API tools faq
paste
Advertisement
Guest User

OTL Log

a guest
Mar 19th, 2015
30
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 73.11 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 2015-03-19 21:43:54 - Run 1
  2. OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
  3. 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
  4. Internet Explorer (Version = 9.0.8112.16421)
  5. Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
  6.  
  7. 3,96 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,48% Memory free
  8. 6,96 Gb Paging File | 5,03 Gb Available in Paging File | 72,25% Paging File free
  9. Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
  12. Drive C: | 75,04 Gb Total Space | 15,09 Gb Free Space | 20,11% Space Free | Partition Type: NTFS
  13. Drive D: | 390,62 Gb Total Space | 79,65 Gb Free Space | 20,39% Space Free | Partition Type: NTFS
  14.  
  15. Computer Name: ADMIN-KOMPUTER | User Name: Admin | Logged in as Administrator.
  16. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
  17. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  18.  
  19. [color=#E56717]========== Processes (SafeList) ==========[/color]
  20.  
  21. PRC - [2015-03-19 20:15:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
  22. PRC - [2015-03-13 21:17:54 | 000,925,904 | ---- | M] (ABBYY Production LLC) -- C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
  23. PRC - [2015-01-14 13:01:29 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes Anti-Malware\mbam.exe
  24. PRC - [2015-01-14 13:01:29 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe
  25. PRC - [2015-01-14 13:01:29 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe
  26. PRC - [2014-02-24 12:30:28 | 002,768,088 | ---- | M] (Disc Soft Ltd) -- D:\Programy\DAEMON Tools Pro\DTShellHlp.exe
  27.  
  28.  
  29. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  30.  
  31. MOD - [2014-03-17 02:23:05 | 000,003,132 | ---- | M] () -- D:\Programy\DAEMON Tools Pro\MSIMG32.dll
  32. MOD - [2010-01-30 01:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
  33.  
  34.  
  35. [color=#E56717]========== Services (SafeList) ==========[/color]
  36.  
  37. SRV:[b]64bit:[/b] - [2015-02-04 14:39:59 | 007,618,952 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
  38. SRV:[b]64bit:[/b] - [2015-02-04 14:39:59 | 002,265,304 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
  39. SRV:[b]64bit:[/b] - [2014-07-25 15:02:38 | 018,956,064 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
  40. SRV:[b]64bit:[/b] - [2012-07-24 10:43:00 | 000,146,984 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
  41. SRV:[b]64bit:[/b] - [2012-05-30 13:11:34 | 000,149,544 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
  42. SRV:[b]64bit:[/b] - [2012-04-20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
  43. SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
  44. SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
  45. SRV - [2015-03-13 21:17:54 | 000,925,904 | ---- | M] (ABBYY Production LLC) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.12.0)
  46. SRV - [2015-03-13 13:35:34 | 000,064,616 | ---- | M] (CyberGhost S.R.L) [Disabled | Stopped] -- D:\Programy\CyberGhost 5\Service.exe -- (CGVPNCliService)
  47. SRV - [2015-03-09 22:48:28 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
  48. SRV - [2015-03-08 22:37:11 | 000,835,776 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
  49. SRV - [2015-03-08 18:18:08 | 000,148,080 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
  50. SRV - [2015-03-05 12:48:18 | 001,910,640 | ---- | M] (Electronic Arts) [Disabled | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
  51. SRV - [2015-02-07 11:36:25 | 002,724,128 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
  52. SRV - [2015-02-07 11:36:24 | 000,815,392 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe -- (AdvancedSystemCareService8)
  53. SRV - [2015-01-25 12:34:00 | 000,713,568 | ---- | M] () [Disabled | Stopped] -- D:\Programy\Ad-Aware\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe -- (LavasoftAdAwareService11)
  54. SRV - [2015-01-14 13:01:29 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
  55. SRV - [2015-01-14 13:01:29 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
  56. SRV - [2015-01-02 19:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
  57. SRV - [2014-12-20 12:09:49 | 000,344,896 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
  58. SRV - [2014-12-03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
  59. SRV - [2014-11-27 14:43:10 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
  60. SRV - [2014-10-31 23:27:38 | 000,183,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
  61. SRV - [2014-10-14 20:33:28 | 000,174,600 | ---- | M] (Sandboxie Holdings, LLC) [Disabled | Stopped] -- D:\Programy\Sandboxie\SbieSvc.exe -- (SbieSvc)
  62. SRV - [2014-09-17 09:40:28 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
  63. SRV - [2014-09-17 06:47:04 | 000,070,864 | ---- | M] (Comodo Security Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
  64. SRV - [2014-08-06 10:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- D:\Programy\TeamViewer\TeamViewer_Service.exe -- (TeamViewer9)
  65. SRV - [2014-08-05 20:35:41 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
  66. SRV - [2014-07-25 15:02:40 | 001,720,608 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
  67. SRV - [2014-02-25 18:38:48 | 000,105,448 | ---- | M] (Razer Inc.) [Disabled | Stopped] -- D:\Programy\Razer Game Booster\RzKLService.exe -- (RzKLService)
  68. SRV - [2012-07-27 06:25:28 | 000,276,288 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
  69. SRV - [2012-07-17 10:10:32 | 000,364,416 | R--- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
  70. SRV - [2012-07-17 10:10:30 | 000,276,864 | R--- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
  71. SRV - [2012-07-17 10:10:16 | 000,165,760 | R--- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
  72. SRV - [2012-07-08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
  73. SRV - [2012-06-29 17:56:30 | 000,136,704 | ---- | M] (MSI) [Disabled | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
  74. SRV - [2011-08-05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programy\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
  75. SRV - [2011-08-05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programy\Zune\WMZuneComm.exe -- (WMZuneComm)
  76. SRV - [2011-08-05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programy\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
  77. SRV - [2010-03-25 09:41:00 | 051,456,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programy\Office Pro Plus 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
  78. SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
  79. SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
  80. SRV - [2006-10-23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
  81.  
