Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2017 Ran by Tommy (administrator) on PCTOMMY (10-01-2017 20:34:44) Running from C:\Users\Tommy\Desktop\frst Loaded Profiles: Tommy & guest_ & Guest (Available Profiles: Tommy & guest_ & Guest) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Italiano (Italia) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (FSPro Labs) C:\Windows\System32\fsproflt.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () C:\Program Files\ATK Hotkey\ASLDRSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Digital Wave Ltd.) C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe (Ralink Technology, Corp.) C:\Program Files\Sitecom\Common\RegistryWriter.exe () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (ATK0100) C:\Program Files\ATK Hotkey\HControl.exe () C:\Program Files\ATKOSD2\ATKOSD2.exe () C:\Program Files\Wireless Console 2\wcourier.exe (ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files\ATK Hotkey\ATKOSD.exe () C:\Program Files\ATK Hotkey\KBFiltr.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe () C:\Windows\ASScrPro.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.) HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2008-06-25] (ASUS) HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\AsScrProlog.exe [47672 2009-04-02] () HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2009-04-02] () HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-12-11] (Realtek Semiconductor) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.) HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3257640 2013-11-05] (O&O Software GmbH) HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {19cbf40b-efe5-11df-acc4-005056c00008} - K:\LaunchU3.exe -a HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {1e2fd58d-91d6-11e4-bca6-00248c861bee} - F:\LG_PC_Programs.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {2aeb9828-bd89-11df-87b0-005056c00008} - "H:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {37291547-3d23-11e2-902c-005056c00008} - F:\Startme.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {4383ad5a-5123-11df-8057-806e6f6e6963} - I:\AutoRun.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {5f3f613d-496d-11df-a47e-001e101f4e71} - E:\AutoRun.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {5f3f616f-496d-11df-a47e-001e101f8924} - E:\AutoRun.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {9c442d13-48c5-11df-a202-00248c861bee} - E:\AutoRun.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {9c442d1d-48c5-11df-a202-001e101f9843} - E:\AutoRun.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {a6bdfc54-70b3-11e5-8711-00248c861bee} - F:\iLinker.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {a7192716-4a0f-11df-90f8-001e101f8ed0} - E:\AutoRun.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {b549c546-1176-11e4-bbd1-00248c861bee} - F:\LGAutoRun.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\MountPoints2: {feaf2453-9b45-11df-b198-005056c00008} - E:\KODAK_Software_Downloader.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-365035492-1695249228-1794944439-1006\...\Run: [Softonic for Windows] => "C:\Users\guest_\AppData\Local\Softonic\Softonic.exe" -minimize HKU\S-1-5-21-365035492-1695249228-1794944439-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-02] (Google Inc.) HKU\S-1-5-21-365035492-1695249228-1794944439-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-365035492-1695249228-1794944439-1006\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-365035492-1695249228-1794944439-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-365035492-1695249228-1794944439-1006\...\MountPoints2: {1e2fd58d-91d6-11e4-bca6-00248c861bee} - F:\LG_PC_Programs.exe HKU\S-1-5-21-365035492-1695249228-1794944439-1006\...\MountPoints2: {2aeb9828-bd89-11df-87b0-005056c00008} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-365035492-1695249228-1794944439-501\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-365035492-1695249228-1794944439-501\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-365035492-1695249228-1794944439-501\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [255224 2016-11-29] (TomTom) HKU\S-1-5-21-365035492-1695249228-1794944439-501\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-02] (Google Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2012-10-30] (AVAST Software) ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll [2007-06-15] () ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [2007-06-02] () ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-04] (Autodesk, Inc.) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2013-11-05] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\guest_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2014-04-19] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250 Tcpip\..\Interfaces\{11CE3600-7B4A-4C95-B077-ECFAF0A33B86}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{29829FB0-CBF5-497E-BEEF-59F7651A7605}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{32FDDD02-557D-4A84-88F7-F8115ADD0A0A}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{32FDDD02-557D-4A84-88F7-F8115ADD0A0A}: [DhcpNameServer] 213.140.2.43 213.140.2.49 Tcpip\..\Interfaces\{34428BD6-9907-40C4-988D-6C7AA30B7FE6}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{34428BD6-9907-40C4-988D-6C7AA30B7FE6}: [DhcpNameServer] 213.140.2.43 213.140.2.49 Tcpip\..\Interfaces\{470CB71D-948B-4E11-B23A-6FFB842B3D28}: [DhcpNameServer] 62.101.93.101 83.103.25.250 Tcpip\..\Interfaces\{67580987-B657-49CA-8E5E-ED86879C4660}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{67580987-B657-49CA-8E5E-ED86879C4660}: [DhcpNameServer] 213.140.2.43 213.140.2.49 Tcpip\..\Interfaces\{8CB4D341-5FF0-49ED-BFEB-48219DBCC366}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{928DA54E-C113-407C-B63D-6D36324AF6A1}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{928DA54E-C113-407C-B63D-6D36324AF6A1}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250 Tcpip\..\Interfaces\{BD85CCC5-A8B8-479C-955D-C809E1C65805}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{DC35013D-E5B9-4A0B-A0C8-DD058242AC8A}: [DhcpNameServer] 62.101.93.101 83.103.25.250 Tcpip\..\Interfaces\{E11FC6C0-872F-4B8E-81B1-4D0F5A2D5F30}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{E11FC6C0-872F-4B8E-81B1-4D0F5A2D5F30}: [DhcpNameServer] 213.140.2.43 213.140.2.49 Tcpip\..\Interfaces\{F59E892E-C651-47A7-8E2F-B62FB276E507}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{FB7DCF13-2AAF-49EE-95AD-F72DCE62130B}: [NameServer] 8.8.8.8,8.8.4.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-365035492-1695249228-1794944439-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKU\S-1-5-21-365035492-1695249228-1794944439-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKU\S-1-5-21-365035492-1695249228-1794944439-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://it.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dit%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByEzz0CzzyCtC0B0E0Ezy0Bzy0BtN0D0Tzu0StCzztCyCtN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtC0A0BtDtAyE0FtGyDtAtAtCtGyEtC0B0EtGyD0D0D0CtGyB0B0CzztB0ByC0AtD0E0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0EyDtDtD0AtB0FtGyDzy0EyEtGyE0FtByEtG0B0FyBtAtGtDyD0AtCzzyByB0B0EtDtDzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByEzz%26cr%3D406974392%26a%3Dwbf_fsvideosft_16_51%26os_ver%3D6%26os%3DWindows%2BVista%2B(TM)%2BHome%2BPremium&p={searchTerms} SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxps://it.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dit%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByEzz0CzzyCtC0B0E0Ezy0Bzy0BtN0D0Tzu0StCyByEtCtN1L2XzutAtFtByEtFtByDtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyDtCtDyBtA0DyDtGtD0B0F0CtGtAtC0AyCtGtC0DzytCtGzz0B0EtCtD0FtDzzyEtAyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0EyDtDtD0AtB0FtGyDzy0EyEtGyE0FtByEtG0B0FyBtAtGtDyD0AtCzzyByB0B0EtDtDzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyEyDtD%26cr%3D383772516%26a%3Dwbf_ir_16_40%26os_ver%3D6%26os%3DWindows%2BVista%2B(TM)%2BHome%2BPremium&p={searchTerms} SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://it.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dit%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByEzz0CzzyCtC0B0E0Ezy0Bzy0BtN0D0Tzu0StCzztCyCtN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtC0A0BtDtAyE0FtGyDtAtAtCtGyEtC0B0EtGyD0D0D0CtGyB0B0CzztB0ByC0AtD0E0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0EyDtDtD0AtB0FtGyDzy0EyEtGyE0FtByEtG0B0FyBtAtGtDyD0AtCzzyByB0B0EtDtDzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByEzz%26cr%3D406974392%26a%3Dwbf_fsvideosft_16_51%26os_ver%3D6%26os%3DWindows%2BVista%2B(TM)%2BHome%2BPremium&p={searchTerms} SearchScopes: HKU\S-1-5-21-365035492-1695249228-1794944439-1000 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://it.