Cyberprzestępczość

[Mikou@j]

Witam, mam problem z zablokowanym kompem. Proszę o pomoc. Log z OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2012-11-22 19:08:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\DAWID\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,28% Memory free
7,99 Gb Paging File | 6,92 Gb Available in Paging File | 86,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 201,99 Gb Total Space | 107,89 Gb Free Space | 53,41% Space Free | Partition Type: NTFS
Drive D: | 263,67 Gb Total Space | 62,41 Gb Free Space | 23,67% Space Free | Partition Type: NTFS
Drive E: | 7,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 100,00 Mb Total Space | 69,93 Mb Free Space | 69,93% Space Free | Partition Type: NTFS

Computer Name: DAWID-KOMPUTER | User Name: DAWID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2012-11-18 18:06:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\DAWID\Desktop\OTL.exe
PRC - [2012-11-16 18:05:51 | 000,044,544 | ---- | M] (Microsoft Corporation) -- D:\ProgramData\lsass.exe
PRC - [2012-03-07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012-01-19 18:08:34 | 003,477,312 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012-01-12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012-01-12 14:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012-01-12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- D:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010-12-01 15:18:24 | 000,086,016 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuAction.exe
PRC - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- D:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2007-04-25 12:18:56 | 000,355,096 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2007-04-25 12:18:52 | 000,174,872 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010-12-02 10:33:26 | 000,135,168 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\ScanProcess.dll
MOD - [2010-12-01 15:18:24 | 000,086,016 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuAction.exe
MOD - [2010-12-01 09:40:32 | 000,155,648 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\Scan.dll
MOD - [2010-11-30 17:03:52 | 000,098,304 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\PDF.DLL
MOD - [2010-11-25 14:42:10 | 000,040,960 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\Copy.DLL
MOD - [2010-11-25 14:42:04 | 000,090,194 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\FormatManager.dll
MOD - [2010-11-11 13:24:00 | 000,081,920 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\PlkMsgRes.dll
MOD - [2010-11-11 13:22:00 | 000,061,440 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuRes.dll
MOD - [2010-11-09 16:00:46 | 000,077,824 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\OCR.DLL
MOD - [2010-11-09 15:59:18 | 000,053,248 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\eMail.DLL
MOD - [2010-11-09 15:58:26 | 000,098,304 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\Custom.DLL
MOD - [2010-11-09 15:58:04 | 000,036,864 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\AmCommonLib.dll
MOD - [2010-11-08 17:37:54 | 000,061,440 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\PlkMsg.dll
MOD - [2010-09-24 10:12:00 | 000,049,152 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\FilingRes.dll
MOD - [2010-09-24 10:07:00 | 000,090,112 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\ScanRes.dll
MOD - [2010-06-07 15:06:00 | 000,053,248 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\FormatManagerRes.dll
MOD - [2010-06-07 15:06:00 | 000,049,152 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\EmailRes.dll
MOD - [2010-06-07 15:06:00 | 000,045,056 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\CopyRes.dll
MOD - [2010-06-07 15:06:00 | 000,040,960 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\CustomRes.dll
MOD - [2010-06-07 15:06:00 | 000,036,864 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\OcrRes.dll
MOD - [2010-01-30 02:41:12 | 004,254,560 | ---- | M] () -- D:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009-06-25 10:00:06 | 000,897,024 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\EncryptPdf.dll
MOD - [2008-06-25 14:03:40 | 000,045,056 | ---- | M] () -- D:\Program Files (x86)\Common Files\iMpacct\EdgeFillRsc.dll
MOD - [2008-06-02 11:27:08 | 000,061,440 | ---- | M] () -- D:\Program Files (x86)\Common Files\iMpacct\EdgeFill.dll
