poproszę o analizę logów z otl (skróty zaniast folderów)

Post24 lis 2013, 23:14

otl.txt
OTL logfile created on: 2013-11-24 22:40:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,89 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 56,89% Memory free
7,77 Gb Paging File | 5,89 Gb Available in Paging File | 75,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 22,36 Gb Total Space | 4,44 Gb Free Space | 19,86% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 190,14 Gb Free Space | 97,40% Space Free | Partition Type: NTFS
Drive E: | 270,45 Gb Total Space | 241,56 Gb Free Space | 89,32% Space Free | Partition Type: NTFS
Drive G: | 7,47 Gb Total Space | 3,81 Gb Free Space | 51,03% Space Free | Partition Type: NTFS
Drive H: | 33,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ADMIN-KOMPUTER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-11-24 22:36:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
PRC - [2013-10-04 08:32:44 | 000,065,312 | ---- | M] (BrowseFox) -- C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe
PRC - [2013-10-04 08:32:26 | 000,065,312 | ---- | M] (BrowseFox) -- C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe
PRC - [2013-08-14 18:05:48 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe
PRC - [2013-08-14 18:05:45 | 000,246,112 | ---- | M] () -- C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe
PRC - [2013-08-14 14:50:22 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013-04-04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-08-25 02:59:03 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-08-03 15:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012-07-23 17:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2012-07-17 15:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012-07-06 10:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012-05-15 14:17:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012-05-15 14:17:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-05-10 14:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012-05-02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012-05-01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-05-01 23:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-02-20 04:31:06 | 000,019,968 | ---- | M] () -- C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
PRC - [2012-02-20 04:31:06 | 000,019,456 | ---- | M] () -- C:\Windows\SysWOW64\DptfPolicyCriticalService.exe
PRC - [2012-02-20 04:31:06 | 000,018,944 | ---- | M] () -- C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
PRC - [2012-02-20 04:31:06 | 000,013,824 | ---- | M] () -- C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
PRC - [2011-11-21 13:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009-06-19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-19 09:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008-12-22 16:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

