Nieznany wirus/y

[gremonio]

Witam wszystkich,

Komputer od jakiegoś czasu ma niestandardowe zachowania, np. program muzyczny Aimp kasuje ustawione preferencje i opcje do standardowych, nie działa klawisz na klawiaturze, która sprawdzana na innym komputerze działa normalnie (nie działa również na klawiaturze ekranowej), czuć wyraźne spowolnienie pracy komputera, tak samo jest z Internetem. System Windows 64Bit. Zamieszczam logi z OTL: http://wklej.org/id/676985/ i Extras.txt: http://wklej.org/id/676988/ Dziękuję za ewentualną pomoc i pozdrawiam,

Przepraszam za nieprawidłowe wrzucenie logów (nie zaznaczyłem w OTL wymaganych na forum opcji), wrzucam je więc ponownie i dalej liczę na odpowiedź. Dodatkowo mam problem z hasłami, nie działają hasła do niektórych stron, boję się iż ktoś może mieć do nich dostęp, oczywiście pozmieniane już są, nie wiem natomiast czy jakiś wirus nie zapisuje tego co wpisuję na klawiaturze... Proszę o pomoc!!!

- jeden z problemów rozwiązany: klawisze już działają, okazało się, że chodzi o skróty klawiaturowe do programu zarządzającego "żółtymi karteczkami"
- system skanowany był dr.web cure it w trybie szybkim, niestety nic nie znalazł

Czy jest możliwość, że nie ma żadnych wirusów, rootkitów itd. a problemy wynikają z czegoś innego?

Prawidłowe logi:

Kod: Zaznacz wszystko

OTL logfile created on: 2012-01-28 12:51:25 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

11,99 Gb Total Physical Memory | 10,29 Gb Available Physical Memory | 85,80% Memory free
23,98 Gb Paging File | 21,53 Gb Available in Paging File | 89,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 57,49 Gb Free Space | 38,35% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 25,47 Gb Free Space | 6,52% Space Free | Partition Type: NTFS
Drive E: | 390,75 Gb Total Space | 231,55 Gb Free Space | 59,26% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 76,39 Gb Free Space | 8,20% Space Free | Partition Type: NTFS

Computer Name: PCMICHAEL | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-01-27 19:43:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2012-01-17 22:35:08 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files (x86)\Stickies\stickies.exe
PRC - [2012-01-05 00:35:39 | 001,479,168 | ---- | M] (AIMP DevTeam) -- C:\Program Files\PROGRAMY\AIMP3\AIMP3.exe
PRC - [2012-01-03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-12-21 09:04:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\PROGRAMY\Mozilla Firefox\firefox.exe
PRC - [2011-08-10 21:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
PRC - [2010-06-03 15:16:08 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2010-01-22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-01-27 02:31:04 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012-01-17 22:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Stickies\shook70.dll
MOD - [2012-01-05 00:35:39 | 001,794,560 | ---- | M] () -- C:\Program Files\PROGRAMY\AIMP3\Plugins\PandemicAnalogMeter.dll
MOD - [2012-01-05 00:35:39 | 001,198,592 | ---- | M] () -- C:\Program Files\PROGRAMY\AIMP3\Modules\aimp_libvorbis.dll
MOD - [2012-01-05 00:35:39 | 000,443,904 | ---- | M] () -- C:\Program Files\PROGRAMY\AIMP3\sqlite3.dll
MOD - [2012-01-05 00:35:39 | 000,237,568 | ---- | M] () -- C:\Program Files\PROGRAMY\AIMP3\Plugins\OptimFROG.dll
MOD - [2012-01-05 00:35:39 | 000,054,272 | ---- | M] () -- C:\Program Files\PROGRAMY\AIMP3\Plugins\aimp_lastfm.dll
MOD - [2012-01-05 00:35:39 | 000,026,624 | ---- | M] () -- C:\Program Files\PROGRAMY\AIMP3\Plugins\Aorta.svp
MOD - [2011-12-21 09:04:06 | 002,124,760 | ---- | M] () -- C:\Program Files\PROGRAMY\Mozilla Firefox\mozjs.dll
MOD - [2009-09-30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2011-06-12 11:43:28 | 051,740,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\PROGRAMY\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-01-03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-08-10 21:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011-05-09 13:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- E:\Program Files\GRY\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-01-23 19:31:10 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2011-11-09 15:21:39 | 000,187,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011-09-27 01:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2011-08-09 00:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS)
DRV:[b]64bit:[/b] - [2011-08-03 03:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2011-08-03 03:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:[b]64bit:[/b] - [2011-07-26 03:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS)
DRV:[b]64bit:[/b] - [2011-07-26 03:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2011-07-25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-01-15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2010-12-16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010-08-06 09:53:14 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:[b]64bit:[/b] - [2010-01-22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2010-01-22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2009-07-16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-18 12:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CC4B.tmp -- (MEMSWEEP2)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-05-20 10:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV - [2012-01-28 02:56:40 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120127.019\ex64.sys -- (NAVEX15)
DRV - [2012-01-28 02:56:40 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120127.019\eng64.sys -- (NAVENG)
DRV - [2012-01-23 19:42:24 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012-01-23 19:42:24 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011-12-23 22:17:32 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011-12-16 00:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120126.003\IDSviA64.sys -- (IDSVia64)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3116404084-4003049506-239722037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\PROGRAMY\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\PROGRAMY\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\PROGRAMY\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012-01-27 20:18:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012-01-27 20:17:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\PROGRAMY\Mozilla Firefox\components [2011-12-27 19:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\PROGRAMY\Mozilla Firefox\plugins

