M1chal11 utworzono 18 października 2013 utworzono 18 października 2013 Cześć. Problem jak zauważyłem znany w internecie, jak wiadomo hakerzy cały czas udoskonalają wirusa i metody jego usunięcia które wcześniej były skuteczne dzisiaj nie pomagają. Wirus zablokował dostęp do trybów awaryjnych, po próbach uruchomienia Windowsa 7 w każdym z dostępnych trybów system uruchamia się ponownie, jak w takim razie wykonać logi na zainfekowanym systemie?
Gość komentarz 18 października 2013 komentarz 18 października 2013 Mi jak ostatnio bronek groził policją to dostał 2 razy z płaskiej przez zakończ proces w menadzer zadań .Na niego wystarczyło :E
Gość komentarz 18 października 2013 komentarz 18 października 2013 (edytowane) Co to za wirus dokładnie jest, to nie jest ten co wyświetla komunikat po starcie systemu o policji i nie można go wyłączyć?
M1chal11 komentarz 18 października 2013 Autor komentarz 18 października 2013 Nie znam nazwy tego wirusa, objawia się w ten sposób że po uruchomieniu systemu przez chwile widać pulpit i później cały ekran zajmuje komunikat że jestem cyberprzestępcą i mam zapłącić 500 zł. Po wciśnięciu ctrl+alt+del kiedy wybieram manadzer urządzeń odrazu się zamyka (ten manadzer).
Gość komentarz 18 października 2013 komentarz 18 października 2013 Miałem to samo tylko u mnie po starcie systemu po 10-15 sekundach uruchamiał sie exe z tym wirem i zablokowałem proces w ccleaner potem dowaliłem mu anty wirem :) próbuj po odpalaniu windowsa spamować menagera i zamknąć proces ctfmon jak uda Ci się już zamknąc (mi się udało za 10 razem po odpaleniu kompitera) to ściąg ccleaner zablokuj go w narzędzia > autostart i już Ci się nie uruchomi nie musisz go nawet usuwać bo to też jest trudne próbowałem skanować kompiuter kilkoma anty wirami i za każdym razem gdy odkryto infekcje wirus się odblokowywał i odpalał z autostartu i musiałem powtarzać tą czynność kilka razy i udało mi się go usunąć scrackowanym nodem a jak nie masz możliwośći wyłączenia go w menadzerze to weź dysk do kogoś i spróbuj u kogoś zrobic skan jak nie to pobierz u kogoś ccleaner zainstaluj na swoim dysku wyszukaj ctfmon i dodaj go na cleanerze żeby go blokował podczas startu ścierzka w której jest wirus C:\WINDOWS\System32
Fincz komentarz 18 października 2013 komentarz 18 października 2013 Nie znam nazwy tego wirusa, objawia się w ten sposób że po uruchomieniu systemu przez chwile widać pulpit i później cały ekran zajmuje komunikat że jestem cyberprzestępcą i mam zapłącić 500 zł. Po wciśnięciu ctrl+alt+del kiedy wybieram manadzer urządzeń odrazu się zamyka (ten manadzer). Wirus to zapewne UKASH. Ja usunąłem poprzez logi ale skoro ty ich nie możesz wykonać... Na pewno eksperci tego działu coś zdziałają.
Natsuki Kuga komentarz 18 października 2013 komentarz 18 października 2013 próbuj po odpalaniu windowsa spamować menagera i zamknąć proces ctfmon Co to za głupota? Cftmon nie ma żadnego wpływu na blokowanie ekranu przez wirusa. Wiesz w ogóle, za co odpowiada ten składnik systemu? @Autor Wykonaj raport z FRST: http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/#entry32551
M1chal11 komentarz 18 października 2013 Autor komentarz 18 października 2013 Ok, chyba mi się udało, oto log [log]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by SYSTEM on MININT-9CMG2BP on 18-10-2013 23:09:56 Running from H:\ Windows 7 Professional (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-12-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2010-12-03] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2010-12-06] (Alps Electric Co., Ltd.) HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2010-12-13] (AuthenTec, Inc.) HKLM\...\Run: [ClientAppLogon32] - C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2010-12-13] (AuthenTec, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673168 2010-11-17] (Sony Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [38840 2010-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] - c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640440 2010-09-22] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe ARM] - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [MarketingTools] - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2013-08-28] (Sony Corporation) HKLM-x32\...\Run: [VAIO Boot Manager] - C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe [734608 2010-12-08] (Sony Corporation) HKLM-x32\...\Run: [ConvertAd] - C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe [1784832 2013-08-10] (TODO: <Company name>) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKU\Wielgus\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Wielgus\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run HKU\Wielgus\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION) HKU\Wielgus\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION) AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll [2704352 2013-10-08] () Startup: C:\Users\Wielgus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnrj3lbna.lnk ShortcutTarget: bnrj3lbna.lnk -> C:\PROGRA~3\anbl3jrnb.plz () ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032 2013-10-08] () S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) S2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [290632 2010-12-13] (AuthenTec, Inc) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] () S2 QDLService2kSony; c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [332096 2010-10-21] (QUALCOMM, Inc.) S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [257936 2010-08-12] (Sony Corporation) S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1310096 2010-11-18] (Sony Corporation) S2 Winmgmt; C:\PROGRA~3\bnrj3lbna.pzz [60512 2013-10-06] (Microsoft Corporation) S2 Winmgmt; C:\PROGRA~3\bnrj3lbna.pzz [60512 2013-10-06] (Microsoft Corporation) S2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [333264 2010-11-24] () ==================== Drivers (Whitelisted) ==================== S3 qcfiltersny2k; C:\Windows\System32\DRIVERS\qcfiltersny2k.sys [6400 2010-10-21] (QUALCOMM Incorporated) S3 qcombussny; C:\Windows\System32\DRIVERS\qcombussny.sys [137800 2010-10-21] (MCCI) S3 qcusbnetsny2k; C:\Windows\System32\DRIVERS\qcusbnetsny2k.sys [443392 2010-10-21] (QUALCOMM Incorporated) S3 qcusbserSny2k; C:\Windows\System32\DRIVERS\qcusbserSny2k.sys [230784 2010-10-21] (QUALCOMM Incorporated) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-18 23:09 - 2013-10-18 23:09 - 00000000 ____D C:\FRST 2013-10-18 15:02 - 2013-10-18 21:57 - 00000000 ___SD C:\32788R22FWJFW 2013-10-18 14:52 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-18 14:50 - 2013-10-18 14:52 - 00000000 ___SD C:\ComboFix 2013-10-18 14:38 - 2013-10-18 21:57 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard 2013-10-18 14:32 - 2013-10-18 14:50 - 00000000 ____D C:\Qoobox 2013-10-18 14:30 - 2013-10-18 14:30 - 00000000 ____D C:\Windows\erdnt 2013-10-18 14:15 - 2013-10-18 14:15 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-08 06:42 - 2013-10-08 06:42 - 00050580 _____ C:\Windows\System32\s000000.dat 2013-10-08 06:40 - 2013-10-08 06:40 - 00000040 _____ C:\Windows\System32\sstate_prev.sdt 2013-10-08 06:40 - 2013-10-08 06:40 - 00000000 _____ C:\Windows\System32\sstates.sdt 2013-10-06 13:18 - 2013-10-06 13:18 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\Epson 2013-10-06 13:14 - 2013-10-18 14:53 - 95025368 ____T C:\ProgramData\bnrj3lbna.pff 2013-10-06 13:14 - 2013-10-18 14:53 - 00000000 _____ C:\ProgramData\bnrj3lbna.ctrl 2013-10-06 13:14 - 2013-10-06 13:14 - 00180224 _____ C:\ProgramData\anbl3jrnb.plz 2013-10-06 13:14 - 2013-10-06 13:14 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\bnrj3lbna.pzz 2013-10-05 20:31 - 2013-10-05 20:31 - 00528582 _____ C:\Users\Wielgus\Documents\vjgj.xps 2013-10-05 19:25 - 2013-10-05 19:25 - 00175201 _____ C:\Users\Wielgus\Documents\yug.xps 2013-10-05 19:09 - 2013-10-05 19:09 - 00175201 _____ C:\Users\Wielgus\Documents\bh.xps 2013-10-05 19:07 - 2013-10-05 19:07 - 00121034 _____ C:\Users\Wielgus\Documents\yf.xps 2013-10-05 19:00 - 2013-10-05 19:00 - 00120761 _____ C:\Users\Wielgus\Documents\gguyguy.xps 2013-10-05 18:57 - 2013-10-05 18:57 - 00002341 _____ C:\Users\Public\Desktop\Epson Przewodnik pracy w sieci L355 Series.lnk 2013-10-05 18:57 - 2013-10-05 18:57 - 00000273 _____ C:\Users\Public\Desktop\Epson Przewodnik użytkownika L355 Series.url 2013-10-05 18:57 - 2013-10-05 18:57 - 00000256 _____ C:\Users\Public\Desktop\Instrukcja obsługi programu Epson Connect.url 2013-10-05 18:56 - 2013-10-05 18:56 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2013-10-05 18:56 - 2013-10-05 18:56 - 00000000 ____D C:\Program Files\EpsonNet 2013-10-05 18:56 - 2012-11-12 19:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppui.dll 2013-10-05 18:56 - 2012-11-12 19:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enppui.dll 2013-10-05 18:56 - 2012-11-12 14:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppmon.dll 2013-10-05 18:56 - 2012-11-12 14:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enppmon.dll 2013-10-05 18:56 - 2012-10-22 16:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enspres.dll 2013-10-05 18:56 - 2012-10-22 16:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enpres.dll 2013-10-05 18:56 - 2012-07-23 23:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\System32\esxw2ud.dll 2013-10-05 18:56 - 2011-12-11 23:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe 2013-10-05 18:24 - 2013-10-05 18:24 - 00000000 ____D C:\Program Files\Common Files\EPSON 2013-10-05 18:05 - 2013-10-05 18:57 - 00000000 ____D C:\Program Files (x86)\Epson Software 2013-10-05 18:05 - 2013-10-05 18:57 - 00000000 ____D C:\Program Files (x86)\epson 2013-10-05 18:04 - 2013-10-05 18:56 - 00000000 ____D C:\ProgramData\EPSON 2013-10-05 18:04 - 2011-04-18 18:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_YLMI4E.DLL 2013-10-05 18:04 - 2011-03-13 18:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_YD4BI4E.DLL 2013-10-05 18:04 - 2007-04-09 16:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\System32\E_GCINST.DLL 2013-09-26 15:17 - 2013-09-26 15:17 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\File Scout ==================== One Month Modified Files and Folders ======= 2013-10-18 23:09 - 2013-10-18 23:09 - 00000000 ____D C:\FRST 2013-10-18 21:57 - 2013-10-18 15:02 - 00000000 ___SD C:\32788R22FWJFW 2013-10-18 21:57 - 2013-10-18 14:38 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard 2013-10-18 21:57 - 2013-08-30 09:49 - 00000294 _____ C:\Windows\Tasks\DSite.job 2013-10-18 21:57 - 2013-08-28 08:41 - 00208736 _____ C:\Windows\WindowsUpdate.log 2013-10-18 14:56 - 2013-08-30 09:52 - 00000366 _____ C:\Windows\Tasks\Lyrmix Update.job 2013-10-18 14:53 - 2013-10-06 13:14 - 95025368 ____T C:\ProgramData\bnrj3lbna.pff 2013-10-18 14:53 - 2013-10-06 13:14 - 00000000 _____ C:\ProgramData\bnrj3lbna.ctrl 2013-10-18 14:52 - 2013-10-18 14:50 - 00000000 ___SD C:\ComboFix 2013-10-18 14:50 - 2013-10-18 14:32 - 00000000 ____D C:\Qoobox 2013-10-18 14:44 - 2009-07-14 04:45 - 00013936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-18 14:44 - 2009-07-14 04:45 - 00013936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-18 14:35 - 2013-08-28 11:54 - 00003181 _____ C:\Windows\setupact.log 2013-10-18 14:35 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-18 14:30 - 2013-10-18 14:30 - 00000000 ____D C:\Windows\erdnt 2013-10-18 14:15 - 2013-10-18 14:15 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-18 14:02 - 2013-09-13 16:15 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-18 14:02 - 2013-08-30 12:35 - 00005918 _____ C:\Windows\PFRO.log 2013-10-18 13:34 - 2013-08-28 11:01 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{866CD476-08AD-404A-972B-F785A2C48AF8} 2013-10-17 07:28 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-10-12 21:43 - 2013-08-30 10:49 - 00000116 _____ C:\Users\Wielgus\AppData\Roaming\WB.CFG 2013-10-12 21:43 - 2013-08-30 10:49 - 00000006 _____ C:\Users\Wielgus\AppData\Roaming\WBPU-TTL.DAT 2013-10-08 06:42 - 2013-10-08 06:42 - 00050580 _____ C:\Windows\System32\s000000.dat 2013-10-08 06:40 - 2013-10-08 06:40 - 00000040 _____ C:\Windows\System32\sstate_prev.sdt 2013-10-08 06:40 - 2013-10-08 06:40 - 00000000 _____ C:\Windows\System32\sstates.sdt 2013-10-06 13:18 - 2013-10-06 13:18 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\Epson 2013-10-06 13:14 - 2013-10-06 13:14 - 00180224 _____ C:\ProgramData\anbl3jrnb.plz 2013-10-06 13:14 - 2013-10-06 13:14 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\bnrj3lbna.pzz 2013-10-06 12:37 - 2010-09-02 02:49 - 00687828 _____ C:\Windows\System32\perfh015.dat 2013-10-06 12:37 - 2010-09-02 02:49 - 00131382 _____ C:\Windows\System32\perfc015.dat 2013-10-06 12:37 - 2009-07-14 05:13 - 01523412 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-05 20:31 - 2013-10-05 20:31 - 00528582 _____ C:\Users\Wielgus\Documents\vjgj.xps 2013-10-05 19:25 - 2013-10-05 19:25 - 00175201 _____ C:\Users\Wielgus\Documents\yug.xps 2013-10-05 19:09 - 2013-10-05 19:09 - 00175201 _____ C:\Users\Wielgus\Documents\bh.xps 2013-10-05 19:07 - 2013-10-05 19:07 - 00121034 _____ C:\Users\Wielgus\Documents\yf.xps 2013-10-05 19:00 - 2013-10-05 19:00 - 00120761 _____ C:\Users\Wielgus\Documents\gguyguy.xps 2013-10-05 18:57 - 2013-10-05 18:57 - 00002341 _____ C:\Users\Public\Desktop\Epson Przewodnik pracy w sieci L355 Series.lnk 2013-10-05 18:57 - 2013-10-05 18:57 - 00000273 _____ C:\Users\Public\Desktop\Epson Przewodnik użytkownika L355 Series.url 2013-10-05 18:57 - 2013-10-05 18:57 - 00000256 _____ C:\Users\Public\Desktop\Instrukcja obsługi programu Epson Connect.url 2013-10-05 18:57 - 2013-10-05 18:05 - 00000000 ____D C:\Program Files (x86)\Epson Software 2013-10-05 18:57 - 2013-10-05 18:05 - 00000000 ____D C:\Program Files (x86)\epson 2013-10-05 18:57 - 2013-08-28 08:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-05 18:56 - 2013-10-05 18:56 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2013-10-05 18:56 - 2013-10-05 18:56 - 00000000 ____D C:\Program Files\EpsonNet 2013-10-05 18:56 - 2013-10-05 18:04 - 00000000 ____D C:\ProgramData\EPSON 2013-10-05 18:31 - 2013-08-28 10:51 - 00000000 ____D C:\Users\Wielgus\AppData\Local\Adobe 2013-10-05 18:24 - 2013-10-05 18:24 - 00000000 ____D C:\Program Files\Common Files\EPSON 2013-10-02 16:23 - 2013-08-28 11:20 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\Opera 2013-10-02 16:23 - 2013-08-28 11:20 - 00000000 ____D C:\Users\Wielgus\AppData\Local\Opera 2013-09-26 15:17 - 2013-09-26 15:17 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\File Scout Files to move or delete: ==================== C:\ProgramData\anbl3jrnb.plz C:\ProgramData\bnrj3lbna.ctrl C:\ProgramData\bnrj3lbna.pff Some content of TEMP: ==================== C:\Users\Wielgus\AppData\Local\Temp\ICReinstall_VuuPC_Setup (1).exe C:\Users\Wielgus\AppData\Local\Temp\lrxtmp.exe C:\Users\Wielgus\AppData\Local\Temp\setup_fsu_cid.exe C:\Users\Wielgus\AppData\Local\Temp\uninst1.exe C:\Users\Wielgus\AppData\Local\Temp\~tmf2330909277030764714.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 4 Restore point made on: 2013-09-07 16:22:42 Restore point made on: 2013-09-15 13:02:08 Restore point made on: 2013-10-05 18:05:33 Restore point made on: 2013-10-05 18:57:00 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 4011.86 MB Available physical RAM: 3368.57 MB Total Pagefile: 4010.01 MB Available Pagefile: 3370.28 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:248.03 GB) (Free:215.5 GB) NTFS Drive d: (Wielgus) (Fixed) (Total:200 GB) (Free:199.79 GB) NTFS Drive f: (Recovery) (Fixed) (Total:17.63 GB) (Free:1.11 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive h: () (Removable) (Total:3.75 GB) (Free:3.7 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9B13D611) Partition 1: (Not Active) - (Size=18 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=248 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=200 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: F3AD753E) Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS) LastRegBack: 2013-09-15 12:54 ==================== End Of Log ============================[/log]
Gość komentarz 18 października 2013 komentarz 18 października 2013 Co to za głupota? Cftmon nie ma żadnego wpływu na blokowanie ekranu przez wirusa. Wiesz w ogóle, za co odpowiada ten składnik systemu? @Autor Wykonaj raport z FRST: http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/#entry32551 Tak wiem co to jest, akurat ten wirus podszywa się pod taką nazwa
Natsuki Kuga komentarz 19 października 2013 komentarz 19 października 2013 1. Otwórz notatnik i wklej do niego: HKLM-x32\...\Run: [] - [x] HKU\Wielgus\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Wielgus\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll [2704352 2013-10-08] () Startup: C:\Users\Wielgus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnrj3lbna.lnk ShortcutTarget: bnrj3lbna.lnk -> C:\PROGRA~3\anbl3jrnb.plz () C:\Windows\System32\Tasks\BitGuard C:\Users\Wielgus\Documents\gguyguy.xps C:\ProgramData\bnrj3lbna.pff C:\ProgramData\bnrj3lbna.ctrl C:\ProgramData\anbl3jrnb.plz C:\ProgramData\bnrj3lbna.pzz C:\Users\Wielgus\Documents\vjgj.xps C:\Users\Wielgus\Documents\yug.xps C:\Users\Wielgus\Documents\bh.xps C:\Users\Wielgus\Documents\yf.xps C:\Windows\Tasks\DSite.job C:\Windows\System32\s000000.dat C:\Windows\System32\sstate_prev.sdt C:\Windows\System32\sstates.sdt Zapisz to jako fixlist.txt i umieść w tej samej lokalizacji co FRST. Użyj opcji Fix w FRST i uruchom ponownie komputer. Od tej pory system powinien startować normalnie. Pokaż raport z wykonania skryptu.2. Wykonaj logi z OTL, Gmer i FRST pod działającym systemem, pokaż też wszystkie logi z ComboFixa, które powstały przy jego wcześniejszym uruchomieniu. Tak wiem co to jest, akurat ten wirus podszywa się pod taką nazwa Bardziej już pod explorera + modyfikacja wpisu w rejestrze prowadząca do podmienionego pliku powłoki systemowej.