========== Modules (No Company Name) ==========

MOD - [2013-08-22 11:02:09 | 000,187,888 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll
MOD - [2013-08-14 18:05:48 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe
MOD - [2013-08-14 18:05:45 | 009,515,520 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\QtGui4.dll
MOD - [2013-08-14 18:05:45 | 002,415,104 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\QtCore4.dll
MOD - [2013-08-14 18:05:45 | 001,148,416 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\QtNetwork4.dll
MOD - [2013-08-14 18:05:45 | 001,101,824 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\NDISAPI.dll
MOD - [2013-08-14 18:05:45 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\AddrBookPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,808,960 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\SMSUIPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,739,328 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\AddrBookUIPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,670,720 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\SmsAppPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,550,400 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\CallAppPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,547,840 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\CallLogSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,545,280 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\PluginContainer.dll
MOD - [2013-08-14 18:05:45 | 000,495,104 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\DeviceMgrUIPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,483,328 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\NetInfoUIExPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,428,032 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\core.dll
MOD - [2013-08-14 18:05:45 | 000,427,008 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\DialupUIPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,384,512 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\USSDUIPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,381,952 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Proxy.DLL
MOD - [2013-08-14 18:05:45 | 000,370,176 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\plugins\imageformats\qtiff4.dll
MOD - [2013-08-14 18:05:45 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\plugins\imageformats\qmng4.dll
MOD - [2013-08-14 18:05:45 | 000,338,432 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\DeviceAppPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,334,848 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\MainpagePlugin.dll
MOD - [2013-08-14 18:05:45 | 000,333,312 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\NetConnectPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,310,272 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\StatusBarMgrPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,301,056 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\DeviceSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\NetInfoSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,269,824 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\LiveUpdateInterface.DLL
MOD - [2013-08-14 18:05:45 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\AddrBookSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\sdk.dll
MOD - [2013-08-14 18:05:45 | 000,249,344 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\MenuMgrPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,240,128 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\ToolBarMgrPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\AtCodec.dll
MOD - [2013-08-14 18:05:45 | 000,235,008 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\NetSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Common.dll
MOD - [2013-08-14 18:05:45 | 000,217,600 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\SmsSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,211,968 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\DialUpPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\plugins\imageformats\qjpeg4.dll
MOD - [2013-08-14 18:05:45 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\XFramePlugin.dll
MOD - [2013-08-14 18:05:45 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\NDISPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\CallSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\XCodec.dll
MOD - [2013-08-14 18:05:45 | 000,158,720 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\NetConnectSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\DataServicePlugin.dll
MOD - [2013-08-14 18:05:45 | 000,156,672 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\STKSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\USSDSrvPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Trace.dll
MOD - [2013-08-14 18:05:45 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\OSDialup.dll
MOD - [2013-08-14 18:05:45 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\OSNDIS.dll
MOD - [2013-08-14 18:05:45 | 000,123,392 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\ATR2SMgr.dll
MOD - [2013-08-14 18:05:45 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\LayoutPlugin.dll
MOD - [2013-08-14 18:05:45 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\Win7Support.dll
MOD - [2013-08-14 18:05:45 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\OSAdapt.dll
MOD - [2013-08-14 18:05:45 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\NotifyServicePlugin.dll
MOD - [2013-08-14 18:05:45 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\plugins\imageformats\qgif4.dll
MOD - [2013-08-14 18:05:45 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\plugins\imageformats\qico4.dll
MOD - [2013-08-14 18:05:45 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\OSPowerMgr.dll
MOD - [2013-08-14 18:05:45 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\OSCall.dll
MOD - [2013-08-14 18:05:45 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\libgcc_s_dw2-1.dll
MOD - [2013-08-14 18:05:45 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\PLAY ONLINE\mingwm10.dll
MOD - [2013-08-14 14:50:22 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2012-08-25 02:59:17 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-02-20 04:31:06 | 000,013,824 | ---- | M] () -- C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012-04-20 13:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-10-04 08:32:44 | 000,065,312 | ---- | M] (BrowseFox) [Auto | Running] -- C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe -- (Util BrowseFox)
SRV - [2013-10-04 08:32:26 | 000,065,312 | ---- | M] (BrowseFox) [Auto | Running] -- C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe -- (Update BrowseFox)
SRV - [2013-08-14 18:05:45 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe -- (PLAY ONLINE. RunOuc)
SRV - [2013-08-13 15:41:17 | 002,838,480 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013-04-04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-08-31 03:35:20 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-08-25 02:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-07-23 17:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2012-05-15 14:17:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-05-15 14:17:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-05-10 14:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012-05-02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-05-01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012-02-20 04:31:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV - [2012-02-20 04:31:06 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV - [2012-02-20 04:31:06 | 000,019,456 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService)
SRV - [2012-02-20 04:31:06 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV - [2011-11-21 13:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007-08-24 05:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Office 2007\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-09-21 23:02:34 | 000,310,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013-09-21 22:48:20 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013-08-26 18:58:21 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013-08-14 18:05:45 | 000,229,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2013-08-14 18:05:45 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2013-08-14 18:05:45 | 000,104,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2013-08-14 18:05:45 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2013-08-14 18:05:45 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2013-08-14 18:05:45 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2013-04-04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-08-31 03:35:08 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-08-27 04:11:04 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-05-09 03:55:24 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012-05-02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012-04-27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012-04-24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012-04-03 14:58:22 | 000,707,688 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012-03-26 18:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012-03-26 18:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012-02-20 04:31:06 | 000,357,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012-02-20 04:31:06 | 000,220,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012-02-20 04:31:06 | 000,107,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012-02-20 04:31:06 | 000,096,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012-02-20 04:31:06 | 000,064,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012-02-20 04:31:06 | 000,042,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012-02-01 10:06:18 | 000,292,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2011-11-10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011-09-07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3785761328-3887536727-931197136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3785761328-3887536727-931197136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3785761328-3887536727-931197136-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3785761328-3887536727-931197136-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3785761328-3887536727-931197136-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3785761328-3887536727-931197136-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=46B66036DD973B92&affID=123895&tsp=4986
IE - HKU\S-1-5-21-3785761328-3887536727-931197136-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKU\S-1-5-21-3785761328-3887536727-931197136-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.pl/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledAddons: {ec2bae47-25af-4ce9-9e78-10627a49c9ea}:1.5.0.0
FF - prefs.js..extensions.enabledAddons: {8f5010e2-9577-4aed-ad42-f2098ea15def}:1.133
FF - prefs.js..extensions.enabledAddons: firefox@browsefox.com:1.0.0
FF - prefs.js..extensions.enabledAddons: {669E7F40-B964-7100-9E2C-16C6DAA58A01}:5.0.0.9396

