Nie mogę odinstalować avast! Free Antivirus 7.0.1407.0

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

Witam. Jeśli popełniłem jakiś błąd co do stworzonego wątku, z góry przepraszam :slight_smile:

Przechodząc do mojego problemu. Otóż, od paru tygodni przy starcie mojego systemu Windows XP Professional SP3 wyskakuje mi okienko wyłączenia się programu avast! Free Antivirus :

10782994.jpg

Więcej informacji dotyczących błędu:

trob.jpg

Po zdebugowaniu:

debugi.jpg

Po tym szeregu komunikatów program się wyłączył lecz procesy nie i zajmują całą jego pamięć:

procesyz.jpg

Skutek:

  • mój komputer to straszny muł :cry: dno nic nie idzie uruchomić, bo jego praca iryruje. Czekanie, czekanie, czekanie ipd. itd.

Pytanie: Czy jest jakaś możliwość by pozbyć się tego avasta z mojego komputera?

#2

zrób log otl - przez niego usuniemy

#3

Spróbuj użyć tego:

http://www.avast.com/uninstall-utility

#4

klopers33 , szybkie skanowanie wystarczy, ze standardowymi ustawieniami skanowania?

OTL.Txt

OTL logfile created on: 2012-04-10 12:10:18 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Hyde\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,50 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 55,32% Memory free

2,35 Gb Paging File | 1,87 Gb Available in Paging File | 79,32% Paging File free

Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 80,68 Gb Total Space | 5,42 Gb Free Space | 6,71% Space Free | Partition Type: NTFS

Drive D: | 34,18 Gb Total Space | 14,82 Gb Free Space | 43,35% Space Free | Partition Type: NTFS

Drive E: | 34,18 Gb Total Space | 0,78 Gb Free Space | 2,29% Space Free | Partition Type: NTFS

Drive V: | 74,53 Gb Total Space | 43,22 Gb Free Space | 58,00% Space Free | Partition Type: NTFS


Computer Name: PVRR-E78ADEF5D5 | User Name: Hyde | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-04-10 12:08:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hyde\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2012-03-22 17:29:15 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012-02-23 18:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012-02-10 06:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2011-10-10 20:40:27 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

PRC - [2011-06-24 01:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe

PRC - [2011-06-17 09:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

PRC - [2011-03-20 16:51:58 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-11-27 14:36:54 | 002,169,368 | ---- | M] (Palit Microsystems, Inc.) -- C:\Program Files\VDOTool\TBPANEL.exe

PRC - [2006-09-29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

PRC - [2003-05-29 16:28:32 | 000,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

PRC - [2002-09-20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

PRC - [2002-07-18 22:59:50 | 000,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2012-03-31 08:30:22 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll

MOD - [2012-03-22 17:29:14 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012-02-10 06:10:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll

MOD - [2011-07-18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll

MOD - [2011-06-24 01:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll

MOD - [2010-11-21 16:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL

MOD - [2008-04-14 19:20:37 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2007-01-31 11:39:00 | 000,032,768 | ---- | M] () -- C:\Program Files\VDOTool\TBPanelExt.dll

MOD - [2006-09-29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

MOD - [1998-10-31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\VDOTool\TBMANAGE.DLL



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)

SRV - [2012-03-31 08:30:22 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-02-23 18:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012-02-10 06:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2011-11-30 17:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011-10-10 20:40:27 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2011-06-17 09:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010-07-18 11:26:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2006-09-29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)

SRV - [2002-09-20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

SRV - [2002-07-18 22:59:50 | 000,046,080 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (apa0ahxu)

DRV - [2012-02-23 18:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012-02-23 18:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012-02-23 18:10:46 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012-02-23 18:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012-02-23 18:10:25 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012-02-23 18:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012-02-23 18:07:33 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011-04-30 14:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2011-04-30 14:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV - [2011-04-30 14:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2011-04-30 14:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)

DRV - [2011-04-30 13:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2010-09-08 18:37:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008-04-13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2007-02-18 01:15:34 | 000,232,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)

DRV - [2007-01-29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)

DRV - [2006-09-13 20:18:54 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)

DRV - [2005-10-09 05:26:40 | 000,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959)

DRV - [2005-09-26 17:02:50 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)

DRV - [2003-07-24 13:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

DRV - [2003-06-18 00:38:56 | 000,035,012 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)

