Proszę o sprawdzenie OTL - Windows 7 64 bit.

Post01 lip 2013, 13:54

Witam.
Od dłuższego czasu mam problem, mianowicie system się zawiesza, po kilku sekundach wraca.
Przeglądarka też się blokuje, ekran od czasu do czasu mruga i lubią się pojawiać Blue Screeny.
Dziękuję za pomoc ponieważ dla mnie jest to czarna magia.

Dostępne tylko dla zarejestrowanych użytkowników

Dostępne tylko dla zarejestrowanych użytkowników

Post01 lip 2013, 21:38

"MozillaMaintenanceService" = Mozilla Maintenance Service
"Odkurzacz 13.2_is1" = Odkurzacz
"Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"Acer Registration" = Acer Registration
"{040FF9BD-17BE-427B-85DD-67694FB8F786}" = Badoo Desktop
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies

Odinstaluj.

EKRAN OD CZASU DO CZASU MRUGA I LUBIA SIE POJAWIAC BLUSKREENY

Podaj odczyt minidump.

Logi.

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes,DefaultScope = {48FABA77-4CE8-4E07-8AB9-B43EB497EB89}
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&affID=119535&tt=180413_new&babsrc=SP_ss&mntrId=68FA00ADE1AC1C1A
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{48FABA77-4CE8-4E07-8AB9-B43EB497EB89}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&cc=&r=427
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_plPL456PL446
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{A7658C71-7E3A-4B4E-9C03-615FB87FC8DF}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=DF12B411-134C-4552-9CF4-517E142B4110&apn_sauid=8BABBF5B-FDF3-4792-A6BE-C8243EB3368C
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
[2013/05/05 22:00:04 | 000,190,213 | ---- | M] () (No name found) -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\Extensions\jid1-u9RbFp9JcoEGGw@jetpack.xpi
[2012/09/23 14:25:37 | 000,002,349 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\bProtect.xml
[2013/01/11 22:56:30 | 000,002,669 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\BrowserProtect.xml
[2013/04/20 11:23:11 | 000,001,294 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\delta.xml
[2013/06/26 15:44:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/26 15:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2013/06/26 15:44:11 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2013/04/20 11:22:38 | 000,006,510 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: No name found = C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3\
CHR - Extension: No name found = C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0\
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O15 - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..Trusted Domains: mks.com.pl ([www] http in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} Dostępne tylko dla zarejestrowanych użytkowników (Checkers Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} Dostępne tylko dla zarejestrowanych użytkowników (MksSkanerOnline Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} Dostępne tylko dla zarejestrowanych użytkowników (MessengerStatsClient Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
[2012/02/24 17:31:05 | 002,371,152 | ---- | C] (DownVision ) -- C:\Users\Jolanta\AppData\Local\setup.exe
[2012/05/30 17:47:13 | 000,000,170 | ---- | C] () -- C:\ProgramData\167b21fcfc61a22d78de3a4aadfca2d37b3a0117
[2012/05/30 17:47:04 | 000,225,203 | ---- | C] () -- C:\ProgramData\Po.exe
[2012/02/24 17:57:57 | 000,174,532 | ---- | C] () -- C:\Windows\hpoins45.dat.temp
[2012/02/24 17:57:57 | 000,000,450 | ---- | C] () -- C:\Windows\hpomdl45.dat.temp
[2010/07/14 12:20:19 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2013/06/30 14:52:34 | 000,000,000 | ---- | C] () -- C:\.ini
[2011/12/28 20:37:05 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\.minecraft
[2013/01/07 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\APP_NAME_NON_STRING
[2012/09/23 14:25:29 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\Babylon
[2012/03/28 15:54:57 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\DAEMON Tools Lite
[2012/07/26 20:53:49 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\GanymedeNet
[2011/11/21 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\ObviousIdea
[2011/10/27 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\OpenFM
[2011/08/26 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\OpenOffice.org
[2011/08/31 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\SoftGrid Client
[2012/11/10 17:10:23 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\TomTom
[2011/08/26 10:37:58 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\TP
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B755D674

:Services
gupdate
gupdatem

:Files
C:\Program Files (x86)\Google\Update
C:\Windows\tasks\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z Dostępne tylko dla zarejestrowanych użytkowników (z opcji Delete) + log z TDSSKiller + nowe logi z OTL.