  82.  
  83. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  84.  
  85. DRV:[b]64bit:[/b] - [2015-03-19 21:32:57 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
  86. DRV:[b]64bit:[/b] - [2015-03-18 20:08:20 | 000,141,440 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
  87. DRV:[b]64bit:[/b] - [2015-02-22 12:53:34 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
  88. DRV:[b]64bit:[/b] - [2015-02-22 12:53:32 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
  89. DRV:[b]64bit:[/b] - [2015-02-08 11:27:02 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
  90. DRV:[b]64bit:[/b] - [2015-02-08 10:42:16 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
  91. DRV:[b]64bit:[/b] - [2015-01-30 13:27:56 | 000,020,184 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
  92. DRV:[b]64bit:[/b] - [2015-01-25 12:33:08 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
  93. DRV:[b]64bit:[/b] - [2015-01-18 13:46:34 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
  94. DRV:[b]64bit:[/b] - [2015-01-18 13:46:09 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
  95. DRV:[b]64bit:[/b] - [2015-01-17 11:20:02 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
  96. DRV:[b]64bit:[/b] - [2015-01-15 21:38:25 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
  97. DRV:[b]64bit:[/b] - [2015-01-15 21:30:19 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
  98. DRV:[b]64bit:[/b] - [2015-01-14 13:01:29 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
  99. DRV:[b]64bit:[/b] - [2015-01-14 13:01:29 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
  100. DRV:[b]64bit:[/b] - [2014-12-23 23:52:10 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
  101. DRV:[b]64bit:[/b] - [2014-12-22 12:11:02 | 000,021,656 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evolve.sys -- (EvolveVirtualAdapter)
  102. DRV:[b]64bit:[/b] - [2014-12-20 16:55:07 | 000,942,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
  103. DRV:[b]64bit:[/b] - [2014-11-17 22:37:21 | 000,129,600 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
  104. DRV:[b]64bit:[/b] - [2014-10-31 23:27:07 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
  105. DRV:[b]64bit:[/b] - [2014-07-25 15:02:38 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
  106. DRV:[b]64bit:[/b] - [2014-07-19 23:08:24 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
  107. DRV:[b]64bit:[/b] - [2014-07-19 23:08:24 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
  108. DRV:[b]64bit:[/b] - [2014-07-19 22:17:34 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
  109. DRV:[b]64bit:[/b] - [2014-07-19 16:04:16 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
  110. DRV:[b]64bit:[/b] - [2014-06-26 06:33:42 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD)
  111. DRV:[b]64bit:[/b] - [2014-05-23 11:34:46 | 000,032,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
  112. DRV:[b]64bit:[/b] - [2014-05-18 10:20:04 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
  113. DRV:[b]64bit:[/b] - [2014-05-17 01:42:38 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
  114. DRV:[b]64bit:[/b] - [2014-03-31 17:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
  115. DRV:[b]64bit:[/b] - [2014-03-29 12:16:08 | 000,099,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
  116. DRV:[b]64bit:[/b] - [2014-03-29 12:07:57 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
  117. DRV:[b]64bit:[/b] - [2014-03-09 20:52:18 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
  118. DRV:[b]64bit:[/b] - [2013-10-17 16:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
  119. DRV:[b]64bit:[/b] - [2013-08-22 13:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
  120. DRV:[b]64bit:[/b] - [2012-07-25 05:08:30 | 008,982,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
  121. DRV:[b]64bit:[/b] - [2012-07-24 10:37:56 | 000,019,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
  122. DRV:[b]64bit:[/b] - [2012-07-24 10:37:54 | 000,020,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
  123. DRV:[b]64bit:[/b] - [2012-05-30 13:10:50 | 000,016,168 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
  124. DRV:[b]64bit:[/b] - [2010-11-21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
  125. DRV:[b]64bit:[/b] - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
  126. DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
  127. DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
  128. DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
  129. DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
  130. DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
  131. DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
  132. DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
  133. DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
  134. DRV:[b]64bit:[/b] - [2009-08-21 09:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
  135. DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
  136. DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
  137. DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
  138. DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
  139. DRV:[b]64bit:[/b] - [2009-07-14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
  140. DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
  141. DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
  142. DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
  143. DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
  144. DRV:[b]64bit:[/b] - [2006-11-29 23:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
  145. DRV - [2014-12-29 11:21:59 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
  146. DRV - [2014-12-20 12:09:51 | 000,023,048 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
  147. DRV - [2014-12-20 12:09:51 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
  148. DRV - [2014-10-14 20:33:28 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- D:\Programy\Sandboxie\SbieDrv.sys -- (SbieDrv)
  149. DRV - [2014-06-17 22:44:16 | 000,051,200 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\aip.sys -- (AIP)
  150. DRV - [2010-01-18 10:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
  151. DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
  152.  