[2011-12-11 23:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2012-01-06 12:31:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\jchaq1hc.default\extensions
[2012-01-27 20:18:02 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JCHAQ1HC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

O1 HOSTS File: ([2012-01-27 20:21:18 | 000,000,975 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com 
O1 - Hosts: 127.0.0.1 demangler.ea.com 
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\PROGRAMY\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\PROGRAMY\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll (Symantec Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [BCSSync] C:\Program Files\PROGRAMY\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3116404084-4003049506-239722037-1000..\Run: [AQQ] C:\Program Files\PROGRAMY\AQQ\AQQ.exe (Creative Team S.A.)
O4 - HKU\S-1-5-21-3116404084-4003049506-239722037-1000..\Run: [Pinnacle Game Profiler] E:\Program Files\GRY\Pinnacle Game Profiler\pinnacle.exe (PowerUp Software, LLC)
O4 - HKLM..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RedNotebook.lnk = C:\Program Files\PROGRAMY\RedNotebook\redNotebook.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3116404084-4003049506-239722037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-3116404084-4003049506-239722037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-3116404084-4003049506-239722037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-3116404084-4003049506-239722037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\PROGRAMY\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\PROGRAMY\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.122.201.5 212.122.201.135 212.122.201.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7146B7-C46A-46F1-A15D-E65070728967}: DhcpNameServer = 212.122.201.5 212.122.201.135 212.122.201.143
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\PROGRAMY\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-01-27 23:23:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\DoctorWeb
[2012-01-27 21:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
[2012-01-27 20:19:10 | 000,000,000 | ---D | C] -- C:\Data
[2012-01-27 19:43:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012-01-27 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012-01-27 19:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012-01-27 18:48:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\Pavark
[2012-01-27 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\SHIFT 2 UNLEASHED
[2012-01-27 14:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2012-01-26 13:12:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ABBYY
[2012-01-26 13:07:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ABBYY
[2012-01-26 13:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012-01-26 11:49:03 | 025,432,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012-01-26 11:49:03 | 025,137,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012-01-26 11:49:03 | 019,348,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012-01-26 11:49:03 | 017,498,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012-01-26 11:49:03 | 017,483,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012-01-26 11:49:03 | 007,974,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012-01-26 11:49:03 | 005,868,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012-01-26 11:49:03 | 002,660,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012-01-26 11:49:03 | 002,506,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012-01-26 11:49:03 | 002,374,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012-01-26 11:49:03 | 002,206,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012-01-26 11:49:03 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012-01-26 11:49:03 | 000,187,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012-01-26 11:49:03 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012-01-26 11:49:03 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012-01-26 11:49:03 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012-01-26 11:47:03 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012-01-25 13:34:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Prince of Persia
[2012-01-25 12:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Pendulo Studios
[2012-01-25 12:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Next BIG Thing
[2012-01-24 21:34:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\OnLive App
[2012-01-24 21:33:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OnLive App
[2012-01-24 12:50:15 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012-01-24 10:02:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Cierzniewska-wyklady
[2012-01-24 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Cierzniewska-cwiczenia
[2012-01-23 19:42:16 | 001,084,024 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys
[2012-01-23 19:42:16 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys
[2012-01-23 19:42:16 | 000,401,016 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys
[2012-01-23 19:42:15 | 000,729,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys
[2012-01-23 19:42:15 | 000,189,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys
[2012-01-23 19:42:15 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys
[2012-01-23 19:42:15 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys
[2012-01-23 19:42:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A
[2012-01-23 19:31:10 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012-01-23 19:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012-01-23 19:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012-01-23 19:29:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012-01-23 19:29:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012-01-23 19:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012-01-23 19:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012-01-22 22:17:24 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-01-22 22:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012-01-22 22:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012-01-22 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KW
[2012-01-22 11:14:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Battlefield 3
[2012-01-22 00:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012-01-22 00:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012-01-21 22:03:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2012-01-21 22:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-01-21 21:17:31 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-01-21 21:17:31 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012-01-21 18:09:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\AKSJOLOGIA
[2012-01-21 01:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Natural Mod
[2012-01-18 15:57:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dexpot
[2012-01-18 15:00:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\PATCHE RÓŻNE
[2012-01-18 14:40:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\TELEDYSKI
[2012-01-17 23:41:30 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012-01-17 23:41:30 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012-01-17 23:41:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012-01-17 23:41:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012-01-17 23:41:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012-01-17 23:41:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012-01-17 22:35:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\stickies
[2012-01-17 22:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stickies
[2012-01-17 21:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012-01-17 17:32:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\REGGAE SKŁADANKA
[2012-01-17 13:31:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\MEDIA W EDUKACJI
[2012-01-16 22:12:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\PAYDAY
[2012-01-16 22:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012-01-16 11:38:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012-01-16 03:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM U.S.A., INC
[2012-01-15 16:17:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\The Creative Assembly
[2012-01-15 15:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012-01-15 13:12:14 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012-01-15 13:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamCatcher
[2012-01-15 13:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DreamCatcher
[2012-01-13 18:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoMapa 6
[2012-01-13 16:36:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\MUZYKA DVD
[2012-01-13 03:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012-01-13 03:01:40 | 007,677,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012-01-13 03:01:40 | 002,095,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012-01-13 02:28:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\CAPCOM
[2012-01-13 02:12:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Gas Powered Games
[2012-01-12 12:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2012-01-12 10:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012-01-12 09:42:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bastion
[2012-01-12 01:19:16 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2012-01-11 09:49:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Chromium
[2012-01-11 09:49:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Rockstar Games
[2012-01-11 03:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012-01-11 03:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012-01-11 00:28:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012-01-11 00:28:30 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012-01-11 00:28:30 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-01-11 00:28:30 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012-01-11 00:28:30 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012-01-11 00:28:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-01-11 00:28:23 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012-01-11 00:28:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012-01-11 00:28:21 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012-01-10 15:16:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Kalypso Media
[2012-01-09 23:14:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Ubisoft Game Launcher
[2012-01-09 23:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012-01-09 02:10:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\To the Moon - Freebird Games
[2012-01-09 02:09:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\To the Moon
[2012-01-09 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2012-01-07 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\CrashRpt