Post02 lip 2013, 14:12

Witam,
przesyłam ponownie
Dostępne tylko dla zarejestrowanych użytkowników
udało mi sie tylko zrobić pierwsza czesci ostatnia mini dump jednak pokazuje ciagle błąd i żąda jais praw dostępu.

Post03 lip 2013, 14:12

udało mi sie tylko zrobić pierwsza czesci ostatnia mini dump jednak pokazuje ciagle błąd i żąda jais praw dostępu.

Musisz być zalogowana, jako Administrator/bądź uruchomić program z prawokliku Uruchom, jako Administrator.

Logi.

A gdzie log z usuwania? Gdzie log z ADWCleaner? Gdzie TDSSKiller?

Post15 lip 2013, 14:39

Dostępne tylko dla zarejestrowanych użytkowników

Dostępne tylko dla zarejestrowanych użytkowników

Dostępne tylko dla zarejestrowanych użytkowników

Post15 lip 2013, 14:56

Wykonywanie Skryptu.

Pominąłeś początkowe :OTL w skrypcie. Nie wolno tego robić. Ponów wykonywanie skryptu. tym razem podaj log z usuwania. Następnie ponownie użyj ADWCleaner`a z opcji Delete. Z kolejnego skanu również podaj log. Po tych działaniach podaj nowe logi z OTL.

Post16 lip 2013, 16:02

otl ze skryptu
Dostępne tylko dla zarejestrowanych użytkowników

-- 16 lip 2013, 15:30 --

adwCleaner z opcji usuń
Dostępne tylko dla zarejestrowanych użytkowników

-- 16 lip 2013, 15:42 --

tdskiller
Dostępne tylko dla zarejestrowanych użytkowników

-- 16 lip 2013, 16:02 --

otl z opcji skanuj
Dostępne tylko dla zarejestrowanych użytkowników

Post16 lip 2013, 21:25

Wykonywanie Skryptu.

Znów jest on źle wykonany. Ty wykonujesz taki skrypt:

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników ... ADE1AC1C1A
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes,DefaultScope = {48FABA77-4CE8-4E07-8AB9-B43EB497EB89}
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&affID=119535&tt=180413_new&babsrc=SP_ss&mntrId=68FA00ADE1AC1C1A
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{48FABA77-4CE8-4E07-8AB9-B43EB497EB89}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&cc=&r=427
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_plPL456PL446
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{A7658C71-7E3A-4B4E-9C03-615FB87FC8DF}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=DF12B411-134C-4552-9CF4-517E142B4110&apn_sauid=8BABBF5B-FDF3-4792-A6BE-C8243EB3368C
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
[2013/05/05 22:00:04 | 000,190,213 | ---- | M] () (No name found) -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\Extensions\jid1-u9RbFp9JcoEGGw@jetpack.xpi
[2012/09/23 14:25:37 | 000,002,349 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\bProtect.xml
[2013/01/11 22:56:30 | 000,002,669 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\BrowserProtect.xml
[2013/04/20 11:23:11 | 000,001,294 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\delta.xml
[2013/06/26 15:44:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/26 15:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2013/06/26 15:44:11 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2013/04/20 11:22:38 | 000,006,510 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: No name found = C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3\
CHR - Extension: No name found = C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0\
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O15 - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..Trusted Domains: mks.com.pl ([www] http in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} Dostępne tylko dla zarejestrowanych użytkowników ... b56986.cab (Checkers Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} Dostępne tylko dla zarejestrowanych użytkowników (MksSkanerOnline Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} Dostępne tylko dla zarejestrowanych użytkowników ... b56907.cab (MessengerStatsClient Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
[2012/02/24 17:31:05 | 002,371,152 | ---- | C] (DownVision ) -- C:\Users\Jolanta\AppData\Local\setup.exe
[2012/05/30 17:47:13 | 000,000,170 | ---- | C] () -- C:\ProgramData\167b21fcfc61a22d78de3a4aadfca2d37b3a0117
[2012/05/30 17:47:04 | 000,225,203 | ---- | C] () -- C:\ProgramData\Po.exe
[2012/02/24 17:57:57 | 000,174,532 | ---- | C] () -- C:\Windows\hpoins45.dat.temp
[2012/02/24 17:57:57 | 000,000,450 | ---- | C] () -- C:\Windows\hpomdl45.dat.temp
[2010/07/14 12:20:19 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2013/06/30 14:52:34 | 000,000,000 | ---- | C] () -- C:\.ini
[2011/12/28 20:37:05 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\.minecraft
[2013/01/07 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\APP_NAME_NON_STRING
[2012/09/23 14:25:29 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\Babylon
[2012/03/28 15:54:57 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\DAEMON Tools Lite
[2012/07/26 20:53:49 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\GanymedeNet
[2011/11/21 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\ObviousIdea
[2011/10/27 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\OpenFM
[2011/08/26 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\OpenOffice.org
[2011/08/31 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\SoftGrid Client
[2012/11/10 17:10:23 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\TomTom
[2011/08/26 10:37:58 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\TP
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B755D674