MOD - [2006-05-15 15:24:18 | 000,122,938 | ---- | M] () -- D:\Program Files (x86)\Common Files\iMpacct\CommonFunc.dll
MOD - [2005-09-21 14:36:54 | 000,061,440 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\PrnDriver.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012-03-07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2012-02-04 20:14:40 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2010-08-09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- D:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008-07-29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:[b]64bit:[/b] - [2007-09-20 14:31:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- D:\Windows\SysNative\AESTSr64.exe -- (AESTFilters)
SRV:[b]64bit:[/b] - [2007-09-13 14:45:42 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- D:\Windows\SysNative\stacsv64.exe -- (STacSV)
SRV - [2012-05-10 13:37:51 | 000,655,712 | ---- | M] () [Disabled | Stopped] -- D:\Program Files (x86)\NETIA Mobilny Internet\UpdateDog\ouc.exe -- (NETIA Mobilny Internet. RunOuc)
SRV - [2012-01-12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012-01-12 14:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012-01-12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012-01-04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-11-17 21:47:46 | 000,008,192 | ---- | M] () [Auto | Stopped] -- D:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- D:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- D:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007-04-25 12:18:56 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-05-10 13:37:51 | 000,417,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:[b]64bit:[/b] - [2012-05-10 13:37:51 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:[b]64bit:[/b] - [2012-05-10 13:37:51 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:[b]64bit:[/b] - [2012-05-10 13:37:51 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:[b]64bit:[/b] - [2012-03-14 07:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:[b]64bit:[/b] - [2012-03-14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- D:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:[b]64bit:[/b] - [2012-03-14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2012-02-02 17:47:39 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2010-01-27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:[/b] - [2009-09-21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- D:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2009-07-07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:35 | 000,087,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\b44amd64.sys -- (bcm44amd64)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-08-28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2007-09-13 14:46:06 | 000,392,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2007-07-18 01:02:00 | 000,266,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV:[b]64bit:[/b] - [2007-04-25 12:18:12 | 000,537,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2007-03-31 12:02:44 | 001,143,088 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\btkrnl.sys -- (BTKRNL)
DRV:[b]64bit:[/b] - [2007-03-05 18:55:00 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV:[b]64bit:[/b] - [2006-11-18 12:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:[b]64bit:[/b] - [2006-11-17 16:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV - [2012-01-11 21:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/04/22 12:45:24] [Kernel | Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011-10-27 07:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- D:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108973&babsrc=SP_ss&mntrId=9ca346e2000000000000001644784155
IE - HKCU\..\SearchScopes\{4C18D324-34A7-449C-A95F-D15014C19229}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VD&o=14778&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=VX&apn_dtid=YYYYYYFGPL&apn_uid=6093389B-8525-4593-9A08-9B65D837B09A&apn_sauid=6E8C9F98-83D9-404E-A9A5-13E0C07152DF&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\DAWID\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\DAWID\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012-06-08 20:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-06-08 20:04:54 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome  ==========[/color]

