Problem przy uruchomieniu, system naprawił się samoczynnie

[Aros5]

Chwile temu uruchomiłem pierwszy raz dzisiaj laptop i w trakcie ładowania systemu (win 7 ultimate 64bit) zaczęły się ładować pliki instalatora po czym system przeszedł do samonaprawy. Po kilku minutach należało zrobić reset i tym razem windows się uruchomił.

Wczoraj w pewnym momencie Avira wyświetliła komunikat o dwóch trojanach wśród tymczasowych plików, oczywiście je usunąłem. Dzisiaj po uruchominiu pojawił się ten sam komunikat. Ponad to system wygląda troche jak po przywracaniu bo na pulicie znalazły się ikonki programów, które wczoraj usuwałem. Dodatkowo wczoraj podczas gry w TDU2 zauważyłem, że komputer łapie delikatne sciny.

Logi:

OTL

Kod: Zaznacz wszystko

OTL logfile created on: 2011-04-16 13:00:16 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Arek\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,00 Gb Total Space | 15,18 Gb Free Space | 30,37% Space Free | Partition Type: NTFS
Drive D: | 230,00 Gb Total Space | 58,19 Gb Free Space | 25,30% Space Free | Partition Type: NTFS

Computer Name: Y530 | User Name: Arek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-04-16 12:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arek\Desktop\OTL.exe
PRC - [2011-04-14 21:49:14 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011-03-28 16:04:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011-03-20 15:13:14 | 000,328,206 | ---- | M] (Kadu Team) -- C:\Programy\Kadu\kadu.exe
PRC - [2011-03-10 00:17:16 | 000,892,992 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
PRC - [2011-03-10 00:17:14 | 001,532,992 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectify.exe
PRC - [2011-03-04 15:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programy\Avira\AntiVir Desktop\sched.exe
PRC - [2011-03-04 15:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programy\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-03-04 15:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programy\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-07-22 14:18:08 | 002,636,800 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
PRC - [2010-07-08 15:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Programy\TightVNC\tvnserver.exe
PRC - [2009-05-22 20:06:28 | 000,245,760 | ---- | M] (Pegatron Corp.) -- C:\Program Files (x86)\ATK Hotkey\Hcontrol.exe
PRC - [2009-03-16 20:21:30 | 002,789,376 | R--- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe
PRC - [2009-03-11 15:39:12 | 000,098,304 | R--- | M] () -- C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
PRC - [2009-02-17 18:08:40 | 000,151,552 | R--- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe
PRC - [2009-02-13 18:28:50 | 000,098,304 | R--- | M] () -- C:\Program Files (x86)\ATK Hotkey\HControlUser.exe
PRC - [2009-02-13 18:24:48 | 000,110,592 | R--- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-04-16 12:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arek\Desktop\OTL.exe
MOD - [2010-11-21 05:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010-04-03 11:37:14 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\DLL\DLL_Wheel4D.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008-08-26 14:34:04 | 000,799,272 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2011-03-28 16:04:47 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011-03-10 00:17:16 | 000,892,992 | ---- | M] (Connectify) [Auto | Running] -- C:\Program Files (x86)\Connectify\Connectifyd.exe -- (Connectify)
SRV - [2011-03-04 15:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programy\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-03-04 15:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programy\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-07-08 15:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Programy\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-11 15:39:12 | 000,098,304 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2011-03-15 22:59:56 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:[b]64bit:[/b] - [2011-03-07 20:20:14 | 000,034,880 | ---- | M] (Connectify) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\connctfy.sys -- (connctfyMP)
DRV:[b]64bit:[/b] - [2011-03-07 20:20:14 | 000,034,880 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\connctfy.sys -- (connctfy)
DRV:[b]64bit:[/b] - [2011-03-04 15:37:13 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2011-03-04 15:37:12 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2011-01-19 12:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-06-21 05:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:[b]64bit:[/b] - [2010-06-21 05:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:[b]64bit:[/b] - [2010-06-21 05:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2010-06-21 05:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:[b]64bit:[/b] - [2010-04-27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:[b]64bit:[/b] - [2010-04-27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:[b]64bit:[/b] - [2010-04-27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:[b]64bit:[/b] - [2009-08-16 22:15:44 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2009-08-07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:[b]64bit:[/b] - [2009-06-25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:[b]64bit:[/b] - [2009-06-25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:[b]64bit:[/b] - [2009-06-11 11:50:06 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-06-04 23:44:48 | 000,015,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PuAcpi64.sys -- (MTsensor64)
DRV:[b]64bit:[/b] - [2009-05-31 02:43:46 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-05-20 17:11:06 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:[b]64bit:[/b] - [2009-05-14 09:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2009-05-05 02:20:34 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:[b]64bit:[/b] - [2009-05-01 11:13:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2008-07-30 23:53:58 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:[b]64bit:[/b] - [2008-07-30 23:53:52 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:[b]64bit:[/b] - [2008-07-30 23:53:48 | 000,121,896 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2008-07-30 23:53:44 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