[2012-01-07 21:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call.of.Duty.Modern.Warfare.2.MP.Edition.POLiSH.O22y
[2012-01-06 23:38:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoMapa EU
[2012-01-06 12:32:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\PENDRIVE
[2012-01-05 15:11:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\PEDAGOGIKA PORÓWNAWCZA
[2012-01-05 01:55:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\webkit
[2012-01-05 01:55:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\.rednotebook
[2012-01-05 01:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedNotebook
[2012-01-05 00:35:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AIMP3
[2012-01-05 00:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2012-01-02 17:17:10 | 000,000,000 | RH-D | C] -- C:\Users\Michael\AppData\Roaming\SecuROM
[2012-01-02 06:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2012-01-02 04:11:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\CrashDumps
[2012-01-01 13:37:30 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\PunkBuster
[2012-01-01 13:31:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
[2012-01-01 11:49:51 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011-12-31 18:31:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2011-12-31 18:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011-12-31 02:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011-12-31 00:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011-12-31 00:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-01-28 09:00:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-01-27 23:21:08 | 077,625,136 | ---- | M] () -- C:\Users\Michael\Desktop\gzs5f6k3.exe
[2012-01-27 21:15:14 | 000,001,891 | ---- | M] () -- C:\Users\Michael\Desktop\AD-R.lnk
[2012-01-27 20:24:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-01-27 20:24:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-01-27 20:21:54 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-01-27 20:21:54 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-01-27 20:21:54 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-01-27 20:21:54 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-01-27 20:21:54 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-01-27 20:21:18 | 000,000,975 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-01-27 20:19:12 | 000,000,218 | ---- | M] () -- C:\Users\Michael\.recently-used.xbel
[2012-01-27 20:17:47 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2012-01-27 20:17:18 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2012-01-27 19:43:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012-01-27 19:34:14 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Bulletstorm.lnk
[2012-01-27 18:42:29 | 000,001,198 | ---- | M] () -- C:\Users\Michael\Desktop\BATTLEFIELD 3 PL.lnk
[2012-01-27 18:33:59 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2012-01-27 16:29:01 | 000,001,463 | ---- | M] () -- C:\Users\Michael\Desktop\SHIFT 2 PL.lnk
[2012-01-27 02:43:55 | 000,016,118 | ---- | M] () -- C:\Users\Michael\Documents\BLACK METAL.m3u
[2012-01-27 02:31:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-01-26 11:50:18 | 001,672,764 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB
[2012-01-25 13:34:22 | 000,001,463 | ---- | M] () -- C:\Users\Michael\Desktop\Prince of Persia.lnk
[2012-01-25 12:51:03 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\The Next BIG Thing.lnk
[2012-01-23 19:42:25 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023
[2012-01-23 19:31:10 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012-01-23 19:31:10 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012-01-23 19:31:10 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012-01-22 22:17:24 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-01-22 22:16:03 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-01-22 22:16:03 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-01-22 20:06:19 | 000,000,212 | -HS- | M] () -- C:\Windows\KLIF.spi
[2012-01-22 16:10:53 | 000,017,408 | ---- | M] () -- C:\Users\Michael\AppData\Local\WebpageIcons.db
[2012-01-18 00:41:58 | 000,001,215 | ---- | M] () -- C:\Users\Michael\Desktop\SHOGUN 2 PL.lnk
[2012-01-17 22:35:08 | 000,001,043 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
[2012-01-17 22:35:08 | 000,000,625 | ---- | M] () -- C:\Windows\uninstallstickies.bat
[2012-01-16 03:40:16 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\Super Street Fighter IV Arcade Edition.lnk
[2012-01-15 15:14:45 | 000,001,298 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2012-01-12 12:57:23 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty - Modern Warfare 3.lnk
[2012-01-12 11:36:12 | 000,000,770 | ---- | M] () -- C:\Users\Michael\Desktop\Bastion.lnk
[2012-01-12 01:19:16 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2012-01-09 02:09:55 | 000,000,788 | ---- | M] () -- C:\Users\Michael\Desktop\To the Moon.lnk
[2012-01-08 21:58:05 | 000,749,000 | ---- | M] () -- C:\Users\Michael\Desktop\zdmikp.exe
[2012-01-05 01:55:28 | 000,001,015 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RedNotebook.lnk
[2012-01-05 01:55:28 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\RedNotebook.lnk
