Logi OTL - zwolnienie ogólne komputera

[ThonaR]

Witam. Ostatnio zauważyłem wolniejsze wczytywanie stron internetowych oraz niekiedy wolniejsze działanie systemu. Profilaktycznie wykonałem skan OTL-em, proszę o pomoc w jego sprawdzeniu. Oto log:

Kod: Zaznacz cały

OTL logfile created on: 2013-05-20 20:06:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\INNE\Pobrane
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 61,97% Memory free
2,99 Gb Paging File | 1,75 Gb Available in Paging File | 58,38% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,00 Gb Total Space | 26,49 Gb Free Space | 52,97% Space Free | Partition Type: NTFS
Drive D: | 182,79 Gb Total Space | 156,36 Gb Free Space | 85,54% Space Free | Partition Type: NTFS
 
Computer Name: KYLLOX_NOTEBOOK | User Name: KyLLoX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-05-20 20:05:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\INNE\Pobrane\OTL.exe
PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-04-09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013-03-30 20:17:45 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013-03-15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013-03-15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013-03-15 04:59:30 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013-03-07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-03-07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013-05-14 19:09:10 | 013,136,776 | ---- | M] () -- C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
MOD - [2013-04-09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013-04-09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013-04-09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013-04-09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013-04-09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012-06-18 17:24:30 | 000,260,096 | ---- | M] () -- D:\PROGRAMY\Notepad++\NppShell_05.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- D:\PROGRAMY\Spybot -- (SDWSCService)
SRV - File not found [Disabled | Stopped] -- D:\PROGRAMY\Spybot -- (SDUpdateService)
SRV - File not found [Disabled | Stopped] -- D:\PROGRAMY\Spybot -- (SDScannerService)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-17 13:19:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-04-10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-03-30 17:18:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013-03-20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- D:\PROGRAMY\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013-03-15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-03-07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-02-28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- D:\PROGRAMY\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-14 11:08:50 | 001,436,160 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\PROGRAMY\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013-03-15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013-03-07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013-03-07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013-03-07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013-03-07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013-03-07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-03-07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013-03-07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013-03-07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-08-23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012-08-23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Running] -- D:\PROGRAMY\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\PROGRAMY\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010-04-27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010-04-27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010-04-27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010-04-27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009-10-05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-09-16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009-07-14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1006\..\SearchScopes,DefaultScope =
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.31
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.0.4
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..browser.startup.homepage: "http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14&l=1&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\KyLLoX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-30 16:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\PROGRAMY\Mozilla Firefox\components [2013-04-17 13:17:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: D:\PROGRAMY\Mozilla Thunderbird\components [2013-05-18 10:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: D:\PROGRAMY\Mozilla Thunderbird\plugins
 
