OTL logfile created on: 11 styczeń 17:42:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Pliki instalacyjne\Nowy folder (2) Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17501) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: dd MMMM 2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,89% Memory free 3,00 Gb Paging File | 1,60 Gb Available in Paging File | 53,40% Paging File free Paging file location(s): c:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 33,00 Gb Total Space | 11,83 Gb Free Space | 35,83% Space Free | Partition Type: NTFS Drive D: | 25,82 Gb Total Space | 18,68 Gb Free Space | 72,34% Space Free | Partition Type: NTFS Drive E: | 239,25 Gb Total Space | 89,54 Gb Free Space | 37,42% Space Free | Partition Type: NTFS Computer Name: TEST-KOMPUTER | User Name: dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015 01 11 17:37:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Pliki instalacyjne\Nowy folder (2)\OTL.com PRC - [2015 01 09 18:05:01 | 005,227,112 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\avastui.exe PRC - [2015 01 04 12:20:22 | 001,431,112 | ---- | M] (AIMP DevTeam) -- D:\Program Files\AIMP3\AIMP3.exe PRC - [2014 11 08 15:53:39 | 000,050,344 | ---- | M] (AVAST Software) -- d:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014 11 08 15:53:35 | 003,192,344 | ---- | M] (Avast Software) -- d:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe PRC - [2014 05 19 21:35:16 | 002,303,256 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2014 05 19 21:34:54 | 000,053,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LBTWiz.exe PRC - [2014 03 24 23:51:30 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe PRC - [2014 03 24 23:50:36 | 000,293,144 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe PRC - [2014 03 14 14:22:16 | 002,611,808 | ---- | M] () -- D:\Program Files\Rainlendar2\Rainlendar2.exe PRC - [2012 12 29 09:55:48 | 000,147,456 | ---- | M] (IvoSoft) -- D:\Program Files\Classic Shell\ClassicStartMenu.exe PRC - [2012 11 24 09:37:20 | 007,772,160 | ---- | M] (Cubic Reality Software) -- D:\Program Files\CubicExplorer\CubicExplorer.exe PRC - [2012 11 23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012 08 16 06:56:46 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011 04 19 08:58:00 | 000,079,872 | ---- | M] () -- C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015 01 04 12:20:23 | 001,733,120 | ---- | M] () -- D:\Program Files\AIMP3\System\Encoders\aimp_libvorbis.dll MOD - [2015 01 04 12:20:23 | 000,435,200 | ---- | M] () -- D:\Program Files\AIMP3\System\Encoders\libFLAC.dll MOD - [2015 01 04 12:20:23 | 000,237,568 | ---- | M] () -- D:\Program Files\AIMP3\Plugins\OptimFROG\OptimFROG.dll MOD - [2015 01 04 12:20:23 | 000,220,672 | ---- | M] () -- D:\Program Files\AIMP3\System\Encoders\MACDll.dll MOD - [2015 01 04 12:20:23 | 000,218,112 | ---- | M] () -- D:\Program Files\AIMP3\System\libsoxr.dll MOD - [2015 01 04 12:20:23 | 000,152,136 | ---- | M] () -- D:\Program Files\AIMP3\Plugins\PandemicAnalogMeter\PandemicAnalogMeter.dll MOD - [2015 01 04 12:20:23 | 000,026,624 | ---- | M] () -- D:\Program Files\AIMP3\Plugins\Aorta\Aorta.dll MOD - [2015 01 04 12:20:22 | 000,159,232 | ---- | M] () -- D:\Program Files\AIMP3\Plugins\aimp_sacd\libsacd.dll MOD - [2015 01 04 12:20:22 | 000,099,912 | ---- | M] () -- D:\Program Files\AIMP3\Plugins\aimp_cdda\aimp_cdda.dll MOD - [2014 11 15 15:04:46 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll MOD - [2014 11 08 15:53:40 | 038,562,088 | ---- | M] () -- D:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014 10 17 18:04:12 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b20319dfb7dd671d2de2f383cd2551ce\WindowsFormsIntegration.ni.dll MOD - [2014 10 17 17:57:56 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\e3641fa3359f37ad12c84183ce765093\System.Core.ni.dll MOD - [2014 10 15 17:30:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll MOD - [2014 10 15 17:30:00 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll MOD - [2014 10 15 17:29:37 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll MOD - [2014 10 15 17:29:24 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll MOD - [2014 10 15 17:29:17 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll MOD - [2014 10 15 17:29:12 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll MOD - [2014 10 15 17:29:08 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll MOD - [2014 10 15 17:29:07 | 012,236,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll MOD - [2014 10 15 17:28:54 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll MOD - [2014 10 15 17:28:50 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll MOD - [2014 09 10 15:45:29 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll MOD - [2014 03 14 14:23:10 | 000,060,512 | ---- | M] () -- D:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll MOD - [2014 03 14 14:22:16 | 002,611,808 | ---- | M] () -- D:\Program Files\Rainlendar2\Rainlendar2.exe MOD - [2014 03 14 11:11:52 | 000,065,024 | ---- | M] () -- D:\Program Files\Rainlendar2\libicalss.dll MOD - [2014 03 14 11:11:30 | 000,250,368 | ---- | M] () -- D:\Program Files\Rainlendar2\libical.dll MOD - [2013 09 05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2013 06 18 15:49:28 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2013 04 29 23:08:08 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2012 08 16 06:58:20 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pl_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2012 08 16 06:58:20 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2012 06 17 14:22:08 | 000,012,800 | ---- | M] () -- D:\Program Files\Rainlendar2\lfs.dll MOD - [2012 05 16 20:01:30 | 000,140,800 | ---- | M] () -- D:\Program Files\Rainlendar2\lua52.dll MOD - [2011 04 12 06:08:19 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_pl_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2011 04 12 06:08:14 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pl_b77a5c561934e089\System.resources.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014 12 12 22:47:19 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014 12 12 17:43:15 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014 11 22 02:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014 11 09 18:03:53 | 000,217,088 | ---- | M] (AMD) [On_Demand | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2014 11 08 15:53:39 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- d:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2014 11 08 15:53:35 | 003,192,344 | ---- | M] (Avast Software) [On_Demand | Running] -- d:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc) SRV - [2014 03 24 23:50:36 | 000,293,144 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2013 05 27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013 03 08 23:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012 12 28 17:42:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011 04 19 08:58:00 | 000,079,872 | ---- | M] () [Auto | Running] -- C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe -- (XRNADB) SRV - [2009 07 14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009 07 14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009 07 14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32) DRV - [2015 01 04 15:47:55 | 000,077,824 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2014 12 31 17:39:54 | 000,023,840 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32) DRV - [2014 11 22 15:48:35 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx) DRV - [2014 11 21 21:13:56 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP) DRV - [2014 11 09 18:03:54 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2014 11 09 18:03:54 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2014 11 09 18:03:54 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2014 11 09 18:01:32 | 000,106,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2014 11 08 15:53:41 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2014 11 08 15:53:41 | 000,091,496 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm) DRV - [2014 11 08 15:53:41 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2014 11 08 15:53:41 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2014 11 08 15:53:41 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2014 11 08 15:53:41 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid) DRV - [2014 11 08 15:53:35 | 000,218,192 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- d:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv) DRV - [2014 09 26 22:01:14 | 000,320,120 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2014 03 19 01:24:22 | 000,079,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2014 03 19 01:24:08 | 000,063,000 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2014 03 19 01:24:06 | 000,019,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2014 03 14 15:59:21 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2014 03 14 15:59:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2013 11 01 17:10:22 | 000,203,024 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2013 11 01 17:09:10 | 000,114,960 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2013 11 01 17:09:10 | 000,103,696 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2013 10 08 15:57:27 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2013 10 08 15:57:27 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2013 10 02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012 12 14 09:09:47 | 000,104,848 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SIVX32.sys -- (SIVDriver) DRV - [2012 08 23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012 08 23 15:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012 06 18 13:58:52 | 000,016,000 | ---- | M] (SysNucleus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\udsstub.sys -- (udsstub) DRV - [2010 11 20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010 