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dit%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByEzz0CzzyCtC0B0E0Ezy0Bzy0BtN0D0Tzu0StCzztCyCtN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtC0A0BtDtAyE0FtGyDtAtAtCtGyEtC0B0EtGyD0D0D0CtGyB0B0CzztB0ByC0AtD0E0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0EyDtDtD0AtB0FtGyDzy0EyEtGyE0FtByEtG0B0FyBtAtGtDyD0AtCzzyByB0B0EtDtDzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByEzz%26cr%3D406974392%26a%3Dwbf_fsvideosft_16_51%26os_ver%3D6%26os%3DWindows%2BVista%2B(TM)%2BHome%2BPremium&p={searchTerms} SearchScopes: HKU\S-1-5-21-365035492-1695249228-1794944439-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://it.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dit%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByEzz0CzzyCtC0B0E0Ezy0Bzy0BtN0D0Tzu0StCzztCyCtN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtC0A0BtDtAyE0FtGyDtAtAtCtGyEtC0B0EtGyD0D0D0CtGyB0B0CzztB0ByC0AtD0E0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0EyDtDtD0AtB0FtGyDzy0EyEtGyE0FtByEtG0B0FyBtAtGtDyD0AtCzzyByB0B0EtDtDzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByEzz%26cr%3D406974392%26a%3Dwbf_fsvideosft_16_51%26os_ver%3D6%26os%3DWindows%2BVista%2B(TM)%2BHome%2BPremium&p={searchTerms} SearchScopes: HKU\S-1-5-21-365035492-1695249228-1794944439-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUS_itIT343IT343 SearchScopes: HKU\S-1-5-21-365035492-1695249228-1794944439-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_itIT343IT343 SearchScopes: HKU\S-1-5-21-365035492-1695249228-1794944439-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_itIT343IT343 SearchScopes: HKU\S-1-5-21-365035492-1695249228-1794944439-501 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PRdcLCFVa&loc=skw&search={searchTerms} SearchScopes: HKU\S-1-5-21-365035492-1695249228-1794944439-501 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_itIT343IT343 SearchScopes: HKU\S-1-5-21-365035492-1695249228-1794944439-501 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PRdcLCFVa&loc=skw&search={searchTerms} BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30] (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30] (AVAST Software) BHO: Guida per l'accesso a Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-11-22] (Skype Technologies S.A.) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30] (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-365035492-1695249228-1794944439-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-365035492-1695249228-1794944439-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-365035492-1695249228-1794944439-501 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) DPF: {112857FE-11D5-03FF-9A3F-0080C8D85044} hxxp://cached.gamedesire.com/g_bin/pl/solitaire_2_0_0_31.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {18506D80-11D4-9B80-82C2-0080C8D7ED4A} hxxp://cached.gamedesire.com/g_bin/pl/roulette_2_0_0_30.cab DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} hxxp://www.eska.pl/streamplayers/OggX.ocx DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2A781DED-4153-C22D-9812-CEA98A32981C} hxxp://cached.gamedesire.com/g_bin/pl/cardsmakao_2_0_0_33.cab DPF: {41ACD49D-791A-1974-0981-AA9872721044} hxxp://cached.gamedesire.com/g_bin/pl/boards_2_0_0_39.cab DPF: {4B4513E2-43DF-4E57-9496-FCD37E9DFA64} hxxp://cached.gamedesire.com/g_bin/pl/navy_2_0_0_34.cab DPF: {83AFB5CA-11D4-ED35-A452-0080C8D85045} hxxp://cached.gamedesire.com/g_bin/pl/poker_2_0_0_52.cab DPF: {9085316E-11D4-42BA-BAA3-0080C8D7ED4A} hxxp://cached.gamedesire.com/g_bin/pl/hunter_2_0_0_31.cab DPF: {A1FE3DEF-11D4-CF77-8340-0080C8D7ED4A} hxxp://cached.gamedesire.com/g_bin/pl/pirate_2_0_0_33.cab DPF: {A7196C8E-4FF0-35A5-9E46-E28918B5CAF6} hxxp://cached.gamedesire.com/g_bin/pl/domino_2_0_0_37.cab DPF: {AC120B1D-4111-9411-AF52-118052D85D45} hxxp://cached.gamedesire.com/g_bin/pl/darts_2_0_0_49.cab DPF: {AD7013FF-4F36-1D9A-94A6-3CD408A663F9} hxxp://cached.gamedesire.com/g_bin/pl/breakout_2_0_0_33.cab DPF: {BFA1F11D-AFE1-3121-4112-894323212DAC} hxxp://cached.gamedesire.com/g_bin/pl/words_2_0_0_55.cab DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} hxxp://cached.gamedesire.com/g_bin/pl/wordssingle_2_0_0_52.