  153.  
  154. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  155.  
  156.  
  157. [color=#E56717]========== Internet Explorer ==========[/color]
  158.  
  159. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
  160. IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  161. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  162. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
  163. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
  164. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  165. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
  166. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  167. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  168.  
  169.  
  170. IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  171.  
  172. IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  173.  
  174. IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
  175. IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  176.  
  177. IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
  178. IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  179.  
  180. IE - HKU\S-1-5-21-266233627-488781306-3198835773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 56834284
  181. IE - HKU\S-1-5-21-266233627-488781306-3198835773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
  182. IE - HKU\S-1-5-21-266233627-488781306-3198835773-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  183. IE - HKU\S-1-5-21-266233627-488781306-3198835773-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  184. IE - HKU\S-1-5-21-266233627-488781306-3198835773-1000\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUH63371333713&ts=1421853315&type=default&q={searchTerms}
  185. IE - HKU\S-1-5-21-266233627-488781306-3198835773-1000\..\SearchScopes\{9C6C206F-0DEB-430D-B17E-919456CCDA14}: "URL" = http://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUH63371333713&ts=1421853315&type=default&q={searchTerms}
  186. IE - HKU\S-1-5-21-266233627-488781306-3198835773-1000\..\SearchScopes\{C2210D94-926A-44CA-9289-CA3BDC603D88}: "URL" = http://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUH63371333713&ts=1421853315&type=default&q={searchTerms}
  187. IE - HKU\S-1-5-21-266233627-488781306-3198835773-1000\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUH63371333713&ts=1421853315&type=default&q={searchTerms}
  188. IE - HKU\S-1-5-21-266233627-488781306-3198835773-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  189.  
  190. [color=#E56717]========== FireFox ==========[/color]
  191.  
  192. FF - prefs.js..browser.search.countryCode: "PL"
  193. FF - prefs.js..browser.search.isUS: false
  194. FF - prefs.js..browser.search.region: "PL"
  195. FF - prefs.js..browser.search.searchengine.alias: "sweet-page"
  196. FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
  197. FF - prefs.js..browser.search.searchengine.iconURL: "http://www.sweet-page.com/favicon.ico"
  198. FF - prefs.js..browser.search.searchengine.name: "sweet-page"
  199. FF - prefs.js..browser.search.searchengine.ptid: "cor"
  200. FF - prefs.js..browser.search.searchengine.uid: "WDCXWD5000AAKX-001CA0_WD-WCAYUH63371333713"
  201. FF - prefs.js..browser.search.searchengine.url: "http://www.sweet-page.com/web/?type=ds&ts=1421853209&from=cor&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUH63371333713&q={searchTerms}"
  202. FF - prefs.js..browser.search.selectedEngine: "Google"
  203. FF - prefs.js..browser.search.useDBForOrder: true
  204. FF - prefs.js..browser.startup.homepage: "google.pl"
  205. FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.9
  206. FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
  207. FF - prefs.js..extensions.enabledAddons: mozrepl%40hyperstruct.net:1.1.2
  208. FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1
  209.  
  210.  
  211. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
  212. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.76.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
  213. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.76.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
  214. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll File not found
  215. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programy\OFFICE~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  216. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
  217. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Programy\Adobe\AdobeIllustrator CS6\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
  218. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
  219. FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
  220. FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
  221. FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
  222. FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
  223. FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
  224. FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
  225. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
  226. FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
  227. FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  228. FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
  229. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
  230. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
  231. FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  232. FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
  233. FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Programy\Adobe\AdobeIllustrator CS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
  234. FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
  235.  
  236. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
  237. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015-01-18 18:31:16 | 000,000,000 | ---D | M]
  238.  
