OTL logfile created on: 2014-08-05 19:05:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Viola\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17207) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,97 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 60,75% Memory free 5,93 Gb Paging File | 4,59 Gb Available in Paging File | 77,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147,70 Gb Total Space | 84,05 Gb Free Space | 56,91% Space Free | Partition Type: NTFS Drive D: | 150,29 Gb Total Space | 72,49 Gb Free Space | 48,24% Space Free | Partition Type: NTFS Computer Name: VIOLA-KOMPUTER | User Name: Viola | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-08-05 19:03:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Viola\Downloads\OTL.exe PRC - [2014-07-23 21:00:11 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2014-07-09 07:09:01 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe PRC - [2014-03-11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2014-03-11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-09-17 11:14:52 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files\PPublicoEx8\dbengine\bin\fbguard.exe PRC - [2010-09-17 11:14:44 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files\PPublicoEx8\dbengine\bin\fbserver.exe PRC - [2010-03-23 08:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2010-03-23 08:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\stacsv.exe PRC - [2009-09-15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE PRC - [2009-08-18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009-03-02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\AEstSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-07-23 20:59:41 | 003,800,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2014-07-09 07:08:59 | 017,029,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_14_0_0_145.dll MOD - [2013-09-05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2012-02-17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014-07-23 21:00:10 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-07-09 07:09:02 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-06-19 01:23:24 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014-03-11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2014-03-11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-12-19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012-08-14 22:32:18 | 000,118,784 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3B69A712-4CBC-40B1-AE55-0203075FD093}\Installer\InstallerService.exe -- (Installer Service) SRV - [2012-03-09 10:15:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-09-17 11:14:52 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\PPublicoEx8\dbengine\bin\fbguard.exe -- (FirebirdGuardianPPublico) SRV - [2010-09-17 11:14:44 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\PPublicoEx8\dbengine\bin\fbserver.exe -- (FirebirdServerPPublico) SRV - [2010-03-23 08:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\stacsv.exe -- (STacSV) SRV - [2010-03-03 10:47:24 | 000,136,192 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2009-09-15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (astcc) SRV - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-03-02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\AEstSrv.exe -- (AESTFilters) SRV - [2007-05-31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Viola\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2014-03-11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013-10-02 02:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012-08-23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012-05-29 23:09:02 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2012-05-29 23:09:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011-05-13 19:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011-05-13 19:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2011-04-14 05:47:40 | 000,027,760 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-03-23 08:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009-07-20 20:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-04-28 11:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007-07-16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2006-11-10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{448BCF5C-A11D-C385-1587-651BFE5A6715}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPage = about:blank IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\..\SearchScopes\{0FBB3ACA-F591-4FC4-B0B2-3408C90BD8AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\..\SearchScopes\{21E886BD-AAB7-4E47-99A8-36B7CEDB2E7D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\..\SearchScopes\{448BCF5C-A11D-C385-1587-651BFE5A6715}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111434&babsrc=SP_ss&mntrId=0c351de70000000000000027132c6ec9 IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\..\SearchScopes\{54E9C0D1-9522-740A-ABB4-631B76371C84}: "URL" = http://tuvaro.com/ws/?source=e0c8d0ad&tbp=rbox&toolbarid=base&u=0c351de70000000000000027132c6ec9&q={searchTerms} IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\..\SearchScopes\{C6B90EEB-6417-490C-9B3B-6A1FDC1F9CF5}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0AtC0CyE0AzytC0D0EyBtN0D0Tzu0CyDtDtAtN1L2XzutN1L1Czu&cr=1055476896&ir= IE - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Allegro" FF - prefs.js..browser.search.selectedEngine: "Allegro" FF - prefs.js..browser.startup.homepage: "http://google.pl/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Viola\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Viola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Viola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Viola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-07-23 20:59:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-07-23 20:59:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Viola\AppData\Roaming\IDM\idmmzcc5 [2012-03-09 14:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Viola\AppData\Roaming\mozilla\Extensions [2012-10-08 23:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Viola\AppData\Roaming\mozilla\Firefox\extensions [2012-10-08 23:39:10 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Viola\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2014-07-23 19:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Viola\AppData\Roaming\mozilla\Firefox\Profiles\nievr0xy.default\extensions [2014-01-07 23:23:46 | 000,010,043 | ---- | M] () (No name found) -- C:\Users\Viola\AppData\Roaming\mozilla\firefox\profiles\nievr0xy.default\extensions\IplextoALL@ALLPlayer.org.xpi [2014-07-23 19:05:13 