IE - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programy\Mozilla Firefox\components [2011-04-13 20:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programy\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programy\Mozilla Thunderbird\components [2011-04-13 20:27:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programy\Mozilla Thunderbird\plugins

[2011-03-16 18:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arek\AppData\Roaming\mozilla\Extensions
[2011-03-16 17:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arek\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-04-16 22:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arek\AppData\Roaming\mozilla\Firefox\Profiles\5nts0kt0.default\extensions
[2011-04-16 22:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arek\AppData\Roaming\mozilla\Firefox\Profiles\5nts0kt0.default\extensions\toolbar@ask.com
File not found (No name found) -- C:\PROGRAMY\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -  File not found
O2 - BHO: (Keyword Search) - {31A0D938-3055-46BA-8919-59E44E0D7E51} - C:\Program Files (x86)\Keyword Search\torangcomz.dll (torangcomz)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Arek\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} -  File not found
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -  File not found
O3 - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:[b]64bit:[/b] - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:[b]64bit:[/b] - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programy\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programy\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Programy\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000..\Run: [DAEMON Tools Lite]  File not found
O4 - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000..\Run: [KeywordSearchUpdater] C:\Program Files (x86)\Keyword Search\KeywordSearchUpdater.exe ()
O4 - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000..\Run: [OscarEditor] C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe ()
O4 - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000..\Run: [Power2GoExpress]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:[b]64bit:[/b] - Extra context menu item: Download all by FlashGet3 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Download by FlashGet3 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Ściągnij przy poomocy FlashGet3 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet3 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:[b]64bit:[/b] - Extra context menu item: 使用快车3下载 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:[b]64bit:[/b] - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Ściągnij przy poomocy FlashGet3 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet3 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Arek\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9:[b]64bit:[/b] - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -  File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e4791240-4ff0-11e0-a4bc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4791240-4ff0-11e0-a4bc-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{e4791240-4ff0-11e0-a4bc-806e6f6e6963}\Shell\Option1\Command - "" = G:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-04-16 12:58:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Arek\Desktop\OTL.exe
[2011-04-16 12:55:20 | 000,720,952 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Arek\Desktop\SPTDinst-v178-x64.exe
[2011-04-15 23:04:07 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Mp3tag
[2011-04-15 23:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2011-04-15 20:47:40 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fooAvA 1.05
[2011-04-15 01:26:50 | 000,000,000 | ---D | C] -- C:\Users\Arek\Documents\ArcaniA - Gothic 4
[2011-04-14 17:57:08 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-04-14 17:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-04-13 21:15:48 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa
[2011-04-13 20:31:37 | 000,000,000 | ---D | C] -- C:\MyWorks
[2011-04-13 20:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[2011-04-13 20:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Keyword Search
[2011-04-13 20:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011-04-13 20:25:22 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2011-04-13 20:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011-04-13 20:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011-04-13 20:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011-04-13 18:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2011-04-13 18:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eSellerate
[2011-04-13 07:47:43 | 000,000,000 | ---D | C] -- C:\Downloads
[2011-04-13 00:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011-04-08 14:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II
[2011-04-08 13:53:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011-04-08 13:53:11 | 000,000,000 | ---D | C] -- C:\Users\Arek\Documents\My Games
[2011-04-08 13:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011-04-08 13:51:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011-04-08 13:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011-04-08 13:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011-04-06 22:40:24 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Local\Microsoft Games
[2011-04-05 21:17:18 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Publish Providers
[2011-04-05 21:17:13 | 000,000,000 | ---D | C] -- C:\Users\Arek\Documents\Vegas Movie Studio PE 9.0 Projects
[2011-04-05 21:17:13 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Sony
[2011-04-05 21:17:13 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Local\Sony
[2011-04-05 16:51:12 | 000,000,000 | ---D | C] -- C:\Users\Arek\Desktop\Scenariusz
[2011-04-03 21:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4TECH Software
[2011-04-03 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OSCAR Editor X7
[2011-04-03 21:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OscarX7
[2011-04-02 15:26:21 | 000,000,000 | ---D | C] -- C:\Users\Arek\Documents\Eden Games
[2011-04-02 14:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011-04-02 14:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2011-03-31 18:15:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011-03-31 17:26:27 | 000,000,000 | ---D | C] -- C:\Users\Arek\Documents\SHIFT 2 UNLEASHED
[2011-03-31 17:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011-03-31 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011-03-31 17:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011-03-31 16:20:48 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet
[2011-03-31 16:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet
[2011-03-31 14:41:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011-03-31 14:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011-03-31 14:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011-03-31 14:39:55 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011-03-31 14:39:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011-03-31 14:39:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011-03-31 14:39:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011-03-31 14:00:01 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Local\CrashRpt
[2011-03-28 16:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011-03-28 16:04:46 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\PunkBuster
[2011-03-28 16:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011-03-27 12:34:48 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Local\Connectify
[2011-03-27 12:34:39 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify
[2011-03-27 12:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
[2011-03-21 22:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\VID_0E8F&PID_0012
[2011-03-21 22:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VID_0E8F&PID_0012
[2011-03-21 19:39:37 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kadu
[2011-03-21 19:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kadu
[2011-03-21 19:38:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011-03-20 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\Arek\Documents\The KMPlayer
[2011-03-18 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Local\Adobe
[2011-03-18 14:33:48 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011-03-18 14:25:33 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2011-03-18 14:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2011-03-18 13:19:16 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\CyberLink