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-08-13 16:44:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8f5010e2-9577-4aed-ad42-f2098ea15def}: C:\Program Files (x86)\LyricsPal\133.xpi [2013-09-11 21:59:09 | 000,005,847 | ---- | M] ()

[2013-08-13 16:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013-11-24 22:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\iqxs298s.default\extensions
[2013-09-25 13:09:27 | 000,000,000 | ---D | M] (New tab) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\iqxs298s.default\extensions\{669E7F40-B964-7100-9E2C-16C6DAA58A01}
[2013-08-31 22:43:58 | 000,000,000 | ---D | M] (Movies Toolbar (Dist. by Bandoo Media, Inc.)) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\iqxs298s.default\extensions\{ec2bae47-25af-4ce9-9e78-10627a49c9ea}
[2013-08-26 18:59:15 | 000,000,000 | ---D | M] (Lyrics-Pal) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\iqxs298s.default\extensions\130
[2013-08-18 16:45:21 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\iqxs298s.default\extensions\ffxtlbr@delta.com
[2013-11-24 22:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\iqxs298s.default\extensions\staged
[2013-08-30 02:57:08 | 000,007,979 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\iqxs298s.default\extensions\firefox@browsefox.com.xpi
[2013-06-30 09:44:04 | 000,233,016 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\iqxs298s.default\extensions\hdvc3@hdvidcodec.com.xpi
[2013-09-25 13:09:38 | 000,002,662 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\iqxs298s.default\searchplugins\Ask.xml
[2013-08-18 16:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013-08-18 16:50:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2013-09-11 21:59:09 | 000,005,847 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\LYRICSPAL\133.XPI
[2012-08-25 03:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-08-25 04:42:39 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2013-09-25 13:09:38 | 000,002,662 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml
[2012-08-25 04:42:39 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-08-25 04:42:39 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-08-25 04:42:39 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-08-25 04:42:39 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-08-25 04:42:39 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BrowseFox) - {b9507101-e464-4b3b-a4cb-291aaedd94f2} - C:\Program Files (x86)\BrowseFox\BrowseFoxbho.dll (Browse Fox)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lyrics-Pal) - {ebcafb3f-5032-49f2-bf60-b99beef14b5c} - C:\Program Files (x86)\LyricsPal\133.dll ()
O2 - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [GrooveMonitor] D:\Office 2007\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3785761328-3887536727-931197136-1000..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3785761328-3887536727-931197136-1000..\Run: [NTRedirect] C:\Users\Admin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D04BC78-441A-430F-A97E-B2CC2890EDBA}: NameServer = 89.108.202.21 89.108.195.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EF86592-E782-4352-AA03-70DC25B98B81}: NameServer = 89.108.202.20 89.108.195.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A75EE667-706E-4469-8C33-9B2B556BD40C}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB8F66C0-7FF4-449B-AB42-3A7290AE9B93}: NameServer = 89.108.202.21 89.108.195.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECCD5EA9-6C7B-4DE4-8FC7-E75BE8E3882E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\mgrldr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~3\wincert\win32c~1.dll) - c:\ProgramData\Wincert\win32cert.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk G:\
O32 - AutoRun File - [2011-03-15 08:27:22 | 000,148,320 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-10-11 10:12:34 | 000,000,045 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4f97dd6b-04f8-11e3-8841-60a44c03688f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f97dd6b-04f8-11e3-8841-60a44c03688f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011-03-15 08:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{795601e8-0502-11e3-88e3-60a44c03688f}\Shell - "" = AutoRun
O33 - MountPoints2\{795601e8-0502-11e3-88e3-60a44c03688f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{795601f4-0502-11e3-88e3-60a44c03688f}\Shell - "" = AutoRun
O33 - MountPoints2\{795601f4-0502-11e3-88e3-60a44c03688f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7956022b-0502-11e3-88e3-6036dd973b95}\Shell - "" = AutoRun
O33 - MountPoints2\{7956022b-0502-11e3-88e3-6036dd973b95}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011-03-15 08:27:22 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