[2013-03-30 19:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Extensions
[2013-05-10 23:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions
[2013-04-17 13:22:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013-04-17 13:20:46 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013-04-17 13:26:32 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\netvideohunter@netvideohunter.com
[2013-05-10 23:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\staged
[2013-04-17 13:18:38 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\firefox\profiles\m6oy00xl.default\extensions\artur.dubovoy@gmail.com.xpi
[2013-04-17 13:22:01 | 000,022,038 | ---- | M] () (No name found) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\firefox\profiles\m6oy00xl.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi
[2013-05-10 23:04:31 | 000,000,641 | ---- | M] () -- C:\Users\KyLLoX\AppData\Roaming\mozilla\firefox\profiles\m6oy00xl.default\searchplugins\WebSearch.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.pl/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Dysk Google = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\
CHR - Extension: DoNotTrackMe = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.520_0\
CHR - Extension: AdBlock = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Gmail = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013-04-17 11:36:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3970431004-499842848-88470366-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3970431004-499842848-88470366-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3970431004-499842848-88470366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 1
O7 - HKU\S-1-5-21-3970431004-499842848-88470366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3970431004-499842848-88470366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3970431004-499842848-88470366-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16BCF2F3-E5D6-4D9B-A1F6-0B39B234982A}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A51EDE8-BDE5-4A15-9EE1-DD9E39834CAE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013-05-18 19:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013-05-18 08:51:43 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 12 REAL PERFORMANCE OPTIMIZER V. 1.0 BY DOCTOR+ PRODUCTIONS
[2013-05-18 08:19:53 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\Documents\FIFA 12
[2013-05-18 08:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12
[2013-05-18 07:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013-05-18 07:53:12 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Origin
[2013-05-18 07:53:08 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Local\Origin
[2013-05-18 07:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013-05-18 07:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013-05-18 07:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2013-05-17 15:09:34 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Local\Logitech
[2013-05-14 22:20:24 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-05-14 22:20:22 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-05-14 22:20:22 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-05-14 22:20:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-05-14 22:20:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-05-14 22:20:20 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-05-14 22:20:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-05-14 22:20:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-05-14 22:20:20 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-05-14 22:20:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-05-14 22:13:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013-05-14 22:09:54 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-05-14 22:09:52 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013-05-14 22:09:47 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013-05-14 22:09:47 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013-05-11 22:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013-05-11 22:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2013-05-11 22:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013-05-11 21:15:21 | 000,414,272 | ---- | C] (Hacked with Joy !) -- C:\Windows\System32\DivXc32f.dll
[2013-05-11 21:15:21 | 000,414,272 | ---- | C] (Hacked with Joy !) -- C:\Windows\System32\DivXc32.dll
[2013-05-11 21:15:21 | 000,240,400 | ---- | C] (Hacked With Joy !    ) -- C:\Windows\System32\DIVX_c32.ax
[2013-05-11 21:15:20 | 000,389,120 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2013-05-11 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013-05-10 23:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013-05-08 21:43:24 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013-05-08 21:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki
[2013-05-08 12:54:02 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2013-05-08 12:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013-05-07 12:23:00 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\TuneUp Software
[2013-05-07 12:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013-05-07 12:20:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013-05-01 18:35:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013-05-01 16:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-05-01 16:28:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-05-01 16:28:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-05-01 16:28:47 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-04-30 15:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
[2013-04-29 21:23:12 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Media Player Classic
[2013-04-26 14:50:13 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Local\Ubisoft
[2013-04-26 14:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-04-22 19:08:31 | 000,000,000 | -HSD | C] -- C:\Boot
[2013-04-22 11:25:51 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013-04-21 17:25:40 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\vlc
[2013-04-21 17:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013-05-20 20:05:29 | 001,572,864 | -HS- | M] () -- C:\Users\KyLLoX\NTUSER.DAT
[2013-05-20 09:48:57 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-05-20 09:48:57 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-05-20 09:46:04 | 001,601,594 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2013-05-20 09:46:04 | 000,715,756 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-05-20 09:46:04 | 000,631,104 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-05-20 09:46:04 | 000,145,688 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-05-20 09:46:04 | 000,114,026 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-05-20 09:41:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013-05-20 09:41:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-20 09:41:04 | 002,974,164 | -H-- | M] () -- C:\Users\KyLLoX\AppData\Local\IconCache.db
[2013-05-18 20:01:41 | 000,000,957 | ---- | M] () -- C:\Users\KyLLoX\Desktop\RockNESX.lnk
[2013-05-18 08:15:00 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2013-05-17 15:05:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013-05-16 08:57:56 | 000,027,400 | ---- | M] () -- C:\Users\KyLLoX\AppData\Local\recently-used.xbel
[2013-05-15 18:44:23 | 000,000,505 | ---- | M] () -- C:\Users\Public\Desktop\OMSI.lnk
[2013-05-15 09:02:17 | 000,319,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-05-08 21:41:27 | 000,000,720 | ---- | M] () -- C:\Users\KyLLoX\Desktop\Tom Clancy's Splinter Cell Pandora Tomorrow.lnk
[2013-05-07 23:32:04 | 000,524,288 | -HS- | M] () -- C:\Users\KyLLoX\NTUSER.DAT{94f9023c-b703-11e2-9c3a-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2013-05-07 23:32:04 | 000,524,288 | -HS- | M] () -- C:\Users\KyLLoX\NTUSER.DAT{94f9023c-b703-11e2-9c3a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2013-05-07 23:32:04 | 000,065,536 | -HS- | M] () -- C:\Users\KyLLoX\NTUSER.DAT{94f9023c-b703-11e2-9c3a-806e6f6e6963}.TM.blf
[2013-05-07 12:49:44 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013-05-07 12:47:23 | 001,310,720 | -HS- | M] () -- C:\Users\KyLLoX\NTUSER.DAT_tureg_old
[2013-05-05 20:34:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013-05-05 20:34:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013-05-02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013-05-01 16:30:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013-04-30 16:32:12 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013-04-30 16:32:12 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013-04-26 14:48:48 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Tom Clancy's Splinter Cell Chaos Theory.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-05-18 20:01:41 | 000,000,957 | ---- | C] () -- C:\Users\KyLLoX\Desktop\RockNESX.lnk
[2013-05-18 08:15:00 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2013-05-17 15:05:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013-05-16 08:57:56 | 000,027,400 | ---- | C] () -- C:\Users\KyLLoX\AppData\Local\recently-used.xbel
[2013-05-15 18:35:16 | 000,000,505 | ---- | C] () -- C:\Users\Public\Desktop\OMSI.lnk
[2013-05-11 21:15:21 | 000,053,248 | ---- | C] () -- C:\Windows\System32\DivXAF.ax
[2013-05-11 21:15:20 | 000,626,688 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2013-05-11 21:15:20 | 000,385,024 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2013-05-11 21:15:20 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2013-05-08 21:41:27 | 000,000,720 | ---- | C] () -- C:\Users\KyLLoX\Desktop\Tom Clancy's Splinter Cell Pandora Tomorrow.lnk
[2013-05-07 12:49:52 | 000,524,288 | -HS- | C] () -- C:\Users\KyLLoX\NTUSER.DAT{94f9023c-b703-11e2-9c3a-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2013-05-07 12:49:52 | 000,524,288 | -HS- | C] () -- C:\Users\KyLLoX\NTUSER.DAT{94f9023c-b703-11e2-9c3a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2013-05-07 12:49:52 | 000,065,536 | -HS- | C] () -- C:\Users\KyLLoX\NTUSER.DAT{94f9023c-b703-11e2-9c3a-806e6f6e6963}.TM.blf
[2013-05-05 20:34:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013-05-05 20:34:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013-04-26 14:48:48 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Tom Clancy's Splinter Cell Chaos Theory.lnk
[2013-04-18 16:17:19 | 000,000,017 | ---- | C] () -- C:\Users\KyLLoX\AppData\Local\resmon.resmoncfg
[2013-04-04 17:52:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2013-04-01 14:02:10 | 000,139,048 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013-04-01 14:02:10 | 000,138,056 | ---- | C] () -- C:\Users\KyLLoX\AppData\Roaming\PnkBstrK.sys
[2013-04-01 14:01:58 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013-04-01 14:01:56 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2013-04-01 14:01:56 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2013-03-31 09:42:38 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013-03-30 19:02:47 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2013-03-30 16:43:59 | 000,072,688 | ---- | C] () -- C:\Users\KyLLoX\AppData\Local\GDIPFONTCACHEV1.DAT
[2013-03-30 16:35:44 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-03-30 16:35:44 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013-03-30 16:29:56 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013-03-30 16:29:16 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2013-03-30 16:29:16 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2013-03-30 16:29:16 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2013-03-30 16:26:14 | 002,974,164 | -H-- | C] () -- C:\Users\KyLLoX\AppData\Local\IconCache.db
[2013-03-30 16:22:08 | 001,601,594 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2013-03-30 16:17:28 | 001,572,864 | -HS- | C] () -- C:\Users\KyLLoX\NTUSER.DAT
[2013-03-30 16:17:28 | 001,310,720 | -HS- | C] () -- C:\Users\KyLLoX\NTUSER.DAT_tureg_old
[2013-03-30 16:17:28 | 000,524,288 | -HS- | C] () -- C:\Users\KyLLoX\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013-03-30 16:17:28 | 000,524,288 | -HS- | C] () -- C:\Users\KyLLoX\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2013-03-30 16:17:28 | 000,065,536 | -HS- | C] () -- C:\Users\KyLLoX\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2013-03-30 16:17:28 | 000,000,020 | -HS- | C] () -- C:\Users\KyLLoX\ntuser.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