  239. [2013-10-27 05:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
  240. [2015-03-19 19:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhos1lql.default-1396094286121\extensions
  241. [2015-03-13 20:43:53 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhos1lql.default-1396094286121\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
  242. [2015-03-13 22:35:21 | 002,558,942 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhos1lql.default-1396094286121\extensions\firebug@software.joehewitt.com.xpi
  243. [2015-03-14 00:20:50 | 000,028,928 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhos1lql.default-1396094286121\extensions\mozrepl@hyperstruct.net.xpi
  244. [2015-03-13 23:15:15 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhos1lql.default-1396094286121\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
  245. [2015-03-17 19:26:45 | 000,970,602 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhos1lql.default-1396094286121\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
  246. [2015-01-19 13:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
  247. [2015-03-08 18:18:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  248. [2015-01-18 18:31:15 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\afproxy@anchorfree.com
  249.  
  250. [color=#E56717]========== Chrome ==========[/color]
  251.  
  252. CHR - plugin: Error reading preferences file
  253. CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
  254. CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\8.0.7_0\
  255. CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2.2_0\
  256. CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.20.1_0\
  257. CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib\0.2.6.2_0\
  258. CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\6.5.1_0\
  259. CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0\
  260. CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
  261.  
  262. O1 HOSTS File: ([2015-03-19 21:31:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
  263. O1 - Hosts: 127.0.0.1 localhost
  264. O2:[b]64bit:[/b] - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - D:\Programy\IObit Uninstaller\UninstallExplorer64.dll (IObit)
  265. O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Office Pro Plus 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
  266. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
  267. O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Office Pro Plus 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
  268. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
  269. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
  270. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
  271. O2 - BHO: (Advanced SystemCare Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL (IObit)
  272. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
  273. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  274. O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
  275. O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
  276. O4 - HKLM..\Run: [Bonus.SSR.FR12] C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe (ABBYY Production LLC.)
  277. O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
  278. O4 - HKU\S-1-5-21-266233627-488781306-3198835773-1000..\Run: [CMD] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
  279. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  280. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
  281. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
  282. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  283. O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  284. O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  285. O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  286. O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  287. O7 - HKU\S-1-5-21-266233627-488781306-3198835773-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  288. O7 - HKU\S-1-5-21-266233627-488781306-3198835773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
  289. O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\Programy\OFFICE~1\Office15\EXCEL.EXE/3000 File not found
  290. O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - res://D:\Programy\OFFICE~1\Office15\ONBttnIE.dll/105 File not found
  291. O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\Programy\OFFICE~1\Office15\EXCEL.EXE/3000 File not found
  292. O8 - Extra context menu item: Wyślij &do programu OneNote - res://D:\Programy\OFFICE~1\Office15\ONBttnIE.dll/105 File not found
  293. O13 - gopher Prefix: missing
  294. O15 - HKU\S-1-5-21-266233627-488781306-3198835773-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
  295. O15 - HKU\S-1-5-21-266233627-488781306-3198835773-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
  296. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
  297. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A3C7687-D8BC-4DC6-ADBF-23A8036621EB}: DhcpNameServer = 192.168.1.1 192.168.1.1
  298. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A3C7687-D8BC-4DC6-ADBF-23A8036621EB}: NameServer = 208.67.222.222,208.67.220.220
  299. O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
  300. O18:[b]64bit:[/b] - Protocol\Handler\skypec2c - No CLSID value found
  301. O18 - Protocol\Handler\ms-help - No CLSID value found
  302. O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
  303. O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
  304. O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  305. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
  306. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
  307. O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
  308. O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
  309. O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
  310. O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  311. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  312. O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programy\Office Pro Plus 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
  313. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
  314. O32 - HKLM CDRom: AutoRun - 1
  315. O34 - HKLM BootExecute: (autocheck autochk *)
  316. O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
  317. O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
  318. O35 - HKLM\..comfile [open] -- "%1" %*
  319. O35 - HKLM\..exefile [open] -- "%1" %*
  320. O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
  321. O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
  322. O37 - HKLM\...com [@ = ComFile] -- "%1" %*
  323. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  324. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  325. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  326. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  327.  
  328. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  329.  
