp.exe[3828] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077096f80 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\wbem\unsecapp.exe[3828] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd80a900 5 bytes JMP 000007fffd7f0038
.text C:\windows\system32\wbem\unsecapp.exe[3828] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd80c5e0 5 bytes JMP 000007fffd7f00b8
.text C:\windows\system32\wbem\unsecapp.exe[3828] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff417490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[1392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fd1465 2 bytes [FD, 74]
.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[1392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fd14bb 2 bytes [FD, 74]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread System [4:892] fffffa8008b19810
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0E 0xD1 0x31 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0E 0xD1 0x31 0x49 ...
---- EOF - GMER 2.1 ----
Member
And FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by gruby (administrator) on GRUBY on 12-03-2015 10:32:11
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Users\gruby\Desktop\8mm4ivww.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014752 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2101032 2010-05-03] (Synaptics Incorporated)
HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-05-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {9ABED254-E67E-44DB-921E-019347DA9E24} URL = http://www.google.pl...age={startPage}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-28] (Oracle Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CC18BAD-CDD6-4816-8769-90E81FEA0B9D}: [NameServer] 0.0.0.0
FireFox:
========
FF ProfilePath: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default
FF Homepage: https://duckduckgo.com/
FF NetworkProxy: "type", 0
FF Homepage: hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Homepage: user_pref("extensions.lastPlatformVersion");hxxp://www.surfvox.com
FF DefaultSearchEngine: SurfVox
FF SelectedSearchEngine: SurfVox
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2012-10-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1261315055-2766284447-2599145269-1003: @tools.google.com/Google Update;version=8 -> C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-12-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-04-06] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\100-search-engines.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\dodatki-dla-firefox.xml [2014-12-06]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\erotic-search.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\filmwebpl.xml [2014-04-16]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\starter.xml [2015-03-12]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrent-freedom.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrent-metasearch.xml [2014-11-13]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrentfinder.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\torrentsto.xml [2010-12-19]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\tumacz-google.xml [2013-11-30]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\urban-dictionary.xml [2015-01-01]
FF SearchPlugin: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\searchplugins\youtube.xml [2011-06-05]
FF Extension: Dummy Lipsum - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-01-06]
FF Extension: Xmarks - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2014-11-30]
FF Extension: FireShot - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-26]
FF Extension: FireFTP - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-15]
FF Extension: CSS Usage - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-10-04]
FF Extension: Firebug - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-03-23]
FF Extension: FirePHP - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-04-12]
FF Extension: FireQuery - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-10-04]
FF Extension: FirePath - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-10-04]
FF Extension: DuckDuckGo Plus - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2014-12-06]
FF Extension: SEO Doctor - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2011-04-13]
FF Extension: Status-4-Evar - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\[email protected] [2014-05-11]
FF Extension: ImTranslator - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-04-12]
FF Extension: Web Developer - C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\m76k5iwo.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-05-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-05]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-11-11]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12]
CHR Extension: (Google Drive) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Google Search) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Gmail) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
Opera:
=======
OPR StartupUrls: "hxxp://www.surfvox.com/"
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-01-06] (Adobe Systems) [File not signed]
S4 Adobe Version Cue CS2; E:\sojusznicy webmastera\adobe cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [575304 2009-11-17] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited)
R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [56688 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31088 2010-02-05] (JMicron Technology Corp.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-09-02] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-09-02] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-06] (Duplex Secure Ltd.)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 fgddqpog; \??\C:\Users\gruby\AppData\Local\Temp\fgddqpog.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 10:32 - 2015-03-12 10:32 - 00022934 _____ () C:\Users\gruby\Desktop\FRST.txt