[2011-03-18 13:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011-03-18 13:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2011-03-15 23:55:00 | 000,239,616 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-04-16 13:04:15 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-04-16 13:04:15 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-04-16 12:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arek\Desktop\OTL.exe
[2011-04-16 12:56:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011-04-16 12:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-04-16 12:56:35 | 2389,868,544 | -HS- | M] () -- C:\hiberfil.sys
[2011-04-16 12:55:49 | 002,097,152 | -HS- | M] () -- C:\Users\Arek\ntuser.dat
[2011-04-16 12:55:49 | 000,524,288 | -HS- | M] () -- C:\Users\Arek\ntuser.dat{e401b15f-6816-11e0-9a6e-0022facbd360}.TMContainer00000000000000000002.regtrans-ms
[2011-04-16 12:55:49 | 000,524,288 | -HS- | M] () -- C:\Users\Arek\ntuser.dat{e401b15f-6816-11e0-9a6e-0022facbd360}.TMContainer00000000000000000001.regtrans-ms
[2011-04-16 12:55:49 | 000,065,536 | -HS- | M] () -- C:\Users\Arek\ntuser.dat{e401b15f-6816-11e0-9a6e-0022facbd360}.TM.blf
[2011-04-16 12:55:43 | 002,543,581 | -H-- | M] () -- C:\Users\Arek\AppData\Local\IconCache.db
[2011-04-16 12:55:30 | 000,720,952 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Arek\Desktop\SPTDinst-v178-x64.exe
[2011-04-16 12:54:52 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-04-16 12:54:52 | 000,687,812 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2011-04-16 12:54:52 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-04-16 12:54:52 | 000,131,366 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2011-04-16 12:54:52 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-04-16 12:48:39 | 000,109,232 | ---- | M] () -- C:\Users\Arek\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-04-15 23:48:10 | 000,035,854 | ---- | M] () -- C:\Users\Arek\Desktop\pasek.jpg
[2011-04-14 15:06:17 | 000,416,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-04-14 00:10:14 | 000,639,286 | ---- | M] () -- C:\Users\Arek\Desktop\matura probna z fizyki zamkor poziom roz.pdf
[2011-04-13 20:40:06 | 000,002,416 | ---- | M] () -- C:\Users\Arek\Documents\Register Vegas Pro.htm
[2011-04-13 20:32:25 | 000,000,791 | ---- | M] () -- C:\Users\Arek\Application Data\Microsoft\Internet Explorer\Quick Launch\foobar2000.lnk
[2011-04-13 20:27:35 | 000,001,743 | ---- | M] () -- C:\Users\Arek\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011-04-13 20:26:58 | 000,000,424 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2011-04-13 20:26:46 | 000,000,944 | ---- | M] () -- C:\Users\Arek\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashGet 3.7.lnk
[2011-04-13 13:02:31 | 000,001,477 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2011-04-10 21:20:01 | 000,018,848 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Windows\SysWow64\LenovoSDKEmSubSystem.dll
[2011-04-10 21:20:01 | 000,018,848 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Windows\SysNative\drivers\LenovoSDKEmSubSystem.dll
[2011-04-10 21:12:36 | 000,000,535 | ---- | M] () -- C:\Windows\win.ini
[2011-04-08 14:33:45 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age II.lnk
[2011-04-08 13:39:14 | 000,000,583 | ---- | M] () -- C:\Users\Public\Desktop\Launch Warhammer 40.000 Dawn of War II.lnk
[2011-04-02 15:25:20 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Test Drive Unlimited 2.lnk
[2011-04-02 14:27:34 | 000,000,679 | ---- | M] () -- C:\Users\Arek\Desktop\Assassin Creed - Brotherhood.lnk
[2011-03-31 18:46:59 | 000,001,035 | ---- | M] () -- C:\Users\Arek\Desktop\Shift 2.lnk
[2011-03-31 14:39:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011-03-31 14:39:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011-03-31 14:39:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011-03-31 14:39:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011-03-28 16:04:48 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-03-28 16:04:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-03-27 22:33:00 | 002,008,948 | ---- | M] () -- C:\Users\Arek\Desktop\Martin_George_R._R._-_Gra_o_tron_by_marzetrix.rtf
[2011-03-21 21:52:49 | 000,000,000 | -H-- | M] () -- C:\Users\Arek\Documents\Default.rdp