DRV - [2003-05-09 06:00:56 | 000,033,248 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)

DRV - [2002-09-20 19:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)

DRV - [2002-07-18 22:59:50 | 000,057,968 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.landing.savetubevideo.com/index.php?from=3

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{2877A654-1C9F-4cb5-8438-16022B2FDD9C}: "URL" = http://www.landing.savetubevideo.com/results.php?q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: "Custom search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF - prefs.js..keyword.URL: "http://www.landing.savetubevideo.com/results.php?q="

FF - user.js - File not found


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-20 16:52:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-25 09:39:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-22 17:29:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-12-01 23:08:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012-01-12 23:23:53 | 000,000,000 | ---D | M]


[2011-05-03 11:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hyde\Dane aplikacji\Mozilla\Extensions

[2011-02-27 12:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hyde\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012-02-08 22:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hyde\Dane aplikacji\Mozilla\Firefox\Profiles\29026qat.default\extensions

[2012-01-11 18:53:59 | 000,002,135 | ---- | M] () -- C:\Documents and Settings\Hyde\Dane aplikacji\Mozilla\Firefox\Profiles\29026qat.default\searchplugins\GoogleFeed.xml

[2012-03-22 17:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\HYDE\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\29026QAT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012-03-22 17:29:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll


[color=#E56717]========== Chrome ==========[/color]


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\17.0.963.66\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\17.0.963.66\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Shortcuts for Google\u2122 = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd\1.6.3.0_0\

CHR - Extension: Mp3Skull Toolbar = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\baoibaaaddojlcbojfclgifomaofgogm\1.4_0\

CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.53_0\

CHR - Extension: Slinky Elegancki = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.0_0\

CHR - Extension: WeatherByte = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\fnlgbglmmkibkhhbnhegkokegdodlgfe\1.0.3_0\

CHR - Extension: AdBlock = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.19_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_1\

CHR - Extension: Vimeo Video Downloader = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jjieadomkepcfnndlnkmmcehlghbafmk\1.0.2_0\

CHR - Extension: Download Helper = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jnbkeigkjcncjkbmkiibjgbhbnbanmfi\2.0.2_0\

CHR - Extension: FlashControl = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\2.10.0_0\

CHR - Extension: Sprawdzanie poczty Google = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\

CHR - Extension: Facebook Notifications = C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\


O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

O4 - HKLM..\Run: [SonicFocus] C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE (Sonic Focus)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1327146669281 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A565C28F-6FB3-4617-8E7C-36C714DCCE59}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-06-22 22:51:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O33 - MountPoints2\{00433dfe-4700-11e0-88df-002719b4ce02}\Shell\AutoRun\command - "" = I:\Launcher.exe

O33 - MountPoints2\{e4ff6726-d363-11e0-9484-002719b4ce02}\Shell\AutoRun\command - "" = K:\Toshiba\Launcher\start.exe

O33 - MountPoints2\{f33151fc-0483-11e0-884d-002719b4ce02}\Shell\Auto\command - "" = Start.exe

O33 - MountPoints2\{f33151fc-0483-11e0-884d-002719b4ce02}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

O34 - HKLM BootExecute: (PDBoot.exe)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-04-09 12:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hyde\Pulpit\e

[2012-04-09 11:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Martau

[2012-04-09 11:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Total Uninstall 6

[2012-04-08 13:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hyde\Menu Start\Programy\Revo Uninstaller

[2012-04-08 13:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012-03-25 16:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hyde\Pulpit\g

[2012-03-25 13:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hyde\Pulpit\rzk

[2012-03-14 21:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hyde\Pulpit\locale

[2012-03-13 17:23:08 | 000,000,000 | ---D | C] -- C:\zdjęcia

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[43 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-04-10 12:15:22 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI

[2012-04-10 11:34:20 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012-04-10 11:25:24 | 000,011,488 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\av_j.gif

[2012-04-10 11:21:51 | 000,041,870 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\av_j.jpg

[2012-04-10 10:36:00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-790525478-839522115-1003UA.job

[2012-04-10 10:34:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-790525478-839522115-1003.job

[2012-04-10 10:34:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-04-10 10:34:01 | 1609,293,824 | -HS- | M] () -- C:\hiberfil.sys

[2012-04-09 13:34:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-790525478-839522115-1003.job

