OTL logfile created on: 2015-03-30 13:35:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Riemer\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17420) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,88 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 37,46% Memory free 7,76 Gb Paging File | 4,29 Gb Available in Paging File | 55,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 150,16 Gb Total Space | 79,86 Gb Free Space | 53,18% Space Free | Partition Type: NTFS Drive E: | 781,25 Gb Total Space | 640,23 Gb Free Space | 81,95% Space Free | Partition Type: NTFS Computer Name: RIEMER-KOMPUTER | User Name: Riemer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015-03-30 13:33:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Riemer\Desktop\OTL.exe PRC - [2015-03-27 16:06:21 | 000,078,336 | ---- | M] () -- C:\Users\Riemer\AppData\Local\1780F000-1427468778-815C-2767-20256488AA9F\insdD9FC.tmp PRC - [2015-03-27 15:54:09 | 000,194,048 | ---- | M] () -- C:\Users\Riemer\AppData\Local\1780F000-1427468042-815C-2767-20256488AA9F\snsi9AE8.tmp PRC - [2015-03-27 15:53:50 | 000,162,304 | ---- | M] () -- C:\Users\Riemer\AppData\Local\1780F000-1427468026-815C-2767-20256488AA9F\cnsi5FCE.tmp PRC - [2015-03-27 15:50:39 | 000,204,800 | ---- | M] () -- C:\Users\Riemer\AppData\Roaming\1780F000-1427464212-815C-2767-20256488AA9F\jnsr6748.tmp PRC - [2015-03-27 07:23:26 | 001,442,384 | ---- | M] (BitTorrent Inc.) -- C:\Users\Riemer\AppData\Roaming\uTorrent\uTorrent.exe PRC - [2015-03-25 11:34:46 | 003,416,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe PRC - [2015-03-25 11:29:20 | 003,723,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe PRC - [2015-03-25 11:21:40 | 000,309,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe PRC - [2015-03-14 12:12:39 | 000,809,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2015-02-17 15:31:22 | 002,794,520 | ---- | M] () -- C:\ProgramData\Avg_Update_0215pit\AVG-Secure-Search-Update_0215pit.exe PRC - [2015-01-08 21:37:59 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2015-01-08 21:37:57 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2014-12-11 12:36:04 | 000,089,864 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe PRC - [2014-12-03 11:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014-10-07 16:39:30 | 001,241,472 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2013-08-07 15:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2013-08-07 15:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012-04-05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015-03-14 12:12:37 | 014,974,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll MOD - [2015-03-14 12:12:35 | 009,278,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll MOD - [2015-03-14 12:12:30 | 001,174,856 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll MOD - [2015-03-14 12:12:28 | 000,080,200 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll MOD - [2015-01-08 22:40:56 | 001,071,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\a3ab3961c1e2c3b98a3397d11eb38d2b\System.ServiceModel.Web.ni.dll MOD - [2015-01-08 22:40:55 | 000,788,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9d31dc037429437307aacdbcb88bab3c\System.ServiceModel.Internals.ni.dll MOD - [2015-01-08 22:40:51 | 019,547,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3d1acd5d42efed17d6c6ce2836a7403e\System.ServiceModel.ni.dll MOD - [2015-01-08 22:40:38 | 002,803,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ad1a5e8488b493088c4317191604dc81\System.Runtime.Serialization.ni.dll MOD - [2015-01-08 22:40:32 | 002,964,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\893a4abb6db1e57c15f1f831cd6420e1\System.IdentityModel.ni.dll MOD - [2015-01-08 22:39:53 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\6e7ce9401fda1718a4b6e3a27e8de909\SMDiagnostics.ni.dll MOD - [2014-10-16 18:40:15 | 001,873,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b743aed31731aa473e125bb63f43b3f4\System.Xaml.ni.dll MOD - [2014-10-16 18:40:02 | 012,895,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bcc9a98d4cae057c7278f80d56836140\System.Windows.Forms.ni.dll MOD - [2014-10-16 18:39:56 | 006,982,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\32282378a8280af393b626510cf4a5b9\System.Core.ni.dll MOD - [2014-10-16 18:39:56 | 000,967,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8b7f1232264c4795152f77a2434c02ab\System.Configuration.ni.dll MOD - [2014-10-16 18:39:53 | 001,639,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53d0b6fa2fc28f7d50f84999fc2a1bbf\System.Drawing.ni.dll MOD - [2014-10-16 18:39:52 | 007,787,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a4066040e82329538bec1a194a222d93\System.Xml.ni.dll MOD - [2014-10-16 18:39:49 | 010,069,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll MOD - [2014-09-10 11:24:37 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-11-06 05:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014-09-10 01:08:15 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2014-04-30 17:33:52 | 000,337,776 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64) SRV:[b]64bit:[/b] - [2014-01-07 10:15:02 | 000,461,032 | ---- | M] (Acer Incorporate) [Auto | Running] -- C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe -- (LMSvc) SRV:[b]64bit:[/b] - [2013-08-07 15:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV:[b]64bit:[/b] - [2013-05-11 18:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2013-05-11 18:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2012-04-05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2015-03-27 16:06:21 | 000,078,336 | ---- | M] () [Auto | Running] -- C:\Users\Riemer\AppData\Local\1780F000-1427468778-815C-2767-20256488AA9F\insdD9FC.tmp -- (hirireru) SRV - [2015-03-27 15:54:09 | 000,194,048 | ---- | M] () [Auto | Running] -- C:\Users\Riemer\AppData\Local\1780F000-1427468042-815C-2767-20256488AA9F\snsi9AE8.tmp -- (xekobibu) SRV - [2015-03-27 15:53:50 | 000,162,304 | ---- | M] () [Auto | Running] -- C:\Users\Riemer\AppData\Local\1780F000-1427468026-815C-2767-20256488AA9F\cnsi5FCE.tmp -- (mufunoge) SRV - [2015-03-27 15:50:39 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Users\Riemer\AppData\Roaming\1780F000-1427464212-815C-2767-20256488AA9F\jnsr6748.tmp -- (rijedubu) SRV - [2015-03-25 11:34:46 | 003,416,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent) SRV - [2015-03-25 11:21:40 | 000,309,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd) SRV - [2015-02-05 15:08:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015-01-08 21:37:59 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2015-01-08 21:37:57 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2015-01-08 21:27:06 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2015-01-02 20:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014-12-11 12:36:04 | 000,089,864 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService) SRV - [2014-12-03 11:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014-09-10 01:22:08 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2014-04-11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013-12-24 03:26:48 | 000,318,592 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2015-03-25 11:21:34 | 000,281,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:[b]64bit:[/b] - [2015-02-25 17:37:42 | 000,284,128 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:[b]64bit:[/b] - [2015-02-05 10:27:02 | 000,133,088 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:[b]64bit:[/b] - [2015-02-03 10:47:26 | 000,341,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:[b]64bit:[/b] - [2015-01-08 21:27:05 | 004,170,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2015-01-08 21:27:02 | 000,449,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2014-11-18 21:42:04 | 000,203,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:[b]64bit:[/b] - [2014-11-04 13:37:12 | 000,797,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2014-10-08 15:13:10 | 000,127,760 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b]64bit:[/b] - [2014-09-10 01:16:06 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2014-09-10 01:16:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2014-09-10 01:15:16 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2014-09-10 01:15:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2014-09-10 01:12:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2014-09-10 01:12:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2014-09-10 01:00:36 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2014-08-28 20:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:[b]64bit:[/b] - [2014-06-18 20:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska) DRV:[b]64bit:[/b] - [2014-06-18 20:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:[b]64bit:[/b] - [2013-12-24 03:00:50 | 000,597,192 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2013-12-24 03:00:50 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2013-12-24 03:00:50 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2013-12-24 03:00:50 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2013-12-24 03:00:50 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:[b]64bit:[/b] - [2013-12-24 03:00:50 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2013-12-24 03:00:50 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2013-12-24 03:00:50 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2013-12-23 21:12:50 | 004,029,952 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2013-11-05 07:02:16 | 000,458,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:[b]64bit:[/b] - [2013-10-02 03:31:08 | 000,370,504 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2013-09-04 01:53:44 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2013-08-30 12:05:34 | 000,356,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:[b]64bit:[/b] - [2013-08-07 15:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2013-08-07 15:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:[b]64bit:[/b] - [2011-06-17 21:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.luckysearches.com/web/?type=dspp&ts=1427464292&from=exp&uid=WDCXWD10JPVX-22JC3T0_WD-WX21EC3HCR46HCR46&q={searchTerms} IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.luckysearches.com/web/?type=dspp&ts=1427464292&from=exp&uid=WDCXWD10JPVX-22JC3T0_WD-WX21EC3HCR46HCR46&q={searchTerms} IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl-PL IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E F0 E8 E5 EA 2A D0 01 [binary data] IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1524431414-225335151-3632231463-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7884B9CB-D473-C318-21BF-9FD0B0DEC27F}: C:\Program Files (x86)\ver1BlockAndSurf\190.xpi [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Error reading preferences file CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche\3.5_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.12_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg\1.0.43_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.21_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.26_0\ CHR - Extension: No name found = C:\Users\Riemer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2015-02-06 10:48:11 | 000,000,921 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe (Corel Corporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1524431414-225335151-3632231463-1000..\Run: [AVG-Secure-Search-Update_0215pit] C:\Users\Riemer\AppData\Roaming\Avg_Update_0215pit\AVG-Secure-Search-Update_0215pit.exe () O4 - HKU\S-1-5-21-1524431414-225335151-3632231463-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKU\S-1-5-21-1524431414-225335151-3632231463-1000..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent File not found O4 - HKU\S-1-5-21-1524431414-225335151-3632231463-1000..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART File not found O4 - HKU\S-1-5-21-1524431414-225335151-3632231463-1000..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKU\S-1-5-21-1524431414-225335151-3632231463-1000..\Run: [uTorrent] C:\Users\Riemer\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - HKLM..\RunOnce: [Update] C:\Users\Riemer\AppData\Roaming\VOPackage\VOPackage.exe /runonce File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\Program Files (x86)\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\Program Files (x86)\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B1A3ED9-CAED-4F19-B749-73C3FBF799E7}: DhcpNameServer = 10.0.0.13 10.0.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92499DB0-B909-4031-AE23-52D01A819DDC}: DhcpNameServer = 192.168.1.1 0.0.0.0 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Program Files) - C:\Program Files [2015-03-27 16:20:03 | 000,000,000 | R--D | M] O20 - AppInit_DLLs: (C:\Program Files) - C:\Program Files [2015-03-27 16:20:03 | 000,000,000 | R--D | M] O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{04bdcd48-96cc-11e4-b200-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{04bdcd48-96cc-11e4-b200-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun\AutoRunX\AutoRunX.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchCGS.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015-03-30 13:33:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Riemer\Desktop\OTL.exe [2015-03-30 13:30:46 | 000,000,000 | ---D | C] -- C:\FRST [2015-03-30 13:30:26 | 002,095,616 | ---- | C] (Farbar) -- C:\Users\Riemer\Desktop\FRST64.exe [2015-03-29 21:55:10 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\Avg_Update_0215pit [2015-03-29 21:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0215pit [2015-03-29 20:48:19 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\AVG2015 [2015-03-29 20:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2015-03-29 20:47:04 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\TuneUp Software [2015-03-29 20:46:28 | 000,000,000 | -H-D | C] -- C:\$AVG [2015-03-29 20:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015 [2015-03-29 20:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2015-03-29 20:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2015-03-29 20:26:22 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Local\MFAData [2015-03-29 20:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2015-03-29 