2015-03-12 10:15 - 2015-03-12 10:31 - 00013402 _____ () C:\Users\gruby\Desktop\gmer.log
2015-03-12 10:09 - 2015-03-12 10:09 - 00000652 _____ () C:\Users\gruby\Desktop\defogger_disable.log
2015-03-12 10:09 - 2015-03-12 10:09 - 00000188 _____ () C:\Users\gruby\defogger_reenable
2015-03-12 10:08 - 2015-03-12 10:08 - 00050477 _____ () C:\Users\gruby\Desktop\Defogger.exe
2015-03-12 10:07 - 2015-03-12 10:07 - 00380416 _____ () C:\Users\gruby\Desktop\8mm4ivww.exe
2015-03-12 09:53 - 2015-03-12 01:10 - 02095616 _____ (Farbar) C:\Users\gruby\Desktop\FRST64.exe
2015-03-12 01:11 - 2015-03-12 10:32 - 00000000 ____D () C:\FRST
2015-03-12 00:47 - 2015-03-12 01:06 - 00000000 ____D () C:\AdwCleaner
2015-03-12 00:42 - 2015-03-12 09:19 - 00000628 _____ () C:\windows\PFRO.log
2015-03-12 00:07 - 2014-09-22 04:39 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\fportable
2015-03-05 23:33 - 2015-03-05 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 10:17 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 10:17 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 10:15 - 2010-11-21 04:51 - 24976806 _____ () C:\windows\system32\perfh015.dat
2015-03-12 10:15 - 2010-11-21 04:51 - 08798062 _____ () C:\windows\system32\perfc015.dat
2015-03-12 10:15 - 2009-07-14 05:13 - 00006308 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-12 10:10 - 2014-05-12 09:50 - 00001042 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 10:10 - 2013-02-15 13:06 - 00117402 _____ () C:\windows\setupact.log
2015-03-12 10:10 - 2012-09-23 13:46 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2015-03-12 10:10 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-12 10:09 - 2010-11-21 03:40 - 00000000 ____D () C:\Users\gruby
2015-03-12 10:09 - 2010-09-17 00:29 - 01546605 _____ () C:\windows\WindowsUpdate.log
2015-03-12 00:03 - 2013-03-20 20:03 - 00000000 ____D () C:\Users\gruby\Documents\FIFA 13
2015-03-09 22:59 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing
2015-03-08 22:45 - 2012-10-31 15:01 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\uTorrent
2015-03-08 19:44 - 2010-11-21 11:31 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Skype
2015-03-07 16:02 - 2010-11-21 04:14 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\foobar2000
2015-03-06 08:42 - 2013-04-24 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-02 00:04 - 2010-11-21 05:21 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Tlen.pl
2015-02-22 00:46 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
==================== Files in the root of some directories =======
2010-11-21 16:45 - 2011-11-03 18:35 - 0007602 _____ () C:\Users\gruby\AppData\Local\resmon.resmoncfg
2010-11-21 11:32 - 2010-11-21 11:32 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2010-09-17 00:53 - 2010-10-06 18:57 - 0000235 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-09-17 12:17 - 2012-10-12 20:06 - 0000078 _____ () C:\ProgramData\profile.xml
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-03-18 16:10
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 10:33:18
Running from C:\Users\gruby\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{F1E02922-FA0F-6EF1-1F95-CA23D65523C5}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Ashampoo Burning Studio 2012 v10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.536 - Corel Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Daum PotPlayer 1.5.35491 (HKLM-x32\...\PotPlayer) (Version: - )
Digital Photo Software FotoMorph 12.4.5 (HKLM-x32\...\FotoMorph) (Version: 12.4.5 - Digital Photo Software)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.6 - Lenovo)
ESET Smart Security (HKLM\...\{C0D93E4E-0866-43C8-A104-BF41A803EA84}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
FIFA 13 1.0.28 (HKLM-x32\...\FIFA 13 1.0.28) (Version: 1.0.28 - EA Games)
foobar2000 v1.1 (HKLM-x32\...\foobar2000) (Version: 1.1 - Peter Pawlowski)
Freemake Video Converter version 2.2.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 2.2.0 - Ellora Assets Corporation)
GnuWin32: Gzip-1.3.12 (HKLM-x32\...\Gzip-1.3.12_is1) (Version: 1.3.12 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
LameACM (HKLM-x32\...\LameACM) (Version: - )
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{F5608FF7-17C0-440A-80C7-29C48363BD87}) (Version: 1.0.9.2 - Suyin Optronics Corp.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.0.0.2 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.2 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.22 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo SlideNav (HKLM-x32\...\Lenovo SlideNav2) (Version: 2.0.1230.0003 - Lenovo)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access 2002 Runtime (HKLM-x32\...\{901C0415-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 pl)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (3.0.10) (HKLM-x32\...\Mozilla Thunderbird (3.0.10)) (Version: 3.0.10 (pl) - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NapiProjekt (2.1.1.2314) (HKLM-x32\...\NapiProjekt_is1) (Version: - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia PC Internet Access (HKLM-x32\...\Nokia PC Internet Access) (Version: 1.1.1.2 - Nokia)
Nokia PC Internet Access (x32 Version: 1.1.1.2 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Odkurzacz (HKLM-x32\...\Odkurzacz 13.5_is1) (Version: 13.5.0.1911 - FranmoSoftware - Maciej Opaliński)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.8 - Lenovo)
OpenOffice.org 3.4.1 (HKLM-x32\...\{18192D3F-5537-4560-AD89-D695F72AF91D}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SWiSH Max3 (HKLM-x32\...\SWiSH Max3) (Version: 09.06.02.000 - SWiSHzone.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.19.1 - Synaptics Incorporated)