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Viola\AppData\Roaming\mozilla\firefox\profiles\nievr0xy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-23 20:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014-07-23 21:00:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Pierwszy u\u017cytkownik (Disabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Error reading preferences file CHR - Extension: Angry Birds = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Dwarf Galaxy NGC 4449 Theme = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\babcfbkleafekpcmmmcdjfengfddbjpe\1_0\ CHR - Extension: YouTube = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Archive Poster = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceakpicibkmdilicebgddflnfbpmcpgd\4.3.4.3_0\ CHR - Extension: Szukaj w Google = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Stylish = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2.2_0\ CHR - Extension: Fruit Ninja Frenzy = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdpbijodhadlfechicboigonjbeiall\1_0\ CHR - Extension: TotallyLayouts = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgckkcjgkbgjoablpejebabahbamfkc\1.3.5_0\ CHR - Extension: Google Wallet = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Gmail = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Angry Birds = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Dwarf Galaxy NGC 4449 Theme = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\babcfbkleafekpcmmmcdjfengfddbjpe\1_0\ CHR - Extension: YouTube = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Archive Poster = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceakpicibkmdilicebgddflnfbpmcpgd\4.3.4.3_0\ CHR - Extension: Szukaj w Google = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Stylish = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2.2_0\ CHR - Extension: Fruit Ninja Frenzy = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdpbijodhadlfechicboigonjbeiall\1_0\ CHR - Extension: TotallyLayouts = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgckkcjgkbgjoablpejebabahbamfkc\1.3.5_0\ CHR - Extension: Google Wallet = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Gmail = C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2014-08-05 18:21:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2206638780-1144197696-2613282311-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAEB39D0-7994-4019-BA0E-55FD2FC0546F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-08-05 18:25:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014-08-05 18:25:06 | 000,000,000 | ---D | C] -- C:\Users\Viola\AppData\Local\temp [2014-08-05 18:03:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2014-08-05 18:03:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2014-08-05 18:03:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2014-08-05 17:52:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2014-08-05 17:51:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2014-08-05 17:37:58 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll [2014-08-05 17:25:03 | 005,567,674 | R--- | C] (Swearware) -- C:\Users\Viola\Desktop\ComboFix.exe [2014-08-04 18:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2014-08-04 18:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2014-07-23 20:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014-07-20 13:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\rgcaudio [2014-07-20 13:31:15 | 000,000,000 | ---D | C] -- C:\Users\Viola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cakewalk RgcAudio z3ta Plus v1.5.2 VSTi DXi [2014-07-20 13:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk RgcAudio z3ta Plus v1.5.2 VSTi DXi [2014-07-20 13:23:45 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2014-07-20 13:23:07 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll [2014-07-20 13:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins [2014-07-20 13:23:04 | 000,000,000 | ---D | C] -- C:\Users\Viola\Documents\Image-Line [2014-07-20 13:22:40 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm [2014-07-20 13:22:40 | 000,000,000 | ---D | C] -- C:\Users\Viola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [2014-07-20 13:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim [2014-07-20 13:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line [2014-07-15 21:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2014-07-09 19:28:59 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2014-07-09 19:28:59 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014-07-09 19:28:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014-07-09 19:28:59 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll [2014-07-09 19:28:58 | 000,240,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2014-07-09 19:28:58 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014-07-09 19:28:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014-07-09 19:28:57 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014-07-09 19:28:57 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014-07-09 19:28:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014-07-09 19:28:57 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2014-07-09 19:28:57 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014-07-09 19:28:55 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014-07-09 19:28:55 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014-07-09 19:28:55 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014-07-09 19:28:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014-07-09 19:28:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014-07-09 19:28:53 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014-07-09 19:28:53 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2014-07-09 19:28:51 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2014-07-09 19:28:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll [2014-07-09 19:28:49 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014-07-09 19:28:47 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014-07-09 19:28:21 | 002,350,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014-07-09 19:28:21 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe [2014-07-09 19:28:06 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2014-07-09 19:28:03 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2014-07-09 19:27:48 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014-07-09 19:27:42 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2013-10-18 15:07:13 | 000,407,552 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Users\Viola\midas.dll [2013-10-18 15:07:03 | 003,068,856 | ---- | C] (CAD PROJEKT KiA s.c.) -- C:\Users\Viola\netplus2012_pl_v.2.0.0.37.exe [2012-03-18 11:46:32 | 002,447,264 | ---- | C] (DownVision ) -- C:\Users\Viola\AppData\Local\setup.