========== Files - Modified Within 30 Days ==========

[2013-11-24 22:37:00 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-11-24 22:37:00 | 000,693,886 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-11-24 22:37:00 | 000,613,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-11-24 22:37:00 | 000,133,932 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-11-24 22:37:00 | 000,106,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-11-24 22:30:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-11-24 21:37:37 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Lyrics-Pal Update.job
[2013-11-24 21:34:41 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\HDvid Codec V1-codedownloader.job
[2013-11-24 21:34:33 | 3131,273,216 | -HS- | M] () -- C:\hiberfil.sys
[2013-11-24 21:34:05 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-11-24 21:34:05 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

========== Files Created - No Company Name ==========

[2013-09-28 08:23:01 | 000,000,032 | ---- | C] () -- C:\Windows\MenuCD.INI
[2013-09-24 17:33:16 | 000,000,044 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\WB.CFG
[2013-09-22 17:34:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013-09-21 22:55:20 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2013-08-13 16:54:43 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2013-08-13 16:43:42 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013-08-13 16:29:35 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013-08-13 16:29:35 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013-08-13 16:29:32 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013-08-13 16:18:56 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\DptfInvalidPolicyRemover.exe
[2013-08-13 16:18:56 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyLpmService.exe
[2013-08-13 16:18:56 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyCriticalService.exe
[2013-08-13 16:18:56 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DptfParticipantProcessorService.exe
[2013-08-13 16:18:56 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyLpmServiceHelper.exe
[2013-08-13 16:18:56 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyLpmDll.dll
[2013-08-13 16:18:56 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyConfigTDPDll.dll
[2013-08-13 16:18:56 | 000,004,362 | ---- | C] () -- C:\Windows\SysWow64\DptfInvalidPolicyRemover.ini
[2013-08-13 16:18:55 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyConfigTDPService.exe
[2012-04-20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-08-18 16:45:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BabSolution
[2013-08-18 16:44:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2013-08-26 19:00:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2013-09-22 17:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Funmoods