  330. [2015-03-19 21:42:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
  331. [2015-03-19 21:32:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
  332. [2015-03-19 20:15:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
  333. [2015-03-16 17:35:46 | 000,204,264 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll
  334. [2015-03-16 17:35:46 | 000,141,440 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
  335. [2015-03-16 08:35:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\.android
  336. [2015-03-13 21:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
  337. [2015-03-13 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 12
  338. [2015-03-13 20:52:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ABBYY
  339. [2015-03-13 13:44:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AOL
  340. [2015-03-13 13:35:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\CyberGhost
  341. [2015-03-13 13:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
  342. [2015-03-11 23:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\Tracing
  343. [2015-03-10 21:24:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Colossal Order
  344. [2015-03-10 21:24:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Colossal Order
  345. [2015-03-10 21:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities_Skylines
  346. [2015-03-09 22:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
  347. [2015-03-08 19:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
  348. [2015-03-05 16:28:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
  349. [2015-03-05 16:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
  350. [2015-03-05 16:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
  351. [2015-03-05 13:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
  352. [2015-03-05 12:48:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Origin
  353. [2015-02-27 23:20:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Game Dev Tycoon - Steam
  354. [2015-02-27 23:20:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
  355. [2015-02-27 23:20:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
  356. [2015-02-27 23:20:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon v1.4.16 build 240714
  357. [2015-02-27 23:20:09 | 000,000,000 | ---D | C] -- C:\2-click run
  358. [2015-02-27 20:27:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\ventrillo
  359. [2015-02-27 13:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
  360. [2015-02-25 22:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codelobster Software
  361. [2015-02-25 18:07:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\mumble
  362. [2015-02-24 20:41:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\LEGDZJE
  363. [2015-02-21 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Steam
  364. [2015-02-20 21:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOS Manager
  365. [2015-01-18 14:00:10 | 005,404,888 | ---- | C] (COMODO) -- C:\ProgramData\cis446F.exe
  366. [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
  367. [13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
  368.  
  369. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  370.  
  371. [2015-03-19 21:39:23 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
  372. [2015-03-19 21:38:56 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  373. [2015-03-19 21:38:56 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  374. [2015-03-19 21:32:57 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
  375. [2015-03-19 21:31:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
  376. [2015-03-19 21:29:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  377. [2015-03-19 21:29:25 | 3192,885,248 | -HS- | M] () -- C:\hiberfil.sys
  378. [2015-03-19 21:29:01 | 000,003,400 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
  379. [2015-03-19 21:13:18 | 000,518,144 | ---- | M] (SteelWerX) -- C:\Windows\SWREG.exe
  380. [2015-03-19 21:13:18 | 000,406,528 | ---- | M] (SteelWerX) -- C:\Windows\SWSC.exe
  381. [2015-03-19 21:13:18 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
  382. [2015-03-19 21:13:18 | 000,212,480 | ---- | M] (SteelWerX) -- C:\Windows\SWXCACLS.exe
  383. [2015-03-19 21:13:18 | 000,208,896 | ---- | M] () -- C:\Windows\MBR.exe
  384. [2015-03-19 21:13:18 | 000,098,816 | ---- | M] () -- C:\Windows\sed.exe
  385. [2015-03-19 21:13:18 | 000,080,412 | ---- | M] () -- C:\Windows\grep.exe
  386. [2015-03-19 21:13:18 | 000,068,096 | ---- | M] () -- C:\Windows\zip.exe
  387. [2015-03-19 21:13:17 | 000,060,416 | ---- | M] (NirSoft) -- C:\Windows\NIRCMD.exe
  388. [2015-03-19 20:15:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
  389. [2015-03-19 19:30:54 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
  390. [2015-03-19 18:06:19 | 000,000,092 | ---- | M] () -- C:\Users\Admin\Desktop\plemiona ie.au3
  391. [2015-03-19 18:04:51 | 000,031,456 | ---- | M] () -- C:\Users\Admin\Desktop\plemiona.jpg
  392. [2015-03-18 23:51:06 | 000,045,516 | ---- | M] () -- C:\Users\Admin\Desktop\godła.jpg
  393. [2015-03-18 20:08:43 | 000,204,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll
  394. [2015-03-18 20:08:20 | 000,141,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
  395. [2015-03-17 19:18:33 | 000,476,527 | ---- | M] () -- C:\Users\Admin\Desktop\pl-voucher_review.pdf
  396. [2015-03-10 08:17:09 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
  397. [2015-03-09 22:48:28 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
  398. [2015-03-09 22:48:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
  399. [2015-03-09 09:19:59 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  400. [2015-03-09 09:19:59 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  401. [2015-03-08 19:56:42 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
  402. [2015-03-05 16:28:27 | 000,072,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xliveinstallhost.exe
  403. [2015-02-28 11:03:48 | 005,098,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
  404. [2015-02-27 11:21:03 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\{F893B3C0-973C-4241-980B-80D217D0E4EB}
  405. [2015-02-25 22:36:44 | 000,000,000 | ---- | M] () -- C:\Windows\php.ini
  406. [2015-02-24 17:46:01 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\{727EB87F-8002-4F8C-9F7B-30B8574664EC}
  407. [2015-02-22 16:29:22 | 000,000,132 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG
  408. [2015-02-22 12:53:34 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSDScDrv.dll
  409. [2015-02-22 12:53:34 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WSDScan.sys
  410. [2015-02-22 12:53:32 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WSDPrint.sys
  411. [2015-02-18 09:47:14 | 000,000,000 | -H-- | M] () -- C:\asc_rdflag
  412. [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
  413. [13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
  414.  
  415. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  416.  
