Extras.Txt

Greenerweb - Jak się tego pozbyć ?

Witam Nie potrafię usunąć greenerweb . Niestety PC był używany przez jakiś czas bez antywirusa i firewalla więc pewnie więcej tego dziadostwa siedzi a ja staram się pomóc koledze . Załączam logi i proszę o pomoc .


OTL Extras logfile created on: 2014-07-23 23:03:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ire\Desktop\Logi
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,50 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 72,61% Memory free
3,00 Gb Paging File | 2,32 Gb Available in Paging File | 77,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 26,30 Gb Free Space | 67,35% Space Free | Partition Type: NTFS
Drive D: | 53,71 Gb Total Space | 22,91 Gb Free Space | 42,65% Space Free | Partition Type: NTFS
Drive E: | 56,27 Gb Total Space | 56,10 Gb Free Space | 99,71% Space Free | Partition Type: NTFS

Computer Name: IRE-KOMPUTER | User Name: Ire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\ & lt; extension & gt; ]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe " %1 " ,%* (Microsoft Corporation)
exefile [open] -- " %1 " %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML " %1 "
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe " %1 " (Microsoft Corporation)
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd " %V " (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
" cval " = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
" VistaSp1 " = Reg Error: Unknown registry data type -- File not found
" AntiVirusOverride " = 0
" AntiSpywareOverride " = 0
" FirewallOverride " = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
" EnableFirewall " = 0
" DisableNotifications " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
" EnableFirewall " = 0
" DisableNotifications " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
" EnableFirewall " = 0
" DisableNotifications " = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
" {028C93F0-3163-4627-8C22-24C8A7122412} " = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
" {0F918553-1BF4-447E-91C3-36DAF26EB69B} " = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
" {10065577-4BAB-46BD-B73D-4A4FADFB1790} " = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
" {2D7CFB46-88E4-4851-BB12-41E744D0BE24} " = lport=137 | protocol=17 | dir=in | app=system |
" {2FD559AB-CB22-45B5-962F-5F9D87D3AD3E} " = rport=137 | protocol=17 | dir=out | app=system |
" {32389BEA-477D-4028-8E63-47E3D5D652D9} " = lport=10243 | protocol=6 | dir=in | app=system |
" {386E0651-D4FB-4895-8BA1-A2E942BDC79A} " = rport=10243 | protocol=6 | dir=out | app=system |
" {439BD97D-0FE7-4C08-8070-3A09D89D1966} " = rport=445 | protocol=6 | dir=out | app=system |
" {53B0FE58-5F72-46AA-96D7-CB030C847E55} " = rport=139 | protocol=6 | dir=out | app=system |
" {55D2566F-C215-4C09-BEA8-1F1E1F5F27F8} " = lport=2869 | protocol=6 | dir=in | app=system |
" {601AE381-3C21-4ADE-AD54-7730F3D0B3E0} " = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
" {642F9F35-889A-431F-8DB8-7E0459EC4898} " = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
" {670A6972-A062-4E40-A2B3-A47F8DA1BD0E} " = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
" {914765FC-A433-4790-A935-C0897703542B} " = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
" {A3BD6B24-4573-4F86-B048-B62C3E94E52E} " = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
" {AFD6B9F3-D90E-4112-91E8-EE199328531F} " = lport=445 | protocol=6 | dir=in | app=system |
" {B4306583-7370-464D-9934-E6C365A1A9F4} " = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
" {EA2F09FE-F8A3-479C-B8E6-DACFB311AAD5} " = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
" {EE814372-C45E-4C0F-9300-3C3AF7EC9651} " = rport=138 | protocol=17 | dir=out | app=system |
" {F06824B6-6F3C-4643-B84F-D9D5EC4D2FA2} " = lport=139 | protocol=6 | dir=in | app=system |
" {FF318946-5920-40BB-93F3-F5D47E3EF4F4} " = lport=138 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
" {157E3ADD-DD17-431F-8156-81F0E6BF693D} " = protocol=58 | dir=in | app=system |
" {2686AC03-8DE1-44FA-8FB2-4D9E66173855} " = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
" {26FE773A-FB4A-431E-B65D-97B6CBAED248} " = protocol=6 | dir=out | app=system |
" {3CEFEA06-DFDA-4BB7-A0D6-0A4E4B485643} " = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
" {5BFF41EF-DCD8-427B-84A7-605B58E789F4} " = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
" {5DD560CC-DD63-4844-8579-24FB59B475B7} " = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
" {691CFB53-B357-419E-8E2B-A703BFF3B6CB} " = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
" {691E2D68-79AD-46DB-B6E9-494F74CFA159} " = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
" {8F65B516-21AC-438F-8287-740DF6634156} " = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
" {98B11CDA-33C8-449D-A147-F111EFFE5922} " = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
" {AF8B94E8-78E5-4DA7-A8AD-0D4074F725C3} " = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
" {B77A0C1B-1037-4DDF-8877-2EC640D817BB} " = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
" {BE2AA428-6D32-401F-A1C1-40296916FAED} " = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
" {D6E46C8B-49F3-4BCB-9E12-22E81E2BEF70} " = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
" {D75AB1FD-0FEF-4B45-BABE-1ABEAFC6B0A8} " = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
" {DEC85769-CCB2-4238-895D-613779BC41F8} " = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
" {DED0410A-7C0F-4E57-967E-B724A133B4AB} " = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
" {F96E8915-ACD1-4D38-9009-EA550737D69A} " = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6} " = COMODO Internet Security Premium
" {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} " = Microsoft Silverlight
" {AC76BA86-7AD7-1045-7B44-AB0000000001} " = Adobe Reader XI (11.0.07) - Polish
" {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} " = Realtek High Definition Audio Driver
" {FB08F381-6533-4108-B7DD-039E11FBC27E} " = Realtek AC'97 Audio
" 7-Zip " = 7-Zip 9.20
" Adobe Flash Player Plugin " = Adobe Flash Player 14 Plugin
" CCleaner " = CCleaner
" ffdshow_is1 " = ffdshow v1.3.4530 [2014-02-09]
" Malwarebytes Anti-Malware_is1 " = Malwarebytes Anti-Malware wersja 2.0.2.1012
" Mozilla Firefox 30.0 (x86 pl) " = Mozilla Firefox 30.0 (x86 pl)
" MozillaMaintenanceService " = Mozilla Maintenance Service
" PrivDog " = PrivDog
" SMPlayer " = SMPlayer 14.3.0