========== Purity Check ==========

< End of report >

extras.txt
OTL Extras logfile created on: 2013-11-24 22:40:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,89 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 56,89% Memory free
7,77 Gb Paging File | 5,89 Gb Available in Paging File | 75,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 22,36 Gb Total Space | 4,44 Gb Free Space | 19,86% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 190,14 Gb Free Space | 97,40% Space Free | Partition Type: NTFS
Drive E: | 270,45 Gb Total Space | 241,56 Gb Free Space | 89,32% Space Free | Partition Type: NTFS
Drive G: | 7,47 Gb Total Space | 3,81 Gb Free Space | 51,03% Space Free | Partition Type: NTFS
Drive H: | 33,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ADMIN-KOMPUTER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3785761328-3887536727-931197136-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\OFFICE~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\OFFICE~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8082E9E6-32F3-4BFD-8F83-270277A185F4}" = lport=6004 | protocol=17 | dir=in | app=d:\office 2007\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04273E8D-8076-4C00-813C-BE53317A0AF9}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe |
"{5B37397D-E6D1-453D-91AF-BEE2C8376B19}" = protocol=6 | dir=in | app=d:\office 2007\office12\onenote.exe |
"{6A58CBAB-C652-4BB0-B194-29F59FF0403A}" = protocol=17 | dir=in | app=d:\office 2007\office12\groove.exe |
"{7FF5FA00-F37D-4B5E-B344-26D0117A72BA}" = protocol=17 | dir=in | app=d:\office 2007\office12\onenote.exe |
"{B775C6B7-99F8-4308-B3B7-9C664CE013DC}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe |
"{E58F14EB-22E2-4997-B8A3-434DBBD0CFFD}" = protocol=6 | dir=in | app=d:\office 2007\office12\groove.exe |
"TCP Query User{41D1071A-09C5-4CA3-A0A7-19F742CF9622}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{7B14AA7F-7CC8-4EA3-A01B-887C5FE88BA6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{8425C06C-72CA-4126-8F68-1730827B97BF}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{78118BBB-969E-4DCC-A012-18793A19566A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C4EAF484-737D-467B-99C8-50677152DC2A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F4BFEB77-FA18-492C-A6E4-77401AADB775}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"BrowseFox" = BrowseFox 3.0.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3BDD2DA8-99F9-4EC9-9992-128BDAE30537}" = Hitman Kontrakty
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5526d33c-7120-4326-9097-defcbdfa0dbc}" = Lyrics-Pal
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{2D1F88C2-ADAE-47C4-8648-6EA8F7E6EB2D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{94A4609B-0414-4427-81F3-0FD282A2D0D3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{94A4609B-0414-4427-81F3-0FD282A2D0D3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"1ClickDownload" = HDVidCodec
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar
"bi_uninstaller" = Bundled software uninstaller
"DAEMON Tools Lite" = DAEMON Tools Lite
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"funmoods" = Funmoods
"HDvid Codec V1" = HDvid Codec V1
"ilividmoviestoolbardlaFF" = Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.)
"ilividmoviestoolbardlaIE" = Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.5.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Mozilla Firefox 15.0 (x86 pl)" = Mozilla Firefox 15.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PLAY ONLINE" = PLAY ONLINE
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3785761328-3887536727-931197136-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-11-23 16:51:38 | Computer Name = Admin-Komputer | Source = DptfPolicyCriticalService | ID = 131073
Description =

Error - 2013-11-24 16:06:37 | Computer Name = Admin-Komputer | Source = Software Protection Platform Service | ID = 8198
Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9

Error - 2013-11-24 16:06:37 | Computer Name = Admin-Komputer | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000.

Error - 2013-11-24 16:06:38 | Computer Name = Admin-Komputer | Source = DptfPolicyCriticalService | ID = 131073
Description =

Error - 2013-11-24 16:06:38 | Computer Name = Admin-Komputer | Source = DptfPolicyCriticalService | ID = 131073
Description =

Error - 2013-11-24 16:34:40 | Computer Name = Admin-Komputer | Source = Software Protection Platform Service | ID = 8198
Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9

Error - 2013-11-24 16:34:40 | Computer Name = Admin-Komputer | Source = Winlogon | ID = 4103
Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000.

Error - 2013-11-24 16:34:40 | Computer Name = Admin-Komputer | Source = DptfPolicyCriticalService | ID = 131073
Description =

Error - 2013-11-24 16:34:40 | Computer Name = Admin-Komputer | Source = DptfPolicyCriticalService | ID = 131073
Description =

Error - 2013-11-24 16:57:41 | Computer Name = Admin-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\System32\systemcpl.dll".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="*",processorArchitecture="*",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

[ System Events ]
Error - 2013-11-24 16:06:39 | Computer Name = Admin-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi PLAY ONLINE. OUC z powodu następującego
błędu: %%1053

Error - 2013-11-24 16:34:40 | Computer Name = Admin-Komputer | Source = Application Popup | ID = 875
Description = Sterownik atksgt.sys został zablokowany dla ładowania.

Error - 2013-11-24 16:34:40 | Computer Name = Admin-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi atksgt z powodu następującego błędu: %%1275

Error - 2013-11-24 16:34:40 | Computer Name = Admin-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Datamngr Coordinator z powodu następującego
błędu: %%2

Error - 2013-11-24 16:34:41 | Computer Name = Admin-Komputer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
z usługą PLAY ONLINE. OUC.