Tlen.pl (HKLM-x32\...\Tlen.pl) (Version: 6.0.3.77 - o2.pl Sp. z o. o.)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.1.0 - Tukero[X]Team)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2E9823CE-8133-46D9-B26A-224826496412} - System32\Tasks\{026E6300-257E-4628-9999-CB9D1401A58A} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {46A73544-68A8-4260-A8D6-5413D1E19370} - System32\Tasks\{10FB3D92-AE74-4024-A76C-CCB6BF3E5DB9} => pcalua.exe -a C:\PROGRA~2\INSTAL~1\{0134A~1\setup.exe -c /relaunched/rootloc=f:\adobe creative suite 2.0/lang=0409
Task: {48F2FBB6-5797-4757-B7A4-E8CC10AAD0CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003UA => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {4C1E2CA1-6494-4BF2-9A3C-A3D8197DFEAD} - System32\Tasks\Opera scheduled Autoupdate 1421364199 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {6910C1F7-3251-4FDB-9424-0F241A0D2DAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8495D246-5241-44B1-ADDB-E9E55D2789A3} - System32\Tasks\{52DB10CE-5292-4494-ACF8-37CC3A919698} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {908343F7-12E4-4FE6-A2EB-66CB1835691D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {A20C71F5-8CE6-4DC5-9F3C-7BD1FF703CC0} - System32\Tasks\{28B9D897-69FC-462D-AC6E-18DF4FEB830C} => Firefox.exe http://www.skype.com...8;LastError=404
Task: {A39741F1-D1CC-43A2-B56D-D7A87A349492} - System32\Tasks\{60AC84B0-7799-4766-BA76-062986A2F2A1} => pcalua.exe -a "C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {BD4F0774-4047-47AC-A30F-6134016C9924} - System32\Tasks\{4784DDE8-A84A-439C-B7B9-0B4C425FC8A7} => pcalua.exe -a C:\Users\gruby\Downloads\lgs510.exe -d C:\Users\gruby\Downloads
Task: {BEECB5CE-FCD2-484E-85D2-633E4B5071B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {C1E6FAF2-86DD-4F5A-BFFE-2A86B65980F1} - System32\Tasks\{A3869FF0-CF06-4625-AF52-D6BB4895E0E8} => pcalua.exe -a C:\Users\gruby\Downloads\Swf2Avi_Setup.exe
Task: {CF62CF85-0E97-4D27-9BF2-363BA2C2379C} - System32\Tasks\{39E468F5-A999-4F5E-977A-8198BEF61E4C} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {D4FFDF96-F58D-4B1B-9294-BD9D51B2916C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {FBDFFB72-E843-4AAA-8FB8-74A011C7E72C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core.job => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003UA.job => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core.job => C:\Users\gruby\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-09-17 01:06 - 2009-12-19 02:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-09-17 01:06 - 2009-12-19 02:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-11-21 04:27 - 2009-06-02 00:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-12 09:49 - 2014-05-12 09:49 - 00222720 _____ () E:\sojusznicy webmastera\notepad++\NppShell_06.dll
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-09-17 01:25 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-09-17 01:25 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-09-17 01:06 - 2009-12-19 02:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2015-03-12 10:07 - 2015-03-12 10:07 - 00380416 _____ () C:\Users\gruby\Desktop\8mm4ivww.exe
2010-09-17 01:06 - 2009-12-19 02:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-09-17 01:06 - 2009-12-19 02:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-10 16:22 - 2012-05-10 16:22 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dc45bfd22b86df0074e8e521ada8d55f\IsdiInterop.ni.dll
2010-09-17 00:38 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-02-07 13:10 - 2015-02-07 13:10 - 16852144 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\gruby\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\windows\pss\Adobe Gamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lenovo Smile Dock.lnk => C:\windows\pss\Lenovo Smile Dock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^gruby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^gruby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Version Cue CS2 => E:\sojusznicy webmastera\adobe cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: AtwtusbIcon => AtwtusbIcon.exe
MSCONFIG\startupreg: BEWINTERNET-PLSessionManager => "C:\Program Files (x86)\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe"
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => E:\sojusznicy webmastera\corel\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=030213 serial=DR12CUB-5137358-MCC lang=PL
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\gruby\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Lenovo SplitScreen => "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
MSCONFIG\startupreg: MacroKeyManager => WTMKM.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UCam_Menu => "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
MSCONFIG\startupreg: uTorrent => "C:\Users\gruby\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: YouCam Mirror Tray icon => "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
==================== Accounts: =============================
Administrator (S-1-5-21-1261315055-2766284447-2599145269-500 - Administrator - Disabled)
gruby (S-1-5-21-1261315055-2766284447-2599145269-1003 - Administrator - Enabled) => C:\Users\gruby
Guest (S-1-5-21-1261315055-2766284447-2599145269-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1261315055-2766284447-2599145269-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
Error: (03/12/2015 10:14:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: 8mm4ivww.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83
Nazwa modułu powodującego błąd: 8mm4ivww.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0008d93e
Identyfikator procesu powodującego błąd: 0x1338
Godzina uruchomienia aplikacji powodującej błąd: 0x8mm4ivww.exe0
Ścieżka aplikacji powodującej błąd: 8mm4ivww.exe1
Ścieżka modułu powodującego błąd: 8mm4ivww.exe2
Identyfikator raportu: 8mm4ivww.exe3
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
Error: (03/12/2015 09:55:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Nie można utworzyć punktu przywracania (Proces = C:\Users\gruby\Desktop\FRST64.exe ; Opis = Restore Point Created by FRST; Błąd = 0x80070422).
Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.
Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
System errors:
=============
Error: (03/12/2015 10:12:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi ReadyComm.DirectRouter z powodu następującego błędu:
%%2
Error: (03/12/2015 10:10:05 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT)
Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147549183.
Error: (03/12/2015 10:09:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:58:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi ReadyComm.DirectRouter z powodu następującego błędu:
%%2
Error: (03/12/2015 09:56:45 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT)
Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147549183.
Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:56:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:55:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Live ID Sign-in Assistant niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
Microsoft Office Sessions:
=========================
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
Error: (03/12/2015 10:14:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 8mm4ivww.exe2.1.19357.052e7ea838mm4ivww.exe2.1.19357.052e7ea83c00000050008d93e133801d05cacfdbe4751C:\Users\gruby\Desktop\8mm4ivww.exeC:\Users\gruby\Desktop\8mm4ivww.exe94c30278-c8a0-11e4-b034-60eb694d6c24
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
Error: (03/12/2015 09:55:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\gruby\Desktop\FRST64.exe Restore Point Created by FRST0x80070422
Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
==================== Memory info ===========================
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 49%
Total physical RAM: 4028.56 MB
Available physical RAM: 2038.84 MB
Total Pagefile: 8055.32 MB
Available Pagefile: 6054.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (system) (Fixed) (Total:54.54 GB) (Free:19.06 GB) NTFS
Drive d: (magazyn) (Fixed) (Total:311.02 GB) (Free:143.98 GB) NTFS
Drive e: (praca) (Fixed) (Total:85.25 GB) (Free:59.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=54.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=396.3 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=02)
==================== End Of Log ============================
GeekU Minion
Reset Firefox to defaults
Member
Mówimy po polsku?
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by gruby (administrator) on GRUBY on 12-03-2015 10:47:52
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\gruby\Desktop\8mm4ivww.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014752 2010-05-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2101032 2010-05-03] (Synaptics Incorporated)
HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-05-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1261315055-2766284447-2599145269-1003 -> {9ABED254-E67E-44DB-921E-019347DA9E24} URL = http://www.google.pl...age={startPage}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-28] (Oracle Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CC18BAD-CDD6-4816-8769-90E81FEA0B9D}: [NameServer] 0.0.0.0
FireFox:
========
FF ProfilePath: C:\Users\gruby\AppData\Roaming\Mozilla\Firefox\Profiles\5bbus0xz.default-1426157137755
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2012-10-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-12-21] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1261315055-2766284447-2599145269-1003: @tools.google.com/Google Update;version=8 -> C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-12-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-04-06] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-05]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-11-11]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Users\gruby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-12]
CHR Extension: (Google Drive) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-12]
CHR Extension: (YouTube) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Google Search) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-12]
CHR Extension: (Gmail) - C:\Users\gruby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
Opera:
=======
OPR StartupUrls: "hxxp://www.surfvox.com/"
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-01-06] (Adobe Systems) [File not signed]
S4 Adobe Version Cue CS2; E:\sojusznicy webmastera\adobe cs2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [575304 2009-11-17] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited)
R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [56688 2010-02-05] (JMicron Technology Corp.)
R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31088 2010-02-05] (JMicron Technology Corp.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-09-02] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-09-02] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-06] (Duplex Secure Ltd.)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 fgddqpog; \??\C:\Users\gruby\AppData\Local\Temp\fgddqpog.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 10:45 - 2015-03-12 10:45 - 00000000 ____D () C:\Users\gruby\Desktop\Stare dane programu Firefox
2015-03-12 10:33 - 2015-03-12 10:33 - 00035353 _____ () C:\Users\gruby\Desktop\Addition.txt
2015-03-12 10:32 - 2015-03-12 10:48 - 00017279 _____ () C:\Users\gruby\Desktop\FRST.txt
2015-03-12 10:15 - 2015-03-12 10:31 - 00013402 _____ () C:\Users\gruby\Desktop\gmer.log
2015-03-12 10:09 - 2015-03-12 10:09 - 00000652 _____ () C:\Users\gruby\Desktop\defogger_disable.log
2015-03-12 10:09 - 2015-03-12 10:09 - 00000188 _____ () C:\Users\gruby\defogger_reenable
2015-03-12 10:08 - 2015-03-12 10:08 - 00050477 _____ () C:\Users\gruby\Desktop\Defogger.exe
2015-03-12 10:07 - 2015-03-12 10:07 - 00380416 _____ () C:\Users\gruby\Desktop\8mm4ivww.exe