[2012-04-09 12:54:27 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-04-09 12:21:04 | 000,066,807 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\no.jpg

[2012-04-09 12:20:48 | 000,124,867 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\info.jpg

[2012-04-09 12:20:29 | 000,037,349 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\trob.jpg

[2012-04-09 12:20:08 | 000,045,685 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\debug.jpg

[2012-04-09 12:12:38 | 000,124,092 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\procesy.jpg

[2012-04-09 11:35:35 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Total Uninstall 6.lnk

[2012-04-09 10:11:50 | 000,874,746 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\goodmans.jpg

[2012-04-09 01:20:42 | 000,000,367 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\pliki.php

[2012-04-08 17:37:25 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-790525478-839522115-1003Core.job

[2012-04-08 17:35:39 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Hyde.job

[2012-04-08 15:01:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2012-04-08 13:59:37 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Revo Uninstaller.lnk

[2012-04-07 13:54:02 | 002,992,268 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\wood-texture_beiz.jp_L07282.jpg

[2012-04-07 13:48:07 | 000,072,621 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\pad.png

[2012-04-07 13:44:34 | 000,072,621 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\cmpn81l.jpg

[2012-04-07 10:44:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-04-04 19:32:19 | 005,191,286 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\logotyp.psd

[2012-04-04 19:29:20 | 000,024,708 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\shadow_cat_by_orycia-d354bpr.png

[2012-04-03 19:50:08 | 000,701,250 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\logotyp2.jpg

[2012-04-03 19:14:01 | 005,565,915 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Bez nazwy 1.psd

[2012-04-02 20:39:35 | 000,631,064 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\logotyp.jpg

[2012-04-02 20:02:54 | 003,134,756 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\trawa.psd

[2012-04-02 19:33:52 | 000,305,709 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\209708058_b5a5fb07a6_z.jpg

[2012-04-02 19:24:45 | 002,224,690 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\mt.psd

[2012-04-01 19:59:13 | 000,078,245 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\2001pa.jpg

[2012-03-25 20:08:02 | 000,110,349 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Stary Hellfire.jpg

[2012-03-25 17:48:59 | 000,087,634 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\wdu_hsh5l11_01.jpg

[2012-03-20 18:30:00 | 000,164,218 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\ms.psd

[2012-03-20 18:29:44 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\PVRR.gif

[2012-03-20 18:19:02 | 000,048,942 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Monster-Energy.jpg

[2012-03-19 20:54:45 | 001,839,946 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Volvo1995-2.pdf

[2012-03-19 20:53:32 | 000,634,354 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\skanowanie0004.jpg

[2012-03-19 20:53:23 | 000,893,650 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\skanowanie0003.jpg

[2012-03-19 20:49:20 | 000,829,740 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\1996MY-PressKit.pdf

[2012-03-19 20:46:51 | 000,519,258 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\1994ModelYearPressKit2.pdf

[2012-03-19 20:44:55 | 001,861,934 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\1994MY-PressKit.pdf

[2012-03-19 20:34:41 | 000,987,319 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\460PressKit.pdf

[2012-03-19 20:09:04 | 000,186,162 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\marshalltsl122-2.jpg

[2012-03-19 20:07:59 | 000,267,151 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\marshalltsl100nowy.jpg

[2012-03-18 15:12:52 | 000,048,421 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\pics-max-9338-165480-volvo-440.jpg

[2012-03-17 00:01:31 | 000,036,221 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Seymour 66tele 045.gif

[2012-03-17 00:00:56 | 000,062,632 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Seymour standard_tele 094.jpg

[2012-03-17 00:00:37 | 000,052,443 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Seymour 53tele 044.gif

[2012-03-13 22:14:45 | 000,009,894 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\PVRR.jpg

[2012-03-13 22:09:08 | 000,000,424 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Hyde.png

[2012-03-13 22:08:50 | 000,193,878 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\hyde.psd

[2012-03-13 21:35:37 | 000,016,393 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Ibanez - RG170,270,450,470,RX170,S470,240.gif

[2012-03-13 21:24:58 | 000,014,008 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Ibanez - RXxxx - wele modeli.gif

[2012-03-13 21:19:19 | 000,014,612 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Ibanez - RX650,RX350,RX352.gif

[2012-03-13 19:51:52 | 000,152,975 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\tester.psd

[2012-03-13 19:51:40 | 000,002,988 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Tester.png