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-11-22] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Tommy\AppData\Roaming\TomTom\HOME\Profiles\x4botkyo.default [2016-12-28] FF Extension: (Emulator) - C:\Users\Tommy\AppData\Roaming\TomTom\HOME\Profiles\x4botkyo.default\Extensions\Navcore.9.053.520930@tomtom.com [2015-06-23] [not signed] FF Extension: (Emulator) - C:\Users\Tommy\AppData\Roaming\TomTom\HOME\Profiles\x4botkyo.default\Extensions\Navcore.9.061.576030@tomtom.com [2015-06-23] [not signed] FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2016-12-27] [not signed] FF ProfilePath: C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\hntn5dbs.default-1484073520935 [2017-01-10] FF Homepage: Mozilla\Firefox\Profiles\hntn5dbs.default-1484073520935 -> hxxps://www.google.pl/ FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-17] [not signed] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-10] [not signed] FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: (Google Toolbar for Firefox) - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-01-10] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (avast! WebRep) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-02] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2009-09-14] (BitTorrent, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin: @sony.com/ReaderDesktop -> C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-05-23] (Sony Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.1.9 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-09] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-09] (Google Inc.) FF Plugin HKU\S-1-5-21-365035492-1695249228-1794944439-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll [2011-01-27] (Octoshape ApS) FF Plugin HKU\S-1-5-21-365035492-1695249228-1794944439-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-365035492-1695249228-1794944439-501: @thrixxx.com/WebLaunch -> C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\Tommy\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2010-05-27] (Octoshape ApS) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxps://www.google.pl/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll () CHR Profile: C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default [2017-01-10] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-01] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed] R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed] R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed] S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software) R2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-04-01] (Flexera Software, Inc.) R2 fsproflt; C:\Windows\system32\fsproflt.exe [46912 2012-04-17] (FSPro Labs) S2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1381672 2013-11-05] (O&O Software GmbH) R2 RalinkRegistryWriter; C:\Program Files\Sitecom\Common\RegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.) [File not signed] S3 Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed] R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] () S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-10-15] (TuneUp Software) S4 ufad-ws60; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.) S4 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.) S4 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.) S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.) S4 VMware NAT Service; C:\Windows\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider) R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] () R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-30] (AVAST Software) R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [35928 2012-10-30] (AVAST Software) R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software) R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software) R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software) R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [41912 2010-07-22] (FSPro Labs) R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] () R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed] S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.) R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( ) S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [702464 2009-01-16] (Ralink Technology Corp.) R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.) S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [489984 2009-01-22] (Ralink Technology, Corp.