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-04-16 12:47:36 | 000,524,288 | -HS- | C] () -- C:\Users\Arek\ntuser.dat{e401b15f-6816-11e0-9a6e-0022facbd360}.TMContainer00000000000000000002.regtrans-ms
[2011-04-16 12:47:36 | 000,524,288 | -HS- | C] () -- C:\Users\Arek\ntuser.dat{e401b15f-6816-11e0-9a6e-0022facbd360}.TMContainer00000000000000000001.regtrans-ms
[2011-04-16 12:47:36 | 000,065,536 | -HS- | C] () -- C:\Users\Arek\ntuser.dat{e401b15f-6816-11e0-9a6e-0022facbd360}.TM.blf
[2011-04-15 23:48:10 | 000,035,854 | ---- | C] () -- C:\Users\Arek\Desktop\pasek.jpg
[2011-04-14 00:09:02 | 000,639,286 | ---- | C] () -- C:\Users\Arek\Desktop\matura probna z fizyki zamkor poziom roz.pdf
[2011-04-13 20:40:06 | 000,002,416 | ---- | C] () -- C:\Users\Arek\Documents\Register Vegas Pro.htm
[2011-04-13 20:31:14 | 000,035,822 | ---- | C] () -- C:\Windows\WMPrfPlk.prx
[2011-04-13 20:27:35 | 000,001,743 | ---- | C] () -- C:\Users\Arek\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011-04-08 14:33:45 | 000,000,682 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age II.lnk
[2011-04-08 13:39:14 | 000,000,583 | ---- | C] () -- C:\Users\Public\Desktop\Launch Warhammer 40.000 Dawn of War II.lnk
[2011-04-02 14:54:02 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Test Drive Unlimited 2.lnk
[2011-04-02 14:27:34 | 000,000,679 | ---- | C] () -- C:\Users\Arek\Desktop\Assassin Creed - Brotherhood.lnk
[2011-03-31 18:46:59 | 000,001,035 | ---- | C] () -- C:\Users\Arek\Desktop\Shift 2.lnk
[2011-03-31 17:01:58 | 000,001,477 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011-03-28 16:04:48 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-03-28 16:04:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-03-27 22:29:42 | 002,008,948 | ---- | C] () -- C:\Users\Arek\Desktop\Martin_George_R._R._-_Gra_o_tron_by_marzetrix.rtf
[2011-03-21 21:52:49 | 000,000,000 | -H-- | C] () -- C:\Users\Arek\Documents\Default.rdp
[2011-03-16 19:38:26 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-03-16 19:01:15 | 000,000,424 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2011-03-16 18:59:00 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011-03-16 17:45:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-15 23:08:32 | 000,000,546 | ---- | C] () -- C:\Windows\SysWow64\AB.DAT
[2011-03-15 23:02:13 | 000,109,232 | ---- | C] () -- C:\Users\Arek\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-03-15 22:43:11 | 002,543,581 | -H-- | C] () -- C:\Users\Arek\AppData\Local\IconCache.db
[2009-08-07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009-07-14 04:34:57 | 000,000,535 | ---- | C] () -- C:\Windows\win.ini
[2009-07-14 04:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2011-03-16 19:57:33 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\App Launcher Gadget
[2011-04-13 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\BITS
[2011-03-18 13:56:31 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\DAEMON Tools Lite
[2011-03-16 19:35:02 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Dev-Cpp
[2011-04-15 21:18:32 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\FileZilla
[2011-03-16 18:58:46 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\FlashGet
[2011-03-16 18:58:42 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\FlashGetBHO
[2011-04-16 12:50:37 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\foobar2000
[2011-04-16 22:46:27 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\GHISLER
[2011-04-16 22:46:27 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\IrfanView
[2011-04-16 12:58:12 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Kadu
[2011-03-16 20:11:19 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Leadertech
[2011-04-16 22:46:24 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Mp3tag
[2011-04-13 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Notepad++
[2011-03-16 12:45:40 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Opera
[2011-04-05 21:17:18 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Publish Providers
[2011-03-28 16:04:46 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\PunkBuster
[2011-04-13 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Sony
[2011-03-16 17:45:51 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Thunderbird
[2011-03-16 19:47:42 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\TightVNC
[2009-07-14 07:08:49 | 000,020,230 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