oraz Extras :

Kod: Zaznacz cały

OTL Extras logfile created on: 2013-05-20 20:06:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\INNE\Pobrane
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 61,97% Memory free
2,99 Gb Paging File | 1,75 Gb Available in Paging File | 58,38% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,00 Gb Total Space | 26,49 Gb Free Space | 52,97% Space Free | Partition Type: NTFS
Drive D: | 182,79 Gb Total Space | 156,36 Gb Free Space | 85,54% Space Free | Partition Type: NTFS
 
Computer Name: KYLLOX_NOTEBOOK | User Name: KyLLoX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3970431004-499842848-88470366-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\PROGRAMY\Spybot - Search & Destroy 2\SDTray.exe" = D:\PROGRAMY\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"D:\PROGRAMY\Spybot - Search & Destroy 2\SDFSSvc.exe" = D:\PROGRAMY\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"D:\PROGRAMY\Spybot - Search & Destroy 2\SDUpdate.exe" = D:\PROGRAMY\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"D:\PROGRAMY\Spybot - Search & Destroy 2\SDUpdSvc.exe" = D:\PROGRAMY\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D821870-4440-49CC-860B-4ABA74022725}" = rport=139 | protocol=6 | dir=out | app=system |
"{38279327-235A-4CE3-AD3F-EB7F50EA29CE}" = rport=445 | protocol=6 | dir=out | app=system |
"{3AFAF4C1-69D5-41F7-A77E-64EDA62AE0FA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3DA887C2-F926-4C9F-B418-59BBDA0188FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{450642A1-884E-462C-BE0C-4E2520A8E5F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{465916ED-EEA7-46D4-B348-A69FF2BC601D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4B48EBD1-938B-474E-B6EA-92BD4D153ABD}" = lport=137 | protocol=17 | dir=in | app=system |
"{4B89D847-E6CC-46A9-9226-83A59108D8A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CC521F2-892A-4E2A-9E2F-ECFA3039D60E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{52B8B5FB-CF3F-486C-A216-576537CA301F}" = rport=137 | protocol=17 | dir=out | app=system |
"{876CEA2A-D191-4E3B-A22A-AAC86F16FFB6}" = rport=138 | protocol=17 | dir=out | app=system |
"{B21080F0-94D0-42E9-8D16-1A6AFB7508AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0DBF0A0-59BC-4E76-94BB-59325EA45886}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2E90CF3-699C-4C88-8F62-EE5378565D25}" = lport=138 | protocol=17 | dir=in | app=system |
"{D94CDC2D-6023-47A4-AF77-FE1322795DFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF2D5FE6-CDBF-44B5-BE7D-3ECF114AE3FC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E129C07D-36B8-4B8D-8D4B-5096452077A8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E99FE028-85A1-4FA2-A93E-52B48BC468EF}" = lport=445 | protocol=6 | dir=in | app=system |
"{EA944ED9-89AA-4F2E-843B-1B7F880957E7}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{ECAD067D-FA39-46EC-A3EA-8FF958C72946}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C09592-0523-48A5-B210-7E96AA5E8D63}" = protocol=17 | dir=in | app=d:\programy\steam\steam.exe |
"{0749F1AC-D921-4A0C-A81A-ED0F591DD255}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0D1D9587-C034-4B57-9EEB-DF970ECB63A8}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{10E00EDD-C879-4D48-98A4-C13F0BC6483C}" = protocol=6 | dir=in | app=c:\program files\origin\origin.exe |
"{17E68950-D0EC-43BB-8273-7F64B90B62C4}" = protocol=17 | dir=in | app=d:\gry\tom clancy's splinter cell conviction\src\system\gu.exe |
"{1F9579CE-A4DB-4461-ABA8-8A38B08BBEC5}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe |
"{24D29C8A-1992-4404-98DE-A2D6B3502E66}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2EBE527C-F94B-4F68-95B6-CEAFA1052704}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2F9055B8-AED8-4CAC-886F-FF3229736B11}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{46CDBA4F-445B-4D3D-BA73-E70FDCF7E0A9}" = protocol=17 | dir=in | app=d:\gry\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{5278F2AF-4D94-46CA-970C-310F4BF65438}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{557B4C2F-42E4-44E1-B180-97FCCA5ADFBE}" = dir=in | app=d:\gry\farming simulator 2013\farming simulator 2013\farmingsimulator2013game.exe |
"{5C3111DC-264F-44A4-BBF7-451B42BC677C}" = protocol=17 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{5D79F7D4-B11C-4977-AE6A-883AFDF3553A}" = dir=in | app=d:\programy\skype\phone\skype.exe |
"{73816303-A22B-45D8-B2F0-E6C800DA572A}" = protocol=6 | dir=in | app=d:\gry\tom clancy's splinter cell conviction\src\system\gu.exe |
"{75692189-97CC-4078-A498-B08DB0554383}" = protocol=6 | dir=in | app=d:\programy\steam\steam.exe |
"{845FFACE-5585-4A4A-B2DA-7E2C29FD76CB}" = protocol=17 | dir=in | app=c:\program files\origin\origin.exe |
"{8836713A-1EA9-4790-8419-04BBC64D4415}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{89AC89B0-2564-4E5D-A738-31EEE6B38FAE}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe |
"{A0F74BE2-545D-400C-9D2D-4940E8B5FD91}" = protocol=6 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{AEA3D411-E041-40B8-AA97-FB39E0E2655B}" = protocol=6 | dir=in | app=d:\gry\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{B89D99DA-2B73-4E96-844B-A30205547BA8}" = dir=in | app=d:\gry\farming simulator 2013\farming simulator 2013\farmingsimulator2013.exe |
"{BE189A52-B311-44DA-B3E6-84F91AFA2E9D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CEAC27B6-A438-4CF2-AB27-FDD20FD119CF}" = protocol=17 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{D0E22E8E-76E5-4D62-8922-3496EB2B1548}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D1AEC5A2-FFD8-4A29-B09B-A2BB9414795A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E1822EEF-5961-40B5-B83F-64252D98133D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E836C4FA-BA25-43D5-BBF6-077B836EBE64}" = protocol=6 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"TCP Query User{0560FBC4-BF3C-47E8-BC30-24CE2B00AFAD}D:\programy\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=d:\programy\spybot - search & destroy 2\sdupdate.exe |
"TCP Query User{38D4DFA5-11A5-4759-A3D4-CDE6EF3ACE6B}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"TCP Query User{AAE8B8C5-54B0-496A-92C9-6381295AC135}D:\gry\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=d:\gry\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{A6AF2CFB-C182-4815-A7BE-ECFCDDED2B60}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"UDP Query User{E59DC749-0CCB-4400-AF02-AAF11EB0A991}D:\programy\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=d:\programy\spybot - search & destroy 2\sdupdate.exe |
"UDP Query User{F64CABE7-AA42-47F1-8FF9-344C8126A267}D:\gry\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=d:\gry\splinter cell pandora tomorrow\pandora.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}" = LibreOffice 4.0.2.2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii
"{76A232AF-B7D6-41A4-B795-6B355E6D32B1}" = Tom Clancy's H.A.W.X. 2
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - The Bus Simulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common
"{AB0DBC9A-422A-4888-A8E5-A32EC1779E68}_is1" = Sunrise Seven 1.2.61
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AIMP3" = AIMP3
"AQQ" = WapSter AQQ
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"FarmingSimulator2013PL_is1" = Farming Simulator 2013
"Fraps" = Fraps
"Game Booster_is1" = Game Booster 3
"GIMP-2_is1" = GIMP 2.8.4
"Glary Utilities_is1" = Glary Utilities 2.55.0.1790
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.8.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 pl)" = Mozilla Firefox 20.0.1 (x86 pl)
"Mozilla Thunderbird 17.0.6 (x86 pl)" = Mozilla Thunderbird 17.0.6 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Odkurzacz 13.3_is1" = Odkurzacz
"Origin" = Origin
"PandoraTomorrow_is1" = Tom Clancy's Splinter Cell: Pandora Tomorrow
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Tunngle beta_is1" = Tunngle beta
"Unlocker" = Unlocker 1.9.1
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Podstawowe programy Windows Live
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3970431004-499842848-88470366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FIFA 12 REAL PERFORMANCE OPTIMIZER V. 1.0 BY DOCTOR+ PRODUCTIONS" = FIFA 12 REAL PERFORMANCE OPTIMIZER V. 1.0 BY DOCTOR+ PRODUCTIONS
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2013-04-10 11:33:24 | Computer Name = KyLLoX_Notebook | Source = VSS | ID = 8194
Description =
 