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1772544 2008-05-22] () R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software) S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [99728 2010-05-09] (Sun Microsystems, Inc.) R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.) S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.) R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36400 2010-01-22] (VMware, Inc.) R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.) R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.) R2 vstor2-ws60; C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.) S3 lvupdtio; \??\C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-10 20:34 - 2017-01-10 20:34 - 00000000 ____D C:\Users\Tommy\Desktop\frst 2017-01-10 20:11 - 2014-01-07 22:39 - 00000865 _____ C:\Users\Tommy\Desktop\Mozilla Firefox.lnk 2017-01-10 19:50 - 2017-01-10 19:50 - 11005320 _____ (SurfRight B.V.) C:\Users\Tommy\Downloads\HitmanPro.exe 2017-01-10 19:49 - 2017-01-10 19:49 - 03988944 _____ C:\Users\Tommy\Downloads\adwcleaner_6.042.exe 2017-01-10 13:21 - 2017-01-10 13:32 - 00009935 _____ C:\Users\Tommy\Desktop\Fixlog.txt 2017-01-09 22:49 - 2017-01-09 22:49 - 00000060 _____ C:\Users\Tommy\Desktop\instrukcja dla ZONY.txt 2017-01-09 00:31 - 2017-01-09 00:31 - 00002584 _____ C:\Users\Tommy\Desktop\MBAM-log-2017-01-09 (00-29-00).txt 2017-01-06 23:18 - 2017-01-06 23:18 - 00094695 _____ C:\Users\Tommy\Desktop\scanG.txt 2017-01-06 13:33 - 2017-01-10 20:34 - 00000000 ____D C:\FRST 2017-01-03 20:43 - 2017-01-10 19:54 - 00000000 ____D C:\AdwCleaner 2017-01-03 19:38 - 2009-04-10 23:36 - 00333257 __RSH C:\bootmgr 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\WindowsLive_A.TXT.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\WarRock.ini.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\VundoFix.txt.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\V554.txt.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\user.js.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\SumOS.txt.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\SumHidd.txt.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\store.log.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\RHDSetup.log.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\RECOVERY.DAT.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\READER_A.TXT.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\Patch.LOG.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\Pass.txt.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\OFFICE2007_A.TXT.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\NIS2009.TXT.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\NERO.LOG.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\MSDOS.SYS.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00011264 _____ (bjjtnxDpn) C:\IO.SYS.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00008192 _____ (bjjtnxDpn) C:\need for speed 2.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\YDP.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\totalcmd.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\TEMP.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\Team17.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\Programs.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\Poker.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\PerfLogs.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\PDFcreator.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\Games.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\Edgard.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\bwinPoker.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\AvaCam.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\ASUS.SYS.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\AdwCleaner.