Extras:

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2011-04-16 13:00:16 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Arek\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,00 Gb Total Space | 15,18 Gb Free Space | 30,37% Space Free | Partition Type: NTFS
Drive D: | 230,00 Gb Total Space | 58,19 Gb Free Space | 25,30% Space Free | Partition Type: NTFS

Computer Name: Y530 | User Name: Arek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1040771517-3967096182-1898476961-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "C:\Programy\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Programy\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Programy\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programy\FlashGet 3\FlashGet3.exe" = C:\Programy\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Programy\FlashGet 3\FlashGet3.exe" = C:\Programy\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.1.0.5100
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{A23E5590-6799-437B-9723-2627BA800B6F}" = Dolby Control Center
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
"Connectify" = Connectify
"Lenovo EasyCamera" = Lenovo EasyCamera
"lenovo_11.74" = Lenovo EasyCamera Driver Package v11.74.2025
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F3BEAD5-4368-4CBC-9876-11B8475DE285}" = OSCAR Editor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45C5ECC4-E590-483F-A50D-4782F881CF1B}" = Warhammer 40.000 Dawn of War II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1045-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Polish
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{DE74FC6F-EB3C-4EFC-B5AA-0F0C03DEC23F}" = MANTA
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Counter-Strike: Source" = Counter-Strike: Source
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"FileZilla Client" = FileZilla Client 3.4.0
"FlashGet 3.7" = FlashGet 3.7
"FlashGet(JetCar)" = FlashGet(JetCar)
"foobar2000" = foobar2000 v0.9.5.2
"InstallShield_{0F3BEAD5-4368-4CBC-9876-11B8475DE285}" = X7 Oscar Editor
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Kadu" = Kadu 0.9.0
"Keyword Search" = Keyword Search
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LastFM_is1" = Last.fm 1.5.4.27091
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MWSnap 3" = MWSnap 3
"Notepad++" = Notepad++
"Opera 11.10.2092" = Opera 11.10
"PunkBusterSvc" = PunkBuster Services
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"The KMPlayer" = The KMPlayer (remove only)
"TightVNC" = TightVNC 2.0.2
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1040771517-3967096182-1898476961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-04-15 11:01:03 | Computer Name = Y530 | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Programy\Last.fm\QtGui4.dll".
Nie
można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-04-15 11:01:03 | Computer Name = Y530 | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Programy\Last.fm\QtNetwork4.dll".
Nie
można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-04-15 11:01:03 | Computer Name = Y530 | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Programy\Last.fm\QtSql4.dll".
Nie
można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-04-15 11:01:03 | Computer Name = Y530 | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Programy\Last.fm\QtXml4.dll".
Nie
można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-04-15 11:01:03 | Computer Name = Y530 | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Programy\Last.fm\srv_httpinput.dll".
Nie
można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-04-15 11:01:03 | Computer Name = Y530 | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Programy\Last.fm\srv_madtranscode.dll".
Nie
można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-04-15 11:01:03 | Computer Name = Y530 | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Programy\Last.fm\srv_rtaudioplayback.dll".
Nie
można odnaleźć zestawu zależnego Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-04-15 12:28:04 | Computer Name = Y530 | Source = MsiInstaller | ID = 11706
Description =

Error - 2011-04-16 06:49:13 | Computer Name = Y530 | Source = WinMgmt | ID = 10
Description =

Error - 2011-04-16 06:58:26 | Computer Name = Y530 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2011-04-14 09:07:40 | Computer Name = Y530 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 2011-04-14 10:55:19 | Computer Name = Y530 | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie
można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

Error - 2011-04-15 07:41:36 | Computer Name = Y530 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 2011-04-15 07:41:36 | Computer Name = Y530 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 2011-04-15 10:37:04 | Computer Name = Y530 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 2011-04-15 10:37:04 | Computer Name = Y530 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 2011-04-16 06:48:51 | Computer Name = Y530 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 2011-04-16 06:48:51 | Computer Name = Y530 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 2011-04-16 06:57:42 | Computer Name = Y530 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 2011-04-16 06:57:42 | Computer Name = Y530 | Source = WMPNetworkSvc | ID = 866306
Description =


< End of report >


[wojtas]

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
[2011-04-16 22:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arek\AppData\Roaming\mozilla\Firefox\Profiles\5nts0kt0.default\extensions\toolbar@ask.com
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - File not found
O2 - BHO: (Keyword Search) - {31A0D938-3055-46BA-8919-59E44E0D7E51} - C:\Program Files (x86)\Keyword Search\torangcomz.dll (torangcomz)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - File not found
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - File not found
O3 - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000..\Run: [DAEMON Tools Lite] File not found
O4 - HKU\S-1-5-21-1040771517-3967096182-1898476961-1000..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Wykonaj czynności końcowe :
*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu


Zaktualizuj zabezpieczenia:
>>> Java™ 6
>>> color=#0000BF]Mozilla Firefox 4,0[/color]