2015-03-12 09:53 - 2015-03-12 01:10 - 02095616 _____ (Farbar) C:\Users\gruby\Desktop\FRST64.exe
2015-03-12 01:11 - 2015-03-12 10:47 - 00000000 ____D () C:\FRST
2015-03-12 00:47 - 2015-03-12 01:06 - 00000000 ____D () C:\AdwCleaner
2015-03-12 00:42 - 2015-03-12 09:19 - 00000628 _____ () C:\windows\PFRO.log
2015-03-12 00:07 - 2014-09-22 04:39 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\fportable
2015-03-05 23:33 - 2015-03-05 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 10:17 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 10:17 - 2009-07-14 04:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 10:15 - 2010-11-21 04:51 - 24976806 _____ () C:\windows\system32\perfh015.dat
2015-03-12 10:15 - 2010-11-21 04:51 - 08798062 _____ () C:\windows\system32\perfc015.dat
2015-03-12 10:15 - 2009-07-14 05:13 - 00006308 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-12 10:10 - 2014-05-12 09:50 - 00001042 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 10:10 - 2013-02-15 13:06 - 00117402 _____ () C:\windows\setupact.log
2015-03-12 10:10 - 2012-09-23 13:46 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2015-03-12 10:10 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-12 10:09 - 2010-11-21 03:40 - 00000000 ____D () C:\Users\gruby
2015-03-12 10:09 - 2010-09-17 00:29 - 01546605 _____ () C:\windows\WindowsUpdate.log
2015-03-12 00:03 - 2013-03-20 20:03 - 00000000 ____D () C:\Users\gruby\Documents\FIFA 13
2015-03-09 22:59 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing
2015-03-08 22:45 - 2012-10-31 15:01 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\uTorrent
2015-03-08 19:44 - 2010-11-21 11:31 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Skype
2015-03-07 16:02 - 2010-11-21 04:14 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\foobar2000
2015-03-06 08:42 - 2013-04-24 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-02 00:04 - 2010-11-21 05:21 - 00000000 ____D () C:\Users\gruby\AppData\Roaming\Tlen.pl
2015-02-22 00:46 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
==================== Files in the root of some directories =======
2010-11-21 16:45 - 2011-11-03 18:35 - 0007602 _____ () C:\Users\gruby\AppData\Local\resmon.resmoncfg
2010-11-21 11:32 - 2010-11-21 11:32 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2010-09-17 00:53 - 2010-10-06 18:57 - 0000235 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-09-17 12:17 - 2012-10-12 20:06 - 0000078 _____ () C:\ProgramData\profile.xml
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-03-18 16:10
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 10:48:45
Running from C:\Users\gruby\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{F1E02922-FA0F-6EF1-1F95-CA23D65523C5}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Ashampoo Burning Studio 2012 v10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.536 - Corel Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Daum PotPlayer 1.5.35491 (HKLM-x32\...\PotPlayer) (Version: - )
Digital Photo Software FotoMorph 12.4.5 (HKLM-x32\...\FotoMorph) (Version: 12.4.5 - Digital Photo Software)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.6 - Lenovo)
ESET Smart Security (HKLM\...\{C0D93E4E-0866-43C8-A104-BF41A803EA84}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
FIFA 13 1.0.28 (HKLM-x32\...\FIFA 13 1.0.28) (Version: 1.0.28 - EA Games)
foobar2000 v1.1 (HKLM-x32\...\foobar2000) (Version: 1.1 - Peter Pawlowski)
Freemake Video Converter version 2.2.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 2.2.0 - Ellora Assets Corporation)
GnuWin32: Gzip-1.3.12 (HKLM-x32\...\Gzip-1.3.12_is1) (Version: 1.3.12 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
LameACM (HKLM-x32\...\LameACM) (Version: - )
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{F5608FF7-17C0-440A-80C7-29C48363BD87}) (Version: 1.0.9.2 - Suyin Optronics Corp.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.0.0.2 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.2 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.22 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo SlideNav (HKLM-x32\...\Lenovo SlideNav2) (Version: 2.0.1230.0003 - Lenovo)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access 2002 Runtime (HKLM-x32\...\{901C0415-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 pl)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (3.0.10) (HKLM-x32\...\Mozilla Thunderbird (3.0.10)) (Version: 3.0.10 (pl) - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NapiProjekt (2.1.1.2314) (HKLM-x32\...\NapiProjekt_is1) (Version: - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia PC Internet Access (HKLM-x32\...\Nokia PC Internet Access) (Version: 1.1.1.2 - Nokia)
Nokia PC Internet Access (x32 Version: 1.1.1.2 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Odkurzacz (HKLM-x32\...\Odkurzacz 13.5_is1) (Version: 13.5.0.1911 - FranmoSoftware - Maciej Opaliński)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.8 - Lenovo)
OpenOffice.org 3.4.1 (HKLM-x32\...\{18192D3F-5537-4560-AD89-D695F72AF91D}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SWiSH Max3 (HKLM-x32\...\SWiSH Max3) (Version: 09.06.02.000 - SWiSHzone.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.19.1 - Synaptics Incorporated)
Tlen.pl (HKLM-x32\...\Tlen.pl) (Version: 6.0.3.77 - o2.pl Sp. z o. o.)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.1.0 - Tukero[X]Team)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2E9823CE-8133-46D9-B26A-224826496412} - System32\Tasks\{026E6300-257E-4628-9999-CB9D1401A58A} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {46A73544-68A8-4260-A8D6-5413D1E19370} - System32\Tasks\{10FB3D92-AE74-4024-A76C-CCB6BF3E5DB9} => pcalua.exe -a C:\PROGRA~2\INSTAL~1\{0134A~1\setup.exe -c /relaunched/rootloc=f:\adobe creative suite 2.0/lang=0409