Error - 2013-04-25 16:31:01 | Computer Name = KyLLoX_Notebook | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Uplay.exe, wersja: 0.0.0.0, sygnatura
 czasowa: 0x5165852c  Nazwa modułu powodującego błąd: npuplaypchub.dll, wersja: 1.0.0.1,
 sygnatura czasowa: 0x51658483  Kod wyjątku: 0xc0000005  Przesunięcie błędu: 0x00009a40
Identyfikator
 procesu powodującego błąd: 0x284  Godzina uruchomienia aplikacji powodującej błąd:
 0x01ce41ec641032c3  Ścieżka aplikacji powodującej błąd: C:\Program Files\Ubisoft\Ubisoft
 Game Launcher\Uplay.exe  Ścieżka modułu powodującego błąd: C:\Program Files\Ubisoft\Ubisoft
 Game Launcher\npuplaypchub.dll  Identyfikator raportu: 0a9a7e08-ade7-11e2-9a85-001d72f73887
 
Error - 2013-04-26 08:35:40 | Computer Name = KyLLoX_Notebook | Source = VSS | ID = 8194
Description =
 
Error - 2013-05-05 14:24:34 | Computer Name = KyLLoX_Notebook | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: splintercell3.exe, wersja: 0.0.0.0,
 sygnatura czasowa: 0x431dda4a  Nazwa modułu powodującego błąd: splintercell3.exe,
 wersja: 0.0.0.0, sygnatura czasowa: 0x431dda4a  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x003d8f08  Identyfikator procesu powodującego błąd: 0x860  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01ce49ba87199084  Ścieżka aplikacji powodującej błąd:
 D:\GRY\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe  Ścieżka
modułu powodującego błąd: D:\GRY\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe
Identyfikator
 raportu: 08a1ada4-b5b1-11e2-8480-001d72f73887
 
Error - 2013-05-06 11:26:18 | Computer Name = KyLLoX_Notebook | Source = VSS | ID = 8194
Description =
 
Error - 2013-05-07 06:40:18 | Computer Name = KyLLoX_Notebook | Source = VSS | ID = 13
Description =
 
Error - 2013-05-07 06:40:18 | Computer Name = KyLLoX_Notebook | Source = VSS | ID = 12292
Description =
 
Error - 2013-05-08 06:18:04 | Computer Name = KyLLoX_Notebook | Source = Windows Installer 3.1 | ID = 921877
Description =
 
Error - 2013-05-08 06:52:57 | Computer Name = KyLLoX_Notebook | Source = VSS | ID = 8194
Description =
 
Error - 2013-05-18 02:14:05 | Computer Name = KyLLoX_Notebook | Source = VSS | ID = 8194
Description =
 
[ System Events ]
Error - 2013-05-18 01:45:01 | Computer Name = KyLLoX_Notebook | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
 
Error - 2013-05-18 06:18:35 | Computer Name = KyLLoX_Notebook | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
 
Error - 2013-05-18 10:02:57 | Computer Name = KyLLoX_Notebook | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
 
Error - 2013-05-18 10:13:55 | Computer Name = KyLLoX_Notebook | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
 
Error - 2013-05-18 10:36:25 | Computer Name = KyLLoX_Notebook | Source = Service Control Manager | ID = 7031
Description = Usługa Windows Defender niespodziewanie zakończyła pracę. Wystąpiło
 to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność
korekcyjna: Uruchom usługę ponownie.
 
Error - 2013-05-18 12:49:06 | Computer Name = KyLLoX_Notebook | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
 
Error - 2013-05-19 00:55:57 | Computer Name = KyLLoX_Notebook | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
 
Error - 2013-05-19 15:30:05 | Computer Name = KyLLoX_Notebook | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
 
Error - 2013-05-20 02:21:00 | Computer Name = KyLLoX_Notebook | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
 
Error - 2013-05-20 03:41:35 | Computer Name = KyLLoX_Notebook | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
 
 
< End of report >


[kominekl]

Podawanie Logów.

Logi podajemy poprzez Dostępne tylko dla zarejestrowanych użytkowników.

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"UnityWebPlayer" = Unity Web Player
"Glary Utilities_is1" = Glary Utilities 2.55.0.1790
"{AB0DBC9A-422A-4888-A8E5-A32EC1779E68}_is1" = Sunrise Seven 1.2.61

Odinstaluj.

Logi.

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

SRV - File not found [Disabled | Stopped] -- D:\PROGRAMY\Spybot -- (SDWSCService)
SRV - File not found [Disabled | Stopped] -- D:\PROGRAMY\Spybot -- (SDUpdateService)
SRV - File not found [Disabled | Stopped] -- D:\PROGRAMY\Spybot -- (SDScannerService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3970431004-499842848-88470366-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14
FF - prefs.js..browser.startup.homepage: "http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14&l=1&q="
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\KyLLoX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2013-04-17 13:22:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013-05-10 23:04:31 | 000,000,641 | ---- | M] () -- C:\Users\KyLLoX\AppData\Roaming\mozilla\firefox\profiles\m6oy00xl.default\searchplugins\WebSearch.xml
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
[2013-05-10 23:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013-05-07 12:23:00 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\TuneUp Software
[2013-05-07 12:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013-05-07 12:20:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

:Services
gupdate
gupdatem

:Files
C:\Program Files\Google\Update

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z Dostępne tylko dla zarejestrowanych użytkowników (z opcji Delete) + log z TDSSKiller + nowe logi z OTL.

[ThonaR]

Log z usuwania OTL-em :

Kod: Zaznacz cały

All processes killed
========== OTL ==========
Service SDWSCService stopped successfully!
Service SDWSCService deleted successfully!
File D:\PROGRAMY\Spybot not found.
Service SDUpdateService stopped successfully!
Service SDUpdateService deleted successfully!
File D:\PROGRAMY\Spybot not found.
Service SDScannerService stopped successfully!
Service SDScannerService deleted successfully!
File D:\PROGRAMY\Spybot not found.
Service EagleXNt stopped successfully!
Service EagleXNt deleted successfully!
File C:\Windows\system32\drivers\EagleXNt.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKU\S-1-5-21-3970431004-499842848-88470366-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3970431004-499842848-88470366-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3970431004-499842848-88470366-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3970431004-499842848-88470366-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3970431004-499842848-88470366-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: "http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14" removed from browser.startup.homepage
Prefs.js: "WebSearch" removed from browser.search.order.1
Prefs.js: "WebSearch" removed from browser.search.defaultenginename
Prefs.js: "WebSearch" removed from browser.search.selectedEngine
Prefs.js: "http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14&l=1&q=" removed from browser.search.defaulturl
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Prefs.js: "http://websearch.lookforithere.info/?pid=377&r=2013/05/10&hid=95779769&lg=EN&cc=PL&unqvl=14&l=1&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ deleted successfully.
C:\Users\KyLLoX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll moved successfully.
C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully.
C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully.
C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully.
C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully.
C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully.
C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully.
C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully.
C:\Users\KyLLoX\AppData\Roaming\mozilla\firefox\profiles\m6oy00xl.default\searchplugins\WebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
C:\ProgramData\InstallMate\{86B736B9-0B66-4963-AB88-43445D54144F} folder moved successfully.
C:\ProgramData\InstallMate\{8175B7F2-BECE-4253-A0B8-F6EC5A969504} folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
Folder C:\Users\KyLLoX\AppData\Roaming\TuneUp Software\ not found.
Folder C:\ProgramData\TuneUp Software\ not found.
C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
C:\Program Files\Google\Update\Install folder moved successfully.
C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.145 folder moved successfully.
C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully.
C:\Program Files\Google\Update\Download folder moved successfully.
C:\Program Files\Google\Update\1.3.21.145 folder moved successfully.
C:\Program Files\Google\Update folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 50271 bytes
->Temporary Internet Files folder emptied: 128 bytes