[2012-01-01 11:49:51 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011-12-31 18:31:03 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2011-12-30 20:27:16 | 000,001,235 | ---- | M] () -- C:\Users\Michael\Desktop\CIVILIZATION 5 PL.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-01-27 23:20:52 | 077,625,136 | ---- | C] () -- C:\Users\Michael\Desktop\gzs5f6k3.exe
[2012-01-27 21:15:14 | 000,001,891 | ---- | C] () -- C:\Users\Michael\Desktop\AD-R.lnk
[2012-01-27 20:19:12 | 000,000,218 | ---- | C] () -- C:\Users\Michael\.recently-used.xbel
[2012-01-27 19:34:14 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Bulletstorm.lnk
[2012-01-27 18:42:34 | 000,001,198 | ---- | C] () -- C:\Users\Michael\Desktop\BATTLEFIELD 3 PL.lnk
[2012-01-27 18:33:59 | 000,000,038 | ---- | C] () -- C:\dvmaccounts.ini
[2012-01-27 16:29:03 | 000,001,463 | ---- | C] () -- C:\Users\Michael\Desktop\SHIFT 2 PL.lnk
[2012-01-27 02:43:55 | 000,016,118 | ---- | C] () -- C:\Users\Michael\Documents\BLACK METAL.m3u
[2012-01-25 18:00:22 | 000,808,254 | ---- | C] () -- C:\Users\Michael\Desktop\policja w akademiku.bmp
[2012-01-25 13:34:22 | 000,001,463 | ---- | C] () -- C:\Users\Michael\Desktop\Prince of Persia.lnk
[2012-01-25 12:51:03 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\The Next BIG Thing.lnk
[2012-01-23 20:15:22 | 001,672,764 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB
[2012-01-23 19:42:52 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023
[2012-01-23 19:42:16 | 000,007,502 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat
[2012-01-23 19:42:16 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat
[2012-01-23 19:42:16 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat
[2012-01-23 19:42:16 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf
[2012-01-23 19:42:16 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf
[2012-01-23 19:42:15 | 000,007,510 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat
[2012-01-23 19:42:15 | 000,007,504 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat
[2012-01-23 19:42:15 | 000,007,500 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat
[2012-01-23 19:42:15 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.cat
[2012-01-23 19:42:15 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds.inf
[2012-01-23 19:42:15 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf
[2012-01-23 19:42:15 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf
[2012-01-23 19:42:15 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf
[2012-01-23 19:42:15 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.inf
[2012-01-23 19:42:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini
[2012-01-23 19:31:10 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012-01-23 19:31:10 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012-01-22 22:16:03 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-01-22 22:16:03 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-01-22 20:06:19 | 000,000,212 | -HS- | C] () -- C:\Windows\KLIF.spi
[2012-01-22 16:10:52 | 000,017,408 | ---- | C] () -- C:\Users\Michael\AppData\Local\WebpageIcons.db
[2012-01-18 15:22:27 | 102,400,000 | ---- | C] () -- C:\Users\Michael\Desktop\Thrash_em_All.part1.rar
[2012-01-18 15:22:19 | 095,010,220 | ---- | C] () -- C:\Users\Michael\Desktop\Thrash'em All # 1996-6.rar
[2012-01-18 15:22:06 | 102,069,580 | ---- | C] () -- C:\Users\Michael\Desktop\Thrash_em_All.part2.rar
[2012-01-18 14:21:00 | 005,777,408 | ---- | C] () -- C:\Users\Michael\Desktop\MB - Pokaz.mp3
[2012-01-18 00:42:02 | 000,001,215 | ---- | C] () -- C:\Users\Michael\Desktop\SHOGUN 2 PL.lnk
[2012-01-17 22:35:08 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
[2012-01-17 22:35:08 | 000,000,625 | ---- | C] () -- C:\Windows\uninstallstickies.bat
[2012-01-16 03:40:15 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\Super Street Fighter IV Arcade Edition.lnk
[2012-01-15 15:14:45 | 000,001,298 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2012-01-12 12:57:23 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Modern Warfare 3.lnk
[2012-01-12 09:46:22 | 000,000,770 | ---- | C] () -- C:\Users\Michael\Desktop\Bastion.lnk
[2012-01-09 02:09:55 | 000,000,788 | ---- | C] () -- C:\Users\Michael\Desktop\To the Moon.lnk
[2012-01-08 21:58:04 | 000,749,000 | ---- | C] () -- C:\Users\Michael\Desktop\zdmikp.exe
[2012-01-05 01:55:28 | 000,001,015 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RedNotebook.lnk
[2012-01-05 01:55:28 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\RedNotebook.lnk
[2011-12-31 18:31:03 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2011-12-30 20:27:16 | 000,001,235 | ---- | C] () -- C:\Users\Michael\Desktop\CIVILIZATION 5 PL.lnk
[2011-12-29 00:36:18 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2011-12-29 00:36:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2011-12-29 00:36:18 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2011-12-11 23:13:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011-12-11 23:13:33 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011-12-11 23:13:06 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011-12-11 23:13:06 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011-12-11 23:05:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011-12-11 23:05:01 | 000,027,067 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011-10-15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-07-06 03:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-04-02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[color=#E56717]========== LOP Check ==========[/color]