:Services
gupdate
gupdatem

:Files
C:\Program Files (x86)\Google\Update
C:\Windows\tasks\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

:Commands
[clearallrestorepoints]
[emptytemp]

A powinieneś wykonać taki:

:OTL

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników ... ADE1AC1C1A
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes,DefaultScope = {48FABA77-4CE8-4E07-8AB9-B43EB497EB89}
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&affID=119535&tt=180413_new&babsrc=SP_ss&mntrId=68FA00ADE1AC1C1A
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{48FABA77-4CE8-4E07-8AB9-B43EB497EB89}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&cc=&r=427
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_plPL456PL446
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes\{A7658C71-7E3A-4B4E-9C03-615FB87FC8DF}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=DF12B411-134C-4552-9CF4-517E142B4110&apn_sauid=8BABBF5B-FDF3-4792-A6BE-C8243EB3368C
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
[2013/05/05 22:00:04 | 000,190,213 | ---- | M] () (No name found) -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\Extensions\jid1-u9RbFp9JcoEGGw@jetpack.xpi
[2012/09/23 14:25:37 | 000,002,349 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\bProtect.xml
[2013/01/11 22:56:30 | 000,002,669 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\BrowserProtect.xml
[2013/04/20 11:23:11 | 000,001,294 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\delta.xml
[2013/06/26 15:44:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/26 15:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2013/06/26 15:44:11 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2013/04/20 11:22:38 | 000,006,510 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: No name found = C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3\
CHR - Extension: No name found = C:\Users\Jolanta\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0\
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O15 - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..Trusted Domains: mks.com.pl ([www] http in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} Dostępne tylko dla zarejestrowanych użytkowników ... b56986.cab (Checkers Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} Dostępne tylko dla zarejestrowanych użytkowników (MksSkanerOnline Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} Dostępne tylko dla zarejestrowanych użytkowników ... b56907.cab (MessengerStatsClient Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
[2012/02/24 17:31:05 | 002,371,152 | ---- | C] (DownVision ) -- C:\Users\Jolanta\AppData\Local\setup.exe
[2012/05/30 17:47:13 | 000,000,170 | ---- | C] () -- C:\ProgramData\167b21fcfc61a22d78de3a4aadfca2d37b3a0117
[2012/05/30 17:47:04 | 000,225,203 | ---- | C] () -- C:\ProgramData\Po.exe
[2012/02/24 17:57:57 | 000,174,532 | ---- | C] () -- C:\Windows\hpoins45.dat.temp
[2012/02/24 17:57:57 | 000,000,450 | ---- | C] () -- C:\Windows\hpomdl45.dat.temp
[2010/07/14 12:20:19 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2013/06/30 14:52:34 | 000,000,000 | ---- | C] () -- C:\.ini
[2011/12/28 20:37:05 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\.minecraft
[2013/01/07 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\APP_NAME_NON_STRING
[2012/09/23 14:25:29 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\Babylon
[2012/03/28 15:54:57 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\DAEMON Tools Lite
[2012/07/26 20:53:49 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\GanymedeNet
[2011/11/21 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\ObviousIdea
[2011/10/27 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\OpenFM
[2011/08/26 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\OpenOffice.org
[2011/08/31 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\SoftGrid Client
[2012/11/10 17:10:23 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\TomTom
[2011/08/26 10:37:58 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\TP
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B755D674

:Services
gupdate
gupdatem

:Files
C:\Program Files (x86)\Google\Update
C:\Windows\tasks\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

:Commands
[clearallrestorepoints]
[emptytemp]

Popraw. W ADWCleaner naciśnij przycisk Odinstaluj. Czekam na log z usuwania (tym razem poprawnie wykonaj skrypt). Po poprawnie wykonanym zadaniu podaj nowe logi z OTL.

Post17 lip 2013, 12:00

skrypt jednak nie wiem czy bedzie poprawny bo zanim go wykonałam przy jego robieniu z 5 razy musiałam wszystko restartowac bo sie zawieszało w chole..
Dostępne tylko dla zarejestrowanych użytkowników

-- 17 lip 2013, 12:00 --

Dostępne tylko dla zarejestrowanych użytkowników

skan z otl

Post18 lip 2013, 11:22

skrypt jednak nie wiem czy bedzie poprawny bo zanim go wykonałam przy jego robieniu z 5 razy musiałam wszystko restartowac bo sie zawieszało w chole..

Skrypt źle wykonany, ale nie ze względu na restarty, lecz na to, że źle wkleiłaś skrypt. Pominęłaś początkowe :OTL, czego robić nie można. Popraw. Po raz kolejny robisz ten sam błąd.

Post18 lip 2013, 12:30

dziękuję za dobre chęci ale to jednak nie jest na moją głowę. odpuszczam to.
Dziękuje i pozdrawiam

Post18 lip 2013, 12:34

jolanta981 pisze:dziękuję za dobre chęci ale to jednak nie jest na moją głowę. odpuszczam to.
Dziękuje i pozdrawiam

Dasz radę!

Tu nie ma nic takiego. Po prostu pomijasz nie potrzebnie początek skryptu :OTL

.

Post18 lip 2013, 13:35

Dostępne tylko dla zarejestrowanych użytkowników

-- 18 lip 2013, 13:31 --

otl

Dostępne tylko dla zarejestrowanych użytkowników

-- 18 lip 2013, 13:32 --

OTL logfile created on: 7/18/2013 1:07:58 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jolanta\Desktop\nowe mp3
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1.75 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 32.28% Memory free
3.49 Gb Paging File | 1.87 Gb Available in Paging File | 53.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.99 Gb Total Space | 68.30 Gb Free Space | 24.05% Space Free | Partition Type: NTFS

Computer Name: SOCKO | User Name: Jolanta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/15 14:06:50 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/07/01 12:14:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jolanta\Desktop\nowe mp3\OTL.exe
PRC - [2013/06/18 16:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/23 21:15:12 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/11/22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2011/08/18 16:47:48 | 000,819,976 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
PRC - [2011/06/16 12:30:30 | 000,153,456 | R--- | M] (M-Budget) -- C:\Program Files (x86)\M-Budget\M-Budget Data Manager\DashBoardS.exe
PRC - [2011/05/16 15:14:02 | 001,482,240 | ---- | M] (Swisscom) -- C:\Program Files (x86)\M-Budget\Sesam\BIN\SecMIPService.exe
PRC - [2010/06/29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/06/22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/10/14 16:44:38 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/15 14:06:48 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/06/18 16:21:30 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/11 23:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/04/21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 03:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/14 03:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2013/07/16 13:28:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2011/08/18 16:47:48 | 000,819,976 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2011/06/16 12:30:30 | 000,153,456 | R--- | M] (M-Budget) [Auto | Running] -- C:\Program Files (x86)\M-Budget\M-Budget Data Manager\DashBoardS.exe -- (MDM Service)
SRV - [2011/05/16 15:14:02 | 001,482,240 | ---- | M] (Swisscom) [Auto | Running] -- C:\Program Files (x86)\M-Budget\Sesam\BIN\SecMIPService.exe -- (SesamService)
SRV - [2010/09/22 15:54:22 | 000,307,568 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/07/14 12:34:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 16:44:38 | 000,090,112 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009/07/14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 21:58:12 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/27 21:58:12 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 21:58:12 | 000,189,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/28 12:25:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/23 22:29:22 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011/05/23 22:29:22 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/05/23 22:29:22 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/05/23 22:29:20 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/04/11 15:53:24 | 000,409,456 | ---- | M] (Swisscom) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wtsmpflt.sys -- (WtSmpFlt)
DRV:64bit: - [2011/04/11 15:53:22 | 000,056,688 | ---- | M] (Swisscom) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wtsmpadap.sys -- (WtSmpAdap)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/07/01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/06/17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/14 23:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/05/11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/04/12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/01/27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 11:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/08/04 10:04:26 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/08/04 10:04:26 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV:64bit: - [2009/08/04 10:04:26 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/08/04 10:04:26 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3075642708-1830368306-4127234762-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jolanta\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/09 15:09:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files (x86)\M-Budget\M-Budget Data Manager\FireFox_Remote\ [2012/07/06 20:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/29 09:57:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/23 21:16:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/07 14:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/23 21:16:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 15:44:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/26 15:44:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/09 15:09:04 | 000,000,000 | ---D | M]