User: All Users

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: KyLLoX
->Temp folder emptied: 17695704 bytes
->Temporary Internet Files folder emptied: 1174135 bytes
->Java cache emptied: 303519 bytes
->FireFox cache emptied: 21984525 bytes
->Google Chrome cache emptied: 364110153 bytes
->Flash cache emptied: 1033 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 301568 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17624656 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 404,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05222013_180043

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ADWCleaner :

Kod: Zaznacz cały

# AdwCleaner v2.301 - Log utworzony 22/05/2013 o 18:06:12
# Aktualizacja 16/05/2013 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (32 bits)
# Użytkownik : KyLLoX - KYLLOXNOTEBOOK
# Tryb uruchomienia : Normalny
# Ścieżka : D:\INNE\Pobrane\adwcleaner.exe
# Opcja [Usuń]


***** [Usługi] *****


***** [Pliki / Foldery] *****


***** [Rejestr] *****

Klucz Usunięto : HKCU\Software\APN PIP
Klucz Usunięto : HKCU\Software\AppDataLow\SProtector
Klucz Usunięto : HKLM\Software\PIP
Klucz Usunięto : HKLM\Software\SProtector

***** [Przeglądarki Internetowe] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Rejestr w porządku.

-\\ Mozilla Firefox v20.0.1 (pl)

Plik : C:\Users\KyLLoX\AppData\Roaming\Mozilla\Firefox\Profiles\m6oy00xl.default\prefs.js

C:\Users\KyLLoX\AppData\Roaming\Mozilla\Firefox\Profiles\m6oy00xl.default\user.js ... Usunięto !

Usunięto : user_pref("extensions.518d6a9644628.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

-\\ Google Chrome v26.0.1410.64

Plik : C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Plik w porządku.

*************************

AdwCleaner[R4].txt - [1242 octets] - [22/05/2013 18:05:35]
AdwCleaner[S3].txt - [1261 octets] - [22/05/2013 18:06:12]

########## EOF - C:\AdwCleaner[S3].txt - [1321 octets] ##########


Log z TDSSKiller

Kod: Zaznacz cały

18:10:43.0247 3988      TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
18:10:43.0434 3988      ============================================================
18:10:43.0434 3988      Current date / time: 2013/05/22 18:10:43.0434
18:10:43.0434 3988      SystemInfo:
18:10:43.0434 3988       
18:10:43.0434 3988      OS Version: 6.1.7601 ServicePack: 1.0
18:10:43.0434 3988      Product type: Workstation
18:10:43.0434 3988      ComputerName: KYLLOXNOTEBOOK
18:10:43.0434 3988      UserName: KyLLoX
18:10:43.0434 3988      Windows directory: C:\Windows
18:10:43.0434 3988      System windows directory: C:\Windows
18:10:43.0434 3988      Processor architecture: Intel x86
18:10:43.0434 3988      Number of processors: 2
18:10:43.0434 3988      Page size: 0x1000
18:10:43.0434 3988      Boot type: Normal boot
18:10:43.0434 3988      ============================================================
18:10:45.0598 3988      Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:10:45.0601 3988      \Device\Harddisk0\DR0:
18:10:45.0601 3988      MBR used
18:10:45.0601 3988      \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6400000
18:10:45.0601 3988      \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6432800, BlocksNum 0x16D92800
18:10:45.0675 3988      Initialize success
18:10:45.0675 3988      ============================================================


Nowy log z OTL :

Kod: Zaznacz cały

OTL logfile created on: 2013-05-22 18:12:12 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = D:\PROGRAMY\OTL
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 74,06% Memory free
5,99 Gb Paging File | 5,23 Gb Available in Paging File | 87,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,00 Gb Total Space | 32,50 Gb Free Space | 65,00% Space Free | Partition Type: NTFS
Drive D: | 182,79 Gb Total Space | 139,15 Gb Free Space | 76,13% Space Free | Partition Type: NTFS

Computer Name: KYLLOXNOTEBOOK | User Name: KyLLoX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-05-20 20:05:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\PROGRAMY\OTL\OTL.exe
PRC - [2013-04-26 17:32:00 | 001,815,248 | ---- | M] (COMODO) -- D:\PROGRAMY\COMODO\COMODO Internet Security\cavwp.exe
PRC - [2013-04-25 01:30:16 | 004,443,912 | ---- | M] (COMODO) -- D:\PROGRAMY\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2013-04-25 01:29:50 | 009,478,352 | ---- | M] (COMODO) -- D:\PROGRAMY\COMODO\COMODO Internet Security\cis.exe
PRC - [2013-04-15 18:38:18 | 003,012,816 | ---- | M] (COMODO) -- D:\PROGRAMY\COMODO\COMODO Internet Security\CisTray.exe
PRC - [2013-03-30 20:17:45 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013-03-15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013-03-15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013-03-15 04:59:30 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2013-05-20 22:16:51 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-25 01:30:16 | 004,443,912 | ---- | M] (COMODO) [Auto | Running] -- D:\PROGRAMY\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013-04-15 18:38:20 | 000,127,184 | ---- | M] (COMODO) [On_Demand | Stopped] -- D:\PROGRAMY\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013-04-10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-03-30 17:18:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013-03-20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- D:\PROGRAMY\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013-03-15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-02-28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- D:\PROGRAMY\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-14 11:08:50 | 001,436,160 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\PROGRAMY\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2013-04-15 18:38:50 | 000,581,912 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013-04-15 18:38:50 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2013-03-15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-08-23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012-08-23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- D:\PROGRAMY\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\PROGRAMY\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010-04-27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010-04-27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010-04-27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010-04-27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009-10-05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-09-16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009-07-14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\PROGRAMY\Mozilla Firefox\components [2013-04-17 13:17:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: D:\PROGRAMY\Mozilla Thunderbird\components [2013-05-18 10:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: D:\PROGRAMY\Mozilla Thunderbird\plugins