20:26:22 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Local\Avg2015 [2015-03-27 16:51:31 | 000,000,000 | ---D | C] -- C:\Users\Riemer\Documents\Moje palety [2015-03-27 16:48:58 | 000,000,000 | ---D | C] -- C:\Users\Riemer\Documents\Corel [2015-03-27 16:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2015-03-27 16:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2015-03-27 16:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis [2015-03-27 16:23:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel [2015-03-27 16:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit) [2015-03-27 16:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2015-03-27 16:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2015-03-27 16:06:18 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Local\1780F000-1427468778-815C-2767-20256488AA9F [2015-03-27 16:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\cbc9875d-a5e2-4ce5-870c-cb453ddd040d [2015-03-27 16:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cinema Plus Pro 3.2cV27.03 [2015-03-27 15:54:02 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Local\1780F000-1427468042-815C-2767-20256488AA9F [2015-03-27 15:53:46 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Local\1780F000-1427468026-815C-2767-20256488AA9F [2015-03-27 15:51:25 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Local\1780F000-1427467885-815C-2767-20256488AA9F [2015-03-27 15:50:26 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\luckysearches [2015-03-27 15:50:12 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\1780F000-1427464212-815C-2767-20256488AA9F [2015-03-27 15:48:51 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\{9D3F51EF-8CFB-4F18-B2BC-25177EE771CA}_ANZHUANG [2015-03-27 15:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teal Kitty [2015-03-27 15:25:34 | 000,000,000 | ---D | C] -- C:\Users\Riemer\Desktop\projekty [2015-03-25 11:21:34 | 000,281,056 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys [2015-03-24 21:26:04 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Local\7Regal Casino [2015-03-21 13:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Płatnik 9.01.001F [2015-03-21 13:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asseco Poland SA [2015-03-21 13:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2015-03-21 13:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Asseco Poland SA [2015-03-21 13:41:02 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0 [2015-03-21 13:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2015-03-21 13:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Asseco Poland SA [2015-03-21 13:37:50 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\InstallShield [2015-03-18 22:22:34 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2015-03-18 22:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2015-03-18 22:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast [2015-03-17 18:51:30 | 000,000,000 | ---D | C] -- C:\Users\Riemer\Desktop\Miesiące [2015-03-17 10:50:00 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\NCH Software [2015-03-17 10:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2015-03-17 10:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs [2015-03-17 10:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2015-03-17 10:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software [2015-03-10 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Local\Team_360h [2015-03-10 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\Riemer\Desktop\rebulid [2015-03-10 17:37:26 | 000,000,000 | ---D | C] -- C:\Users\Riemer\Desktop\input [2015-03-10 17:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team360h [2015-03-10 17:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iso2God [2015-03-09 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\Riemer\AppData\Roaming\.mono [2015-03-09 17:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono [2 C:\Users\Riemer\AppData\Local\*.tmp files -> C:\Users\Riemer\AppData\Local\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015-03-30 13:33:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Riemer\Desktop\OTL.exe [2015-03-30 13:30:31 | 002,095,616 | ---- | M] (Farbar) -- C:\Users\Riemer\Desktop\FRST64.exe [2015-03-30 13:08:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015-03-30 12:56:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015-03-30 12:50:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015-03-30 12:50:10 | 000,016,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015-03-30 12:50:10 | 000,016,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015-03-30 07:49:24 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015-03-30 07:41:46 | 000,001,690 | ---- | M] () -- C:\Windows\tasks\ADMTLKJJ.job [2015-03-29 21:55:47 | 000,000,538 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0215pit_RML.job [2015-03-29 21:55:08 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\AVG_SYS_TASK_0215pit.job [2015-03-29 21:55:05 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AVG_SYS_TASK_0215pit_DELETE.job [2015-03-29 20:47:05 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk [2015-03-29 09:15:34 | 001,854,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015-03-29 09:15:34 | 000,806,282 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2015-03-29 09:15:34 | 000,720,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015-03-29 09:15:34 | 000,180,252 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2015-03-29 09:15:34 | 000,146,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015-03-28 20:55:38 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job [2015-03-28 20:55:25 | 3127,136,256 | -HS- | M] () -- C:\hiberfil.sys [2015-03-27 16:44:15 | 000,482,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015-03-27 16:38:19 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015-03-27 16:29:22 | 000,003,015 | ---- | M] () -- C:\Users\Riemer\Desktop\CorelDRAW X7 (64-Bit).lnk [2015-03-27 16:09:41 | 000,008,704 | ---- | M] () -- C:\Windows\SysWow64\VCLOff.ini [2015-03-27 16:09:41 | 000,008,704 | ---- | M] () -- C:\Windows\SysNative\VCLOff.ini [2015-03-27 16:09:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webTinstMKTN_01009.Wdf [2015-03-26 21:14:08 | 000,005,542 | ---- | M] () -- C:\Users\Riemer\AppData\Roaming\ADMTLKJJ [2015-03-25 11:21:34 | 000,281,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys [2015-03-24 21:27:11 | 000,001,810 | ---- | M] () -- C:\Users\Riemer\Desktop\7Regal Casino.lnk [2015-03-21 13:44:45 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Płatnik 9.01.001F.lnk [2015-03-20 23:13:16 | 000,180,411 | ---- | M] () -- C:\Users\Riemer\Desktop\IMG_6237.jpg [2015-03-18 22:22:35 | 000,001,001 | ---- | M] () -- C:\Users\Riemer\Desktop\SopCast.lnk [2015-03-17 10:49:59 | 000,001,246 | ---- | M] () -- C:\Users\Public\Desktop\NCH Suite.lnk [2015-03-17 10:49:59 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk [2015-03-10 17:29:05 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Iso2God.lnk [2 C:\Users\Riemer\AppData\Local\*.tmp files -> C:\Users\Riemer\AppData\Local\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015-03-29 21:55:47 | 000,000,538 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0215pit_RML.job [2015-03-29 21:55:05 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\AVG_SYS_TASK_0215pit_DELETE.job [2015-03-29 21:55:03 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\AVG_SYS_TASK_0215pit.job [2015-03-29 20:47:05 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk [2015-03-27 18:14:58 | 000,003,015 | ---- | C] () -- C:\Users\Riemer\Desktop\CorelDRAW X7 (64-Bit).lnk [2015-03-27 16:09:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webTinstMKTN_01009.Wdf [2015-03-27 16:07:45 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\VCLOff.ini [2015-03-27 16:07:45 | 000,008,704 | ---- | C] () -- C:\Windows\SysNative\VCLOff.ini [2015-03-27 16:05:01 | 000,001,690 | ---- | C] () -- C:\Windows\tasks\ADMTLKJJ.job [2015-03-26 21:14:08 | 000,005,542 | ---- | C] () -- C:\Users\Riemer\AppData\Roaming\ADMTLKJJ [2015-03-24 21:27:11 | 000,001,810 | ---- | C] () -- C:\Users\Riemer\Desktop\7Regal Casino.lnk [2015-03-21 13:44:45 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Płatnik 9.01.001F.lnk [2015-03-20 23:13:16 | 000,180,411 | ---- | C] () -- C:\Users\Riemer\Desktop\IMG_6237.jpg [2015-03-18 22:22:35 | 000,001,001 | ---- | C] () -- C:\Users\Riemer\Desktop\SopCast.lnk [2015-03-17 10:49:59 | 000,001,246 | ---- | C] () -- C:\Users\Public\Desktop\NCH Suite.lnk [2015-03-17 10:49:59 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk [2015-03-17 10:49:59 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk [2015-03-10 17:29:05 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Iso2God.lnk [2015-02-06 10:48:12 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe [2015-01-08 22:18:56 | 000,218,712 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2015-01-08 21:26:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2014-09-10 11:23:34 | 001,694,208 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-09-10 02:35:18 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll [2013-09-10 02:35:10 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013-09-10 02:35:08 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll [2013-05-11 18:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014-09-10 01:15:37 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-09-10 01:15:37 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >