Myszka się zacina i komputer wolno pracuje

[kamos1602]

Witam, ostatnio po włączeniu komputera moja myszka zaczęła dziwnie pracować. Co kilka sekund kursor staje w miejscu i praca na komputerze jest bardzo uciążliwa. Myślałem może, że komputer w tym momencie się całkowicie się zawiesza, ale jednak nie (sprawdzałem to klikając np. przycisk START na klawiaturze). Myślałem też, że to wina samej myszki, ale po podłączeniu do innego komputera pracowała normalnie. Proszę o pomoc

Logi z OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2012-01-29 19:26:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = F:\
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,36 Mb Total Physical Memory | 832,21 Mb Available Physical Memory | 81,32% Memory free
2,40 Gb Paging File | 2,34 Gb Available in Paging File | 97,55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 10,78 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 71,75 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 0,51 Gb Free Space | 26,95% Space Free | Partition Type: FAT32

Computer Name: USER-6590243A43 | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-01-29 19:15:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010-01-18 18:51:02 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011-03-04 10:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-11-30 17:03:00 | 004,023,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-08-14 10:09:54 | 000,495,700 | ---- | M] (Atheros) [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2009-01-05 16:16:12 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008-10-15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- d:\gry\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2006-10-23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-12-10 23:47:18 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010-01-18 18:51:02 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5)
DRV - [2010-01-18 18:51:02 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2010-01-18 18:51:02 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2010-01-18 18:51:02 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2010-01-18 18:51:02 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2010-01-18 18:51:02 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132)
DRV - [2010-01-18 18:51:02 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124)
DRV - [2010-01-18 18:51:02 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2009-08-14 10:10:12 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-10-21 11:16:58 | 000,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007-06-29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007-06-25 08:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007-06-25 08:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007-06-25 08:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007-06-25 08:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007-03-08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005-08-18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-04-06 03:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-04-06 03:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005-03-09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004-02-20 16:40:56 | 000,301,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2003-01-10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=125
IE - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=1850807f000000000000002719f19445&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2010-12-10 22:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Extensions
[2011-12-25 18:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\extensions
[2011-08-18 17:51:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-12-25 18:56:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-12-15 21:00:04 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\extensions\ffxtlbr@babylon.com
[2011-12-18 14:33:13 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\extensions\IplextoALL@ALLPlayer.org
[2011-10-14 02:02:21 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\extensions\toolbar@ask.com
[2011-01-08 22:30:25 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\searchplugins\conduit.xml
[2011-02-24 19:52:44 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\searchplugins\daemon-search.xml
[2012-01-07 15:01:11 | 000,001,337 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\searchplugins\pwn-swo.xml
[2010-12-11 10:43:34 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\searchplugins\winamp-search.xml
[2011-11-10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011-12-15 20:59:57 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Vividas Player Plugin = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\choofoanehnlponopnapopbnkeldllka\4.1_1\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010-01-18 18:51:02 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - d:\gry\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O4 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004..\Run: [ALLUpdate] d:\gry\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe File not found
O4 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()
O4 - Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\lua9.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EC0EFBE-ED69-4541-9F07-0E3312368763}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (athgina.dll) -C:\WINDOWS\System32\athgina.dll (Atheros)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-12-08 14:15:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-12-12 19:38:22 | 000,000,089 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:57381d9bb)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-01-16 01:14:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\BricoPacks
[2012-01-16 00:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\RayV
[2012-01-16 00:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\RayV
[2012-01-16 00:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\RayV
[2012-01-16 00:47:10 | 000,000,000 | ---D | C] -- C:\Nowy folder
[2012-01-16 00:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\RocketDock
[2012-01-16 00:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2012-01-15 23:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Danone
[2012-01-15 23:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Menu Start\Programy\Danone
[2012-01-15 21:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Media Player Classic
[2012-01-15 21:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow
[2012-01-15 21:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2012-01-14 22:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\City Interactive
[2012-01-14 22:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2012-01-01 16:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\NapiProjekt
[2011-10-28 18:45:23 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2011-10-28 18:45:23 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2011-10-28 18:45:22 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-01-29 19:23:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-01-29 18:34:35 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{68CF6A32-02DA-4EFC-B873-BCB34E60D837}.job
[2012-01-29 18:31:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-01-16 22:02:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-01-16 21:58:12 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-16 21:49:02 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1454471165-1177238915-1004UA.job
[2012-01-16 19:23:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-01-16 01:17:24 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uxtheme.dll
[2012-01-15 23:36:04 | 000,000,048 | ---- | M] () -- C:\WINDOWS\scmate.ini
[2012-01-15 22:49:00 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1454471165-1177238915-1004Core.job
[2012-01-11 23:08:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\next proba.mp3
[2012-01-11 23:08:13 | 000,802,610 | ---- | M] () -- C:\Documents and Settings\User\Moje dokumenty\tatata.mp3
[2012-01-11 23:08:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\tatata.mp3
[2011-12-31 01:34:20 | 000,491,064 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-12-31 01:34:20 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-12-31 01:34:20 | 000,084,316 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-12-31 01:34:20 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-01-16 19:23:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-01-15 23:36:04 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2012-01-15 21:19:59 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2012-01-11 23:08:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\next proba.mp3
[2012-01-11 23:08:09 | 000,802,610 | ---- | C] () -- C:\Documents and Settings\User\Moje dokumenty\tatata.mp3
[2012-01-11 23:08:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\tatata.mp3
[2011-12-11 13:36:42 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011-12-11 13:36:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\athcfg20.dll
[2011-12-11 13:36:14 | 000,127,079 | ---- | C] () -- C:\WINDOWS\System32\athcfg20resU.dll
[2011-12-11 13:36:14 | 000,127,053 | ---- | C] () -- C:\WINDOWS\System32\athcfg20res.dll
[2011-10-28 18:45:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2011-10-28 18:45:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\vsnpstd.exe
[2011-10-28 18:45:26 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2011-10-28 18:45:24 | 000,301,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2011-10-28 18:45:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd.exe
[2011-10-05 00:51:09 | 000,442,880 | ---- | C] () -- C:\Program Files\spolsv.exe
[2011-09-04 23:31:27 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-05-31 07:39:50 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2011-05-31 07:38:18 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll
[2011-04-23 11:35:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011-01-08 21:54:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\YGLR.INI
[2011-01-07 14:56:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-12-11 23:19:55 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-12-11 23:19:55 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010-12-11 22:12:35 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-08 15:44:10 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-12-08 15:44:09 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-12-08 15:44:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-12-08 15:44:05 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010-12-08 15:37:43 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-12-08 15:37:36 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010-12-08 15:37:34 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2010-12-08 14:56:37 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-08 14:17:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-12-08 14:13:33 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-06-28 01:59:28 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-01-18 18:51:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010-01-18 18:51:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010-01-18 18:51:02 | 000,491,064 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2010-01-18 18:51:02 | 000,432,928 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010-01-18 18:51:02 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2010-01-18 18:51:02 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010-01-18 18:51:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010-01-18 18:51:02 | 000,084,316 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2010-01-18 18:51:02 | 000,067,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010-01-18 18:51:02 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010-01-18 18:51:02 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2010-01-18 18:51:02 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010-01-18 18:51:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010-01-18 18:51:02 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010-01-18 18:51:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010-01-18 18:51:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009-11-04 17:58:41 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll
[2009-11-04 17:58:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2009-11-04 17:58:40 | 001,984,512 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[color=#E56717]========== LOP Check ==========[/color]