M1chal11 komentarz 20 października 2013 Autor komentarz 20 października 2013 Ok, nie wszystko udało mi się zrobić, nie mogę zlokalizować logów z ComboFix-a. Raport z wykonania skryptu FRST [log]Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by SYSTEM at 2013-10-20 12:20:56 Run:1 Running from H:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] - [x] HKU\Wielgus\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Wielgus\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll [2704352 2013-10-08] () Startup: C:\Users\Wielgus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnrj3lbna.lnk ShortcutTarget: bnrj3lbna.lnk -> C:\PROGRA~3\anbl3jrnb.plz () C:\Windows\System32\Tasks\BitGuard C:\Users\Wielgus\Documents\gguyguy.xps C:\ProgramData\bnrj3lbna.pff C:\ProgramData\bnrj3lbna.ctrl C:\ProgramData\anbl3jrnb.plz C:\ProgramData\bnrj3lbna.pzz C:\Users\Wielgus\Documents\vjgj.xps C:\Users\Wielgus\Documents\yug.xps C:\Users\Wielgus\Documents\bh.xps C:\Users\Wielgus\Documents\yf.xps C:\Windows\Tasks\DSite.job C:\Windows\System32\s000000.dat C:\Windows\System32\sstate_prev.sdt C:\Windows\System32\sstates.sdt ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKU\Wielgus\Software\Microsoft\Windows\CurrentVersion\Run\\NTRedirect => Value deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully. C:\Users\Wielgus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnrj3lbna.lnk => Moved successfully. C:\PROGRA~3\anbl3jrnb.plz => Moved successfully. C:\Windows\System32\Tasks\BitGuard => Moved successfully. C:\Users\Wielgus\Documents\gguyguy.xps => Moved successfully. C:\ProgramData\bnrj3lbna.pff => Moved successfully. C:\ProgramData\bnrj3lbna.ctrl => Moved successfully. "C:\ProgramData\anbl3jrnb.plz" => File/Directory not found. C:\ProgramData\bnrj3lbna.pzz => Moved successfully. C:\Users\Wielgus\Documents\vjgj.xps => Moved successfully. C:\Users\Wielgus\Documents\yug.xps => Moved successfully. C:\Users\Wielgus\Documents\bh.xps => Moved successfully. C:\Users\Wielgus\Documents\yf.xps => Moved successfully. C:\Windows\Tasks\DSite.job => Moved successfully. C:\Windows\System32\s000000.dat => Moved successfully. C:\Windows\System32\sstate_prev.sdt => Moved successfully. C:\Windows\System32\sstates.sdt => Moved successfully. ==== End of Fixlog ====[/log] OTL [log]OTL logfile created on: 20/10/2013 12:27:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wielgus\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3.92 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 61.95% Memory free 7.83 Gb Paging File | 6.05 Gb Available in Paging File | 77.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 248.03 Gb Total Space | 215.48 Gb Free Space | 86.88% Space Free | Partition Type: NTFS Drive E: | 200.00 Gb Total Space | 199.79 Gb Free Space | 99.89% Space Free | Partition Type: NTFS Computer Name: WIELGUS-VAIO | User Name: Wielgus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/10/20 12:26:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wielgus\Desktop\OTL.exe PRC - [2013/10/08 13:17:48 | 003,032,032 | ---- | M] () -- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe PRC - [2013/08/28 12:20:03 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2013/08/28 10:25:03 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe PRC - [2013/08/10 21:00:26 | 001,784,832 | ---- | M] (TODO: <Company name>) -- C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe PRC - [2012/04/02 15:44:14 | 001,058,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2011/01/05 07:11:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/01/05 07:10:33 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/12/23 18:27:10 | 002,621,440 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe PRC - [2010/12/23 16:24:52 | 000,206,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2010/12/23 16:24:52 | 000,095,632 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010/12/13 03:41:14 | 000,308,040 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe PRC - [2010/11/24 11:28:36 | 000,333,264 | ---- | M] () -- C:\Program Files (x86)\OneClickInternet\WTGService.exe PRC - [2010/11/17 18:30:12 | 000,673,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/10/21 19:49:12 | 000,332,096 | ---- | M] (QUALCOMM, Inc.) -- c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe PRC - [2010/09/23 04:42:13 | 000,038,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2010/05/18 13:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/10/08 13:17:48 | 003,032,032 | ---- | M] () -- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe MOD - [2013/10/08 13:16:21 | 002,704,352 | ---- | M] () -- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll MOD - [2013/08/28 11:57:17 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d57d521336d266a13fb4611706b3f08f\IAStorUtil.ni.dll MOD - [2013/08/28 10:00:23 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6b8b76b26be7d7f4c3d1cb644811a2ef\System.ServiceProcess.ni.dll MOD - [2013/08/28 09:59:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6728ef6a4c4b41eec6af6f48a7109457\System.Runtime.Remoting.ni.dll MOD - [2013/08/28 09:59:03 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\46a97b15da5b620fbb606cb05b6573a3\System.Windows.Forms.ni.dll MOD - [2013/08/28 09:58:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2013/08/28 09:58:38 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2013/08/28 09:58:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f2060a0cf20f2536277761f4e517e906\System.Configuration.ni.dll MOD - [2013/08/28 09:58:35 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2013/08/28 09:58:28 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2010/09/02 03:46:42 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/09/02 03:46:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc) SRV:[b]64bit:[/b] - [2011/01/14 08:01:51 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2010/12/13 03:40:44 | 000,290,632 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService) SRV:[b]64bit:[/b] - [2010/12/09 16:26:26 | 000,923,024 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV:[b]64bit:[/b] - [2010/12/06 09:14:50 | 000,584,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV:[b]64bit:[/b] - [2010/11/18 09:23:44 | 001,310,096 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent) SRV:[b]64bit:[/b] - [2010/11/02 13:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2010/11/02 13:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2010/11/02 13:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2010/08/12 15:15:34 | 000,257,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:[b]64bit:[/b] - [2010/07/29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/10/08 13:17:48 | 003,032,032 | ---- | M] () [Auto | Running] -- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard) SRV - [2013/08/28 09:58:54 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/01/05 07:11:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/01/05 07:10:33 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/12/23 16:24:52 | 000,095,632 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010/11/24 11:28:36 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OneClickInternet\WTGService.exe -- (WTGService) SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/10/21 19:49:12 | 000,332,096 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe -- (QDLService2kSony) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011/01/30 02:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011/01/14 08:04:13 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:[b]64bit:[/b] - [2011/01/14 08:04:13 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011/01/14 08:02:02 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/01/14 08:02:02 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/01/14 07:59:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2011/01/05 07:10:11 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010/12/21 21:09:15 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:[b]64bit:[/b] - [2010/12/10 10:57:42 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010/12/10 09:57:42 | 000,894,240 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:[b]64bit:[/b] - [2010/12/06 21:38:55 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:[b]64bit:[/b] - [2010/11/09 03:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2010/11/03 23:35:22 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2010/11/03 23:35:21 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:[b]64bit:[/b] - [2010/11/03 23:35:21 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2010/11/03 23:35:21 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2010/11/03 23:34:50 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2010/11/01 21:09:19 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2010/11/01 21:09:19 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2010/10/21 16:15:36 | 000,443,392 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetsny2k.sys -- (qcusbnetsny2k) DRV:[b]64bit:[/b] - [2010/10/21 16:15:36 | 000,230,784 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserSny2k.sys -- (qcusbserSny2k) DRV:[b]64bit:[/b] - [2010/10/21 16:15:36 | 000,137,800 | ---- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcombussny.sys -- (qcombussny) DRV:[b]64bit:[/b] - [2010/10/21 16:15:34 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfiltersny2k.sys -- (qcfiltersny2k) DRV:[b]64bit:[/b] - [2010/04/26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:[b]64bit:[/b] - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:[b]64bit:[/b] - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:[b]64bit:[/b] - [2009/06/10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=76938CA982A93941&affID=120699&tt=280813_ctrl2&tsp=4990 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEF&bmod=SVEF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=76938CA982A93941&affID=120699&tt=280813_ctrl2&tsp=4990 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=76938CA982A93941&affID=120699&tt=280813_ctrl2&tsp=4990 IE - HKCU\..