11 20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010 11 20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010 11 20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010 11 20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010 11 20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010 11 20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010 07 04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- d:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010 03 15 09:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2010 03 15 09:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) DRV - [2010 03 15 09:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) DRV - [2010 03 15 09:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2010 03 15 09:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) DRV - [2010 03 15 09:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) DRV - [2010 03 15 09:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2009 04 24 16:03:10 | 000,018,432 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice) DRV - [2009 04 24 16:03:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice) DRV - [2008 05 16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008 05 16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008 05 16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008 05 16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008 05 16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008 05 16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008 05 16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine" FF - prefs.js..browser.search.searchengine.ptid: "amt" FF - prefs.js..browser.search.searchengine.uid: "SAMSUNGXHD322HJ_S17AJ9BQ301491" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledAddons: searchontab%40sogame.cat:1.0.3 FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:2.0.0 FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.8.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: searchontab@sogame.cat:1.0.3 FF - prefs.js..extensions.enabledItems: trackmenot@mrl.nyu.edu:0.6.723 FF - prefs.js..extensions.enabledItems: uploader@adblockfilters.mozdev.org:2.1 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.4 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: pasteandgo2@holio.lin:1.0.5 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.99.1 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks_version: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: D:\Users\dom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014 06 18 16:57:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: d:\Program Files\AVAST Software\Avast\WebRep\FF [2014 11 08 15:53:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2014 11 11 10:29:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012 12 28 16:07:14 | 000,000,000 | ---D | M] (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\Extensions [2015 01 11 17:07:00 | 000,000,000 | ---D | M] (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\ddp0ksvy.default-1399131752396\extensions [2015 01 11 17:07:07 | 000,000,000 | ---D | M] (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\krhltvqw.default-1399131589036\extensions [2015 01 11 11:15:25 | 000,000,000 | ---D | M] (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\Firefox\Profiles\n16fgeh3.default-1398884467910\extensions [2014 12 23 19:34:19 | 000,433,727 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014 11 15 16:40:15 | 000,003,844 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2014 12 31 09:37:45 | 000,114,463 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\extensions\compatibility@addons.mozilla.org.xpi [2014 05 03 17:55:46 | 000,126,171 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\extensions\elemhidehelper@adblockplus.org.xpi [2011 06 19 11:21:58 | 000,040,902 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\extensions\searchontab@sogame.cat.xpi [2014 11 15 16:40:16 | 000,537,656 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014 12 12 17:41:11 | 000,202,127 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014 11 15 16:40:17 | 000,979,699 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014 04 29 18:46:58 | 000,232,523 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2013 09 25 17:04:00 | 000,003,544 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2014 03 12 18:09:36 | 000,114,278 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\compatibility@addons.mozilla.org.xpi [2012 07 06 14:37:52 | 000,123,385 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\elemhidehelper@adblockplus.org.xpi [2011 06 19 10:21:58 | 000,040,902 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\searchontab@sogame.cat.xpi [2014 03 26 17:14:48 | 000,537,036 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014 02 26 20:48:02 | 000,293,311 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015 01 11 09:25:04 | 000,006,770 