[2012-03-13 18:16:58 | 000,016,482 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\Ibanez - RG770, RG770G, JEM555.gif

[2012-03-12 20:34:18 | 000,003,573 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\graphic.png

[2012-03-11 15:06:48 | 000,030,458 | ---- | M] () -- C:\Documents and Settings\Hyde\Pulpit\21lvr4z.jpg

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[43 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-04-10 11:29:59 | 001,970,702 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\da.gif

[2012-04-10 11:25:17 | 000,011,488 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\av_j.gif

[2012-04-10 11:21:48 | 000,041,870 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\av_j.jpg

[2012-04-09 12:21:02 | 000,066,807 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\no.jpg

[2012-04-09 12:20:47 | 000,124,867 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\info.jpg

[2012-04-09 12:20:28 | 000,037,349 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\trob.jpg

[2012-04-09 12:20:06 | 000,045,685 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\debug.jpg

[2012-04-09 12:12:34 | 000,124,092 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\procesy.jpg

[2012-04-09 11:35:35 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Total Uninstall 6.lnk

[2012-04-09 11:35:35 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Total Uninstall 6.lnk

[2012-04-09 10:10:51 | 000,874,746 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\goodmans.jpg

[2012-04-09 00:11:27 | 000,000,367 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\pliki.php

[2012-04-08 13:59:37 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Revo Uninstaller.lnk

[2012-04-07 13:47:51 | 000,072,621 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\pad.png

[2012-04-07 13:44:11 | 000,072,621 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\cmpn81l.jpg

[2012-04-04 19:29:00 | 000,024,708 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\shadow_cat_by_orycia-d354bpr.png

[2012-04-03 19:50:02 | 000,701,250 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\logotyp2.jpg

[2012-04-03 16:42:38 | 005,565,915 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Bez nazwy 1.psd

[2012-04-02 20:39:33 | 000,631,064 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\logotyp.jpg

[2012-04-02 20:38:36 | 005,191,286 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\logotyp.psd

[2012-04-02 20:02:52 | 003,134,756 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\trawa.psd

[2012-04-02 19:33:22 | 000,305,709 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\209708058_b5a5fb07a6_z.jpg

[2012-04-02 19:01:56 | 002,224,690 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\mt.psd

[2012-04-02 18:09:22 | 002,992,268 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\wood-texture_beiz.jp_L07282.jpg

[2012-04-02 00:10:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-790525478-839522115-1003.job

[2012-04-01 19:58:52 | 000,078,245 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\2001pa.jpg

[2012-03-31 08:30:44 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012-03-25 20:07:46 | 000,110,349 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Stary Hellfire.jpg

[2012-03-25 17:48:41 | 000,087,634 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\wdu_hsh5l11_01.jpg

[2012-03-20 18:29:59 | 000,164,218 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\ms.psd

[2012-03-20 18:29:30 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\PVRR.gif

[2012-03-20 18:18:35 | 000,048,942 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Monster-Energy.jpg

[2012-03-19 20:53:26 | 000,634,354 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\skanowanie0004.jpg

[2012-03-19 20:53:20 | 000,893,650 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\skanowanie0003.jpg

[2012-03-19 20:51:02 | 001,839,946 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Volvo1995-2.pdf

[2012-03-19 20:48:27 | 000,829,740 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\1996MY-PressKit.pdf

[2012-03-19 20:46:11 | 000,519,258 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\1994ModelYearPressKit2.pdf

[2012-03-19 20:42:44 | 001,861,934 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\1994MY-PressKit.pdf

[2012-03-19 20:33:30 | 000,987,319 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\460PressKit.pdf

[2012-03-19 20:08:46 | 000,186,162 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\marshalltsl122-2.jpg

[2012-03-19 20:07:38 | 000,267,151 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\marshalltsl100nowy.jpg

[2012-03-18 15:12:27 | 000,048,421 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\pics-max-9338-165480-volvo-440.jpg

[2012-03-17 00:01:10 | 000,036,221 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Seymour 66tele 045.gif

[2012-03-17 00:00:39 | 000,062,632 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Seymour standard_tele 094.jpg

[2012-03-16 23:59:42 | 000,052,443 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Seymour 53tele 044.gif

[2012-03-15 20:13:03 | 000,518,728 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\20120308085-001.jpg