\SearchScopes\{9DE7BE0A-AAE5-47CB-A8EC-96DD81177781}: "URL" = http://rover.ebay.com/rover/1//4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{ECF95296-B22B-48EE-A731-E28C2214AA6B}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dde15e35-c9b3-4c30-b055-730c5f4a45d3}: C:\Program Files (x86)\Lyrmix\133.xpi [2013/09/12 09:45:37 | 000,005,166 | ---- | M] () [2013/08/30 10:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ig/redirectdomain?brand=SVEF&bmod=SVEF,homepage_is_newtabpage:false,distribution:{alternate_shortcut_text:Internet Browser,skip_first_run_ui:true,show_welcome_page:true,import_search_engine:false,import_history:false,create_all_shortcuts:false,do_not_launch_chrome:true,make_chrome_default:true,require_eula:true,system_level:true,verbose_logging:false}} kidmhllhjmmmnpbiaihafgchacpmokof: CHR - Extension: No name found = C:\Users\Wielgus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidmhllhjmmmnpbiaihafgchacpmokof\1.131\ CHR - Extension: No name found = C:\Users\Wielgus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidmhllhjmmmnpbiaihafgchacpmokof\1.133\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.) O2 - BHO: (Lyrmix) - {804efe7d-a8d7-4351-a6df-014d1ed7c6fc} - C:\Program Files (x86)\Lyrmix\133.dll () O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Acrobat Assistant 8.0] c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ConvertAd] C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe (TODO: <Company name>) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE /EPT "EPLTarget\P0000000000000000" /M "L355 Series" File not found O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE /EPT "EPLTarget\P0000000000000001" /M "L355 Series" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47BC5228-791E-4222-9CBB-A71C4A3705C0}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/10/20 12:26:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wielgus\Desktop\OTL.exe [2013/10/19 00:09:13 | 000,000,000 | ---D | C] -- C:\FRST [2013/10/18 16:02:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2013/10/18 15:53:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/10/18 15:52:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/10/18 15:50:48 | 000,000,000 | --SD | C] -- C:\ComboFix [2013/10/18 15:32:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/10/18 15:30:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/10/12 21:29:33 | 000,000,000 | ---D | C] -- C:\Users\Wielgus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard [2013/10/06 14:18:00 | 000,000,000 | ---D | C] -- C:\Users\Wielgus\AppData\Roaming\Epson [2013/10/05 19:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2013/10/05 19:56:55 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll [2013/10/05 19:56:55 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll [2013/10/05 19:56:55 | 000,535,552 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll [2013/10/05 19:56:55 | 000,535,552 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll [2013/10/05 19:56:55 | 000,219,648 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll [2013/10/05 19:56:55 | 000,219,648 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll [2013/10/05 19:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet [2013/10/05 19:56:51 | 000,466,432 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll [2013/10/05 19:56:51 | 000,135,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\escsvc64.exe [2013/10/05 19:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2013/10/05 19:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON [2013/10/05 19:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software [2013/10/05 19:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2013/10/05 19:04:46 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL [2013/10/05 19:04:39 | 000,120,320 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMI4E.DLL [2013/10/05 19:04:35 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BI4E.DLL [2013/10/05 19:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2013/09/26 16:17:46 | 000,000,000 | ---D | C] -- C:\Users\Wielgus\AppData\Roaming\File Scout [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/10/20 12:26:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wielgus\Desktop\OTL.exe [2013/10/20 12:25:25 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Lyrmix Update.job [2013/10/20 12:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/20 12:22:09 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys [2013/10/18 15:44:54 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/18 15:44:54 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/18 15:15:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/10/12 22:43:57 | 000,000,116 | ---- | M] () -- C:\Users\Wielgus\AppData\Roaming\WB.CFG [2013/10/12 22:43:54 | 000,000,006 | ---- | M] () -- C:\Users\Wielgus\AppData\Roaming\WBPU-TTL.DAT [2013/10/06 13:37:50 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/10/06 13:37:50 | 000,687,828 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013/10/06 13:37:50 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/10/06 13:37:50 | 000,131,382 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013/10/06 13:37:50 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/10/05 19:57:32 | 000,000,256 | ---- | M] () -- C:\Users\Public\Desktop\Instrukcja obsługi programu Epson Connect.url [2013/10/05 19:57:31 | 000,002,341 | ---- | M] () -- C:\Users\Public\Desktop\Epson Przewodnik pracy w sieci L355 Series.lnk [2013/10/05 19:57:27 | 000,000,273 | ---- | M] () -- C:\Users\Public\Desktop\Epson Przewodnik użytkownika L355 Series.url [2013/10/05 19:56:51 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013/10/05 19:32:34 | 000,171,081 | ---- | M] () -- C:\Users\Wielgus\Documents\Fotografia na całej stronie.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/10/18 15:15:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/10/05 19:57:32 | 000,000,256 | ---- | C] () -- C:\Users\Public\Desktop\Instrukcja obsługi programu Epson Connect.url [2013/10/05 19:57:31 | 000,002,341 | ---- | C] () -- C:\Users\Public\Desktop\Epson Przewodnik pracy w sieci L355 Series.lnk [2013/10/05 19:57:27 | 000,000,273 | ---- | C] () -- C:\Users\Public\Desktop\Epson Przewodnik użytkownika L355 Series.url [2013/10/05 19:56:51 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013/10/05 19:32:34 | 000,171,081 | ---- | C] () -- C:\Users\Wielgus\Documents\Fotografia na całej stronie.pdf [2013/08/30 11:49:02 | 000,000,116 | ---- | C] () -- C:\Users\Wielgus\AppData\Roaming\WB.CFG [2013/08/30 11:49:02 | 000,000,006 | ---- | C] () -- C:\Users\Wielgus\AppData\Roaming\WBPU-TTL.DAT [2013/08/28 09:53:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013/08/28 09:48:53 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2011/01/17 15:48:09 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011/01/17 15:48:09 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >[/log] [log]OTL Extras logfile created on: 20/10/2013 12:27:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wielgus\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3.92 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 61.95% Memory free 7.83 Gb Paging File | 6.05 Gb Available in Paging File | 77.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 248.03 Gb Total Space | 215.48 Gb Free Space | 86.88% Space Free | Partition Type: NTFS Drive E: | 200.00 Gb Total Space | 199.79 Gb Free Space | 99.89% Space Free | Partition Type: NTFS Computer Name: WIELGUS-VAIO | User Name: Wielgus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0327FA73-9826-400B-9C6A-92C0E38CD2D0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{27317F4E-9A09-4253-83CB-43C9BE802DE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{28CFE129-D4B3-4C4F-9160-70F8C704028E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2DDF4290-4EFC-4301-BC98-30F0ADAD9595}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2E80FFAD-F0C8-4841-8D8F-DC904026ADA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4B670AF0-4199-49DA-890D-21736C537CEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6A636736-3FE8-472A-8666-A895A81019CB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8DE3BE08-0A64-4440-A87B-367FEAAE4068}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{93D697B3-AE4C-43A6-9B30-59A3F1BDC04B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D709DF4E-CC3A-4BC6-ABEF-EDC6309CBE1A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{066F3016-18C7-4BEC-9D36-84BBC748F569}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{0C0C1B6F-DC54-4B48-B4D5-DF0B6F4DB490}" = protocol=6 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe | "{3039DDB4-5C75-4114-BF20-80922CD12A32}" = protocol=17 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe | "{66C12DF0-BB9A-4FB7-84E2-21027C661832}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{72B7FC6B-3691-4B04-A895-3F546B6354B7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{867D2B50-FA34-41CE-B008-D527F09D5801}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{CB55A5A0-A325-461C-A765-C4E3E4E6E4DC}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{D0FE70AB-8437-4B06-96B2-485C85CF693A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{DC1F9848-E73B-433A-B91E-039393C3496B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{FCAD8861-8847-4896-978A-782648202F7F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{6085CDCC-61E5-4B1C-AFD0-6077453590EF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{124C73A8-5C1B-EF26-867B-5B77F9BC4D07}" = ATI Catalyst Install Manager "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit) "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{AF0BE024-8A51-E33A-D9A9-A4B8C8C71DD3}" = ccc-utility64 "{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C5D9F032-E965-426E-93B7-E0CF273036A3}" = AuthenTec TrueSuite "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CFFA71A3-B098-31B4-94F7-07EA2A717418}" = WMV9/VC-1 Video Playback "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "CCleaner" = CCleaner "EPSON L355 Series" = EPSON L355 Series Printer Uninstall "ProInst" = Intel PROSet Wireless [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09535813-6A3C-7954-96A6-6C3CB279D269}" = CCC Help German "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{111ae63b-ff99-406c-92c8-cb1160233642}" = Lyrmix "{118EFF90-3852-918E-1792-44912800232D}" = CCC Help Japanese "{146FEF7F-4761-3239-2B5C-AB97D021E8BC}" = Catalyst Control Center Profiles Mobile "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BitGuard "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{280E31FF-90A9-2CE5-4877-4147A5844266}" = CCC Help Dutch "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2B7C3552-72EA-E925-7024-D18F32BCBD06}" = CCC Help Italian "{2F2CE655-BB00-BE89-6932-75B915963284}" = Catalyst Control Center Graphics Previews Common "{31ABC808-794B-4710-B3E4-85F77784882E}" = VAIO Hardware Diagnostics "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34BA7E8F-7E1D-1B0B-E5C2-A9A1296091D2}" = CCC Help Thai "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger "{3845BDF0-8A2C-BF4C-11F3-8882075B9E26}" = CCC Help Greek "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{464BA630-A5F5-5047-6DEB-01ED8F98BFB8}" = CCC Help Swedish "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{53E913F1-9D04-B864-CF80-E0CAFCB3F38C}" = CCC Help Hungarian "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{670F35CC-ADFC-2260-B863-E18E588BC087}" = CCC Help French "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{712D5D1D-E668-C2A1-A508-81661F735B18}" = CCC Help Russian "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{753152B8-456A-6D6C-4050-1C740049DAF7}" = ccc-core-static "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89AC9DCA-EB77-9B54-C109-9EE497C70A38}" = Catalyst Control Center Localization All "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0361AD3-CA02-90FD-6617-B8CAE4827F2B}" = CCC Help Norwegian "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A720A7F6-389B-2E93-7BDA-69D0A12F33CB}" = CCC Help Polish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = "{A84F2351-A421-6A58-626F-5792820D40B7}" = CCC Help Danish "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch "{AC76BA86-1033-F400-BA7E-000000000004}_940" = Adobe Acrobat 9.4.0 - CPSID_83708 "{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B46CA1A1-680B-6161-5312-A4FF0AFD518D}" = CCC Help English "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B79242FF-8ACC-0525-85FD-6B99215198AE}" = CCC Help Portuguese "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{C0357E79-BAED-48F4-8AFE-A5E71AFC2658}" = "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3081594-4B05-4FBD-A7C3-70DE2988C9B7}" = Qualcomm Gobi 2000 Package for Sony "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4 "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}" = Epson Event Manager "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D1B83E1A-0AF9-C416-F511-3AEDEC6EC6DD}" = Catalyst Control Center InstallProxy "{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack "{D3142304-5883-4B37-8690-ADDB3D1D8B7B}" = VAIO Care "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D8DAB025-C2CE-4821-8117-494E95ADA031}" = Windows Live UX Platform Language Pack "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA5B3193-C386-E20C-3865-AAE363D7B863}" = CCC Help Finnish "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3D10A51-7F06-015F-F5A6-A5FCF64FF54C}" = CCC Help Korean "{E48CCB7E-63AF-43CC-B5D1-5E1A829BBD98}" = Catalyst Control Center - Branding "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5F25637-12A3-2ECE-BA56-4FD64411C5E1}" = CCC Help Czech "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC2276B3-81C6-8FBD-358D-619B255F5ABA}" = CCC Help Spanish "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack "{EFBEE79D-E49D-9451-459E-F776AC857F99}" = PX Profile Update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5678E75-7569-A976-96FA-FF03F5651A30}" = CCC Help Chinese Standard "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote "{F8B48758-410A-4B09-A734-C5DEA282C7C9}" = VAIO Data Restore Tool "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE9A6C6C-0A21-0439-6D7B-00B9BD06A74F}" = CCC Help Chinese Traditional "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ConvertAd" = ConvertAd "Delta Chrome Toolbar" = Delta Chrome Toolbar "Epson Connect Guide" = Epson Connect Guide "EPSON Scanner" = EPSON Scan "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "L355 Series Netg" = Epson Przewodnik pracy w sieci L355 Series "L355 Series Useg" = Epson Przewodnik użytkownika L355 Series "MarketingTools" = VAIO Marketing Tools "OneClickInternet" = OneClick Internet "Opera 11.52.1100" = Opera 11.52 "PRO100 wersja 5 Demo_is1" = PRO100 wersja 5 Demo "splashtop" = VAIO Quick Web Access "VAIO Help and Support" = "VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver "WinLiveSuite" = Windows Live Essentials [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DSite" = Update for Mipony Download Manager "Mipony Download Manager Packages" = Mipony Download Manager Packages [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 28/08/2013 07:54:37 | Computer Name = Wielgus-VAIO | Source = Windows Search Service | ID = 3029 Description = Error - 28/08/2013 07:54:40 | Computer Name = Wielgus-VAIO | Source = Windows Search Service | ID = 3029 Description = Error - 28/08/2013 07:54:40 | Computer Name = Wielgus-VAIO | Source = Windows Search Service | ID = 3028 Description = Error - 28/08/2013 07:54:40 | Computer Name = Wielgus-VAIO | Source = Windows Search Service | ID = 3058 Description = Error - 28/08/2013 07:54:40 | Computer Name = Wielgus-VAIO | Source = Windows Search Service | ID = 7010 Description = Error - 30/08/2013 06:41:20 | Computer Name = Wielgus-VAIO | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku zasad "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu 3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu "version" elementu "assemblyIdentity" jest nieprawidłowa. Error - 30/08/2013 06:42:35 | Computer Name = Wielgus-VAIO | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 30/08/2013 06:42:35 | Computer Name = Wielgus-VAIO | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 30/08/2013 06:42:35 | Computer Name = Wielgus-VAIO | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 30/08/2013 06:42:35 | Computer Name = Wielgus-VAIO | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. [ System Events ] Error - 06/10/2013 15:41:06 | Computer Name = Wielgus-VAIO | Source = Service Control Manager | ID = 7023 Description = Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%127 Error - 06/10/2013 15:41:36 | Computer Name = Wielgus-VAIO | Source = Service Control Manager | ID = 7023 Description = Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%127 Error - 06/10/2013 15:47:03 | Computer Name = Wielgus-VAIO | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 20:42:31 na ?2013-?10-?06 było nieoczekiwane. Error - 06/10/2013 15:47:05 | Computer Name = Wielgus-VAIO | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc IP zależy od usługi Instrumentacja zarządzania Windows, której nie można uruchomić z powodu następującego błędu: %%127 Error - 06/10/2013 15:47:05 | Computer Name = Wielgus-VAIO | Source = Service Control Manager | ID = 7023 Description = Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%127 Error - 06/10/2013 15:47:06 | Computer Name = Wielgus-VAIO | Source = Service Control Manager | ID = 7023 Description = Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%127 Error - 06/10/2013 15:47:36 | Computer Name = Wielgus-VAIO | Source = DCOM | ID = 10010 Description = Error - 06/10/2013 15:47:36 | Computer Name = Wielgus-VAIO | Source = Service Control Manager | ID = 7023 Description = Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%127 Error - 06/10/2013 15:48:06 | Computer Name = Wielgus-VAIO | Source = Service Control Manager | ID = 7023 Description = Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%127 Error - 06/10/2013 15:48:12 | Computer Name = Wielgus-VAIO | Source = DCOM | ID = 10016 Description = < End of report > [/log] Gmer [log]GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-20 12:41:02 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GH01 465,76GB Running: gmer.exe; Driver: C:\Users\Wielgus\AppData\Local\Temp\fftirkob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075491401 2 bytes JMP 766deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075491419 2 bytes JMP 766eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075491431 2 bytes JMP 76768609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007549144a 2 bytes CALL 766c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754914dd 2 bytes JMP 76767efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754914f5 2 bytes JMP 767680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007549150d 2 bytes JMP 76767df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075491525 2 bytes JMP 767681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007549153d 2 bytes JMP 766df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075491555 2 bytes JMP 766eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007549156d 2 bytes JMP 767686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075491585 2 bytes JMP 76768222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007549159d 2 bytes JMP 76767db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754915b5 2 bytes JMP 766df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754915cd 2 bytes JMP 766eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754916b2 2 bytes JMP 76768584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754916bd 2 bytes JMP 76767d4d C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076df2a62 5 bytes JMP 0000000171db46b0 .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075491401 2 bytes JMP 766deb26 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075491419 2 bytes JMP 766eb513 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075491431 2 bytes JMP 76768609 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007549144a 2 bytes CALL 766c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754914dd 2 bytes JMP 76767efe C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754914f5 2 bytes JMP 767680d8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007549150d 2 bytes JMP 76767df4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075491525 2 bytes JMP 767681c2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007549153d 2 bytes JMP 766df088 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075491555 2 bytes JMP 766eb885 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007549156d 2 bytes JMP 767686c1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075491585 2 bytes JMP 76768222 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007549159d 2 bytes JMP 76767db8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754915b5 2 bytes JMP 766df121 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754915cd 2 bytes JMP 766eb29f C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754916b2 2 bytes JMP 76768584 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754916bd 2 bytes JMP 76767d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075491401 2 bytes JMP 766deb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075491419 2 bytes JMP 766eb513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075491431 2 bytes JMP 76768609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007549144a 2 bytes CALL 766c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754914dd 2 bytes JMP 76767efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754914f5 2 bytes JMP 767680d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007549150d 2 bytes JMP 76767df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075491525 2 bytes JMP 767681c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007549153d 2 bytes JMP 766df088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075491555 2 bytes JMP 766eb885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007549156d 2 bytes JMP 767686c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075491585 2 bytes JMP 76768222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007549159d 2 bytes JMP 76767db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754915b5 2 bytes JMP 766df121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754915cd 2 bytes JMP 766eb29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754916b2 2 bytes JMP 76768584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754916bd 2 bytes JMP 76767d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075491401 2 bytes JMP 766deb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075491419 2 bytes JMP 766eb513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075491431 2 bytes JMP 76768609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007549144a 2 bytes CALL 766c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754914dd 2 bytes JMP 76767efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754914f5 2 bytes JMP 767680d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007549150d 2 bytes JMP 76767df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075491525 2 bytes JMP 767681c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007549153d 