[2013-03-30 19:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Extensions
[2013-05-21 10:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions
[2013-05-20 22:16:40 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013-04-17 13:26:32 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\KyLLoX\AppData\Roaming\mozilla\Firefox\Profiles\m6oy00xl.default\extensions\netvideohunter@netvideohunter.com
[2013-04-17 13:18:38 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\firefox\profiles\m6oy00xl.default\extensions\artur.dubovoy@gmail.com.xpi
[2013-05-20 22:16:37 | 000,032,665 | ---- | M] () (No name found) -- C:\Users\KyLLoX\AppData\Roaming\mozilla\firefox\profiles\m6oy00xl.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.pl/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Dysk Google = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.520_0\
CHR - Extension: AdBlock = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Gmail = C:\Users\KyLLoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-04-17 11:36:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O4 - HKLM..\Run: [COMODO Internet Security] D:\PROGRAMY\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16BCF2F3-E5D6-4D9B-A1F6-0B39B234982A}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A51EDE8-BDE5-4A15-9EE1-DD9E39834CAE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-05-22 15:28:32 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Leadertech
[2013-05-22 13:32:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2013-05-22 13:07:52 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013-05-22 13:07:37 | 000,000,000 | ---D | C] -- C:\Windows\System64
[2013-05-22 11:31:01 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\SystemRequirementsLab
[2013-05-22 11:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2013-05-22 11:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2013-05-21 21:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013-05-21 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013-05-21 16:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013-05-21 16:38:05 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013-05-21 16:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013-05-21 16:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013-05-21 11:37:09 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 12 FAST START V.1.0 BY DOCTOR+ PRODUCTIONS
[2013-05-21 11:16:05 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 12 REAL PERFORMANCE OPTIMIZER V. 1.0 BY DOCTOR+ PRODUCTIONS
[2013-05-21 10:45:47 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\Documents\FIFA 12
[2013-05-21 10:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12
[2013-05-21 08:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013-05-21 08:23:31 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Local\Origin
[2013-05-21 08:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013-05-21 08:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013-05-18 19:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013-05-18 07:53:12 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Origin
[2013-05-17 15:09:34 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Local\Logitech
[2013-05-14 22:20:24 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-05-14 22:20:22 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-05-14 22:20:22 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-05-14 22:20:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-05-14 22:20:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-05-14 22:20:20 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-05-14 22:20:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-05-14 22:20:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-05-14 22:20:20 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-05-14 22:20:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-05-14 22:13:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013-05-14 22:09:54 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-05-14 22:09:52 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013-05-14 22:09:47 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013-05-14 22:09:47 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013-05-11 22:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013-05-11 22:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2013-05-11 22:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013-05-11 21:15:21 | 000,414,272 | ---- | C] (Hacked with Joy !) -- C:\Windows\System32\DivXc32f.dll
[2013-05-11 21:15:21 | 000,414,272 | ---- | C] (Hacked with Joy !) -- C:\Windows\System32\DivXc32.dll
[2013-05-11 21:15:21 | 000,240,400 | ---- | C] (Hacked With Joy !    ) -- C:\Windows\System32\DIVX_c32.ax
[2013-05-11 21:15:20 | 000,389,120 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2013-05-11 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013-05-08 21:43:24 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013-05-08 21:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki
[2013-05-08 12:54:02 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2013-05-08 12:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013-05-01 18:35:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013-05-01 16:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-05-01 16:28:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-05-01 16:28:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-05-01 16:28:47 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-04-30 15:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
[2013-04-29 21:23:12 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Roaming\Media Player Classic
[2013-04-26 14:50:13 | 000,000,000 | ---D | C] -- C:\Users\KyLLoX\AppData\Local\Ubisoft
[2013-04-26 14:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-04-25 11:05:12 | 000,084,928 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2013-04-23 15:04:12 | 000,348,048 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2013-04-22 19:08:31 | 000,000,000 | -HSD | C] -- C:\Boot