Task: {48F2FBB6-5797-4757-B7A4-E8CC10AAD0CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003UA => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {4C1E2CA1-6494-4BF2-9A3C-A3D8197DFEAD} - System32\Tasks\Opera scheduled Autoupdate 1421364199 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {6910C1F7-3251-4FDB-9424-0F241A0D2DAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8495D246-5241-44B1-ADDB-E9E55D2789A3} - System32\Tasks\{52DB10CE-5292-4494-ACF8-37CC3A919698} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {908343F7-12E4-4FE6-A2EB-66CB1835691D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {A20C71F5-8CE6-4DC5-9F3C-7BD1FF703CC0} - System32\Tasks\{28B9D897-69FC-462D-AC6E-18DF4FEB830C} => Firefox.exe http://www.skype.com...8;LastError=404
Task: {A39741F1-D1CC-43A2-B56D-D7A87A349492} - System32\Tasks\{60AC84B0-7799-4766-BA76-062986A2F2A1} => pcalua.exe -a "C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {BD4F0774-4047-47AC-A30F-6134016C9924} - System32\Tasks\{4784DDE8-A84A-439C-B7B9-0B4C425FC8A7} => pcalua.exe -a C:\Users\gruby\Downloads\lgs510.exe -d C:\Users\gruby\Downloads
Task: {BEECB5CE-FCD2-484E-85D2-633E4B5071B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: {C1E6FAF2-86DD-4F5A-BFFE-2A86B65980F1} - System32\Tasks\{A3869FF0-CF06-4625-AF52-D6BB4895E0E8} => pcalua.exe -a C:\Users\gruby\Downloads\Swf2Avi_Setup.exe
Task: {CF62CF85-0E97-4D27-9BF2-363BA2C2379C} - System32\Tasks\{39E468F5-A999-4F5E-977A-8198BEF61E4C} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {D4FFDF96-F58D-4B1B-9294-BD9D51B2916C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {FBDFFB72-E843-4AAA-8FB8-74A011C7E72C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-12] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core.job => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003UA.job => C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1261315055-2766284447-2599145269-1003Core.job => C:\Users\gruby\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-09-17 01:06 - 2009-12-19 02:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-09-17 01:06 - 2009-12-19 02:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-11-21 04:27 - 2009-06-02 00:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-12 09:49 - 2014-05-12 09:49 - 00222720 _____ () E:\sojusznicy webmastera\notepad++\NppShell_06.dll
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-09-17 01:25 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-09-17 01:25 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-09-17 01:06 - 2009-12-19 02:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2015-03-12 10:07 - 2015-03-12 10:07 - 00380416 _____ () C:\Users\gruby\Desktop\8mm4ivww.exe
2010-09-17 01:06 - 2009-12-19 02:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-09-17 01:06 - 2009-12-19 02:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-10 16:22 - 2012-05-10 16:22 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dc45bfd22b86df0074e8e521ada8d55f\IsdiInterop.ni.dll
2010-09-17 00:38 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1261315055-2766284447-2599145269-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\gruby\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\windows\pss\Adobe Gamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lenovo Smile Dock.lnk => C:\windows\pss\Lenovo Smile Dock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^gruby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^gruby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Version Cue CS2 => E:\sojusznicy webmastera\adobe cs2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: AtwtusbIcon => AtwtusbIcon.exe
MSCONFIG\startupreg: BEWINTERNET-PLSessionManager => "C:\Program Files (x86)\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe"
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => E:\sojusznicy webmastera\corel\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=030213 serial=DR12CUB-5137358-MCC lang=PL
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\gruby\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\gruby\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Lenovo SplitScreen => "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
MSCONFIG\startupreg: MacroKeyManager => WTMKM.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UCam_Menu => "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
MSCONFIG\startupreg: uTorrent => "C:\Users\gruby\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: YouCam Mirror Tray icon => "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
==================== Accounts: =============================
Administrator (S-1-5-21-1261315055-2766284447-2599145269-500 - Administrator - Disabled)
gruby (S-1-5-21-1261315055-2766284447-2599145269-1003 - Administrator - Enabled) => C:\Users\gruby
Guest (S-1-5-21-1261315055-2766284447-2599145269-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1261315055-2766284447-2599145269-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
Error: (03/12/2015 10:14:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: 8mm4ivww.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83
Nazwa modułu powodującego błąd: 8mm4ivww.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0008d93e
Identyfikator procesu powodującego błąd: 0x1338
Godzina uruchomienia aplikacji powodującej błąd: 0x8mm4ivww.exe0
Ścieżka aplikacji powodującej błąd: 8mm4ivww.exe1
Ścieżka modułu powodującego błąd: 8mm4ivww.exe2
Identyfikator raportu: 8mm4ivww.exe3
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
Error: (03/12/2015 09:55:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Nie można utworzyć punktu przywracania (Proces = C:\Users\gruby\Desktop\FRST64.exe ; Opis = Restore Point Created by FRST; Błąd = 0x80070422).
Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.
Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.
System errors:
=============
Error: (03/12/2015 10:12:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi ReadyComm.DirectRouter z powodu następującego błędu:
%%2
Error: (03/12/2015 10:10:05 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT)
Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147549183.
Error: (03/12/2015 10:09:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:58:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi ReadyComm.DirectRouter z powodu następującego błędu:
%%2
Error: (03/12/2015 09:56:45 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT)
Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147549183.
Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:56:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:56:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT)
Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.
Ścieżka modułu: C:\windows\System32\IWMSSvc.dll
Error: (03/12/2015 09:55:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Live ID Sign-in Assistant niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.
Microsoft Office Sessions:
=========================
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
Error: (03/12/2015 10:15:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
Error: (03/12/2015 10:14:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 8mm4ivww.exe2.1.19357.052e7ea838mm4ivww.exe2.1.19357.052e7ea83c00000050008d93e133801d05cacfdbe4751C:\Users\gruby\Desktop\8mm4ivww.exeC:\Users\gruby\Desktop\8mm4ivww.exe94c30278-c8a0-11e4-b034-60eb694d6c24
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
Error: (03/12/2015 10:01:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
Error: (03/12/2015 09:55:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\gruby\Desktop\FRST64.exe Restore Point Created by FRST0x80070422
Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/12/2015 09:23:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Performance1637070000000000000000000009030000
==================== Memory info ===========================
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 48%
Total physical RAM: 4028.56 MB
Available physical RAM: 2070.6 MB
Total Pagefile: 8055.32 MB
Available Pagefile: 6110.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (system) (Fixed) (Total:54.54 GB) (Free:19.03 GB) NTFS
Drive d: (magazyn) (Fixed) (Total:311.02 GB) (Free:143.98 GB) NTFS
Drive e: (praca) (Fixed) (Total:85.25 GB) (Free:59.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=54.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=396.3 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=02)
==================== End Of Log ============================
GeekU Minion
Ale ponieważ jesteśmy na amerykańskim forum to wszystkie instrukcje mam po Angielsku. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable.
+ R on your keyboard at the same time. Type Notepad and click OK.start Folder: C:\Users\gruby\AppData\Roaming\Opera\Opera end
icon and select Run as Administrator to start the tool.
Member
Czy to z Tobą rozmawiałem na forum.programosy.pl? Jeśli tak, to naprawdę bardzo dziękuję za wsparcie
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 11:02:56 Run:2
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Folder: C:\Users\gruby\AppData\Roaming\Opera\Opera
end
*****************
========================= Folder: C:\Users\gruby\AppData\Roaming\Opera\Opera ========================
2013-04-24 14:20 - 2015-01-15 23:21 - 0000165 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\autoupdate_region.dat
2011-04-18 09:45 - 2015-01-15 23:21 - 0002288 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\autoupdate_response.xml
2014-05-11 19:16 - 2014-05-11 19:16 - 0684706 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\bookmarks.adr
2011-04-12 19:27 - 2011-04-12 19:27 - 0192771 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\bookmarks.adr.pre_sync
2010-11-22 00:21 - 2015-01-15 23:22 - 0110890 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\browser.js
2015-01-15 23:23 - 2015-01-15 23:23 - 0000013 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\cookies4.dat
2014-03-19 10:23 - 2015-01-15 23:23 - 0000012 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\download.dat
2014-03-19 10:23 - 2015-01-15 23:23 - 0000000 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\global_history.dat
2015-01-15 23:23 - 2015-01-15 23:23 - 0000045 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\link_queue_myopera.dat
2015-01-15 23:23 - 2015-01-15 23:23 - 0000045 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\link_queue_out_myopera.dat
2013-04-24 14:20 - 2013-04-24 14:20 - 0000186 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\notes.adr
2010-11-22 00:20 - 2015-01-15 23:23 - 0028347 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opcacrt6.dat
2010-11-22 00:25 - 2015-01-15 23:23 - 0000012 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opcert6.dat
2015-01-15 23:23 - 2015-01-15 23:23 - 0033102 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\operaprefs.ini
2010-11-22 00:20 - 2015-01-15 23:23 - 0009042 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opicacrt6.dat
2010-11-22 00:32 - 2015-01-15 23:23 - 0004096 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\oprand.dat
2012-10-29 21:47 - 2015-01-15 23:23 - 0015141 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opssl6.dat
2010-11-22 00:20 - 2014-05-11 19:16 - 0002545 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opthumb.dat
2010-11-22 00:20 - 2015-01-15 23:23 - 0000000 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\optrb.dat
2010-11-22 00:20 - 2015-01-15 23:23 - 0000012 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\optrust.dat
2010-11-22 00:20 - 2015-01-15 23:23 - 0002746 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\opuntrust.dat