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\{95282a5e-d707-43c0-b998-d6a934a963a8}.xpi [2014 02 26 17:38:28 | 000,957,290 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013 03 10 10:36:22 | 000,801,582 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\krhltvqw.default-1399131589036\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015 01 11 09:25:04 | 000,006,770 | ---- | M] () (No name found) -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\n16fgeh3.default-1398884467910\extensions\{95282a5e-d707-43c0-b998-d6a934a963a8}.xpi [2010 10 05 15:07:16 | 000,001,662 | ---- | M] () -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\searchplugins\dobreprogramy.xml [2010 10 28 16:12:38 | 000,000,930 | ---- | M] () -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\searchplugins\filestubecom.xml [2011 02 13 17:55:56 | 000,006,350 | ---- | M] () -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\searchplugins\filmwebpl.xml [2013 12 05 18:22:30 | 000,001,749 | ---- | M] () -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\searchplugins\linguee-pl-en.xml [2010 07 24 17:19:26 | 000,002,258 | ---- | M] () -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\searchplugins\napisy24pl.xml [2010 08 06 11:08:18 | 000,002,159 | ---- | M] () -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\searchplugins\translate-english-to-polish.xml [2011 05 29 11:05:02 | 000,001,997 | ---- | M] () -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\searchplugins\wolframalpha.xml [2009 04 09 14:22:10 | 000,001,354 | ---- | M] () -- D:\Users\dom\AppData\Roaming\mozilla\firefox\profiles\ddp0ksvy.default-1399131752396\searchplugins\youtube.xml O1 HOSTS File: ([2013 09 13 10:22:42 | 000,000,896 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (no name) - {AF949550-9094-4807-95EC-D1C317803333} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\..\Toolbar\ShellBrowser: (no name) - {D2BF470E-ED1C-487F-A300-2BD8835EB6CE} - No CLSID value found. O3 - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\..\Toolbar\WebBrowser: (no name) - {D2BF470E-ED1C-487F-A333-2BD8835EB6CE} - No CLSID value found. O3 - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\..\Toolbar\WebBrowser: (no name) - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - No CLSID value found. O3 - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\..\Toolbar\WebBrowser: (no name) - {D2BF470E-ED1C-487F-A777-2BD8835EB6CE} - No CLSID value found. O4 - HKLM..\Run: [AvastUI.exe] d:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [Classic Start Menu] D:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2821332150-970914226-2612375139-1004..\Run: [Rainlendar2] d:\Program Files\Rainlendar2\Rainlendar2.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present O7 - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\Software\Policies\Microsoft\Internet Explorer\Security present O7 - HKU\S-1-5-21-2821332150-970914226-2612375139-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AF09BA4-510E-4D8F-B4CD-CCA7B3EF70F5}: DhcpNameServer = 62.179.1.62 62.179.1.63 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009 06 10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1e01f2ac-d0dd-11e2-8165-0021851243c8}\Shell - "" = AutoRun O33 - MountPoints2\{1e01f2ac-d0dd-11e2-8165-0021851243c8}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{8b4f1c29-cd22-11e2-818e-0021851243c8}\Shell - "" = AutoRun O33 - MountPoints2\{8b4f1c29-cd22-11e2-818e-0021851243c8}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{f66b0641-d5a7-11e2-bfe0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f66b0641-d5a7-11e2-bfe0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015 01 11 17:31:07 | 000,000,000 | ---D | C] -- C:\FRST [2015 01 11 13:11:55 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2015 01 11 11:50:30 | 000,000,000 | ---D | C] -- D:\Users\dom\Documents\Ashampoo Burning Studio 2014 [2015 01 11 11:30:57 | 000,000,000 | ---D | C] -- D:\Users\dom\AppData\Local\CrashDumps [2015 01 04 19:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Wirtualna Polska [2015 01 04 17:26:14 | 000,000,000 | ---D | C] -- D:\Users\dom\AppData\Local\ElevatedDiagnostics [2015 01 04 16:57:49 | 001,823,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2015 01 04 16:57:49 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2015 01 04 16:57:49 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll [2015 01 04 16:57:49 | 000,844,192 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll [2015 01 04 16:57:49 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll [2015 01 04 16:57:48 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2015 01 04 16:57:48 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2015 01 04 16:57:48 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2015 01 04 16:57:48 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2015 01 04 16:57:48 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll [2015 01 04 16:57:46 | 001,892,056 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2015 