  417. [2015-03-19 18:04:51 | 000,031,456 | ---- | C] () -- C:\Users\Admin\Desktop\plemiona.jpg
  418. [2015-03-19 17:42:44 | 000,000,092 | ---- | C] () -- C:\Users\Admin\Desktop\plemiona ie.au3
  419. [2015-03-18 23:51:06 | 000,045,516 | ---- | C] () -- C:\Users\Admin\Desktop\godła.jpg
  420. [2015-03-17 19:18:31 | 000,476,527 | ---- | C] () -- C:\Users\Admin\Desktop\pl-voucher_review.pdf
  421. [2015-03-05 16:28:00 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
  422. [2015-02-27 11:19:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F893B3C0-973C-4241-980B-80D217D0E4EB}
  423. [2015-02-25 22:36:44 | 000,000,000 | ---- | C] () -- C:\Windows\php.ini
  424. [2015-02-24 19:02:37 | 000,003,400 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
  425. [2015-02-24 17:46:01 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{727EB87F-8002-4F8C-9F7B-30B8574664EC}
  426. [2015-02-18 09:47:14 | 000,000,000 | -H-- | C] () -- C:\asc_rdflag
  427. [2015-01-24 00:43:46 | 000,007,168 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  428. [2015-01-18 12:27:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
  429. [2015-01-18 12:27:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
  430. [2015-01-18 12:27:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
  431. [2015-01-18 12:27:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
  432. [2015-01-18 12:27:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
  433. [2015-01-15 21:01:42 | 000,001,942 | ---- | C] () -- C:\Windows\Sandboxie.ini
  434. [2015-01-02 18:55:58 | 000,218,712 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
  435. [2014-12-24 11:47:00 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{1C5484AC-2598-433A-B895-F707876F11AB}
  436. [2014-10-11 22:26:35 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
  437. [2014-08-05 21:18:33 | 000,000,932 | ---- | C] () -- C:\Users\Admin\us.stackdump
  438. [2014-08-05 20:33:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
  439. [2014-07-04 22:49:37 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Preferencje Adobe CS5 dla formatu BMP
  440. [2014-06-13 18:41:16 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
  441. [2014-06-13 18:40:57 | 000,000,025 | ---- | C] () -- C:\Windows\emcore.INI
  442. [2014-06-13 15:42:03 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\drivers\aip.sys
  443. [2014-03-27 23:52:18 | 000,000,975 | ---- | C] () -- C:\Users\Admin\AppData\Local\recently-used.xbel
  444. [2014-01-02 21:42:26 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
  445. [2013-12-17 16:54:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
  446. [2013-12-14 18:44:21 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
  447. [2013-11-03 23:38:25 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
  448. [2013-10-27 19:40:38 | 001,636,610 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
  449. [2013-10-27 05:11:22 | 000,007,463 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\zapamietaj31.ini
  450. [2013-10-27 05:11:22 | 000,001,410 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\zapamietaj21.ini
  451. [2013-10-27 05:11:22 | 000,000,051 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\zapamietaj.ini
  452. [2013-10-27 05:11:21 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG
  453. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempZSF684.html
  454. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempzPU564.html
  455. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempznc672.html
  456. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempzmW664.html
  457. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempzET504.html
  458. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempYoe692.html
  459. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempYeW332.html
  460. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempYEr432.html
  461. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempY16860.html
  462. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempXBj148.html
  463. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempx17548.html
  464. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempx10080.html
  465. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempw24880.html
  466. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempvpB332.html
  467. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempv26704.html
  468. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempv14592.html
  469. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempUwv964.html
  470. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempUOw296.html
  471. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempU11732.html
  472. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Temptwi992.html
  473. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempTqk452.html
  474. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempTnL728.html
  475. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempTfJ148.html
  476. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempTAH796.html
  477. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempT18544.html
  478. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempSNq856.html
  479. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempSBX348.html
  480. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Temps15640.html
  481. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempS14692.html
  482. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Temps13172.html
  483. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Temps12228.html
  484. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Temps10412.html
  485. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempRTd444.html
  486. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TemprSu344.html
  487. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempQUb888.html
  488. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempq13592.html
  489. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempPYN452.html
  490. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempPWq108.html
  491. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TemppqR912.html
  492. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempOqC296.html
  493. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempoDW448.html
  494. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempo17744.html
  495. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempO15588.html
  496. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempo10480.html
  497. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempnFT836.html
  498. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempMuj340.html
  499. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempMPH440.html
  500. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempM18112.html
  501. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TemplPW516.html
  502. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempLlX448.html
  503. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TemplaS308.html
  504. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Templ12424.html
  505. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempKRn908.html
  506. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempKFq356.html
  507. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempKEA744.html
  508. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempK12776.html
  509. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempJYg916.html
  510. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempJtg148.html
  511. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempJbl272.html
  512. [2013-10-27 05:10:22 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempJBD572.html
  513. [2013-10-27 05:10:22 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempYAv448.html
  514. [2013-10-27 05:10:22 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempX14592.html
  515. [2013-10-27 05:10:22 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempVys716.html
  516. [2013-10-27 05:10:22 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempsQn836.html
  517. [2013-10-27 05:10:22 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempP10584.html
  518. [2013-10-27 05:10:22 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempoAZ604.html
  519. [2013-10-27 05:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{D342DB63-FE75-43FD-B39E-C9789B7D184D}
  520. [2013-10-27 05:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{A179A76A-D87E-4C16-B74A-2F86221F8003}
  521. [2013-10-27 05:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{97E606A9-2198-4DD2-B4EE-E37F0AF08ADF}
  522. [2013-10-27 05:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8A32BAF3-220B-4A6F-B553-8D5626FF138E}
  523. [2013-10-27 05:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{85C48DCB-4C47-40BC-A4C6-661FEE56B5A4}
  524. [2013-10-27 05:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{5F4C48AE-2675-42DF-B0DE-01C231838698}
  525. [2013-10-27 05:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{340EB21C-ACC2-49FB-9D12-1332328667FD}
  526. [2013-10-27 05:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{0D497D27-E7B7-40BA-BF5B-10B209B12361}
  527. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempiYS868.html
  528. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempIqE148.html
  529. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempiJy984.html
  530. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempIiQ724.html
  531. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TemphHk836.html
  532. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempHfA320.html
  533. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Temph21932.html
  534. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempgGH604.html
  535. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempGcl664.html
  536. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempgAQ272.html
  537. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempg17700.html
  538. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempg10584.html
  539. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempfMX368.html
  540. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempf15156.html
  541. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempePJ848.html
  542. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempeML676.html
  543. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempeFe716.html
  544. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempeAr676.html
  545. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempe14044.html
  546. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempe11784.html
  547. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempDvH612.html
  548. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempDqF912.html
  549. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempdjZ808.html
  550. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempd14548.html
  551. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempD10688.html
  552. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempCxV284.html
  553. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempcQr296.html
  554. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempbpD796.html
  555. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempBms536.html
  556. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempbHC840.html
  557. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempB21124.html
  558. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempaww804.html
  559. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\Tempaut720.html
  560. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempAsb196.html
  561. [2013-10-27 05:10:21 | 000,002,432 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempAJH552.html
  562. [2013-10-27 05:10:21 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempF10412.html
  563. [2013-10-27 05:10:21 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempeKe964.html
  564. [2013-10-27 05:10:21 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempEBs868.html
  565. [2013-10-27 05:10:21 | 000,002,089 | ---- | C] () -- C:\Users\Admin\AppData\Local\TempDJi296.html
  566. [2013-10-27 05:01:42 | 000,597,244 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
  567. [2013-10-27 05:01:42 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
  568. [2013-10-27 05:01:41 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
  569.  
  570. [color=#E56717]========== ZeroAccess Check ==========[/color]
  571.  
  572. [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  573.  
  574. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  575.  
  576. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  577.  
  578. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
  579.  
  580. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  581.  
  582. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  583. "" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
  584. "ThreadingModel" = Apartment
  585.  
  586. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  587. "" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
  588. "ThreadingModel" = Apartment
  589.  
  590. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
  591. "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
  592. "ThreadingModel" = Free
  593.  
  594. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  595. "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
  596. "ThreadingModel" = Free
  597.  
  598. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
  599. "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
  600. "ThreadingModel" = Both
  601.  
  602. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  603.  
  604. [color=#E56717]========== LOP Check ==========[/color]
  605.  
  606. [2014-07-12 14:56:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
  607. [2014-03-02 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.technic
  608. [2015-02-17 20:36:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.techniclauncher
  609. [2015-02-17 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.zyczujdk7
  610. [2014-05-29 20:28:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Battle.net
  611. [2013-10-27 05:11:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
  612. [2014-07-19 15:36:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
  613. [2015-03-06 10:15:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro
  614. [2013-10-27 05:11:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
  615. [2015-03-08 16:08:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
  616. [2014-08-12 11:50:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ftblauncher
  617. [2013-10-27 05:11:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gadu-Gadu 10
  618. [2015-02-02 23:00:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GG
  619. [2015-01-21 16:12:43 | 000,000,000 | -H-D | M] -- C:\Users\Admin\AppData\Roaming\GoldenGate
  620. [2015-01-18 11:44:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IObit
  621. [2013-10-27 05:11:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
  622. [2013-10-27 05:11:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient2
  623. [2013-10-27 05:11:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX
  624. [2013-10-27 05:11:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia
  625. [2014-04-09 17:11:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
  626. [2014-07-05 22:38:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera Software
  627. [2015-03-13 10:33:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
  628. [2013-10-27 05:12:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhotoFiltre
  629. [2013-10-28 15:47:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Riot Games
  630. [2014-02-23 09:48:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
  631. [2014-11-05 16:08:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Steam
  632. [2014-09-25 16:25:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
  633. [2013-10-27 05:12:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
  634. [2014-02-23 09:41:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
  635. [2013-12-26 20:46:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
  636. [2015-03-13 10:31:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
  637. [2015-01-17 21:02:09 | 000,000,000 | -HSD | M] -- C:\Users\Admin\AppData\Roaming\wyUpdate AU
  638. [2014-06-17 16:35:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
  639. [2013-11-27 09:52:02 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
  640. [2014-06-17 16:35:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
  641. [2013-11-27 09:52:02 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
  642.  