2 bytes JMP 766df088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075491555 2 bytes JMP 766eb885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007549156d 2 bytes JMP 767686c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075491585 2 bytes JMP 76768222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007549159d 2 bytes JMP 76767db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754915b5 2 bytes JMP 766df121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754915cd 2 bytes JMP 766eb29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754916b2 2 bytes JMP 76768584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754916bd 2 bytes JMP 76767d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075491401 2 bytes JMP 766deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075491419 2 bytes JMP 766eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075491431 2 bytes JMP 76768609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007549144a 2 bytes CALL 766c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754914dd 2 bytes JMP 76767efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754914f5 2 bytes JMP 767680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007549150d 2 bytes JMP 76767df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075491525 2 bytes JMP 767681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007549153d 2 bytes JMP 766df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075491555 2 bytes JMP 766eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007549156d 2 bytes JMP 767686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075491585 2 bytes JMP 76768222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007549159d 2 bytes JMP 76767db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754915b5 2 bytes JMP 766df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754915cd 2 bytes JMP 766eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754916b2 2 bytes JMP 76768584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754916bd 2 bytes JMP 76767d4d C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Internet Explorer\IELowutil.exe [4020:3628] 00000000735932fb ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78afcbfa Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78afcbfa (not active ControlSet) ---- EOF - GMER 2.1 ---- [/log] Skan z FRST na uruchomionym normalnie systemie. [log]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013 Ran by Wielgus (administrator) on WIELGUS-VAIO on 20-10-2013 13:05:46 Running from C:\Users\Wielgus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\079TTTBZ Windows 7 Professional (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Could not list processes =============== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-12-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2010-12-03] (Realtek Semiconductor) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2010-12-06] (Alps Electric Co., Ltd.) HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2010-12-13] (AuthenTec, Inc.) HKLM\...\Run: [ClientAppLogon32] - C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2010-12-13] (AuthenTec, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION) HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673168 2010-11-17] (Sony Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [38840 2010-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640440 2010-09-22] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe ARM] - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [MarketingTools] - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2013-08-28] (Sony Corporation) HKLM-x32\...\Run: [VAIO Boot Manager] - C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe [734608 2010-12-08] (Sony Corporation) HKLM-x32\...\Run: [ConvertAd] - C:\Users\Wielgus\AppData\Local\ConvertAd\ConvertAd.exe [1784832 2013-08-10] (TODO: <Company name>) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=76938CA982A93941&affID=120699&tt=280813_ctrl2&tsp=4990 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310&type=default&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310&type=default&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310&type=default&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310&type=default&q={searchTerms} SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=76938CA982A93941&affID=120699&tt=280813_ctrl2&tsp=4990 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=76938CA982A93941&affID=120699&tt=280813_ctrl2&tsp=4990 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5065GSXN_41HLF0ZHSXX41HLF0ZHS&ts=1382270310&type=default&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {9DE7BE0A-AAE5-47CB-A8EC-96DD81177781} URL = http://rover.ebay.com/rover/1//4?satitle={searchTerms} SearchScopes: HKCU - {ECF95296-B22B-48EE-A731-E28C2214AA6B} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices BHO: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Lyrmix - {804efe7d-a8d7-4351-a6df-014d1ed7c6fc} - C:\Program Files (x86)\Lyrmix\133.dll () BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Chrome: ======= CHR Extension: (Lyr\x6d\x69\x78) - C:\Users\Wielgus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidmhllhjmmmnpbiaihafgchacpmokof\1.131 CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Wielgus\AppData\Roaming\BabSolution\CR\Delta.crx CHR HKLM-x32\...\Chrome\Extension: [kidmhllhjmmmnpbiaihafgchacpmokof] - C:\Program Files (x86)\Lyrmix\133.crx CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032 2013-10-08] () R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [290632 2010-12-13] (AuthenTec, Inc) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] () R2 QDLService2kSony; c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [332096 2010-10-21] (QUALCOMM, Inc.) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [257936 2010-08-12] (Sony Corporation) S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1310096 2010-11-18] (Sony Corporation) R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [1706064 2013-10-20] (Wsys Co., Ltd.) R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [333264 2010-11-24] () S2 Winmgmt; C:\PROGRA~3\bnrj3lbna.pzz [x] ==================== Drivers (Whitelisted) ==================== R3 qcfiltersny2k; C:\Windows\System32\DRIVERS\qcfiltersny2k.sys [6400 2010-10-21] (QUALCOMM Incorporated) R3 qcombussny; C:\Windows\System32\DRIVERS\qcombussny.sys [137800 2010-10-21] (MCCI) R3 qcusbnetsny2k; C:\Windows\System32\DRIVERS\qcusbnetsny2k.sys [443392 2010-10-21] (QUALCOMM Incorporated) R3 qcusbserSny2k; C:\Windows\System32\DRIVERS\qcusbserSny2k.sys [230784 2010-10-21] (QUALCOMM Incorporated) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-20 12:58 - 2013-10-20 12:58 - 00000000 ____D C:\ProgramData\eSafe 2013-10-20 12:56 - 2013-10-20 12:56 - 00001094 _____ C:\Users\Wielgus\Desktop\Continue VuuPC Installation.lnk 2013-10-20 12:51 - 2013-10-20 12:51 - 517106733 _____ C:\Windows\MEMORY.DMP 2013-10-20 12:51 - 2013-10-20 12:51 - 00262144 _____ C:\Windows\Minidump\102013-22666-01.dmp 2013-10-20 12:51 - 2013-10-20 12:51 - 00000000 ____D C:\Windows\Minidump 2013-10-20 12:41 - 2013-10-20 12:41 - 00022034 _____ C:\Users\Wielgus\Desktop\gmer.txt 2013-10-20 12:35 - 2013-10-20 12:34 - 00368554 _____ C:\Users\Wielgus\Downloads\gmer.zip 2013-10-20 12:31 - 2013-10-20 12:32 - 00075738 _____ C:\Users\Wielgus\Desktop\OTL.Txt 2013-10-20 12:31 - 2013-10-20 12:32 - 00061352 _____ C:\Users\Wielgus\Desktop\Extras.Txt 2013-10-20 12:26 - 2013-10-20 12:26 - 00602112 _____ (OldTimer Tools) C:\Users\Wielgus\Desktop\OTL.exe 2013-10-19 00:09 - 2013-10-19 00:09 - 00000000 ____D C:\FRST 2013-10-18 16:02 - 2013-10-18 22:57 - 00000000 ___SD C:\32788R22FWJFW 2013-10-18 15:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-18 15:50 - 2013-10-18 15:52 - 00000000 ___SD C:\ComboFix 2013-10-18 15:32 - 2013-10-18 15:50 - 00000000 ____D C:\Qoobox 2013-10-18 15:30 - 2013-10-18 15:30 - 00000000 ____D C:\Windows\erdnt 2013-10-18 15:15 - 2013-10-18 15:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-12 21:29 - 2013-10-12 21:29 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-10-06 14:18 - 2013-10-06 14:18 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\Epson 2013-10-05 19:57 - 2013-10-05 19:57 - 00002341 _____ C:\Users\Public\Desktop\Epson Przewodnik pracy w sieci L355 Series.lnk 2013-10-05 19:57 - 2013-10-05 19:57 - 00000273 _____ C:\Users\Public\Desktop\Epson Przewodnik użytkownika L355 Series.url 2013-10-05 19:57 - 2013-10-05 19:57 - 00000256 _____ C:\Users\Public\Desktop\Instrukcja obsługi programu Epson Connect.url 2013-10-05 19:56 - 2013-10-05 19:56 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2013-10-05 19:56 - 2013-10-05 19:56 - 00000000 ____D C:\Program Files\EpsonNet 2013-10-05 19:56 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll 2013-10-05 19:56 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll 2013-10-05 19:56 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll 2013-10-05 19:56 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll 2013-10-05 19:56 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll 2013-10-05 19:56 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll 2013-10-05 19:56 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll 2013-10-05 19:56 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe 2013-10-05 19:24 - 2013-10-05 19:24 - 00000000 ____D C:\Program Files\Common Files\EPSON 2013-10-05 19:05 - 2013-10-05 19:57 - 00000000 ____D C:\Program Files (x86)\Epson Software 2013-10-05 19:05 - 2013-10-05 19:57 - 00000000 ____D C:\Program Files (x86)\epson 2013-10-05 19:04 - 2013-10-05 19:56 - 00000000 ____D C:\ProgramData\EPSON 2013-10-05 19:04 - 2011-04-18 19:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMI4E.DLL 2013-10-05 19:04 - 2011-03-13 19:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BI4E.DLL 2013-10-05 19:04 - 2007-04-09 17:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2013-09-26 16:17 - 2013-09-26 16:17 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\File Scout ==================== One Month Modified Files and Folders ======= 2013-10-20 13:20 - 2013-08-28 11:51 - 00000000 ___RD C:\Users\Wielgus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-20 13:03 - 2013-08-28 09:41 - 00214453 _____ C:\Windows\WindowsUpdate.log 2013-10-20 13:01 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-20 13:01 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-20 12:58 - 2013-10-20 12:58 - 00000000 ____D C:\ProgramData\eSafe 2013-10-20 12:56 - 2013-10-20 12:56 - 00001094 _____ C:\Users\Wielgus\Desktop\Continue VuuPC Installation.lnk 2013-10-20 12:54 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-10-20 12:52 - 2013-08-30 10:52 - 00000366 _____ C:\Windows\Tasks\Lyrmix Update.job 2013-10-20 12:51 - 2013-10-20 12:51 - 517106733 _____ C:\Windows\MEMORY.DMP 2013-10-20 12:51 - 2013-10-20 12:51 - 00262144 _____ C:\Windows\Minidump\102013-22666-01.dmp 2013-10-20 12:51 - 2013-10-20 12:51 - 00000000 ____D C:\Windows\Minidump 2013-10-20 12:51 - 2013-08-28 12:54 - 00003293 _____ C:\Windows\setupact.log 2013-10-20 12:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-20 12:41 - 2013-10-20 12:41 - 00022034 _____ C:\Users\Wielgus\Desktop\gmer.txt 2013-10-20 12:34 - 2013-10-20 12:35 - 00368554 _____ C:\Users\Wielgus\Downloads\gmer.zip 2013-10-20 12:32 - 2013-10-20 12:31 - 00075738 _____ C:\Users\Wielgus\Desktop\OTL.Txt 2013-10-20 12:32 - 2013-10-20 12:31 - 00061352 _____ C:\Users\Wielgus\Desktop\Extras.Txt 2013-10-20 12:26 - 2013-10-20 12:26 - 00602112 _____ (OldTimer Tools) C:\Users\Wielgus\Desktop\OTL.exe 2013-10-20 12:25 - 2013-08-28 12:01 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{866CD476-08AD-404A-972B-F785A2C48AF8} 2013-10-19 00:09 - 2013-10-19 00:09 - 00000000 ____D C:\FRST 2013-10-18 22:57 - 2013-10-18 16:02 - 00000000 ___SD C:\32788R22FWJFW 2013-10-18 15:52 - 2013-10-18 15:50 - 00000000 ___SD C:\ComboFix 2013-10-18 15:50 - 2013-10-18 15:32 - 00000000 ____D C:\Qoobox 2013-10-18 15:30 - 2013-10-18 15:30 - 00000000 ____D C:\Windows\erdnt 2013-10-18 15:15 - 2013-10-18 15:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-18 15:02 - 2013-09-13 17:15 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-18 15:02 - 2013-08-30 13:35 - 00005918 _____ C:\Windows\PFRO.log 2013-10-12 22:43 - 2013-08-30 11:49 - 00000116 _____ C:\Users\Wielgus\AppData\Roaming\WB.CFG 2013-10-12 22:43 - 2013-08-30 11:49 - 00000006 _____ C:\Users\Wielgus\AppData\Roaming\WBPU-TTL.DAT 2013-10-12 21:29 - 2013-10-12 21:29 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-10-06 14:18 - 2013-10-06 14:18 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\Epson 2013-10-06 13:37 - 2010-09-02 03:49 - 00687828 _____ C:\Windows\system32\perfh015.dat 2013-10-06 13:37 - 2010-09-02 03:49 - 00131382 _____ C:\Windows\system32\perfc015.dat 2013-10-06 13:37 - 2009-07-14 06:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-05 19:57 - 2013-10-05 19:57 - 00002341 _____ C:\Users\Public\Desktop\Epson Przewodnik pracy w sieci L355 Series.lnk 2013-10-05 19:57 - 2013-10-05 19:57 - 00000273 _____ C:\Users\Public\Desktop\Epson Przewodnik użytkownika L355 Series.url 2013-10-05 19:57 - 2013-10-05 19:57 - 00000256 _____ C:\Users\Public\Desktop\Instrukcja obsługi programu Epson Connect.url 2013-10-05 19:57 - 2013-10-05 19:05 - 00000000 ____D C:\Program Files (x86)\Epson Software 2013-10-05 19:57 - 2013-10-05 19:05 - 00000000 ____D C:\Program Files (x86)\epson 2013-10-05 19:57 - 2013-08-28 09:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-05 19:56 - 2013-10-05 19:56 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2013-10-05 19:56 - 2013-10-05 19:56 - 00000000 ____D C:\Program Files\EpsonNet 2013-10-05 19:56 - 2013-10-05 19:04 - 00000000 ____D C:\ProgramData\EPSON 2013-10-05 19:31 - 2013-08-28 11:51 - 00000000 ____D C:\Users\Wielgus\AppData\Local\Adobe 2013-10-05 19:24 - 2013-10-05 19:24 - 00000000 ____D C:\Program Files\Common Files\EPSON 2013-10-02 17:23 - 2013-08-28 12:20 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\Opera 2013-10-02 17:23 - 2013-08-28 12:20 - 00000000 ____D C:\Users\Wielgus\AppData\Local\Opera 2013-09-26 16:17 - 2013-09-26 16:17 - 00000000 ____D C:\Users\Wielgus\AppData\Roaming\File Scout Some content of TEMP: ==================== C:\Users\Wielgus\AppData\Local\Temp\ICReinstall_VuuPC_Setup (1).exe C:\Users\Wielgus\AppData\Local\Temp\ICReinstall_VuuPC_Setup[1].exe C:\Users\Wielgus\AppData\Local\Temp\lrxtmp.exe C:\Users\Wielgus\AppData\Local\Temp\setup_fsu_cid.exe C:\Users\Wielgus\AppData\Local\Temp\uninst1.exe C:\Users\Wielgus\AppData\Local\Temp\~tmf2330909277030764714.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-15 13:54 ==================== End Of Log ============================[/log] [log]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2013 Ran by Wielgus at 2013-10-20 13:09:47 Running from C:\Users\Wielgus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\079TTTBZ Boot Mode: Normal ========================================================== ==================== Security Center ======================== Could not list Security Center items. Check WMI. ==================== Installed Programs ====================== Adobe Acrobat 9 Standard - English, Français, Deutsch (x32 Version: 9.4.0) Adobe Acrobat 9.4.0 - CPSID_83708 (x32) Adobe AIR (x32 Version: 1.5.3.9130) Adobe Flash Player 10 ActiveX (x32 Version: 10.1.85.3) Adobe Flash Player 10 Plugin (x32 Version: 10.1.85.3) Adobe Reader 9.4.0 MUI (x32 Version: 9.4.0) Alps Pointing-device for VAIO ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.369) ATI Catalyst Install Manager (Version: 3.0.808.0) AuthenTec TrueSuite (Version: 4.0.100.4) BitGuard (x32) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0106.1235.22490) Catalyst Control Center InstallProxy (x32 Version: 2011.0106.1235.22490) Catalyst Control Center Localization All (x32 Version: 2011.0106.1235.22490) Catalyst Control Center Profiles Mobile (x32 Version: 2011.0106.1235.22490) CCC Help Chinese Standard (x32 Version: 2011.0106.1234.22490) CCC Help Chinese Traditional (x32 Version: 2011.0106.1234.22490) CCC Help Czech (x32 Version: 2011.0106.1234.22490) CCC Help Danish (x32 Version: 2011.0106.1234.22490) CCC Help Dutch (x32 Version: 2011.0106.1234.22490) CCC Help English (x32 Version: 2011.0106.1234.22490) CCC Help Finnish (x32 Version: 2011.0106.1234.22490) CCC Help French (x32 Version: 2011.0106.1234.22490) CCC Help German (x32 Version: 2011.0106.1234.22490) CCC Help Greek (x32 Version: 2011.0106.1234.22490) CCC Help Hungarian (x32 Version: 2011.0106.1234.22490) CCC Help Italian (x32 Version: 2011.0106.1234.22490) CCC Help Japanese (x32 Version: 2011.0106.1234.22490) CCC Help Korean (x32 Version: 2011.0106.1234.22490) CCC Help Norwegian (x32 Version: 2011.0106.1234.22490) CCC Help Polish (x32 Version: 2011.0106.1234.22490) CCC Help Portuguese (x32 Version: 2011.0106.1234.22490) CCC Help Russian (x32 Version: 2011.0106.1234.22490) CCC Help Spanish (x32 Version: 2011.0106.1234.22490) CCC Help Swedish (x32 Version: 2011.0106.1234.22490) CCC Help Thai (x32 Version: 2011.0106.1234.22490) ccc-core-static (x32 Version: 2011.0106.1235.22490) ccc-utility64 (Version: 2011.0106.1235.22490) CCleaner (Version: 3.14) Complément Messenger (x32 Version: 15.4.3502.0922) Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) ConvertAd (x32 Version: 1.0.0.0) D3DX10 (x32 Version: 15.4.2368.0902) Delta Chrome Toolbar (x32) Epson Connect Guide (x32) Epson Event Manager (x32 Version: 3.01.0007) EPSON L355 Series Printer Uninstall Epson Przewodnik pracy w sieci L355 Series (x32) Epson Przewodnik użytkownika L355 Series (x32) EPSON Scan (x32) EpsonNet Print (x32 Version: 2.6.0) Evernote (x32 Version: 3.5.7.2910) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Intel PROSet Wireless Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) PROSet/Wireless WiFi Software (Version: 14.00.0000) Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008) Java Auto Updater (x32 Version: 2.0.2.4) Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220) Java(TM) 6 Update 22 (x32 Version: 6.0.220) Junk Mail filter update (x32 Version: 15.4.3502.0922) Lyrmix (x32) Mesh Runtime (x32 Version: 15.4.5722.2) Messenger Companion (x32 Version: 15.4.3502.0922) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Silverlight (x32 Version: 4.0.50401.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Mipony Download Manager Packages (HKCU) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) OneClick Internet (x32 Version: 3.0) Opera 11.52 (x32 Version: 11.52.1100) PRO100 wersja 5 Demo (x32) PX Profile Update (x32 Version: 1.00.1.) Qualcomm Gobi 2000 Package for Sony (x32 Version: 1.1.190) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Realtek Ethernet Controller Driver (x32 Version: 7.40.126.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6225) Realtek PCIE Card Reader (x32 Version: 6.1.7600.69) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0) Update for Mipony Download Manager (HKCU) VAIO Care (x32 Version: 6.3.3.02100) VAIO Control Center (x32 Version: 4.4.0.11260) VAIO Data Restore Tool (x32 Version: 1.5.0.10140) VAIO Gate (x32 Version: 2.3.0.11090) VAIO Gate Default (x32 Version: 2.3.0.11220) VAIO Hardware Diagnostics (x32 Version: 4.1.0.10120) VAIO Hero Screensaver - Summer 2011 Screensaver (x32) VAIO Manual (x32 Version: 1.2.0.11040) VAIO Marketing Tools (x32) VAIO Quick Web Access (x32 Version: 1.4.5.1) VAIO Smart Network (x32 Version: 3.4.0.12090) VAIO Transfer Support (x32 Version: 1.3.0.11250) VAIO Update (x32 Version: 5.3.0.11180) WIDCOMM Bluetooth Software (Version: 6.3.0.6300) Windows Live (x32 Version: 15.4.3502.0922) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3502.0922) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3502.0922) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WMV9/VC-1 Video Playback (Version: 1.00.0000) Wsys Control 10.2.1.2652 (x32 Version: 10.2.1.2652) Компаньон Messenger (x32 Version: 15.4.3502.0922) Основные компоненты Windows Live (x32 Version: 15.4.3502.0922) Почта Windows Live (x32 Version: 15.4.3502.0922) Фотоальбом Windows Live (x32 Version: 15.4.3502.0922) Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2) ==================== Restore Points ========================= Could not list Restore Points. Check WMI. ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {23B66C4E-5CE2-467D-8B94-A5EC8AEB2703} - System32\Tasks\SONY\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient Task: {33BF267C-B863-40B0-831D-030D2835E579} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation) Task: {34FAD300-9F96-4E52-8FCE-BDB4BB1B306C} - System32\Tasks\Lyrmix Update => C:\Program Files (x86)\Lyrmix\LymxUD.exe [2013-09-11] () Task: {38C535A2-41D2-40A2-8F5D-6B1F600BEEF4} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2010-10-20] (Sony Corporation) Task: {3EFDA79A-116C-4FC5-A401-5FE2170577CE} - System32\Tasks\EPUpdater => C:\Users\Wielgus\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () Task: {433F1CD0-0991-43E9-B68D-6CDAA6BB1453} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-11-18] (Sony Corporation) Task: {454CA112-2898-4D12-8BC7-130D14F433CE} - System32\Tasks\DSite => C:\Users\Wielgus\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-08-30] () Task: {5B6CE1E6-5077-4CC6-ACD6-643305006D7B} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation) Task: {5DB77D12-7F3D-4B7C-95B1-E2FD39A47EDC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation) Task: {6E7FA59A-3C73-40A6-AD66-421124A7F20B} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-12-23] (Sony Corporation) Task: {7020F3DA-EF44-4594-84AF-AB1D509511DA} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe [2010-09-27] (Sony Corporation) Task: {AF445B3D-6113-4A7B-B8A9-C07D08E80425} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation) Task: {CD96E5E9-4B2E-4600-8987-27339A19BE23} - System32\Tasks\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2010-10-14] () Task: {D47C1C46-29D3-40A3-8B2F-C77E6D5BF2B5} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-12-23] (Sony Corporation) Task: {DF0750E4-2C37-43DB-84C8-E2EF84C3175C} - System32\Tasks\Sony Corporation\VAIO Boot Manager\VAIO Boot Manager => C:\Program Files (x86)\Sony\VAIO Boot Manager\SetProcessTask.exe [2010-12-08] (Sony