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = D:\Users\DAWID\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = D:\Users\DAWID\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Users\DAWID\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Users\DAWID\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = D:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - D:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - Reg Error: Value error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NVHotkey] D:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SigmatelSysTrayApp] D:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [WrtMon.exe] D:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012-11-16 19:16:27 | 000,000,000 | -H-D | M]
O4 - Startup: D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = D:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:[b]64bit:[/b] - Extra context menu item: Wyślij do urządzenia &Bluetooth... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {B741592C-8A33-4AB3-8535-2F92D14C582B} http://192.168.1.5:1080/Media.CAB (Media Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D77AAFE-0141-4A4E-899E-E3315EC09685}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EFE2D95-F9B7-4D03-9B6E-3C45E19A5DE7}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69909016-BDF8-480D-8A95-52BF0B8CACD9}: NameServer = 89.108.202.20 89.108.195.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914C1DEE-38DD-4D27-B6DD-75EA2AE793EE}: NameServer = 89.108.202.20 89.108.195.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B9BCEC-B830-4170-848D-CAFF9437E94A}: NameServer = 89.108.195.21 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBED76FB-8984-4EC6-A58F-E1268C800176}: DhcpNameServer = 192.168.1.252 192.168.1.248
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - D:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-03-06 21:13:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-06-02 06:30:12 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{22ad25be-9a99-11e1-b11a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{22ad25be-9a99-11e1-b11a-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{22ad2609-9a99-11e1-b11a-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{22ad2609-9a99-11e1-b11a-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{22ad2615-9a99-11e1-b11a-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{22ad2615-9a99-11e1-b11a-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{29bb42b5-a0f4-11e1-ad23-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{29bb42b5-a0f4-11e1-ad23-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{537ce6a8-9d7e-11e1-b072-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{537ce6a8-9d7e-11e1-b072-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{826ea358-4dbd-11e1-ab1b-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{826ea358-4dbd-11e1-ab1b-001d09a88119}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{a64aaed3-9c26-11e1-ad3c-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{a64aaed3-9c26-11e1-ad3c-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-11-21 16:42:13 | 000,000,000 | -HSD | C] -- D:\found.000
[2012-11-18 18:06:50 | 000,000,000 | ---D | C] -- D:\_OTL
[2012-11-18 18:06:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\DAWID\Desktop\OTL.exe
[2012-11-16 19:16:27 | 000,000,000 | -H-D | C] -- D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2012-11-16 18:05:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\ProgramData\lsass.exe
[2012-10-28 21:18:35 | 000,000,000 | ---D | C] -- D:\Users\DAWID\AppData\Local\SniperV2
[2012-10-28 21:16:00 | 000,000,000 | ---D | C] -- D:\Users\DAWID\AppData\Local\SKIDROW
[2012-10-28 21:14:07 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012-10-28 21:08:23 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Rebellion
[2012-10-06 16:10:08 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012-10-06 16:02:31 | 000,000,000 | ---D | C] -- D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012-10-06 15:38:04 | 000,000,000 | ---D | C] -- D:\Users\DAWID\Documents\StarCraft II
[2012-02-05 12:33:45 | 003,623,592 | ---- | C] (Ask) -- D:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
[2012-02-05 12:33:45 | 000,143,240 | ---- | C] (Ask.com) -- D:\Program Files (x86)\Common Files\ApnStub.exe

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-11-22 19:13:13 | 000,010,016 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-22 19:13:13 | 000,010,016 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-22 19:11:26 | 001,669,916 | ---- | M] () -- D:\Windows\SysNative\PerfStringBackup.INI
[2012-11-22 19:11:26 | 000,740,828 | ---- | M] () -- D:\Windows\SysNative\perfh015.dat
[2012-11-22 19:11:26 | 000,654,552 | ---- | M] () -- D:\Windows\SysNative\perfh009.dat
[2012-11-22 19:11:26 | 000,155,392 | ---- | M] () -- D:\Windows\SysNative\perfc015.dat
[2012-11-22 19:11:26 | 000,121,424 | ---- | M] () -- D:\Windows\SysNative\perfc009.dat
[2012-11-22 19:05:43 | 000,001,042 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-11-22 19:05:21 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012-11-22 19:05:15 | 3219,677,184 | -HS- | M] () -- D:\hiberfil.sys
[2012-11-22 19:03:26 | 095,023,320 | ---- | M] () -- D:\ProgramData\netdislw.pad
[2012-11-21 16:43:48 | 000,003,416 | ---- | M] () -- D:\bootsqm.dat
[2012-11-21 11:58:58 | 000,001,058 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2364387110-1806384711-3246743172-1000UA.job
[2012-11-20 22:24:01 | 000,001,046 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-11-18 18:06:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\DAWID\Desktop\OTL.exe
[2012-11-17 12:58:00 | 000,001,006 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2364387110-1806384711-3246743172-1000Core.job
[2012-11-16 18:05:53 | 000,000,810 | ---- | M] () -- D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012-11-16 18:05:51 | 000,044,544 | ---- | M] (Microsoft Corporation) -- D:\ProgramData\lsass.exe
[2012-11-10 14:01:07 | 000,002,493 | ---- | M] () -- D:\Users\DAWID\Desktop\Google Chrome.lnk
[2012-11-10 12:48:05 | 000,000,000 | -H-- | M] () -- D:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012-11-09 07:19:37 | 000,000,000 | ---- | M] () -- D:\Users\DAWID\Documents\NEWSOFT
[2012-10-28 21:14:10 | 000,002,225 | ---- | M] () -- D:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012-10-06 16:16:07 | 000,000,763 | ---- | M] () -- D:\Users\Public\Desktop\StarCraft II.lnk
[2012-10-01 12:19:16 | 000,168,980 | ---- | M] () -- D:\Users\DAWID\Desktop\stelaż regału weterynaria.dwg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-11-21 16:43:48 | 000,003,416 | ---- | C] () -- D:\bootsqm.dat
[2012-11-16 18:05:53 | 000,000,810 | ---- | C] () -- D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012-11-16 18:05:51 | 095,023,320 | ---- | C] () -- D:\ProgramData\netdislw.pad
[2012-11-10 12:48:05 | 000,000,000 | -H-- | C] () -- D:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012-10-28 21:14:10 | 000,002,225 | ---- | C] () -- D:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012-10-06 15:38:04 | 000,000,763 | ---- | C] () -- D:\Users\Public\Desktop\StarCraft II.lnk
[2012-10-01 12:18:45 | 000,168,980 | ---- | C] () -- D:\Users\DAWID\Desktop\stelaż regału weterynaria.dwg
[2012-03-23 07:52:53 | 000,000,245 | ---- | C] () -- D:\Windows\71QU.ini
[2012-03-23 07:52:23 | 000,000,121 | ---- | C] () -- D:\Windows\iris.ini
[2012-02-23 16:41:52 | 000,258,864 | ---- | C] () -- D:\Windows\SUPDRun.exe
[2012-02-04 19:40:03 | 001,637,498 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012-01-08 11:40:11 | 000,000,991 | ---- | C] () -- D:\Windows\ARCHPR.INI
[2011-12-10 18:39:11 | 000,007,602 | ---- | C] () -- D:\Users\DAWID\AppData\Local\Resmon.ResmonCfg
[2011-11-17 21:48:31 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe
[2011-11-11 20:23:39 | 000,074,752 | ---- | C] () -- D:\Windows\SysWow64\ff_vfw.dll
[2011-10-15 00:54:52 | 000,321,856 | ---- | C] () -- D:\Windows\SysWow64\nvStreaming.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = D:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = D:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = D:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012-03-18 16:38:26 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Autodesk
[2012-01-08 11:39:37 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Babylon
[2012-07-30 20:50:51 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\BESTplayer
[2012-11-19 21:57:23 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\BitTorrent
[2012-02-02 17:49:34 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\DAEMON Tools Lite
[2011-11-27 18:48:40 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Foxit Software
[2012-06-10 17:17:50 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Might & Magic Heroes VI
[2011-11-24 20:32:27 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\NapiProjekt
[2012-03-23 07:54:47 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\NewSoft
[2012-02-11 16:26:33 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Nokia
[2012-02-11 16:26:09 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\PC Suite
[2011-12-25 11:50:02 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Ubisoft

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


[wojtas]

Brakuje drugiego loga Extras. Przeczytaj wszystko-o-logach-aktualizacja-30-01-2012-vt117887.html

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108973&babsrc=SP_ss&mntrId=9ca346e2000000000000001644784155
IE - HKCU\..\SearchScopes\{4C18D324-34A7-449C-A95F-D15014C19229}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VD&o=14778&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=VX&apn_dtid=YYYYYYFGPL&apn_uid=6093389B-8525-4593-9A08-9B65D837B09A&apn_sauid=6E8C9F98-83D9-404E-A9A5-13E0C07152DF&
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - Startup: D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012-11-16 19:16:27 | 000,000,000 | -H-D | M]
O4 - Startup: D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = D:\ProgramData\lsass.exe (Microsoft Corporation)
[2012-11-16 19:16:27 | 000,000,000 | -H-D | C] -- D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2012-11-16 18:05:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\ProgramData\lsass.exe
[2012-02-05 12:33:45 | 003,623,592 | ---- | C] (Ask) -- D:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
[2012-02-05 12:33:45 | 000,143,240 | ---- | C] (Ask.com) -- D:\Program Files (x86)\Common Files\ApnStub.exe
[2012-11-22 19:03:26 | 095,023,320 | ---- | M] () -- D:\ProgramData\netdislw.pad

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera . ( blokada ustąpi)

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzyła się po restarcie).

[vida]

dzięki bardzo za pomoc, komputer działa bez zarzutu

raporty:

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C18D324-34A7-449C-A95F-D15014C19229}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C18D324-34A7-449C-A95F-D15014C19229}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled folder moved successfully.
D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
D:\ProgramData\lsass.exe moved successfully.
Folder D:\Users\DAWID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\ not found.
File D:\ProgramData\lsass.exe not found.
D:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe moved successfully.
D:\Program Files (x86)\Common Files\ApnStub.exe moved successfully.
D:\ProgramData\netdislw.pad moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: DAWID
->Temp folder emptied: 3664503 bytes
->Temporary Internet Files folder emptied: 2201486 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 53083056 bytes
->Flash cache emptied: 1739 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20812677 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11252012_100622

Files\Folders moved on Reboot...
D:\Users\DAWID\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
D:\Users\DAWID\AppData\Local\Temp\wlsidten.dll moved successfully.
File move failed. D:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Kod: Zaznacz wszystko

OTL logfile created on: 2012-11-25 10:12:17 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\DAWID\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,58% Memory free
7,99 Gb Paging File | 6,97 Gb Available in Paging File | 87,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 201,99 Gb Total Space | 103,82 Gb Free Space | 51,40% Space Free | Partition Type: NTFS
Drive D: | 263,67 Gb Total Space | 62,90 Gb Free Space | 23,86% Space Free | Partition Type: NTFS
Drive E: | 7,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 100,00 Mb Total Space | 69,93 Mb Free Space | 69,93% Space Free | Partition Type: NTFS

Computer Name: DAWID-KOMPUTER | User Name: DAWID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2012-11-18 18:06:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\DAWID\Desktop\OTL.exe
PRC - [2012-03-07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012-01-19 18:08:34 | 003,477,312 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012-01-12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012-01-12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- D:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010-12-01 15:18:24 | 000,086,016 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuAction.exe
PRC - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- D:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2007-04-25 12:18:56 | 000,355,096 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2007-04-25 12:18:52 | 000,174,872 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010-12-02 10:33:26 | 000,135,168 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\ScanProcess.dll
MOD - [2010-12-01 15:18:24 | 000,086,016 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuAction.exe
MOD - [2010-12-01 09:40:32 | 000,155,648 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\Scan.dll
MOD - [2010-11-30 17:03:52 | 000,098,304 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\PDF.DLL
MOD - [2010-11-25 14:42:10 | 000,040,960 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\Copy.DLL
MOD - [2010-11-25 14:42:04 | 000,090,194 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\FormatManager.dll
MOD - [2010-11-11 13:24:00 | 000,081,920 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\PlkMsgRes.dll
MOD - [2010-11-11 13:22:00 | 000,061,440 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\DocuRes.dll
MOD - [2010-11-09 16:00:46 | 000,077,824 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\OCR.DLL
MOD - [2010-11-09 15:59:18 | 000,053,248 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\eMail.DLL
MOD - [2010-11-09 15:58:26 | 000,098,304 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\Custom.DLL
MOD - [2010-11-09 15:58:04 | 000,036,864 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\AmCommonLib.dll
MOD - [2010-11-08 17:37:54 | 000,061,440 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\PlkMsg.dll
MOD - [2010-09-24 10:12:00 | 000,049,152 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\FilingRes.dll
MOD - [2010-09-24 10:07:00 | 000,090,112 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\ScanRes.dll
MOD - [2010-06-07 15:06:00 | 000,053,248 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\FormatManagerRes.dll
MOD - [2010-06-07 15:06:00 | 000,049,152 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\EmailRes.dll
MOD - [2010-06-07 15:06:00 | 000,045,056 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\CopyRes.dll
MOD - [2010-06-07 15:06:00 | 000,040,960 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\CustomRes.dll
MOD - [2010-06-07 15:06:00 | 000,036,864 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\OcrRes.dll
MOD - [2009-06-25 10:00:06 | 000,897,024 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\EncryptPdf.dll
MOD - [2008-06-25 14:03:40 | 000,045,056 | ---- | M] () -- D:\Program Files (x86)\Common Files\iMpacct\EdgeFillRsc.dll
MOD - [2008-06-02 11:27:08 | 000,061,440 | ---- | M] () -- D:\Program Files (x86)\Common Files\iMpacct\EdgeFill.dll
MOD - [2006-05-15 15:24:18 | 000,122,938 | ---- | M] () -- D:\Program Files (x86)\Common Files\iMpacct\CommonFunc.dll
MOD - [2005-09-21 14:36:54 | 000,061,440 | ---- | M] () -- D:\Program Files (x86)\Plustek\Plustek OpticSlim 2600\PrnDriver.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012-03-07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2012-02-04 20:14:40 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2010-08-09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- D:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008-07-29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:[b]64bit:[/b] - [2007-09-20 14:31:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- D:\Windows\SysNative\AESTSr64.exe -- (AESTFilters)
SRV:[b]64bit:[/b] - [2007-09-13 14:45:42 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- D:\Windows\SysNative\stacsv64.exe -- (STacSV)
SRV - [2012-05-10 13:37:51 | 000,655,712 | ---- | M] () [Disabled | Stopped] -- D:\Program Files (x86)\NETIA Mobilny Internet\UpdateDog\ouc.exe -- (NETIA Mobilny Internet. RunOuc)
SRV - [2012-01-12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012-01-12 14:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Stopped] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012-01-12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012-01-04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-11-17 21:47:46 | 000,008,192 | ---- | M] () [Auto | Stopped] -- D:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011-10-15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- D:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- D:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007-04-25 12:18:56 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-05-10 13:37:51 | 000,417,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:[b]64bit:[/b] - [2012-05-10 13:37:51 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:[b]64bit:[/b] - [2012-05-10 13:37:51 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:[b]64bit:[/b] - [2012-05-10 13:37:51 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:[b]64bit:[/b] - [2012-03-14 07:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:[b]64bit:[/b] - [2012-03-14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- D:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:[b]64bit:[/b] - [2012-03-14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2012-02-02 17:47:39 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2010-01-27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:[/b] - [2009-09-21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- D:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2009-07-07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009-06-10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:35 | 000,087,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\b44amd64.sys -- (bcm44amd64)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-08-28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2007-09-13 14:46:06 | 000,392,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2007-07-18 01:02:00 | 000,266,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV:[b]64bit:[/b] - [2007-04-25 12:18:12 | 000,537,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2007-03-31 12:02:44 | 001,143,088 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\btkrnl.sys -- (BTKRNL)
DRV:[b]64bit:[/b] - [2007-03-05 18:55:00 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV:[b]64bit:[/b] - [2006-11-18 12:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:[b]64bit:[/b] - [2006-11-17 16:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV - [2012-01-11 21:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/04/22 12:45:24] [Kernel | Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011-10-27 07:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- D:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2364387110-1806384711-3246743172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-2364387110-1806384711-3246743172-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2364387110-1806384711-3246743172-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2364387110-1806384711-3246743172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\DAWID\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\DAWID\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012-06-08 20:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-06-08 20:04:54 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome  ==========[/color]