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-08-05 18:52:54 | 000,015,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-08-05 18:52:54 | 000,015,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-08-05 18:52:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-08-05 18:46:09 | 000,834,932 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2014-08-05 18:46:09 | 000,748,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014-08-05 18:46:09 | 000,192,402 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2014-08-05 18:46:09 | 000,158,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014-08-05 18:43:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-08-05 18:41:51 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-08-05 18:41:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-08-05 18:41:32 | 2390,114,304 | -HS- | M] () -- C:\hiberfil.sys [2014-08-05 18:21:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2014-08-05 17:53:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2206638780-1144197696-2613282311-1001UA.job [2014-08-05 17:29:14 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2206638780-1144197696-2613282311-1001UA.job [2014-08-05 17:25:31 | 005,567,674 | R--- | M] (Swearware) -- C:\Users\Viola\Desktop\ComboFix.exe [2014-08-04 18:31:13 | 000,416,566 | ---- | M] () -- C:\Users\Viola\Documents\cc_20140804_183048.reg [2014-08-04 18:29:05 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2206638780-1144197696-2613282311-1001Core.job [2014-08-03 19:40:34 | 000,007,602 | ---- | M] () -- C:\Users\Viola\AppData\Local\Resmon.ResmonCfg [2014-08-03 11:53:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2206638780-1144197696-2613282311-1001Core.job [2014-07-30 22:03:36 | 006,099,675 | ---- | M] () -- C:\Users\Viola\Desktop\IMGP8588 - Kopia.JPG [2014-07-20 15:54:10 | 003,823,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014-07-20 13:23:45 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll [2014-07-20 13:23:06 | 000,001,108 | ---- | M] () -- C:\Users\Viola\Desktop\FL Studio 10.lnk [2014-07-18 22:34:19 | 000,002,380 | ---- | M] () -- C:\Users\Viola\Desktop\Google Chrome.lnk [2014-07-09 07:09:01 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-07-09 07:09:01 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-08-05 18:03:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2014-08-05 18:03:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2014-08-05 18:03:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2014-08-05 18:03:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2014-08-05 18:03:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2014-08-04 18:30:51 | 000,416,566 | ---- | C] () -- C:\Users\Viola\Documents\cc_20140804_183048.reg [2014-08-03 19:40:34 | 000,007,602 | ---- | C] () -- C:\Users\Viola\AppData\Local\Resmon.ResmonCfg [2014-07-30 21:58:39 | 006,099,675 | ---- | C] () -- C:\Users\Viola\Desktop\IMGP8588 - Kopia.JPG [2014-07-20 13:23:06 | 000,001,108 | ---- | C] () -- C:\Users\Viola\Desktop\FL Studio 10.lnk [2014-06-07 08:12:01 | 000,000,000 | ---- | C] () -- C:\Users\Viola\AppData\Local\{D8F11B27-FF92-4B0A-A662-A50720E51CCD} [2014-01-07 18:57:57 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2013-10-30 00:34:05 | 000,000,096 | ---- | C] () -- C:\Users\Viola\AppData\Roaming\WB.CFG [2013-10-30 00:34:05 | 000,000,006 | ---- | C] () -- C:\Users\Viola\AppData\Roaming\WBPU-TTL.DAT [2013-10-29 23:31:28 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013-10-29 23:31:28 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2013-10-29 23:31:02 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2013-10-29 23:31:01 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2013-10-29 23:31:01 | 000,001,790 | ---- | C] () -- C:\Windows\unins000.dat [2013-06-15 18:33:41 | 000,004,096 | -H-- | C] () -- C:\Users\Viola\AppData\Local\keyfile3.drm [2013-05-31 15:42:24 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2013-02-02 18:16:27 | 000,365,568 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE [2013-02-02 18:16:27 | 000,169,472 | ---- | C] () -- C:\Windows\System32\ZLhp1020.DLL [2012-12-04 11:12:10 | 000,245,248 | ---- | C] () -- C:\Windows\System32\zshp1020s.dll [2012-10-07 22:18:30 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE [2012-03-12 21:01:37 | 000,028,672 | ---- | C] () -- C:\Users\Viola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012-07-24 13:29:50 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\.minecraft [2013-05-05 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\AnvSoft [2013-10-29 23:31:02 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\CDXReader [2014-08-04 18:30:02 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\DAEMON Tools Pro [2012-10-10 23:10:26 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\DMCache [2012-03-28 16:02:59 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\Downloaded Installations [2012-05-29 23:27:17 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\ESET [2012-04-27 20:44:52 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\Gadu-Gadu 10 [2012-05-25 21:03:37 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\GHISLER [2014-03-10 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\Grupa IMAGE [2014-08-04 18:29:59 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\IDM [2013-10-29 23:31:06 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\LavFilters [2012-07-01 17:42:27 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\LucasArts [2013-12-16 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\NapiProjekt [2012-07-23 22:32:32 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\Nitro PDF [2012-10-21 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\Nokia [2012-10-21 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\Nokia Suite [2012-04-03 18:54:35 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\OpenFM [2012-05-06 15:45:16 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\PC Suite [2012-11-17 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\PhotoScape [2012-03-09 14:04:13 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\Qualcomm [2012-03-09 14:32:53 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\Thunderbird [2012-03-20 10:25:53 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\URSoft [2012-08-15 06:29:10 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\wargaming.net [2013-04-02 14:25:19 | 000,000,000 | ---D | M] -- C:\Users\Viola\AppData\Roaming\XnView [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 88 bytes -> C:\Users\Viola\Desktop\DAEMONToolsPro530-0359.exe:SummaryInformation @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1CE11B51 < End of report >