Corporation) Task: {E2AAFEAF-877B-4EA7-AB8C-EF79CD404A5D} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation) Task: {E32E0036-4347-4E87-A9BA-F74D27059B44} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation) Task: C:\Windows\Tasks\Lyrmix Update.job => C:\Program Files (x86)\Lyrmix\LymxUD.exe ==================== Loaded Modules (whitelisted) ============= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Could not list Devices. Check WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (10/20/2013 00:58:46 PM) (Source: Application Hang) (User: ) Description: Program VuuPC_Setup[1].exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 154c Godzina rozpoczęcia: 01cecd8b656ee2c6 Godzina zakończenia: 0 Ścieżka aplikacji: C:\Users\Wielgus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HP8Z7EO\VuuPC_Setup[1].exe Identyfikator raportu: Error: (10/18/2013 10:57:27 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: swreg.3XE, wersja: 3.0.0.0, sygnatura czasowa: 0x2a425e19 Nazwa modułu powodującego błąd: bitguard.dll, wersja: 2.6.1694.246, sygnatura czasowa: 0x5253f78e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0017966f Identyfikator procesu powodującego błąd: 0x320 Godzina uruchomienia aplikacji powodującej błąd: 0xswreg.3XE0 Ścieżka aplikacji powodującej błąd: swreg.3XE1 Ścieżka modułu powodującego błąd: swreg.3XE2 Identyfikator raportu: swreg.3XE3 Error: (10/18/2013 05:03:27 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: swreg.3XE, wersja: 3.0.0.0, sygnatura czasowa: 0x2a425e19 Nazwa modułu powodującego błąd: bitguard.dll, wersja: 2.6.1694.246, sygnatura czasowa: 0x5253f78e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0017966f Identyfikator procesu powodującego błąd: 0x320 Godzina uruchomienia aplikacji powodującej błąd: 0xswreg.3XE0 Ścieżka aplikacji powodującej błąd: swreg.3XE1 Ścieżka modułu powodującego błąd: swreg.3XE2 Identyfikator raportu: swreg.3XE3 Error: (10/18/2013 03:52:16 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: cmd.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc19e Nazwa modułu powodującego błąd: bitguard.dll, wersja: 2.6.1694.246, sygnatura czasowa: 0x5253f78e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0017966f Identyfikator procesu powodującego błąd: 0x408 Godzina uruchomienia aplikacji powodującej błąd: 0xcmd.exe0 Ścieżka aplikacji powodującej błąd: cmd.exe1 Ścieżka modułu powodującego błąd: cmd.exe2 Identyfikator raportu: cmd.exe3 Error: (10/18/2013 03:52:14 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: cmd.exe, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc19e Nazwa modułu powodującego błąd: bitguard.dll, wersja: 2.6.1694.246, sygnatura czasowa: 0x5253f78e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0017966f Identyfikator procesu powodującego błąd: 0x408 Godzina uruchomienia aplikacji powodującej błąd: 0xcmd.exe0 Ścieżka aplikacji powodującej błąd: cmd.exe1 Ścieżka modułu powodującego błąd: cmd.exe2 Identyfikator raportu: cmd.exe3 Error: (10/18/2013 03:52:13 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: NIRCMD.exe, wersja: 2.3.5.189, sygnatura czasowa: 0x49ec5532 Nazwa modułu powodującego błąd: bitguard.dll, wersja: 2.6.1694.246, sygnatura czasowa: 0x5253f78e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0017966f Identyfikator procesu powodującego błąd: 0x132c Godzina uruchomienia aplikacji powodującej błąd: 0xNIRCMD.exe0 Ścieżka aplikacji powodującej błąd: NIRCMD.exe1 Ścieżka modułu powodującego błąd: NIRCMD.exe2 Identyfikator raportu: NIRCMD.exe3 Error: (10/18/2013 03:52:10 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: NIRCMD.exe, wersja: 2.3.5.189, sygnatura czasowa: 0x49ec5532 Nazwa modułu powodującego błąd: bitguard.dll, wersja: 2.6.1694.246, sygnatura czasowa: 0x5253f78e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0017966f Identyfikator procesu powodującego błąd: 0x132c Godzina uruchomienia aplikacji powodującej błąd: 0xNIRCMD.exe0 Ścieżka aplikacji powodującej błąd: NIRCMD.exe1 Ścieżka modułu powodującego błąd: NIRCMD.exe2 Identyfikator raportu: NIRCMD.exe3 Error: (10/18/2013 03:49:56 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: NirCmd.3XE, wersja: 2.3.5.189, sygnatura czasowa: 0x49ec5532 Nazwa modułu powodującego błąd: bitguard.dll, wersja: 2.6.1694.246, sygnatura czasowa: 0x5253f78e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0017966f Identyfikator procesu powodującego błąd: 0x1290 Godzina uruchomienia aplikacji powodującej błąd: 0xNirCmd.3XE0 Ścieżka aplikacji powodującej błąd: NirCmd.3XE1 Ścieżka modułu powodującego błąd: NirCmd.3XE2 Identyfikator raportu: NirCmd.3XE3 Error: (10/18/2013 03:49:46 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: swxcacls.3XE, wersja: 1.0.1.1, sygnatura czasowa: 0x2a425e19 Nazwa modułu powodującego błąd: bitguard.dll, wersja: 2.6.1694.246, sygnatura czasowa: 0x5253f78e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0017966f Identyfikator procesu powodującego błąd: 0xa20 Godzina uruchomienia aplikacji powodującej błąd: 0xswxcacls.3XE0 Ścieżka aplikacji powodującej błąd: swxcacls.3XE1 Ścieżka modułu powodującego błąd: swxcacls.3XE2 Identyfikator raportu: swxcacls.3XE3 Error: (10/18/2013 03:49:45 PM) (Source: Application Error) (User: ) Description: Nazwa aplikacji powodującej błąd: swxcacls.3XE, wersja: 1.0.1.1, sygnatura czasowa: 0x2a425e19 Nazwa modułu powodującego błąd: bitguard.dll, wersja: 2.6.1694.246, sygnatura czasowa: 0x5253f78e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0017966f Identyfikator procesu powodującego błąd: 0xa20 Godzina uruchomienia aplikacji powodującej błąd: 0xswxcacls.3XE0 Ścieżka aplikacji powodującej błąd: swxcacls.3XE1 Ścieżka modułu powodującego błąd: swxcacls.3XE2 Identyfikator raportu: swxcacls.3XE3 System errors: ============= Error: (10/20/2013 01:19:28 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error: (10/20/2013 01:18:58 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error: (10/20/2013 01:18:28 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error: (10/20/2013 01:17:58 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error: (10/20/2013 01:17:28 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error: (10/20/2013 01:16:58 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error: (10/20/2013 01:16:28 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error: (10/20/2013 01:15:58 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error: (10/20/2013 01:15:28 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Error: (10/20/2013 01:14:58 PM) (Source: Service Control Manager) (User: ) Description: Usługa Instrumentacja zarządzania Windows zakończyła działanie; wystąpił następujący błąd: %%126 Microsoft Office Sessions: ========================= Error: (10/20/2013 00:58:46 PM) (Source: Application Hang)(User: ) Description: VuuPC_Setup[1].exe0.0.0.0154c01cecd8b656ee2c60C:\Users\Wielgus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HP8Z7EO\VuuPC_Setup[1].exe Error: (10/18/2013 10:57:27 PM) (Source: Application Error)(User: ) Description: swreg.3XE3.0.0.02a425e19bitguard.dll2.6.1694.2465253f78ec00000050017966f32001cecc1b94058532C:\32788R22FWJFW\swreg.3XEc:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll465a3cc8-3840-11e3-858d-00a0c6000000 Error: (10/18/2013 05:03:27 PM) (Source: Application Error)(User: ) Description: swreg.3XE3.0.0.02a425e19bitguard.dll2.6.1694.2465253f78ec00000050017966f32001cecc1b94058532C:\32788R22FWJFW\swreg.3XEc:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dlld29b56ed-380e-11e3-858d-00a0c6000000 Error: (10/18/2013 03:52:16 PM) (Source: Application Error)(User: ) Description: cmd.exe6.1.7600.163854a5bc19ebitguard.dll2.6.1694.2465253f78ec00000050017966f40801cecc11a1f31d3fC:\Windows\SysWOW64\cmd.exec:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dlle0a0bcbd-3804-11e3-858d-00a0c6000000 Error: (10/18/2013 03:52:14 PM) (Source: Application Error)(User: ) Description: cmd.exe6.1.7600.163854a5bc19ebitguard.dll2.6.1694.2465253f78ec00000050017966f40801cecc11a1f31d3fC:\Windows\SysWOW64\cmd.exec:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dlldfb775e2-3804-11e3-858d-00a0c6000000 Error: (10/18/2013 03:52:13 PM) (Source: Application Error)(User: ) Description: NIRCMD.exe2.3.5.18949ec5532bitguard.dll2.6.1694.2465253f78ec00000050017966f132c01cecc119ee659e5C:\Windows\NIRCMD.exec:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dlldf61c458-3804-11e3-858d-00a0c6000000 Error: (10/18/2013 03:52:10 PM) (Source: Application Error)(User: ) Description: NIRCMD.exe2.3.5.18949ec5532bitguard.dll2.6.1694.2465253f78ec00000050017966f132c01cecc119ee659e5C:\Windows\NIRCMD.exec:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dlldd5152db-3804-11e3-858d-00a0c6000000 Error: (10/18/2013 03:49:56 PM) (Source: Application Error)(User: ) Description: NirCmd.3XE2.3.5.18949ec5532bitguard.dll2.6.1694.2465253f78ec00000050017966f129001cecc114a5737e9C:\32788R22FWJFW\NirCmd.3XEc:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll8d76a92a-3804-11e3-858d-00a0c6000000 Error: (10/18/2013 03:49:46 PM) (Source: Application Error)(User: ) Description: swxcacls.3XE1.0.1.12a425e19bitguard.dll2.6.1694.2465253f78ec00000050017966fa2001cecc114956234bC:\32788R22FWJFW\swxcacls.3XEc:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll8766a7f7-3804-11e3-858d-00a0c6000000 Error: (10/18/2013 03:49:45 PM) (Source: Application Error)(User: ) Description: swxcacls.3XE1.0.1.12a425e19bitguard.dll2.6.1694.2465253f78ec00000050017966fa2001cecc114956234bC:\32788R22FWJFW\swxcacls.3XEc:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll87181a8e-3804-11e3-858d-00a0c6000000 [/log] Dzięki!
Natsuki Kuga komentarz 25 października 2013 komentarz 25 października 2013 Poszukaj logów z ComboFix-a na partycji systemowej. 1. Odinstaluj poprzez Dodaj/usuń programy:Delta Chrome Toolbar2. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ): :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se..._ctrl2&tsp=4990 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=76938CA982A93941&affID=120699&tt=280813_ctrl2&tsp=4990 IE - HKCU\..\SearchScopes\{9DE7BE0A-AAE5-47CB-A8EC-96DD81177781}: "URL" = http://rover.ebay.co...r/1//4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{ECF95296-B22B-48EE-A731-E28C2214AA6B}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.) O2 - BHO: (Lyrmix) - {804efe7d-a8d7-4351-a6df-014d1ed7c6fc} - C:\Program Files (x86)\Lyrmix\133.dll () O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.) O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE /EPT "EPLTarget\P0000000000000000" /M "L355 Series" File not found O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE /EPT "EPLTarget\P0000000000000001" /M "L355 Series" File not found :Files C:\ProgramData\BitGuard C:\Program Files (x86)\Lyrmix C:\Program Files\TrueSuite C:\Users\Wielgus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard C:\Windows\tasks\Lyrmix Update.job C:\PROGRA~3 C:\ProgramData\eSafe :Services BitGuard Winmgmt Pokaż raport. 3. Użyj [url=http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner]AdwCleaner[/url] z opcji Usuń. Pokaż raport. 4. Pokaż zestaw nowych logów z OTL i FRST.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.