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = D:\Users\DAWID\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = D:\Users\DAWID\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Users\DAWID\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Users\DAWID\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = D:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - D:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NVHotkey] D:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SigmatelSysTrayApp] D:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [WrtMon.exe] D:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2364387110-1806384711-3246743172-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:[b]64bit:[/b] - Extra context menu item: Wyślij do urządzenia &Bluetooth... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {B741592C-8A33-4AB3-8535-2F92D14C582B} http://192.168.1.5:1080/Media.CAB (Media Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D77AAFE-0141-4A4E-899E-E3315EC09685}: NameServer = 89.108.195.20 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EFE2D95-F9B7-4D03-9B6E-3C45E19A5DE7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69909016-BDF8-480D-8A95-52BF0B8CACD9}: NameServer = 89.108.202.20 89.108.195.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914C1DEE-38DD-4D27-B6DD-75EA2AE793EE}: NameServer = 89.108.202.20 89.108.195.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B9BCEC-B830-4170-848D-CAFF9437E94A}: NameServer = 89.108.195.21 217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBED76FB-8984-4EC6-A58F-E1268C800176}: DhcpNameServer = 192.168.1.252 192.168.1.248
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - D:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-03-06 21:13:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-06-02 06:30:12 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{22ad25be-9a99-11e1-b11a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{22ad25be-9a99-11e1-b11a-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{22ad2609-9a99-11e1-b11a-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{22ad2609-9a99-11e1-b11a-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{22ad2615-9a99-11e1-b11a-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{22ad2615-9a99-11e1-b11a-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{29bb42b5-a0f4-11e1-ad23-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{29bb42b5-a0f4-11e1-ad23-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{537ce6a8-9d7e-11e1-b072-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{537ce6a8-9d7e-11e1-b072-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{826ea358-4dbd-11e1-ab1b-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{826ea358-4dbd-11e1-ab1b-001d09a88119}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{a64aaed3-9c26-11e1-ad3c-001d09a88119}\Shell - "" = AutoRun
O33 - MountPoints2\{a64aaed3-9c26-11e1-ad3c-001d09a88119}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-11-21 16:42:13 | 000,000,000 | -HSD | C] -- D:\found.000
[2012-11-18 18:06:50 | 000,000,000 | ---D | C] -- D:\_OTL
[2012-11-18 18:06:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\DAWID\Desktop\OTL.exe
[2012-10-28 21:18:35 | 000,000,000 | ---D | C] -- D:\Users\DAWID\AppData\Local\SniperV2
[2012-10-28 21:16:00 | 000,000,000 | ---D | C] -- D:\Users\DAWID\AppData\Local\SKIDROW
[2012-10-28 21:14:07 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012-10-28 21:08:23 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Rebellion