[2012-03-13 22:14:44 | 000,009,894 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\PVRR.jpg

[2012-03-13 21:35:12 | 000,016,393 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Ibanez - RG170,270,450,470,RX170,S470,240.gif

[2012-03-13 21:24:33 | 000,014,008 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Ibanez - RXxxx - wele modeli.gif

[2012-03-13 21:18:38 | 000,014,612 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Ibanez - RX650,RX350,RX352.gif

[2012-03-13 19:51:51 | 000,152,975 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\tester.psd

[2012-03-13 19:51:39 | 000,002,988 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Tester.png

[2012-03-13 18:16:00 | 000,016,482 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Ibanez - RG770, RG770G, JEM555.gif

[2012-03-12 20:34:17 | 000,003,573 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\graphic.png

[2012-03-12 18:13:32 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\Hyde.png

[2012-03-12 18:13:19 | 000,193,878 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\hyde.psd

[2012-03-11 15:06:32 | 000,030,458 | ---- | C] () -- C:\Documents and Settings\Hyde\Pulpit\21lvr4z.jpg

[2012-02-25 23:51:38 | 000,294,224 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2012-02-25 23:51:38 | 000,294,224 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2012-02-25 23:51:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2012-02-25 23:50:54 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2012-02-23 23:19:50 | 000,995,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2011-11-16 17:45:25 | 000,000,732 | ---- | C] () -- C:\WINDOWS\fnerr.dat

[2011-11-08 23:08:57 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2011-05-22 10:08:38 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI

[2011-03-20 16:20:57 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll

[2010-11-26 17:01:27 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2010-11-26 17:01:27 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2010-11-26 17:01:25 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin

[2010-09-02 21:04:31 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Hyde\Dane aplikacji\burnaware.ini

[2010-07-27 13:12:07 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-07-27 13:12:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010-07-27 13:11:59 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-07-27 13:11:59 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010-07-27 13:11:59 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010-07-26 10:32:35 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010-07-22 14:04:00 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Hyde\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-06-29 11:56:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010-06-23 00:37:03 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010-06-23 00:35:18 | 004,199,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-06-22 23:06:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010-06-22 23:04:13 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI

[2010-06-22 22:52:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010-06-22 22:47:53 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat


[color=#E56717]========== LOP Check ==========[/color]


[2010-06-22 23:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

[2011-10-10 20:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk

[2012-02-20 17:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software

[2011-11-16 17:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bitstream

[2010-09-08 18:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2010-06-22 23:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2012-02-07 23:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations

[2011-07-24 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla

[2012-04-09 11:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Martau

[2010-12-03 15:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia

[2011-02-21 10:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2010-12-03 15:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

[2012-03-18 18:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RDRM

[2010-11-18 23:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony

[2011-02-20 20:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2011-02-27 22:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Audacity

[2011-10-29 14:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Bradsoft.com

[2010-09-08 18:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\DAEMON Tools Lite

[2011-11-07 23:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\EurekaLog

[2012-04-09 01:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\FileZilla

[2010-08-05 11:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Gadu-Gadu 10

[2011-11-01 21:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\GHISLER

[2011-01-26 21:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Hardcore

[2012-03-18 17:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\ipla

[2010-12-23 19:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Kingston

[2011-08-01 09:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Leadertech

[2010-10-03 15:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Nokia

[2011-12-21 19:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Notepad++

[2010-06-27 08:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\OpenFM

[2012-02-19 10:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\OpenOffice.ux.pl2

[2012-02-07 21:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\PC Suite

[2011-01-12 20:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Registry Mechanic

[2010-11-18 23:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Sony

[2010-11-18 21:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Sony Setup

[2011-02-27 12:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Thunderbird

[2010-12-18 12:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\Tibia

[2012-04-04 19:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hyde\Dane aplikacji\uTorrent


[color=#E56717]========== Purity Check ==========[/color]




[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D1B5B4F1


< End of report >

fiesta , już tak próbowałem. Wyskakuje mi błąd że avast! jest zabezpieczony i nie można go odinstalować. A włączyć programu i wyłączyć tego zabezpieczenia nie mogę, bo po próbie uruchomienia programu po kilku sekundach wywala błąd. Pierwszy obrazek w pierwszym poście.

#5

Czy Uninstall Utility uruchomiłeś w trybie awaryjnym?

Po uruchomieniu komputera naciskaj F8 i wybierz tryb awaryjny.