01 04 16:57:46 | 000,919,600 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll [2015 01 04 16:57:46 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll [2015 01 04 16:57:46 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll [2015 01 04 16:57:46 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll [2015 01 04 16:57:44 | 002,588,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2015 01 04 16:57:43 | 000,917,720 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll [2015 01 04 16:57:43 | 000,782,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2015 01 04 16:57:43 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll [2015 01 04 16:57:41 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2015 01 04 16:57:41 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2015 01 04 16:57:41 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2015 01 04 16:57:41 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2015 01 04 16:57:40 | 002,481,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RltkAPO.dll [2015 01 04 16:57:40 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2015 01 04 16:57:40 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2015 01 04 16:57:29 | 067,564,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat [2015 01 04 16:57:27 | 007,162,128 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2015 01 04 16:57:27 | 000,106,768 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2015 01 04 16:57:27 | 000,062,224 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2015 01 04 16:57:26 | 000,352,016 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2015 01 04 16:57:26 | 000,091,920 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2015 01 04 16:57:25 | 005,087,496 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOlfx.dll [2015 01 04 16:57:25 | 000,890,160 | ---- | C] (Nahimic Inc) -- C:\Windows\System32\NAHIMICAPOSettingsIPC.dll [2015 01 04 16:57:23 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2015 01 04 16:57:11 | 001,691,224 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll [2015 01 04 16:57:06 | 014,585,432 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2015 01 04 16:57:04 | 001,940,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2015 01 04 16:57:02 | 000,900,696 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll [2015 01 04 16:57:00 | 000,509,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2015 01 04 16:57:00 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2015 01 04 16:57:00 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2015 01 04 16:56:58 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll [2015 01 04 16:56:57 | 000,272,032 | ---- | C] (ICEpower a/s) -- C:\Windows\System32\ICEsoundAPO.dll [2015 01 04 16:56:37 | 002,421,792 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2015 01 04 16:56:36 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2015 01 04 16:56:36 | 000,346,048 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll [2015 01 04 16:56:35 | 000,426,944 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll [2015 01 04 16:56:35 | 000,403,392 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll [2015 01 04 16:56:34 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2015 01 04 16:56:34 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2015 01 04 16:56:32 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2015 01 04 16:56:32 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2015 01 04 16:56:31 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2015 01 04 16:56:31 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2015 01 04 16:56:30 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2015 01 04 16:56:30 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2015 01 04 16:56:30 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2015 01 04 16:56:29 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2015 01 04 16:56:28 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2015 01 04 16:56:18 | 001,452,224 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\System32\CX32APO.dll [2015 01 04 16:56:17 | 000,092,584 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll [2015 01 04 16:56:11 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2015 01 04 16:56:10 | 000,519,368 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2015 01 04 16:29:46 | 002,080,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2015 01 04 16:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader [2015 01 04 15:47:55 | 000,077,824 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\AtihdW73.sys [2015 01 01 16:00:44 | 000,000,000 | ---D | C] -- D:\Users\dom\AppData\Roaming\FileZilla [2015 01 01 16:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2014 12 31 17:39:54 | 000,023,840 | ---- | C] (REALiX(tm)) -- C:\Windows\System32\drivers\HWiNFO32.SYS [2014 12 26 16:12:00 | 000,000,000 | ---D | C] -- D:\Users\dom\AppData\Local\Programs [2014 12 23 23:33:14 | 000,000,000 | ---D | C] -- D:\Users\dom\AppData\Local\BigAngryDog_HWipe [2014 12 21 16:49:38 | 000,000,000 | ---D | C] -- D:\Users\dom\AppData\Roaming\ATI [2014 12 21 16:49:25 | 000,000,000 | ---D | C] -- D:\Users\dom\AppData\Roaming\Adobe [2014 12 18 18:30:18 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014 12 12 23:31:04 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2014 12 12 18:41:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014 12 12 18:41:31 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll [2014 12 12 18:41:31 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014 12 12 18:41:30 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2014 12 12 18:41:30 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014 12 12 18:41:29 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014 12 12 18:41:28 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2014 12 12 18:41:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014 12 12 18:41:26 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2014 12 12 18:41:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014 12 12 18:41:24 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2014 12 12 18:41:24 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll [2014 12 12 18:41:22 | 004,299,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014 12 12 18:41:20 | 000,684,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014 12 12 18:41:19 | 000,342,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2014 12 12 18:41:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014 12 12 18:41:18 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014 12 12 18:41:17 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014 12 12 18:41:17 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014 12 12 18:41:13 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014 12 12 18:41:12 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014 12 12 18:41:11 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014 12 12 18:40:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2014 12 12 18:39:40 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe [2014 12 12 18:39:34 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2014 12 12 18:39:33 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2014 12 12 18:39:32 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2014 12 12 18:39:24 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015 01 11 17:16:29 | 000,001,326 | ---- | M] () -- C:\Windows\tasks\CJVW.job [2015 01 11 17:16:29 | 000,001,324 | ---- | M] () -- C:\Windows\tasks\KOO.job [2015 01 11 17:16:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015 01 11 17:15:58 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2015 01 11 17:07:12 | 000,000,820 | ---- | M] () -- D:\Users\dom\Desktop\Mozilla Firefox.lnk [2015 01 11 11:41:09 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015 01 06 09:57:03 | 000,000,035 | ---- | M] () -- C:\Windows\Ulead32.INI [2015 01 04 18:05:21 | 000,050,760 | ---- | M] () -- D:\Users\dom\AppData\Local\recently-used.xbel [2015 01 04 15:47:55 | 000,077,824 | ---- | M] (Advanced Micro Devices) -- C:\Windows\System32\drivers\AtihdW73.sys [2015 01 04 10:19:50 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015 01 04 10:19:50 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015 01 03 15:46:41 | 000,750,178 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2015 01 03 15:46:41 | 000,663,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2015 01 03 15:46:41 | 000,161,656 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2015 01 03 15:46:41 | 000,126,298 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014 12 31 17:39:54 | 000,023,840 | ---- | M] (REALiX(tm)) -- C:\Windows\System32\drivers\HWiNFO32.SYS [2014 12 21 16:48:28 | 000,337,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014 12 13 04:33:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014 12 12 20:51:44 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015 01 11 11:14:16 | 000,001,324 | ---- | C] () -- C:\Windows\tasks\KOO.job [2015 01 11 11:13:44 | 000,001,326 | ---- | C] () -- C:\Windows\tasks\CJVW.job [2015 01 04 18:05:21 | 000,050,760 | ---- | C] () -- D:\Users\dom\AppData\Local\recently-used.xbel [2015 01 04 16:57:48 | 002,144,560 | ---- | C] () -- C:\Windows\System32\SStudio.dll [2015 01 04 16:57:41 | 001,277,681 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2015 01 04 16:56:12 | 000,087,864 | ---- | C] () -- C:\Windows\System32\audioLibVc.dll [2014 12 21 16:48:01 | 000,337,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2014 11 09 18:00:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2014 11 09 17:59:06 | 005,804,772 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat [2014 11 09 17:58:56 | 000,188,696 | ---- | C] () -- C:\Windows\System32\AcpiServiceVnA.dll [2014 11 08 15:53:48 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2014 11 08 15:53:48 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2014 11 08 15:53:47 