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00007680 _____ (bjjtnxDpn) C:\$RECYCLE.BIN.exe 2017-01-02 20:57 - 2017-01-02 20:57 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Random 2017-01-02 20:56 - 2017-01-04 00:27 - 00000000 __SHD C:\WindowsMediaCenter 2017-01-02 20:56 - 2017-01-02 21:00 - 00000000 ____D C:\Program Files\CyberGhost 6 2017-01-02 20:56 - 2017-01-02 20:57 - 00001713 _____ C:\Users\Tommy\Desktop\CyberGhost 6.lnk 2017-01-02 20:56 - 2017-01-02 20:57 - 00000000 __SHD C:\ProgramData\WindowsMediaCenter 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\inject.log.txt.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\inject.log.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\igoogle_log.txt.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\Finish.log.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\F5SLAS.BIN.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\error.txt.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\EamClean.log.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\Driver.10.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\devlist.txt.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\ctapi_out_gr.txt.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\config.sys.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\CA21.txt.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\BOOTSECT.BAK.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\bootmgr.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\autoexec.bat.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\app3.LOG.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\aaw7boot.log.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00011264 _____ (bjjtnxDpn) C:\.rnd.exe 2017-01-02 20:56 - 2017-01-02 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6 2016-12-28 21:53 - 2016-12-31 22:34 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-12-28 21:52 - 2017-01-02 20:57 - 00001751 _____ C:\Users\Public\Desktop\NAVIGON Fresh.lnk 2016-12-28 21:52 - 2016-12-28 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2016-12-28 21:51 - 2016-12-28 21:51 - 00000000 ____D C:\Program Files\NAVIGON 2016-12-27 22:01 - 2016-12-27 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2016-12-27 21:51 - 2016-12-27 21:51 - 00000000 ____D C:\Users\Tommy\.gstreamer-0.10\Documents\TomTom 2016-12-27 20:09 - 2016-12-24 13:51 - 00015644 _____ C:\Users\Tommy\Desktop\MN7 & MN8 Europe Q4_2016.torrent 2016-12-21 21:11 - 2017-01-02 20:57 - 00001801 _____ C:\Users\Public\Desktop\Free Audio Editor.lnk 2016-12-21 21:10 - 2016-12-21 21:11 - 00000000 ____D C:\Users\Tommy\AppData\Local\{C531F36D-E199-9FD5-8C01-BA3DA86946A5} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-10 20:30 - 2009-09-07 13:38 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\Skype 2017-01-10 20:11 - 2016-11-18 09:58 - 00000000 ____D C:\Users\Tommy\AppData\LocalLow\Mozilla 2017-01-10 19:27 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-10 19:27 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-10 15:28 - 2012-03-21 19:28 - 00000431 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2017-01-10 15:28 - 2011-07-10 13:03 - 00000008 __RSH C:\Users\Tommy\ntuser.pol 2017-01-10 15:28 - 2009-09-06 19:04 - 00000000 ____D C:\Users\Tommy 2017-01-10 15:27 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-10 15:26 - 2006-11-02 14:01 - 00032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-01-10 13:24 - 2009-12-17 20:29 - 00000000 ___SD C:\Users\Tommy\AppData\LocalLow\Temp 2017-01-10 13:22 - 2016-11-17 23:27 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-01-10 13:22 - 2006-11-02 12:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-01-09 22:47 - 2008-04-16 12:21 - 00734996 _____ C:\Windows\system32\perfh010.dat 2017-01-09 22:47 - 2008-04-16 12:21 - 00151762 _____ C:\Windows\system32\perfc010.dat 2017-01-09 22:47 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf 2017-01-09 22:47 - 2006-11-02 11:33 - 01660824 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-08 23:06 - 2009-09-14 14:29 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\BitTorrent 2017-01-06 16:24 - 2012-12-04 21:25 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\vlc 2017-01-05 17:36 - 2013-12-19 18:33 - 00000000 ____D C:\Windows\pss 2017-01-03 21:14 - 2009-04-02 22:26 - 00000000 ____D C:\ProgramData\Temp 2017-01-03 20:36 - 2012-10-20 12:31 - 00000404 _____ C:\Windows\BRWMARK.INI 2017-01-03 