#6

wklej w okno otl -> nastepnie wykonaj skrypt zatwierdź ponownie uruchomienie komputera.

:OTL


PRC - [2012-02-23 18:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe


SRV - [2012-02-23 18:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


DRV - [2012-02-23 18:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)


DRV - [2012-02-23 18:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)


DRV - [2012-02-23 18:10:46 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)


DRV - [2012-02-23 18:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)


DRV - [2012-02-23 18:10:25 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)


DRV - [2012-02-23 18:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)


DRV - [2012-02-23 18:07:33 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)


O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)


O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)


O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)


:Files


C:\Program Files\AVAST Software\Avast\avastUI.exe 


:Commands

[emptytemp]
#7

Jak chcę uruchomić tryb awaryjny to odpala mi się czarny ekran z “migającą kreseczką” i nic więcej :expressionless:

Jak wrócę do domu to wykonam ten skrypt i dam znać czy zadziałało :slight_smile: Wiadomość doklejona:** klopers33 , wykonałem Twój skrypt i bez zmian. Dalej AvastUI.exe siedzi w procesach. Oto log** który otrzymałem po wykonaniu skryptu:

All processes killed

========== OTL ==========

Unable to kill active process AvastUI.exe!

Service avast! Antivirus stopped successfully!

Service avast! Antivirus deleted successfully!

File move failed. C:\Program Files\AVAST Software\Avast\AvastSvc.exe scheduled to be moved on reboot.

Error: Unable to stop service aswSnx!

Unable to delete service\driver key aswSnx.

File move failed. C:\WINDOWS\system32\drivers\aswSnx.sys scheduled to be moved on reboot.

Error: Unable to stop service aswSP!

Unable to delete service\driver key aswSP.

File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.

Error: Unable to stop service aswRdr!

Unable to delete service\driver key aswRdr.

File move failed. C:\WINDOWS\system32\drivers\aswRdr.sys scheduled to be moved on reboot.

Error: Unable to stop service aswTdi!

Unable to delete service\driver key aswTdi.

File move failed. C:\WINDOWS\system32\drivers\aswTdi.sys scheduled to be moved on reboot.

Error: Unable to stop service aswMon2!

Unable to delete service\driver key aswMon2.

File move failed. C:\WINDOWS\system32\drivers\aswmon2.sys scheduled to be moved on reboot.

Error: Unable to stop service aswFsBlk!

Unable to delete service\driver key aswFsBlk.

File move failed. C:\WINDOWS\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.

Error: Unable to stop service Aavmker4!

Unable to delete service\driver key Aavmker4.

File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.

File move failed. C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.

File move failed. C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll scheduled to be moved on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast scheduled to be deleted on reboot.

File move failed. C:\Program Files\AVAST Software\Avast\AvastUI.exe scheduled to be moved on reboot.

========== FILES ==========

File move failed. C:\Program Files\AVAST Software\Avast\AvastUI.exe scheduled to be moved on reboot.

========== COMMANDS ==========


[EMPTYTEMP]


User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: All Users


User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: Hyde

->Temp folder emptied: 2085675747 bytes

->Temporary Internet Files folder emptied: 5167255 bytes

->Java cache emptied: 29641469 bytes

->FireFox cache emptied: 560520659 bytes

->Google Chrome cache emptied: 71171782 bytes

->Flash cache emptied: 125376 bytes


User: LocalService

->Temp folder emptied: 82513 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2134153 bytes

%systemroot%\System32 .tmp files removed: 17208582 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1961903 bytes

RecycleBin emptied: 100651850 bytes


Total Files Cleaned = 2 741,00 mb



OTL by OldTimer - Version 3.2.39.2 log created on 04102012_203029


Files\Folders moved on Reboot...

File move failed. C:\Program Files\AVAST Software\Avast\AvastSvc.exe scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\drivers\aswSnx.sys scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\drivers\aswSP.sys scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\drivers\aswRdr.sys scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\drivers\aswTdi.sys scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\drivers\aswmon2.sys scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\drivers\aswFsBlk.sys scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\drivers\aavmker4.sys scheduled to be moved on reboot.

File move failed. C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll scheduled to be moved on reboot.

File move failed. C:\Program Files\AVAST Software\Avast\AvastUI.exe scheduled to be moved on reboot.