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2014-07-23 11:32:59 | Computer Name = Ire-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-07-23 15:20:47 | Computer Name = Ire-Komputer | Source = Software Protection Platform Service | ID = 8198
Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9

Error - 2014-07-23 15:20:47 | Computer Name = Ire-Komputer | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000.

Error - 2014-07-23 15:22:25 | Computer Name = Ire-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-07-23 15:23:23 | Computer Name = Ire-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla " C:\Windows\System32\systemcpl.dll " .
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language= " & #x2a; " ,processorArchitecture= " & #x2a; " ,publicKeyToken= " 436865772d574741 " ,type= " win32 " ,version= " 6.0.0.0 " .
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2014-07-23 16:18:09 | Computer Name = Ire-Komputer | Source = Software Protection Platform Service | ID = 8198
Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9

Error - 2014-07-23 16:18:09 | Computer Name = Ire-Komputer | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000.

Error - 2014-07-23 16:19:37 | Computer Name = Ire-Komputer | Source = WinMgmt | ID = 10
Description =

Error - 2014-07-23 17:01:12 | Computer Name = Ire-Komputer | Source = Application Hang | ID = 1002
Description = Program OTL.exe w wersji 3.2.69.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: e58 Godzina rozpoczęcia: 01cfa6b8e1166567 Godzina zakończenia:
21 Ścieżka aplikacji: C:\Users\Ire\Desktop\Logi\OTL.exe Identyfikator raportu: 7723601e-12ac-11e4-a790-00161774b542


Error - 2014-07-23 17:03:00 | Computer Name = Ire-Komputer | Source = Application Hang | ID = 1002
Description = Program OTL.exe w wersji 3.2.69.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 4ec Godzina rozpoczęcia: 01cfa6b93e7be7c1 Godzina zakończenia:
47 Ścieżka aplikacji: C:\Users\Ire\Desktop\Logi\OTL.exe Identyfikator raportu: b52e137e-12ac-11e4-a790-00161774b542


[ System Events ]
Error - 2014-07-15 09:31:57 | Computer Name = Ire-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom

Error - 2014-07-22 07:43:58 | Computer Name = Ire-Komputer | Source = cdrom | ID = 262159
Description = Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu.

Error - 2014-07-22 07:44:29 | Computer Name = Ire-Komputer | Source = cdrom | ID = 262159
Description = Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu.

Error - 2014-07-22 07:44:29 | Computer Name = Ire-Komputer | Source = cdrom | ID = 262159
Description = Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu.

Error - 2014-07-22 07:44:30 | Computer Name = Ire-Komputer | Source = cdrom | ID = 262159
Description = Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu.

Error - 2014-07-22 07:44:31 | Computer Name = Ire-Komputer | Source = cdrom | ID = 262159
Description = Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu.

Error - 2014-07-22 07:44:32 | Computer Name = Ire-Komputer | Source = atapi | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort1.

Error - 2014-07-22 07:44:32 | Computer Name = Ire-Komputer | Source = cdrom | ID = 262159
Description = Urządzenie \Device\CdRom0 nie jest jeszcze przygotowane do dostępu.

Error - 2014-07-22 08:24:52 | Computer Name = Ire-Komputer | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 14:22:27 na ?2014-?07-?22 było
nieoczekiwane.

Error - 2014-07-22 08:24:58 | Computer Name = Ire-Komputer | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: cdrom


& lt; End of report & gt;


Download file - link to post