[2012/11/10 17:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jolanta\AppData\Roaming\mozilla\Extensions
[2012/11/10 17:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jolanta\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013/07/18 12:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jolanta\AppData\Roaming\mozilla\Firefox\Profiles\5sgdlwc6.default-1356448488892\Extensions
[2013/07/12 14:23:21 | 000,008,079 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\Firefox.xml
[2013/07/15 13:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/26 15:44:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/02 11:49:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/30 18:06:34 | 000,120,984 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll
[2012/12/23 21:15:34 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - homepage: chrome://newtab/

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MDM] C:\Program Files (x86)\M-Budget\M-Budget Data Manager\LscaGui.exe (M-Budget)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.128.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DC70F94-588F-4FBA-9743-E9DEFFA26EAC}: DhcpNameServer = 10.128.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0512effa-cf4f-11e0-9894-4c0f6e5fdd2d}\Shell - "" = AutoRun
O33 - MountPoints2\{0512effa-cf4f-11e0-9894-4c0f6e5fdd2d}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe
O33 - MountPoints2\{101415a3-ace7-11e1-8a67-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{101415a3-ace7-11e1-8a67-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{1cb549bf-cdc1-11e0-8e06-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1cb549bf-cdc1-11e0-8e06-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe
O33 - MountPoints2\{2e78123a-ace3-11e1-a5d3-1c750800da39}\Shell - "" = AutoRun
O33 - MountPoints2\{2e78123a-ace3-11e1-a5d3-1c750800da39}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{cb9dd8c0-cf5f-11e0-870b-1c750800da39}\Shell - "" = AutoRun
O33 - MountPoints2\{cb9dd8c0-cf5f-11e0-870b-1c750800da39}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe
O33 - MountPoints2\{fbbab18c-c79b-11e1-a5f0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fbbab18c-c79b-11e1-a5f0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe TMM70
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/16 13:40:59 | 000,000,000 | ---D | C] -- C:\Users\Jolanta\Desktop\reju
[2013/07/15 14:08:10 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\44686763.sys
[2013/07/14 10:15:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/12 19:42:40 | 000,000,000 | ---D | C] -- C:\Users\Jolanta\Desktop\motury
[2013/07/12 14:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Image Recovery
[2013/07/12 14:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Image Recovery
[2013/07/12 14:24:56 | 000,000,000 | ---D | C] -- C:\Users\Jolanta\Desktop\dir(dobreprogramy.pl)
[2013/07/12 13:31:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/12 13:31:26 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/12 13:31:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/12 13:31:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/12 13:31:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/12 13:31:22 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/12 13:31:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/12 13:31:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/12 13:31:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/12 13:31:21 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/12 13:31:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/12 13:31:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/12 13:31:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/12 13:31:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/12 13:31:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/11 22:33:12 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/11 22:33:11 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/11 22:33:08 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/11 22:33:06 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/11 22:09:10 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/02 13:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2013/07/02 13:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2013/07/02 11:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/07/01 22:11:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/27 16:22:57 | 000,000,000 | ---D | C] -- C:\Users\Jolanta\Desktop\bluzki
[2013/06/26 15:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/21 10:57:19 | 000,000,000 | ---D | C] -- C:\Users\Jolanta\Desktop\biuro
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/18 13:09:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 13:09:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 13:01:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 13:00:57 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 10:49:43 | 000,749,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 10:49:43 | 000,625,386 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 10:49:43 | 000,112,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 10:49:43 | 000,017,198 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013/07/18 10:49:43 | 000,006,986 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013/07/17 19:23:21 | 000,128,168 | ---- | M] () -- C:\Users\Jolanta\Desktop\oliwier.jpg