C:\Documents and Settings\Hyde\Ustawienia lokalne\Temp\WERd170.dir00\appcompat.txt moved successfully.

C:\Documents and Settings\Hyde\Ustawienia lokalne\Temp\BITF.tmp moved successfully.


Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast scheduled to be deleted on reboot.
#8

czy komputer uruchomił się ponownie? wykonaj tą samą czynność w trybie awaryjnym tj. otwórz otl wklej do okna i wykonaj skrypt

#9

Tak jak już wspominałem wcześniej nie mogę uruchomić trybu awaryjnego. Na monitorze mam tylko migający kursor…

#10

http://www.programosy.pl/program,pocket-killbox.html

tym spróbuj

#11

Po zakończeniu odliczania wywala mi błąd:

72321606.jpg

#12

wklej to do notatnika i zapisz jako block.reg - typ - wszystkie pliki :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe]

"Debugger"="ntsd -d"

następnie nacisnij na ten plik block.reg dwukrotnie i zgódź się na dodanie wartości do rejestru, uruchom komputer ponownie i spróbuj odinstalować normalnie avasta

wpis ten w rejestrze zablokuje uruchamianie tego procesu

Dodane 10.04.2012 (Wt) 23:29

jeśli nie da rady usunąć normalnie to spróbuj wykonać skrypt OTL

#13

Potraktuj avasta linuksem, gwarantuje ci że tego nie wytrzyma.

Innymi słowy odpal live cd np. ubuntu, wejdź na partycję windowsową, zaznacz katalog avast shift+del, to samo ze sterownikami które podał ci klopers33

#14

Wyskoczył błąd że plik block.reg nie jest plikiem rejestru i że można tylko importować binarne pliki rejestru wewnątrz edytora rejestru…

#15

sadaj niech zrobi najpierw z tym rejestrem jak powiedziałem

Dodane 10.04.2012 (Wt) 23:32

poprawiam :

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe]

"Debugger"="ntsd -d"

Dodane 10.04.2012 (Wt) 23:33

pamiętaj żeby zapisać jako “wszystkie pliki” nazwa - “block.reg”

#16

Teraz wyskakuje błąd , iż nie można zaimportować pliku block.reg, ponieważ wystąpił “jakiś” błąd przy dostępie do rejestru

#17

zrób full skan OTL - wyglada na infekcje

instrukcja: otl-gmer-rsit-dss-inne-instrukcje-t370405.html

zrob dokładnie wg. powyższej instrukcji

Dodane 10.04.2012 (Wt) 23:39

wejdz w uruchom -> wpisz regedit.exe -> i przejdź do “Image File Execution Options” tam dodaj wpis “AvastUI.exe”

Dodane 10.04.2012 (Wt) 23:45

jak zrobisz log otl , i manualne wpisanie do rejestru procesu do zablokowania sie nie uda, to napisze do admina on cie przeniesie do bezpieczeństwa i tam sie tobą zajmą pod kątem infekcji, ale najpierw spróbuj manualnie dodać wpis, jak sie uda to uruchom ponownie i spróbuj wykonać skrypt, jeśli sie nie uda, to wykonaj log wg. instrukcji którą ci podałem.

(jak bedzie potrzeba loga) to pamiętaj żeby wrzucic na www.wklej.org (wielu ludzi wkleja na www.wklejto.pl ale logi tam są nieczytelne)

#18

Jak tworzę nowy klucz w “Image File Execution Options” o nazwie “AvastUI.exe” to wywala błąd przy zmianie nazwy klucza.

#19

możesz przez linuxa kombinować, ale to wygląda na infekcje

1.rejestr nie działa tak jak powinien

  1. tryb awaryjny nie działa

wykonaj log otl według instrukcji, wklej na http://www.wklej.org

jak już tutaj podasz linki do logow to napisze do admina o przeniesienie.

Dodane 10.04.2012 (Wt) 23:55

przez linuxa nie proponuje bo to nie rozwiąże w pełni problemu poprostu, a w dziale bezpieczeństwo wszystko rozwiążą i bedziesz miał pewnośc że komputer jest czysty, a w czystym komputerze działa tryb awaryjny , rejestr itp itd.

#20

Dzięki kloperss33 za pomoc :smiley:

OTL.Txt : http://wklej.to/24YZD

Extras.Txt : http://wklej.to/mBkOS