20:36 - 2012-10-20 12:31 - 00000027 _____ C:\Windows\BRPP2KA.INI 2017-01-02 21:16 - 2015-06-09 09:10 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2017-01-02 21:01 - 2013-03-19 17:29 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-02 20:57 - 2016-10-07 14:26 - 00001839 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2017-01-02 20:57 - 2016-03-21 20:37 - 00001645 _____ C:\Users\Tommy\Desktop\Anki.lnk 2017-01-02 20:57 - 2015-08-31 19:47 - 00001737 _____ C:\Users\Public\Desktop\VLC media player.lnk 2017-01-02 20:57 - 2015-06-24 19:48 - 00001823 _____ C:\Users\Tommy\Desktop\VT Niemiecki Kurs podstawowy mp3.lnk 2017-01-02 20:57 - 2014-10-03 20:40 - 00001739 _____ C:\Users\Public\Desktop\Reader for PC.lnk 2017-01-02 20:57 - 2014-08-02 19:43 - 00001753 _____ C:\Users\Public\Desktop\Skype.lnk 2016-12-30 18:19 - 2012-04-19 19:47 - 00000000 ____D C:\Users\Tommy\AppData\Local\Downloaded Installations 2016-12-29 23:07 - 2015-04-02 20:05 - 00000000 ____D C:\Users\Tommy\Doctor Web 2016-12-29 21:02 - 2015-12-17 18:04 - 00000386 _____ C:\Users\Tommy\Desktop\radio FIXODIN.txt 2016-12-28 23:26 - 2006-11-02 11:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts 2016-12-28 21:53 - 2012-03-02 22:35 - 00000000 ____D C:\Users\Tommy\Application Data 2016-12-28 21:51 - 2009-04-02 22:12 - 00000000 __SHD C:\Windows\Installer 2016-12-28 17:29 - 2012-11-03 12:49 - 00000000 ____D C:\Users\Tommy\Desktop\MOJE DOKUMENTY 2016-12-27 22:01 - 2010-07-31 20:16 - 00000000 ____D C:\Program Files\TomTom HOME 2 2016-12-27 19:33 - 2009-09-07 00:35 - 00032768 _____ C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-12-24 19:23 - 2008-04-16 12:27 - 00000000 ____D C:\Windows\Panther 2016-12-24 00:33 - 2010-10-01 20:56 - 00000000 ____D C:\Users\Tommy\Shared 2016-12-21 21:11 - 2016-10-07 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2016-12-21 21:11 - 2016-10-07 14:24 - 00000000 ____D C:\Users\Tommy\AppData\Roaming\DVDVideoSoft 2016-12-21 21:11 - 2016-10-07 14:24 - 00000000 ____D C:\Program Files\DVDVideoSoft 2016-12-21 21:11 - 2016-10-07 14:24 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2016-12-16 17:30 - 2012-05-08 19:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-12-14 11:01 - 2012-11-01 16:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-12-14 11:01 - 2011-06-06 19:39 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-12-14 11:01 - 2009-04-02 23:35 - 00000000 ____D C:\Windows\system32\Macromed ==================== Files in the root of some directories ======= 2009-10-31 18:33 - 2009-10-31 18:33 - 0000000 _____ () C:\Program Files\AstonWriteTest.txt 2007-06-12 18:34 - 2007-06-12 18:34 - 0035822 _____ () C:\Program Files\Common Files\ASPG_icon.ico 2008-05-22 17:35 - 2008-05-22 17:35 - 0051962 _____ () C:\Program Files\Common Files\banner.jpg 2008-07-02 03:28 - 2008-07-02 03:28 - 0061440 _____ () C:\Program Files\Common Files\CPInstallAction.dll 2011-12-01 19:42 - 2010-01-26 11:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe 2010-11-05 17:43 - 2013-09-17 22:24 - 0000472 _____ () C:\Users\Tommy\AppData\Roaming\burnaware.ini 2009-09-30 21:57 - 2009-07-07 15:16 - 0076407 _____ () C:\Users\Tommy\AppData\Roaming\Smiley.ico 2009-10-23 15:48 - 2011-10-21 11:41 - 0024206 _____ () C:\Users\Tommy\AppData\Roaming\UserTile.png 2011-07-15 16:00 - 2011-07-16 13:18 - 0230902 _____ () C:\Users\Tommy\AppData\Local\ars.cache 2011-07-15 16:00 - 2011-07-16 13:19 - 0332968 _____ () C:\Users\Tommy\AppData\Local\census.cache 2009-10-29 22:27 - 2016-02-23 22:38 - 0006944 _____ () C:\Users\Tommy\AppData\Local\d3d9caps.dat 2009-09-07 00:35 - 2016-12-27 19:33 - 0032768 _____ () C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-07-15 15:46 - 2011-07-15 15:46 - 0000036 _____ () C:\Users\Tommy\AppData\Local\housecall.guid.cache 2014-08-02 11:35 - 2014-08-02 11:35 - 0000000 _____ () C:\Users\Tommy\AppData\Local\{18C08864-E834-4CC5-8352-7D547FB71467} 2011-12-01 19:42 - 2010-05-28 23:37 - 0015086 _____ () C:\ProgramData\Amazon.ico 2013-12-11 19:00 - 2013-12-11 19:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2009-09-07 13:39 - 2009-09-07 13:39 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2013-04-01 13:59 - 2013-04-01 13:59 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-10 15:43 ==================== End of FRST.txt ============================