[2013/07/16 13:28:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/16 13:28:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/15 14:08:10 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\44686763.sys
[2013/07/12 14:56:04 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/12 14:25:50 | 000,000,950 | ---- | M] () -- C:\Users\Jolanta\Desktop\Digital Image Recovery.lnk
[2013/07/12 14:21:52 | 000,592,335 | ---- | M] () -- C:\Users\Jolanta\Desktop\dir(dobreprogramy.pl).zip
[2013/07/12 14:02:45 | 000,447,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 15:10:47 | 000,063,870 | ---- | M] () -- C:\Users\Jolanta\Desktop\pko_trans_details_130708_193549.pdf
[2013/07/03 14:50:31 | 000,034,185 | ---- | M] () -- C:\Users\Jolanta\Desktop\859008_300.jpg
[2013/07/02 11:50:25 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/27 21:58:12 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 21:58:12 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 21:58:12 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 21:58:12 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 21:58:12 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 21:58:12 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/24 16:06:54 | 000,035,937 | ---- | M] () -- C:\Users\Jolanta\Desktop\2954004912.jpg
[2013/06/24 10:52:30 | 000,183,336 | ---- | M] () -- C:\Users\Jolanta\Desktop\fv golf lb.pdf
[2013/06/23 22:03:53 | 000,237,471 | ---- | M] () -- C:\Users\Jolanta\Desktop\Jolanta Soćko lm.pdf
[2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/17 19:23:07 | 000,128,168 | ---- | C] () -- C:\Users\Jolanta\Desktop\oliwier.jpg
[2013/07/12 14:25:50 | 000,000,950 | ---- | C] () -- C:\Users\Jolanta\Desktop\Digital Image Recovery.lnk
[2013/07/12 14:22:53 | 000,592,335 | ---- | C] () -- C:\Users\Jolanta\Desktop\dir(dobreprogramy.pl).zip
[2013/07/11 15:10:58 | 000,063,870 | ---- | C] () -- C:\Users\Jolanta\Desktop\pko_trans_details_130708_193549.pdf
[2013/07/03 14:50:26 | 000,034,185 | ---- | C] () -- C:\Users\Jolanta\Desktop\859008_300.jpg
[2013/07/02 11:50:25 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/02 11:50:24 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/06/27 21:58:13 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/26 21:58:15 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/26 21:58:14 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/24 16:06:51 | 000,035,937 | ---- | C] () -- C:\Users\Jolanta\Desktop\2954004912.jpg
[2013/06/24 10:52:23 | 000,183,336 | ---- | C] () -- C:\Users\Jolanta\Desktop\fv golf lb.pdf
[2013/06/23 22:03:52 | 000,237,471 | ---- | C] () -- C:\Users\Jolanta\Desktop\Jolanta Soćko lm.pdf
[2012/09/23 14:27:01 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/01 23:00:46 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/03/30 15:31:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/03/01 17:52:17 | 000,174,744 | ---- | C] () -- C:\Windows\hpoins45.dat
[2012/01/16 20:36:34 | 000,007,597 | ---- | C] () -- C:\Users\Jolanta\AppData\Local\Resmon.ResmonCfg
[2011/12/01 22:30:37 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/11/21 15:20:57 | 000,000,064 | ---- | C] () -- C:\Users\Jolanta\AppData\Local\Images.fl
[2011/11/04 20:15:42 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/04 20:15:42 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011/09/02 14:56:06 | 000,004,608 | ---- | C] () -- C:\Users\Jolanta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 14:18:02 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/26 10:36:08 | 001,585,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/11/29 22:47:05 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/07 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\APP_NAME_NON_STRING
[2012/10/26 10:59:01 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\Gadu-Gadu 10
[2013/06/23 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\ipla
[2013/01/07 14:13:21 | 000,000,000 | ---D | M] -- C:\Users\Jolanta\AppData\Roaming\PDF Architect

========== Purity Check ==========

< End of report >

-- 18 lip 2013, 13:35 --

wkleiłam tutaj poniewaz jak wklejam w klej.eu to własnie dlatego ucina

Post18 lip 2013, 22:28

wkleiłam tutaj poniewaz jak wklejam w klej.eu to własnie dlatego ucina

Log z Wklej.eu jest w porządku. Skrypt również tym razem dobrze wykonano

.

Logi.

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files (x86)\M-Budget\M-Budget Data Manager\FireFox_Remote\ [2012/07/06 20:46:57 | 000,000,000 | ---D | M]
[2013/07/12 14:23:21 | 000,008,079 | ---- | M] () -- C:\Users\Jolanta\AppData\Roaming\mozilla\firefox\profiles\5sgdlwc6.default-1356448488892\searchplugins\Firefox.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z Autoruns.

Post24 lip 2013, 19:48

Dostępne tylko dla zarejestrowanych użytkowników

-- 24 lip 2013, 19:48 --

Dostępne tylko dla zarejestrowanych użytkowników