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys [2014 09 01 09:18:44 | 000,001,248 | ---- | C] () -- D:\Users\dom\AppData\Roaming\CJVW [2014 06 29 17:08:11 | 000,000,004 | ---- | C] () -- C:\Windows\System32\Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz_V1_V1.bin [2014 05 11 09:33:50 | 000,000,007 | ---- | C] () -- D:\Users\dom\AppData\Local\~wmrg [2014 02 08 11:35:32 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin [2014 01 03 22:27:43 | 000,000,041 | ---- | C] () -- D:\Users\dom\AppData\Local\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list [2013 10 14 10:16:12 | 000,000,024 | -HS- | C] () -- D:\Users\dom\AppData\Roaming\System5908ConfigCollection.dat [2013 10 14 10:16:12 | 000,000,024 | -HS- | C] () -- D:\Users\dom\AppData\Roaming\1D959CA221C7573.sys [2013 07 11 08:43:11 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2013 06 15 11:04:56 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2013 06 15 11:04:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2013 06 05 15:19:20 | 000,003,584 | ---- | C] () -- D:\Users\dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013 05 16 09:00:23 | 000,018,944 | ---- | C] () -- C:\Windows\System32\xrhr1alm.dll [2013 04 06 17:12:08 | 000,000,694 | ---- | C] () -- D:\Users\dom\.jscreenfix.licence [2013 03 16 10:53:21 | 000,000,042 | ---- | C] () -- D:\Users\dom\jagex_cl_runescape_LIVE.dat [2013 03 16 10:53:21 | 000,000,024 | ---- | C] () -- D:\Users\dom\random.dat [2013 01 05 16:54:29 | 000,000,458 | RHS- | C] () -- D:\Users\dom\ntuser.pol [2013 01 04 18:20:17 | 000,000,648 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013 01 02 18:34:07 | 000,007,595 | ---- | C] () -- D:\Users\dom\AppData\Local\resmon.resmoncfg [2012 12 29 17:45:29 | 000,000,022 | -HS- | C] () -- D:\Users\dom\AppData\Roaming\Windows1569_SettingsRepository.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009 07 14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014 06 25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010 11 20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009 07 14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2015 01 11 17:52:00 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\AIMP3 [2014 01 18 18:26:13 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Ashampoo [2014 07 19 20:04:31 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Audacity [2013 12 07 10:40:14 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\AVAST Software [2013 06 06 17:28:49 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Awesomium [2013 07 08 20:13:26 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\BESTplayer [2014 03 18 18:32:09 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Big Angry Dog [2014 01 11 22:06:37 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\CubicExplorer [2013 07 01 11:27:00 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\doublecmd [2015 01 04 18:11:54 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\FileZilla [2013 06 23 10:42:51 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Hulubulu [2014 11 09 17:49:56 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\IObit [2014 11 23 16:08:48 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\ipla [2013 04 14 11:01:04 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Listary [2015 01 07 20:17:47 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Mp3tag [2012 12 31 19:59:11 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\NapiProjekt [2014 12 25 18:21:42 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Notepad++ [2012 12 29 18:07:35 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Opera [2014 09 28 14:56:40 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Opera Software [2013 10 01 17:13:03 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\QuickScan [2012 12 30 17:37:21 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\TeraCopy [2012 12 28 17:26:55 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Thunderbird [2013 07 30 17:42:32 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\Unity [2015 01 11 11:31:38 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\uTorrent [2013 12 01 22:31:22 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\VirtuaWin [2013 04 07 19:15:48 | 000,000,000 | -HSD | M] -- D:\Users\dom\AppData\Roaming\wyUpdate AU [2013 05 11 17:40:21 | 000,000,000 | ---D | M] -- D:\Users\dom\AppData\Roaming\XnSketch [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2014 12 04 19:57:40 | 000,000,237 | ---- | M] ()(D:\Users\dom\Desktop\? Bransoletka (sznur szydełkowo-koralikowy) - Szydełkowanie bez tajemnic - YouTube.URL) -- D:\Users\dom\Desktop\▶ Bransoletka (sznur szydełkowo-koralikowy) - Szydełkowanie bez tajemnic - YouTube.URL [2014 12 04 19:57:40 | 000,000,237 | ---- | C] ()(D:\Users\dom\Desktop\? Bransoletka (sznur szydełkowo-koralikowy) - Szydełkowanie bez tajemnic - YouTube.URL) -- D:\Users\dom\Desktop\▶ Bransoletka (sznur szydełkowo-koralikowy) - Szydełkowanie bez tajemnic - YouTube.URL < End of report >