  643. [color=#E56717]========== Purity Check ==========[/color]
  644.  
  645.  
  646.  
  647. [color=#E56717]========== Alternate Data Streams ==========[/color]
  648.  
  649. @Alternate Data Stream - 64 bytes -> C:\Windows\zip.exe:$CmdTcID
  650. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XpsPrint.dll:$CmdTcID
  651. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XpsGdiConverter.dll:$CmdTcID
  652. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xliveinstallhost.exe:$CmdTcID
  653. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMPhoto.dll:$CmdTcID
  654. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WindowsCodecsExt.dll:$CmdTcID
  655. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WindowsCodecs.dll:$CmdTcID
  656. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\unrar.dll:$CmdTcID
  657. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\UIAnimation.dll:$CmdTcID
  658. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SRCOM.dll:$CmdTcID
  659. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvwgf2um.dll:$CmdTcID
  660. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvumdshim.dll:$CmdTcID
  661. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvopencl.dll:$CmdTcID
  662. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvoglv32.dll:$CmdTcID
  663. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvoglshim32.dll:$CmdTcID
  664. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvinit.dll:$CmdTcID
  665. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\NvIFR.dll:$CmdTcID
  666. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\NvFBC.dll:$CmdTcID
  667. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvd3dum.dll:$CmdTcID
  668. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvcuvid.dll:$CmdTcID
  669. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvcuda.dll:$CmdTcID
  670. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvcompiler.dll:$CmdTcID
  671. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvapi.dll:$CmdTcID
  672. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msmpeg2vdec.dll:$CmdTcID
  673. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\javaw.exe:$CmdTcID
  674. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\java.exe:$CmdTcID
  675. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\FlashPlayerApp.exe:$CmdTcID
  676. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dxgi.dll:$CmdTcID
  677. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DWrite.dll:$CmdTcID
  678. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d11.dll:$CmdTcID
  679. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10warp.dll:$CmdTcID
  680. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10level9.dll:$CmdTcID
  681. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10core.dll:$CmdTcID
  682. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10_1core.dll:$CmdTcID
  683. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10_1.dll:$CmdTcID
  684. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10.dll:$CmdTcID
  685. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d2d1.dll:$CmdTcID
  686. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll:$CmdTcID
  687. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll:$CmdTcID
  688. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll:$CmdTcID
  689. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll:$CmdTcID
  690. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll:$CmdTcID
  691. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll:$CmdTcID
  692. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll:$CmdTcID
  693. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll:$CmdTcID
  694. @Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll:$CmdTcID
  695. @Alternate Data Stream - 64 bytes -> C:\Windows\SWXCACLS.exe:$CmdTcID
  696. @Alternate Data Stream - 64 bytes -> C:\Windows\SWSC.exe:$CmdTcID
  697. @Alternate Data Stream - 64 bytes -> C:\Windows\SWREG.exe:$CmdTcID
  698. @Alternate Data Stream - 64 bytes -> C:\Windows\sed.exe:$CmdTcID
  699. @Alternate Data Stream - 64 bytes -> C:\Windows\PEV.exe:$CmdTcID
  700. @Alternate Data Stream - 64 bytes -> C:\Windows\NIRCMD.exe:$CmdTcID
  701. @Alternate Data Stream - 64 bytes -> C:\Windows\MBR.exe:$CmdTcID
  702. @Alternate Data Stream - 64 bytes -> C:\Windows\grep.exe:$CmdTcID
  703. @Alternate Data Stream - 64 bytes -> C:\Users\Admin\Desktop\pl-voucher_review.pdf:$CmdTcID
  704. @Alternate Data Stream - 64 bytes -> C:\Users\Admin\Desktop\OTL.exe:$CmdTcID
  705. @Alternate Data Stream - 64 bytes -> C:\ProgramData\cis446F.exe:$CmdTcID
  706. @Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe:$CmdTcID
  707. @Alternate Data Stream - 26 bytes -> C:\Users\Admin\Desktop\pl-voucher_review.pdf:$CmdZnID
  708. @Alternate Data Stream - 26 bytes -> C:\Users\Admin\Desktop\OTL.exe:$CmdZnID
  709.  
  710. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!