Error - 2013-11-24 16:34:41 | Computer Name = Admin-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi PLAY ONLINE. OUC z powodu następującego
błędu: %%1053

Error - 2013-11-24 17:32:29 | Computer Name = Admin-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Datamngr Coordinator z powodu następującego
błędu: %%2

Error - 2013-11-24 17:32:30 | Computer Name = Admin-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Datamngr Coordinator z powodu następującego
błędu: %%2

Error - 2013-11-24 17:32:32 | Computer Name = Admin-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Datamngr Coordinator z powodu następującego
błędu: %%2

Error - 2013-11-24 17:32:33 | Computer Name = Admin-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Datamngr Coordinator z powodu następującego
błędu: %%2

< End of report >

Post24 lis 2013, 23:35

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\mgrldr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~3\wincert\win32c~1.dll) - c:\ProgramData\Wincert\win32cert.dll ()
O4 - HKU\S-1-5-21-3785761328-3887536727-931197136-1000..\Run: [NTRedirect] C:\Users\Admin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
O2 - BHO: (Lyrics-Pal) - {ebcafb3f-5032-49f2-bf60-b99beef14b5c} - C:\Program Files (x86)\LyricsPal\133.dll ()
O2 - BHO: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O2 - BHO: (BrowseFox) - {b9507101-e464-4b3b-a4cb-291aaedd94f2} - C:\Program Files (x86)\BrowseFox\BrowseFoxbho.dll (Browse Fox)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)

:Files
C:\ProgramData\Wincert

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

2) Użyj USBFix http://www.hotfix.pl/uzytkowanie-progra ... x-a310.htm
Kliknij w nim na: DELETION.
Daj raport z tego usuwania.

3) Użyj >Dostępne tylko dla zarejestrowanych użytkowników (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner[S1].txt

4) Zrób nowy log z OTL.
Log wklej na Dostępne tylko dla zarejestrowanych użytkowników, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)

F.

Post25 lis 2013, 10:42

mam problem z usbfixem ponieważ tak jakby zawieszał się przy 26 %
na razie zrobiłem tylko raport z Adw-cleaner Dostępne tylko dla zarejestrowanych użytkowników

Post25 lis 2013, 11:56

Spróbuj go użyć w Trybie Awaryjnym (F8 przed startem Systemu)

F.

Post25 lis 2013, 17:34

w trybie awaryjnym się udało o to log z usbfix: Dostępne tylko dla zarejestrowanych użytkowników
i z otl Dostępne tylko dla zarejestrowanych użytkowników

Post25 lis 2013, 19:49

Wg mnie - jest OK.

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8f5010e2-9577-4aed-ad42-f2098ea15def}: C:\Program Files (x86)\LyricsPal\133.xpi
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Dostępne tylko dla zarejestrowanych użytkowników (Java Plug-in 10.25.2)

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.
Raportu już nie dawaj.
Kończymy:
W USBFix kliknij na przycisk UNINSTALL.
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

F.

Post25 lis 2013, 20:04

no problem zniknął więc dziękuje bardzo za pomoc ale mam jeszcze parę pytań:
Jeśli na drugim komputerze mam to samo to wystarczy jeśli przeskanuję go tymi programami czy muszę robić znów to samo czyli najpierw wysłać log z otl na forum, Ty mi podasz skrypt a następnie programy (może jakieś inne będą wymagane)?
I drugie pytanie, muszę odinstalowywać te programy nie mogę ich przechowywać na dysku?

Post25 lis 2013, 20:24

Pytanie nr 1: może wystarczy użycie USBFix z opcji DELETION.

Pytanie nr 2: USBFix jest stale modernizowany, więc chyba lepiej ściągać nowsze wersje?

Natomiast OTL nie jest już modernizowany, ale trzeba usunąć Kwarantannę, a ta da się usunąć tylko razem z OTL.

Adw-Cleaner też jest stale modernizowany, jeśli zechcesz za kilka tygodni uruchomić ten, który masz, to on sam zniknie.
Ale musisz używać Adw-Cleaner po każdym zainstalowaniu jakiegoś darmowego programu z sieci.

F.

Post25 lis 2013, 21:12

Ok przeskanowałem obydwoma programami i póki co jest dobrze (zobaczymy na jak długo). Jeszcze raz dzięki za pomoc.