[2012-01-09 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2011-12-12 03:48:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\2K Sports
[2012-01-28 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AIMP3
[2011-12-15 15:31:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canneverbe Limited
[2012-01-18 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dexpot
[2011-12-29 00:36:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KALiNKOsoft
[2012-01-10 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Kalypso Media
[2012-01-22 20:05:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KW
[2011-12-12 01:00:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mirillis
[2012-01-25 15:50:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OnLive App
[2011-12-29 10:16:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PowerUp Software
[2012-01-27 20:18:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\stickies
[2012-01-15 16:17:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Creative Assembly
[2012-01-09 02:25:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\To the Moon - Freebird Games
[2011-12-11 23:44:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XnView
[2009-07-14 06:08:49 | 000,015,694 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

i Extras.txt

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2012-01-28 12:51:25 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

11,99 Gb Total Physical Memory | 10,29 Gb Available Physical Memory | 85,80% Memory free
23,98 Gb Paging File | 21,53 Gb Available in Paging File | 89,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 57,49 Gb Free Space | 38,35% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 25,47 Gb Free Space | 6,52% Space Free | Partition Type: NTFS
Drive E: | 390,75 Gb Total Space | 231,55 Gb Free Space | 59,26% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 76,39 Gb Free Space | 8,20% Space Free | Partition Type: NTFS

Computer Name: PCMICHAEL | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3116404084-4003049506-239722037-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\PROGRAMY\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\PROGRAMY\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files\PROGRAMY\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\PROGRAMY\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files\PROGRAMY\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04054166-0801-48A9-89E0-BC4B53FE7A81}_is1" = XBCD Uninstaller
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0015-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0016-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0018-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-0019-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001B-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-1000-0000000FF1CE}_Office14.PROPLUS_{329A3D98-9583-4B84-B18B-498E7AB65C43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-002C-0415-1000-0000000FF1CE}_Office14.PROPLUS_{BFEB53FA-3044-47FD-BB50-9DCBBEED79EF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010
"{90140000-0043-0415-1000-0000000FF1CE}_Office14.PROPLUS_{FF5F6090-64DF-4BF6-BADD-71A64FDA70D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-0044-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-006E-0415-1000-0000000FF1CE}_Office14.PROPLUS_{3A96ABFF-5202-47B1-B5A2-DDE76563AF61}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00A1-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90140000-00BA-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"ffdshow64_is1" = ffdshow x64 v1.1.4052 [2011-11-20]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = Archiwizator WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{43430FA0-4A2E-404A-B715-951000018101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{43430FA0-4A2E-404A-B715-951000018102}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80832F20-7027-4B59-BC62-95740EC7F094}" = Supreme Commander (TM)
"{8265F2BC-5961-4A0D-8A34-F08C02E8974D}" = Disney Universe
"{82A7E9C3-D3F3-4B85-9AC3-D0E011D19E50}_is1" = RedNotebook 1.2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Polish
"{B3F348C4-4C11-4634-AE4F-48A296E19298}_is1" = The Next BIG Thing wersja 1.0
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F27DCDBA-0269-4709-B8CA-409FA42EF4A0}" = Splash PRO
"{F3B0AC10-3636-4166-81CF-86CD7A8B0123}" = Prince Of Persia
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FEC7CD2E-2BB5-40C3-9592-078F64677E6C}" = PC TWIN SHOCK
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Remover" = Ad-Remover par C_XX
"AIMP3" = AIMP3
"AQQ" = WapSter AQQ
"Call of Duty - Modern Warfare 3_is1" = Call of Duty - Modern Warfare 3
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"ESET Online Scanner" = ESET Online Scanner v3
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Fraps" = Fraps (remove only)
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"MagniDriver" = marvell 91xx driver
"Marvell Miniport Driver" = Marvell Miniport Driver
"Might & Magic - Clash of Heroes_is1" = Might & Magic - Clash of Heroes
"Mozilla Firefox 9.0.1 (x86 pl)" = Mozilla Firefox 9.0.1 (x86 pl)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NIS" = Norton Internet Security
"OpenAL" = OpenAL
"Painkiller" = Painkiller
"Picasa 3" = Picasa 3
"The Elder Scrolls V - Skyrim_is1" = The Elder Scrolls V - Skyrim
"VirtualCloneDrive" = VirtualCloneDrive
"XnView_is1" = XnView 1.98.2
"ZhornStickies" = Stickies 7.1b

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3116404084-4003049506-239722037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"T-Mobile Ekstraklasa Patch" = T-Mobile Ekstraklasa Patch

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Michał

[wojtas]

nic specjalnego nie widać...

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKLM..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
[2012-01-27 19:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012-01-17 21:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012-01-22 20:06:19 | 000,000,212 | -HS- | C] () -- C:\Windows\KLIF.spi
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .
lecz to nie rozwiąże problemu,

widzę że masz Malwarebytes, odpal, zrób aktualizację i pełny skan kompa, pokaż na forum raport; )

zobacz jak system zachowuje się gdy odinstalujesz Nortona

http://www.programosy.pl/program,norton-removal-tool.html