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-11-25 10:10:53 | 000,001,042 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-11-25 10:10:44 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012-11-25 10:10:39 | 3219,677,184 | -HS- | M] () -- D:\hiberfil.sys
[2012-11-25 10:10:07 | 000,010,016 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-25 10:10:07 | 000,010,016 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-25 09:25:14 | 001,669,916 | ---- | M] () -- D:\Windows\SysNative\PerfStringBackup.INI
[2012-11-25 09:25:14 | 000,740,828 | ---- | M] () -- D:\Windows\SysNative\perfh015.dat
[2012-11-25 09:25:14 | 000,654,552 | ---- | M] () -- D:\Windows\SysNative\perfh009.dat
[2012-11-25 09:25:14 | 000,155,392 | ---- | M] () -- D:\Windows\SysNative\perfc015.dat
[2012-11-25 09:25:14 | 000,121,424 | ---- | M] () -- D:\Windows\SysNative\perfc009.dat
[2012-11-25 09:24:11 | 000,001,046 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-11-24 14:58:11 | 000,001,058 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2364387110-1806384711-3246743172-1000UA.job
[2012-11-18 18:06:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\DAWID\Desktop\OTL.exe
[2012-11-17 12:58:00 | 000,001,006 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2364387110-1806384711-3246743172-1000Core.job
[2012-11-10 14:01:07 | 000,002,493 | ---- | M] () -- D:\Users\DAWID\Desktop\Google Chrome.lnk
[2012-11-10 12:48:05 | 000,000,000 | -H-- | M] () -- D:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012-11-09 07:19:37 | 000,000,000 | ---- | M] () -- D:\Users\DAWID\Documents\NEWSOFT
[2012-10-28 21:14:10 | 000,002,225 | ---- | M] () -- D:\Users\Public\Desktop\Sniper Elite V2.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-11-10 12:48:05 | 000,000,000 | -H-- | C] () -- D:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012-10-28 21:14:10 | 000,002,225 | ---- | C] () -- D:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012-03-23 07:52:53 | 000,000,245 | ---- | C] () -- D:\Windows\71QU.ini
[2012-03-23 07:52:23 | 000,000,121 | ---- | C] () -- D:\Windows\iris.ini
[2012-02-23 16:41:52 | 000,258,864 | ---- | C] () -- D:\Windows\SUPDRun.exe
[2012-02-04 19:40:03 | 001,637,498 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012-01-08 11:40:11 | 000,000,991 | ---- | C] () -- D:\Windows\ARCHPR.INI
[2011-12-10 18:39:11 | 000,007,602 | ---- | C] () -- D:\Users\DAWID\AppData\Local\Resmon.ResmonCfg
[2011-11-17 21:48:31 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe
[2011-11-11 20:23:39 | 000,074,752 | ---- | C] () -- D:\Windows\SysWow64\ff_vfw.dll
[2011-10-15 00:54:52 | 000,321,856 | ---- | C] () -- D:\Windows\SysWow64\nvStreaming.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = D:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = D:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = D:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012-03-18 16:38:26 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Autodesk
[2012-07-30 20:50:51 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\BESTplayer
[2012-11-19 21:57:23 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\BitTorrent
[2012-02-02 17:49:34 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\DAEMON Tools Lite
[2011-11-27 18:48:40 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Foxit Software
[2012-06-10 17:17:50 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Might & Magic Heroes VI
[2011-11-24 20:32:27 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\NapiProjekt
[2012-03-23 07:54:47 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\NewSoft
[2012-02-11 16:26:33 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Nokia
[2012-02-11 16:26:09 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\PC Suite
[2011-12-25 11:50:02 | 000,000,000 | ---D | M] -- D:\Users\DAWID\AppData\Roaming\Ubisoft

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


raport adwcleaner:

Kod: Zaznacz wszystko

# AdwCleaner v2.009 - Logfile created 11/25/2012 at 10:09:43
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : DAWID - DAWID-KOMPUTER
# Boot Mode : Normal
# Running from : C:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : D:\ProgramData\Babylon
Deleted on reboot : D:\Users\DAWID\AppData\Local\Babylon
Deleted on reboot : D:\Users\DAWID\AppData\LocalLow\BabylonToolbar
Deleted on reboot : D:\Users\DAWID\AppData\Roaming\Babylon
File Deleted : D:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?AF=108973&babsrc=NT_ss&mntrId=9ca346e2000000000000001644784155 --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.64

File : D:\Users\DAWID\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2201 octets] - [25/11/2012 10:09:43]

########## EOF - D:\AdwCleaner[S1].txt - [2261 octets] ##########

nie wiem dlaczego ale nie mogę wygenerować raportu extras.txtw OTL - na końcu skanowania nie pojawia sięrazem z OTL.exe?

[wojtas]

Bo nie masz zaznaczone rejestr skan dodatkowy - użyj filtrowania ( lecz jeden log extras wystarczy)

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko to czego nie znasz za pomocą tego programu )
* wykonaj kroki finalizujące temat