[2010-12-08 16:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2011-09-28 11:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Applications
[2010-12-08 16:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2011-12-15 20:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2011-01-14 21:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-12-18 20:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core
[2011-11-06 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EL
[2011-07-04 19:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2011-04-04 14:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-10-02 21:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nexon
[2011-10-24 22:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU
[2012-01-11 20:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2011-01-07 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files
[2011-12-08 23:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ralink
[2011-07-04 19:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2011-12-11 13:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TP-LINK
[2011-12-11 13:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TP-LINK Driver
[2010-12-12 18:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2011-12-18 16:52:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Dane aplikacji\.#
[2011-05-04 01:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\AgerWebEdytor
[2011-07-04 19:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\AIMP
[2010-12-08 16:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ashampoo
[2011-10-11 12:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\AskToolbar
[2011-01-26 17:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Audacity
[2010-12-08 16:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Auslogics
[2011-12-15 20:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Babylon
[2011-12-17 11:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BabylonToolbar
[2012-01-15 21:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BESTplayer
[2011-07-04 19:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BitTorrent
[2011-01-14 21:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\DAEMON Tools Lite
[2011-09-28 11:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\DJ ToneXpress
[2011-10-11 23:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\FOG Downloader
[2010-12-19 15:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu
[2012-01-16 19:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu 10
[2011-02-11 22:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\GetRightToGo
[2011-12-17 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\GHISLER
[2011-07-16 13:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\InfraRecorder
[2012-01-01 16:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\NapiProjekt
[2011-01-16 17:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Need for Speed World
[2011-06-10 23:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\OpenFM
[2010-12-10 22:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\OpenOffice.org
[2011-07-04 18:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\PriceGong
[2012-01-16 00:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\RayV
[2011-11-14 01:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Rovio
[2011-12-24 21:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Sony
[2011-02-08 15:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Stellarium
[2010-12-10 23:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Teleca
[2011-10-23 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\TS3Client
[2012-01-16 22:02:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012-01-29 18:34:35 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{68CF6A32-02DA-4EFC-B873-BCB34E60D837}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3AEA6AF9

< End of report >


Kod: Zaznacz wszystko

OTL Extras logfile created on: 2012-01-29 19:26:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = F:\
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,36 Mb Total Physical Memory | 832,21 Mb Available Physical Memory | 81,32% Memory free
2,40 Gb Paging File | 2,34 Gb Available in Paging File | 97,55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 10,78 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 71,75 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 0,51 Gb Free Space | 26,95% Space Free | Partition Type: FAT32

Computer Name: USER-6590243A43 | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = js_file] -- D:\programy\Ager Web Edytor\AgerWebEdytor.exe (statjacek@o2.pl)
.reg [@ = regfile] -- regedit.exe "%1"

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [Winamp.Bookmark] -- "d:\programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"59067:TCP" = 59067:TCP:*:Enabled:Pando Media Booster
"59067:UDP" = 59067:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"59067:TCP" = 59067:TCP:*:Enabled:Pando Media Booster
"59067:UDP" = 59067:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\gry\Metin2\metin2.bin" = D:\gry\Metin2\metin2.bin:*:Enabled:metin2
"D:\gry\Metin2\metin2client.bin" = D:\gry\Metin2\metin2client.bin:*:Enabled:metin2client
"D:\programy\Winamp\winamp.exe" = D:\programy\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1292175077\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1292175077\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe" = C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe" = C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application
"D:\gry\Metin2\metin2client1.exe" = D:\gry\Metin2\metin2client1.exe:*:Enabled:metin2client1
"D:\gry\Metin2\metin2client2.exe" = D:\gry\Metin2\metin2client2.exe:*:Enabled:metin2client2
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\gry\Metin2_PL2008\BlueGameMt2.exe" = D:\gry\Metin2_PL2008\BlueGameMt2.exe:*:Enabled:BlueGameMt2
"C:\Documents and Settings\User\Pulpit\Slaris2\Slaris2.exe" = C:\Documents and Settings\User\Pulpit\Slaris2\Slaris2.exe:*:Enabled:Slaris2
"D:\gry\Metin2_PL2008\小象龙驹.exe" = D:\gry\Metin2_PL2008\????.exe:*:Enabled:?????
"D:\gry\Metin2_PL2008\config.ini" = D:\gry\Metin2_PL2008\config.ini:*:Enabled:config
"D:\gry\Metin2_PL2008\Vv138_Spol_By_Lost.exe" = D:\gry\Metin2_PL2008\Vv138_Spol_By_Lost.exe:*:Enabled:Vv138_Spol_By_Lost
"D:\gry\Metin2_PL2008\esteemt2_spol_www.przeklej.pl.exe" = D:\gry\Metin2_PL2008\esteemt2_spol_www.przeklej.pl.exe:*:Enabled:esteemt2_spol_www.przeklej.pl
"D:\gry\Metin2_PL2008\EsteeMt2.exe" = D:\gry\Metin2_PL2008\EsteeMt2.exe:*:Enabled:EsteeMt2
"D:\gry\Metin2_PL2008\Lxws S1 by Vitron999.exe" = D:\gry\Metin2_PL2008\Lxws S1 by Vitron999.exe:*:Enabled:Lxws S1 by Vitron999
"D:\gry\Metin2_PL2008\NexusMt2.exe" = D:\gry\Metin2_PL2008\NexusMt2.exe:*:Enabled:NexusMt2
"D:\gry\Metin2_PL2008\screensun2008.exe" = D:\gry\Metin2_PL2008\screensun2008.exe:*:Enabled:screensun2008
"D:\gry\Metin2_PL2008\perfectmt2_spolszczenie_www.przeklej.pl.exe" = D:\gry\Metin2_PL2008\perfectmt2_spolszczenie_www.przeklej.pl.exe:*:Enabled:perfectmt2_spolszczenie_www.przeklej.pl
"D:\gry\Metin2_PL2008\XalonMT2.exe" = D:\gry\Metin2_PL2008\XalonMT2.exe:*:Enabled:XalonMT2
"D:\gry\Metin2_PL2008\wlepka.exe" = D:\gry\Metin2_PL2008\wlepka.exe:*:Enabled:wlepka
"C:\Documents and Settings\User\Pulpit\DragonMT2\DragonMT2.exe" = C:\Documents and Settings\User\Pulpit\DragonMT2\DragonMT2.exe:*:Enabled:DragonMT2 Klient
"D:\gry\Hooligans\Hooligans.exe" = D:\gry\Hooligans\Hooligans.exe:*:Enabled:Hooligans
"D:\gry\Metin2\metin2.exe" = D:\gry\Metin2\metin2.exe:*:Enabled:metin2
"D:\gry\Counter-Strike\hl.exe" = D:\gry\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher
"C:\Documents and Settings\User\Moje dokumenty\Pobieranie\CS_1.6zip\CS 1.6\hl.exe" = C:\Documents and Settings\User\Moje dokumenty\Pobieranie\CS_1.6zip\CS 1.6\hl.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny
"C:\Program Files\valve\hl.exe" = C:\Program Files\valve\hl.exe:*:Enabled:Half-Life Launcher
"D:\gry\Counter-Strike 1.6\hl.exe" = D:\gry\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher
"D:\gry\Counter-Strike 1.6\hlds.exe" = D:\gry\Counter-Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"D:\gry\VirtualMT2\VirtualMT2.exe" = D:\gry\VirtualMT2\VirtualMT2.exe:*:Enabled:Virtual Cafe MT2 Klient
"D:\gry\AriusMT2\metin2client.bin" = D:\gry\AriusMT2\metin2client.bin:*:Enabled:metin2client -- ()
"C:\Documents and Settings\User\Ustawienia lokalne\Temp\DSOClient\app.n3app" = C:\Documents and Settings\User\Ustawienia lokalne\Temp\DSOClient\app.n3app:*:Enabled:app
"D:\gry\Left4Dead\hl2.exe" = D:\gry\Left4Dead\hl2.exe:*:Enabled:hl2
"D:\gry\Steam\Steam.exe" = D:\gry\Steam\Steam.exe:*:Enabled:Steam
"D:\q3test-1.08\quake3.exe" = D:\q3test-1.08\quake3.exe:*:Enabled:quake3 -- ()
"D:\gry\Id\Quake3\quake3.exe" = D:\gry\Id\Quake3\quake3.exe:*:Enabled:quake3
"D:\gry\WolfTeam\Wolfteam.bin" = D:\gry\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager
"D:\gry\Vindictus EU\en-EU\Vindictus.exe" = D:\gry\Vindictus EU\en-EU\Vindictus.exe:*:Enabled:Vindictus Launcher -- (NEXON Corp.)
"D:\gry\Vindictus EU\en-EU\NMService.exe" = D:\gry\Vindictus EU\en-EU\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"D:\gry\Id\Quake3\quake3e.exe" = D:\gry\Id\Quake3\quake3e.exe:*:Enabled:quake3e
"D:\gry\RA2\GAME.EXE" = D:\gry\RA2\GAME.EXE:*:Enabled:Main executable for Red Alert 2
"C:\Documents and Settings\User\Pulpit\Metin5.S2.07.02.2011\Metin5_S2.exe" = C:\Documents and Settings\User\Pulpit\Metin5.S2.07.02.2011\Metin5_S2.exe:*:Enabled:Metin5_S2
"D:\gry\User\Moje dokumenty\Downloads\PoseidonMT2\metin2client.bin" = D:\gry\User\Moje dokumenty\Downloads\PoseidonMT2\metin2client.bin:*:Enabled:metin2client -- ()
"C:\Documents and Settings\User\Pulpit\PoseidonMT2\metin2client.bin" = C:\Documents and Settings\User\Pulpit\PoseidonMT2\metin2client.bin:*:Enabled:metin2client
"C:\Documents and Settings\User\Pulpit\Longju\metin2client.bin" = C:\Documents and Settings\User\Pulpit\Longju\metin2client.bin:*:Enabled:metin2client
"C:\Documents and Settings\User\Pulpit\Client Vitoria\Vitoria\Vitoria.exe" = C:\Documents and Settings\User\Pulpit\Client Vitoria\Vitoria\Vitoria.exe:*:Enabled:Vitoria
"C:\Documents and Settings\User\Ustawienia lokalne\Temp\Rar$EX74.120\Airo\metin2client.bin" = C:\Documents and Settings\User\Ustawienia lokalne\Temp\Rar$EX74.120\Airo\metin2client.bin:*:Enabled:metin2client
"C:\Documents and Settings\User\Ustawienia lokalne\Temp\Rar$EX26.464\Airo\metin2client.bin" = C:\Documents and Settings\User\Ustawienia lokalne\Temp\Rar$EX26.464\Airo\metin2client.bin:*:Enabled:metin2client
"C:\Documents and Settings\User\Moje dokumenty\Downloads\Xerias\Xerias - Serwer metin2 !.exe" = C:\Documents and Settings\User\Moje dokumenty\Downloads\Xerias\Xerias - Serwer metin2 !.exe:*:Enabled:Xerias - Serwer metin2 !
"C:\Documents and Settings\User\Pulpit\Xerias\Xerias - Serwer metin2 !.exe" = C:\Documents and Settings\User\Pulpit\Xerias\Xerias - Serwer metin2 !.exe:*:Enabled:Xerias - Serwer metin2 !
"C:\Documents and Settings\User\Pulpit\Etores\Etores\metin2.exe" = C:\Documents and Settings\User\Pulpit\Etores\Etores\metin2.exe:*:Enabled:metin2
"C:\Documents and Settings\User\Pulpit\Etores\Etores\metin2.bin" = C:\Documents and Settings\User\Pulpit\Etores\Etores\metin2.bin:*:Enabled:metin2
"C:\Documents and Settings\User\Pulpit\Etores\Etores\Etores.exe" = C:\Documents and Settings\User\Pulpit\Etores\Etores\Etores.exe:*:Enabled:Etores
"D:\gry\Metin2\Etores.exe" = D:\gry\Metin2\Etores.exe:*:Enabled:Etores
"C:\Documents and Settings\User\Pulpit\Etores\Etores.exe" = C:\Documents and Settings\User\Pulpit\Etores\Etores.exe:*:Enabled:Etores
"C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe:*:Enabled:netsession_win
"C:\Program Files\Counter-Strike\hl.exe" = C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher
"D:\gry\Counter-Strike\hlds.exe" = D:\gry\Counter-Strike\hlds.exe:*:Enabled:HLDS Launcher
"D:\gry\Counter Strike Non Steam\hl.exe" = D:\gry\Counter Strike Non Steam\hl.exe:*:Enabled:Half-Life Launcher
"D:\gry\VirtualDJ\virtualdj_home.exe" = D:\gry\VirtualDJ\virtualdj_home.exe:*:Enabled:VirtualDJ -- (Atomix Productions)
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV\ -- (RayV)
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV\ -- (RayV)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF78023-EFA4-491F-9F5A-284DE97AA326}" = TL-WN321G Wireless Utility
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera
"{58B785A2-D2CA-40AA-AE89-FCC49326CDC4}" = OpenOffice.org 3.2
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{80843623-6460-4A3E-BFE6-6C66BDAE5178}" = Angry Birds
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"7-Zip" = 7-Zip 9.21beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ager Web Edytor_is1" = Ager Web Edytor 4.7.2
"ALLPlayer_is1" = ALLPlayer V5.X
"ang_pig_3_dp_is1" = Angielski w pigułce 3.0
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"At_Once_ks_is1" = Angielski At Once!
"Audacity_is1" = Audacity 1.2.6
"BabylonToolbar" = Babylon toolbar on IE
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"C.a.R._is1" = C.a.R. Version 9.6
"Counter-Strike 1.6 v32" = Counter-Strike 1.6 v32
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EasyLanguage_is1" = EasyLanguage
"EskkInternetPlus_is1" = Pakiet Multimedialny ESKK Angielski Demo 3.0
"ffdshow_is1" = ffdshow v1.1.4238 [2012-01-09]
"Fraps" = Fraps
"Gadu-Gadu 10" = Gadu-Gadu 10
"InfraRecorder" = InfraRecorder
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla ActiveX Control v1.5" = Mozilla ActiveX Control v1.5
"NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151)
"Native Instruments Service Center" = Native Instruments Service Center
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Odkurzacz 12.4_is1" = Odkurzacz 12.4
"quicktime_lite_is1" = QT Lite 4.0.0
"RayV" = PL-IPTV
"RealAlt_is1" = Real Alternative 2.0.2
"RealVNC_is1" = VNC Free Edition 4.1.3
"RocketDock_is1" = RocketDock 1.3.5
"Rymówka 1.0" = Rymówka 1.0
"Rzeźnik MPEGów 1.1.991_is1" = Rzeźnik MPEGów 1.1.991
"Słownik Języka Polskiego GoNaomi 1.4" = Słownik Języka Polskiego GoNaomi 1.4
"Sniper_is1" = Sniper: Art of Victory
"Testy maturalne - Język angielski (wersja demonstracyjna)" = Testy maturalne - Język angielski (wersja demonstracyjna)
"Totalcmd" = Total Commander (Remove or Repair)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"Virtual Turntables" = Virtual Turntables
"Vista Drive Icon" = Vista Drive Icon 1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 (32-bitowy)
"Xvid_is1" = Xvid 1.2.2 final uninstall

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1078081533-1454471165-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-07-02 03:05:27 | Computer Name = USER-6590243A43 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2011-07-02 05:52:05 | Computer Name = USER-6590243A43 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2011-07-02 15:10:06 | Computer Name = USER-6590243A43 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2011-07-02 16:55:24 | Computer Name = USER-6590243A43 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2011-07-03 05:37:57 | Computer Name = USER-6590243A43 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2011-07-03 06:57:58 | Computer Name = USER-6590243A43 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca hl.exe, wersja 1.1.1.1, moduł zawieszenia hungapp,
wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-07-03 09:22:55 | Computer Name = USER-6590243A43 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2011-07-03 15:56:05 | Computer Name = USER-6590243A43 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 5.3.0.120, moduł powodujący
błąd skype.exe, wersja 5.3.0.120, adres błędu 0x00194300.

Error - 2011-07-04 04:08:10 | Computer Name = USER-6590243A43 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2011-07-04 08:41:30 | Computer Name = USER-6590243A43 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

[ System Events ]
Error - 2012-01-29 14:25:34 | Computer Name = USER-6590243A43 | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie
można uruchomić z powodu następującego błędu:   %%31

Error - 2012-01-29 14:25:34 | Computer Name = USER-6590243A43 | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której
nie można uruchomić z powodu następującego błędu:   %%31

Error - 2012-01-29 14:25:34 | Computer Name = USER-6590243A43 | Source = Service Control Manager | ID = 7001
Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można
uruchomić z powodu następującego błędu:   %%31

Error - 2012-01-29 14:25:34 | Computer Name = USER-6590243A43 | Source = Service Control Manager | ID = 7001
Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można
uruchomić z powodu następującego błędu:   %%31

Error - 2012-01-29 14:25:34 | Computer Name = USER-6590243A43 | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego:   Aavmker4  AFD  AmdK8  aswSP  aswTdi  Fips  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss
Tcpip

Error - 2012-01-29 14:25:56 | Computer Name = USER-6590243A43 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
StiSvc z argumentami „”  w celu uruchomienia serwera:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-01-29 14:26:02 | Computer Name = USER-6590243A43 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
StiSvc z argumentami „”  w celu uruchomienia serwera:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-01-29 14:26:03 | Computer Name = USER-6590243A43 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
StiSvc z argumentami „”  w celu uruchomienia serwera:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-01-29 14:26:03 | Computer Name = USER-6590243A43 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
StiSvc z argumentami „”  w celu uruchomienia serwera:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-01-29 14:26:03 | Computer Name = USER-6590243A43 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
StiSvc z argumentami „”  w celu uruchomienia serwera:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


Log z GMERa:

Kod: Zaznacz wszystko

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-29 20:25:03
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\0000006a ST3160318AS rev.CC38
Running: 2qmwivys.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\kgdyiaow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x6C 0x22 0x25 0xE7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xEE 0xA5 0x6A 0xF8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x2A 0x8E 0x11 0x49 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x6C 0x22 0x25 0xE7 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xEE 0xA5 0x6A 0xF8 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x2A 0x8E 0x11 0x49 ...

---- EOF - GMER 1.0.15 ----


Pozdrawiam

[wojtas]

odinstaluj Ask Toolbar, DAEMON Tools Toolbar, Babylon toolbar on IE

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
F - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100478&babsrc=adbart
[2011-12-15 21:00:04 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\extensions\ffxtlbr@babylon.com
[2011-10-14 02:02:21 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\extensions\toolbar@ask.com
[2011-01-08 22:30:25 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\searchplugins\conduit.xml
[2011-02-24 19:52:44 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\searchplugins\daemon-search.xml
[2010-12-11 10:43:34 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\nayd635n.default\searchplugins\winamp-search.xml
[2011-12-15 20:59:57 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-01-16 22:02:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-21-1078081533-1454471165-1177238915-1004..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" File not found
O4 - Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\lua9.exe ()
[2011-10-05 00:51:09 | 000,442,880 | ---- | C] () -- C:\Program Files\spolsv.exe

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .


Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie). daj też log z Ad Remover ( opcja Skan )