2014-04-16 10:53 - 2014-04-16 10:53 - 0013262 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\override_downloaded.ini
2012-08-04 08:27 - 2012-08-04 08:27 - 0000153 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\search.ini
2011-04-12 19:27 - 2011-04-12 19:27 - 0000153 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\search.ini.pre_sync
2014-05-11 19:16 - 2014-05-11 19:16 - 0000061 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\search_field_history.dat
2014-05-11 19:16 - 2014-05-11 19:16 - 0000012 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\spdysett.dat
2014-05-11 19:13 - 2014-05-11 19:13 - 0003476 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\speeddial.ini
2011-04-12 19:27 - 2011-04-12 19:27 - 0000917 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\speeddial.ini.pre_sync
2015-01-15 23:21 - 2015-01-15 23:21 - 0000431 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\tasks.xml
2015-01-15 23:23 - 2015-01-15 23:23 - 0000318 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\tips.ini
2014-03-19 10:23 - 2015-01-15 23:23 - 0000056 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\typed_history.xml
2011-04-12 19:27 - 2011-04-12 19:27 - 0000056 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\typed_history.xml.pre_sync
2010-11-22 00:20 - 2010-11-22 00:20 - 0001641 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\unite.adr
2013-04-24 14:20 - 2013-04-24 14:20 - 0000214 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\urlfilter.ini
2011-04-18 09:44 - 2011-04-18 09:44 - 0000214 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\urlfilter.ini.pre_sync
2015-01-15 23:23 - 2015-01-15 23:23 - 0000201 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\vlink4.dat
2014-05-11 19:16 - 2014-05-11 19:16 - 0000647 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\wand.dat
2013-04-24 14:20 - 2013-04-24 14:20 - 0001606 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\windows-direct3d-10.blocklist.json
2013-04-24 14:20 - 2013-04-24 14:20 - 0006204 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\windows-opengl.blocklist.json
2010-11-22 00:21 - 2010-11-22 00:21 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\dictionaries
2010-11-22 00:21 - 2012-08-04 08:27 - 0004228 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\dictionaries\dictionaries.xml
2012-08-16 09:02 - 2012-10-30 00:28 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\pstorage
2012-10-29 21:46 - 2012-10-29 21:46 - 0000056 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\pstorage\psindex.dat
2010-11-22 00:20 - 2015-01-15 23:23 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\sessions
2015-01-15 23:23 - 2015-01-15 23:23 - 0001104 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\sessions\autosave.win
2014-04-16 10:56 - 2015-01-15 23:23 - 0001104 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
2010-11-22 00:20 - 2010-11-22 00:20 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles
2010-11-22 00:20 - 2010-11-22 00:20 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user
2010-11-22 00:20 - 2010-02-04 13:04 - 0002742 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0001353 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0001225 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\classid.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000673 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000705 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000213 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000229 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000269 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000243 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000410 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000735 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\outline.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0004569 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0002112 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0002727 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0000258 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
2010-11-22 00:20 - 2010-02-04 13:04 - 0004809 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\styles\user\toc.css
2010-11-22 00:25 - 2014-05-11 19:16 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\toolbar
2014-05-11 19:16 - 2014-05-11 19:16 - 0001998 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\toolbar\standard_toolbar.ini
2010-11-22 00:32 - 2010-11-22 00:32 - 0000000 ____D () C:\Users\gruby\AppData\Roaming\Opera\Opera\webserver
2010-11-22 00:32 - 2015-01-15 23:23 - 0000035 _____ () C:\Users\gruby\AppData\Roaming\Opera\Opera\webserver\users.xml
====== End of Folder: ======
==== End of Fixlog 11:02:56 ====
GeekU Minion
Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable.
+ R on your keyboard at the same time. Type Notepad and click OK.start CreateRestorePoint: CloseProcesses: C:\Users\gruby\AppData\Roaming\Opera\Opera\operaprefs.ini EmptyTemp: Reboot: end
icon and select Run as Administrator to start the tool.
Member
Opera starts normally, same Firefox and IE. But in Safari and Chrome still survfox.com is as a default search engine
Member
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by gruby at 2015-03-12 11:10:52 Run:3
Running from C:\Users\gruby\Desktop
Loaded Profiles: gruby (Available profiles: gruby)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\gruby\AppData\Roaming\Opera\Opera\operaprefs.ini
EmptyTemp:
Reboot:
end
*****************
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Users\gruby\AppData\Roaming\Opera\Opera\operaprefs.ini => Moved successfully.
EmptyTemp: => Removed 34.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog 11:10:57 ====
Member
Chwilę trwał restart, przepraszam za opóźnieni
GeekU Minion
Reset Chrome to defaults
button.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
![Possible Malware infection - help request [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
Sign In
Create Account