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-05-22 18:17:21 | 001,474,785 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013-05-22 18:14:43 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-05-22 18:14:43 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-05-22 18:12:45 | 000,715,756 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013-05-22 18:12:45 | 000,631,104 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-05-22 18:12:45 | 000,145,688 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013-05-22 18:12:45 | 000,114,026 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-05-22 18:07:39 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-22 18:07:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-22 17:51:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-22 17:36:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-22 11:10:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013-05-21 10:44:50 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2013-05-20 22:16:51 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-05-20 22:16:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-05-18 20:01:41 | 000,000,957 | ---- | M] () -- C:\Users\KyLLoX\Desktop\RockNESX.lnk
[2013-05-17 15:05:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013-05-16 08:57:56 | 000,027,400 | ---- | M] () -- C:\Users\KyLLoX\AppData\Local\recently-used.xbel
[2013-05-15 18:44:23 | 000,000,505 | ---- | M] () -- C:\Users\Public\Desktop\OMSI.lnk
[2013-05-15 09:02:17 | 000,319,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-05-08 21:41:27 | 000,000,720 | ---- | M] () -- C:\Users\KyLLoX\Desktop\Tom Clancy's Splinter Cell Pandora Tomorrow.lnk
[2013-05-07 12:49:44 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013-05-05 20:34:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013-05-05 20:34:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013-05-02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013-05-01 16:30:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013-04-30 16:32:12 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013-04-30 16:32:12 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013-04-26 14:48:48 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Tom Clancy's Splinter Cell Chaos Theory.lnk
[2013-04-25 11:05:12 | 000,084,928 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2013-04-23 15:04:12 | 000,348,048 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-05-22 11:10:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013-05-21 16:38:20 | 001,474,785 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013-05-21 10:44:50 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2013-05-18 20:01:41 | 000,000,957 | ---- | C] () -- C:\Users\KyLLoX\Desktop\RockNESX.lnk
[2013-05-17 15:05:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013-05-16 08:57:56 | 000,027,400 | ---- | C] () -- C:\Users\KyLLoX\AppData\Local\recently-used.xbel
[2013-05-15 18:35:16 | 000,000,505 | ---- | C] () -- C:\Users\Public\Desktop\OMSI.lnk
[2013-05-11 21:15:21 | 000,053,248 | ---- | C] () -- C:\Windows\System32\DivXAF.ax
[2013-05-11 21:15:20 | 000,626,688 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2013-05-11 21:15:20 | 000,385,024 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2013-05-11 21:15:20 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2013-05-08 21:41:27 | 000,000,720 | ---- | C] () -- C:\Users\KyLLoX\Desktop\Tom Clancy's Splinter Cell Pandora Tomorrow.lnk
[2013-05-05 20:34:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013-05-05 20:34:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013-04-26 14:48:48 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Tom Clancy's Splinter Cell Chaos Theory.lnk
[2013-04-18 16:17:19 | 000,000,017 | ---- | C] () -- C:\Users\KyLLoX\AppData\Local\resmon.resmoncfg
[2013-04-04 17:52:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2013-04-01 14:02:10 | 000,139,048 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013-04-01 14:02:10 | 000,138,056 | ---- | C] () -- C:\Users\KyLLoX\AppData\Roaming\PnkBstrK.sys
[2013-04-01 14:01:58 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013-04-01 14:01:56 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2013-04-01 14:01:56 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2013-03-31 09:42:38 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013-03-30 16:29:56 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013-03-30 16:29:16 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2013-03-30 16:29:16 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2013-03-30 16:29:16 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

[XMan]

Regulamin Bezpieczeństwa.

Proszę nie korzystać z tagów QUOTE oraz CODE
Do wrzucania logów korzystamy tylko i jedynie z serwisu Dostępne tylko dla zarejestrowanych użytkowników
Jest on najlepszy z powodu nie obcinania długich partii tekstu i nie cechuje się ,,duperelami"

[kominekl]

ADWCleaner.

Naciśnij w nim przycisk Odinstaluj.

Logi.

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
[2013-05-22 13:07:37 | 000,000,000 | ---D | C] -- C:\Windows\System64

:Files
C:\Windows\tasks\*.*

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z Autoruns.

[ThonaR]

Log z usuwanie OTL-em :

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
C:\Windows\System64 folder moved successfully.
========== FILES ==========
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GlaryInitialize.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
File move failed. C:\Windows\tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: KyLLoX
->Temp folder emptied: 3319954 bytes
->Temporary Internet Files folder emptied: 101536 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 354855756 bytes
->Flash cache emptied: 405 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 420 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 342,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05222013_213010

Files\Folders moved on Reboot...
C:\Windows\tasks\SCHEDLGU.TXT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Log z Autoruns :

Dostępne tylko dla zarejestrowanych użytkowników

[kominekl]

Autoruns.

W trybie awaryjnym, w Autoruns odznacz, a następnie usuń (co się będzie dało):

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms

Wszystko.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

XboxStat

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

Wszystko.

HKLM\SOFTWARE\Classes\Protocols\Handler

Wszystko.

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

Wszystko.

Task Scheduler

Wszystko.

HKLM\System\CurrentControlSet\Services

AdobeARMservice
Hamachi2Svc
MozillaMaintenance
nvsvc
nvUpdatusService
PnkBstrA
PnkBstrB
SkypeUpdate
Steam Client Service
WinDefend
wlidsvc

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

Wszystko.

Następnie podajesz nowe logi z OTL.

[ThonaR]

A czy jeżeli to odznaczę to co podałeś to te programy przestaną działać ? np. 7-zip którego używam czy steam ?

[kominekl]

A czy jeżeli to odznaczę to co podałeś to te programy przestaną działać ? np. 7-zip którego używam czy steam ?

Nie. To od Steam`a możesz zostawić, jeśli Go używasz (to od 7-Zip usuń).

[ThonaR]

Przepraszam za głupie pytania, ale chcę rozwiać swoje wątpliwości. Otóż mam wyłączyć te programy w Autoruns i czy one za 100% będą działać gdy będę ich potrzebował ? Bo pamiętam, że kiedyś wyłączyłem hamachi i potem gdy chciałem go użyć, wyskoczył komunikat z błędem i program się nie uruchomił. Musiałem w Autoruns ponownie zaznaczyć hamachi, zrestartować komputer i hamachi działało. Więc chcę się upewnić, czy po odznaczeniu tego co mi podano wszytko będzie działać ?

[kominekl]

Bo pamiętam, że kiedyś wyłączyłem hamachi i potem gdy chciałem go użyć, wyskoczył komunikat z błędem i program się nie uruchomił. Musiałem w Autoruns ponownie zaznaczyć hamachi, zrestartować komputer i hamachi działało

Yhym. Jeśli je usuniesz przestanie działać. Z tym, że wedle loga, który podałeś poprzednio wynika, że Hamachi już wyłączyłeś sobie, wiec należy go usunąć.