OTL logfile created on: 2017-05-16 17:31:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michał\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,48 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 34,20% Memory free 4,95 Gb Paging File | 1,66 Gb Available in Paging File | 33,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 128,18 Gb Total Space | 17,07 Gb Free Space | 13,32% Space Free | Partition Type: NTFS Drive D: | 84,84 Gb Total Space | 9,04 Gb Free Space | 10,66% Space Free | Partition Type: NTFS Computer Name: MICHAŁ-KOMPUTER | User Name: Michał | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2017-05-16 17:30:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michał\Downloads\OTL.exe PRC - [2017-05-15 01:12:02 | 008,470,464 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2017-05-15 01:11:58 | 000,263,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2017-05-15 01:11:54 | 005,732,136 | ---- | M] (AVAST Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\aswidsagent.exe PRC - [2017-05-09 17:42:26 | 003,146,704 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe PRC - [2017-05-09 17:40:20 | 003,398,608 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe PRC - [2017-05-09 10:12:16 | 000,976,216 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2017-04-25 09:12:12 | 000,083,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2017-04-11 04:17:20 | 000,155,848 | ---- | M] () -- C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe PRC - [2014-11-20 10:48:50 | 000,242,264 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe PRC - [2014-10-15 03:17:02 | 011,507,872 | ---- | M] (Gadwin Systems) -- C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe PRC - [2013-12-06 22:52:36 | 000,493,056 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2013-12-06 22:51:54 | 000,209,408 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2013-12-06 16:04:32 | 000,276,992 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012-11-08 20:32:16 | 000,100,232 | R--- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe PRC - [2012-04-11 10:41:04 | 000,097,280 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe PRC - [2011-10-14 14:47:00 | 001,571,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2011-07-05 21:31:59 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe PRC - [2011-05-20 11:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011-03-13 10:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011-03-13 10:57:48 | 000,490,656 | ---- | M] (Atheros Communications) -- C:\Program Files\Bluetooth Suite\BtvStack.exe PRC - [2011-03-13 10:57:44 | 000,302,240 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe PRC - [2011-03-13 10:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010-10-07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010-08-17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010-07-09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-12-15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009-10-15 11:13:50 | 000,136,192 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2009-06-19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009-06-19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009-06-15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2008-12-22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2017-05-15 01:12:04 | 067,717,632 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2017-05-15 01:12:03 | 000,997,896 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\AvChrome.dll MOD - [2017-05-15 01:12:00 | 000,684,656 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll MOD - [2017-05-15 01:12:00 | 000,223,224 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\tasks_core.dll MOD - [2017-05-15 01:12:00 | 000,176,992 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll MOD - [2017-05-15 01:11:59 | 000,170,216 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll MOD - [2017-05-15 01:11:53 | 000,291,824 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll MOD - [2017-05-09 10:12:22 | 002,864,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\58.0.3029.110\libglesv2.dll MOD - [2017-05-09 10:12:21 | 000,087,384 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\58.0.3029.110\libegl.dll MOD - [2015-09-30 15:48:49 | 000,256,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\8ea4f2a14f034a52843ddf37991c9f6d\WindowsFormsIntegration.ni.dll MOD - [2015-09-30 15:48:17 | 013,319,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\273389de0b6e286cb2bdc83ecb428704\System.Web.ni.dll MOD - [2015-09-30 15:46:25 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\dcf2b1a7011858156e5b759de2e5e598\PresentationFramework-SystemXml.ni.dll MOD - [2015-09-30 13:00:07 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll MOD - [2015-09-30 13:00:01 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll MOD - [2015-09-30 12:59:59 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll MOD - [2015-09-30 12:59:48 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\ad2f6440da38a0dbae2df194782b35d1\System.ServiceProcess.ni.dll MOD - [2015-09-30 12:59:47 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\4cfa42c8b69a64e192f3255ec900457d\System.Runtime.Remoting.ni.dll MOD - [2015-09-30 12:59:46 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll MOD - [2015-09-30 12:59:37 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll MOD - [2015-09-30 12:59:36 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dll MOD - [2015-09-30 12:59:35 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll MOD - [2015-09-30 12:59:20 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll MOD - [2015-09-30 12:59:11 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll MOD - [2015-09-30 12:59:06 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll MOD - [2015-09-30 12:58:59 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll MOD - [2015-09-30 12:58:51 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll MOD - [2013-12-06 16:04:52 | 000,095,744 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2012-09-29 13:54:06 | 000,794,624 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\HPM1210GC.DLL MOD - [2012-09-29 13:24:58 | 002,396,160 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hpm1210su.dll MOD - [2012-09-29 13:24:46 | 000,262,144 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hpm1210sd.dll MOD - [2011-07-05 21:31:59 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2017-05-15 01:11:58 | 000,263,304 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2017-05-15 01:11:54 | 005,732,136 | ---- | M] (AVAST Software s.r.o.) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\aswidsagent.exe -- (aswbIDSAgent) SRV - [2017-05-09 21:46:59 | 000,271,864 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2017-05-09 17:40:20 | 003,398,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService) SRV - [2017-04-25 09:12:12 | 000,083,056 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2017-04-11 04:17:20 | 000,155,848 | ---- | M] () [Auto | Running] -- C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe -- (HuaweiHiSuiteService.exe) SRV - [2017-04-05 16:09:10 | 000,317,400 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2016-10-24 23:40:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2016-08-25 19:28:13 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015-03-12 09:14:42 | 000,039,376 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2014-11-20 10:48:50 | 000,242,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service) SRV - [2013-12-06 22:51:54 | 000,209,408 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013-12-06 16:04:32 | 000,276,992 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012-11-08 20:32:16 | 000,100,232 | R--- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV - [2011-03-13 10:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011-03-13 10:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-12-15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009-10-15 11:13:50 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-06-15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2005-11-17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\anvsnddrv.sys -- (anvsnddrv) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ana76du6) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86) DRV - [2017-05-16 15:11:02 | 000,065,824 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebProtection) DRV - [2017-05-16 14:54:49 | 000,097,208 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\farflt.sys -- (MBAMFarflt) DRV - [2017-05-16 14:54:48 | 000,039,360 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtection) DRV - [2017-05-16 14:54:44 | 000,220,088 | ---- | M] (Malwarebytes) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2017-05-15 10:18:32 | 000,161,720 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\System32\drivers\MBAMChameleon.sys -- (MBAMChameleon) DRV - [2017-05-15 01:14:31 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2017-05-15 01:12:43 | 000,115,152 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm) DRV - [2017-05-15 01:12:08 | 000,482,608 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2017-05-15 01:12:08 | 000,279,800 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2017-05-15 01:12:08 | 000,107,928 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2017-05-15 01:12:08 | 000,062,152 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2017-05-15 01:12:08 | 000,034,136 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid) DRV - [2017-05-15 01:12:07 | 000,090,336 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2017-05-15 01:11:55 | 000,764,576 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2017-05-15 01:11:53 | 000,268,016 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\aswblogx.sys -- (aswblog) DRV - [2017-05-15 01:11:53 | 000,258,288 | ---- | M] (AVAST Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswbidsdriverx.sys -- (aswbidsdriver) DRV - [2017-05-15 01:11:53 | 000,148,696 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\aswbidshx.sys -- (aswbidsh) DRV - [2017-05-15 01:11:53 | 000,041,664 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\aswbunivx.sys -- (aswbuniv) DRV - [2017-05-09 16:37:58 | 000,059,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mbae.sys -- (ESProtectionDriver) DRV - [2017-04-11 04:17:08 | 000,015,360 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbccgpfilter.sys -- (ew_usbccgpfilter) DRV - [2015-10-25 17:43:55 | 000,145,664 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IT9135BDA.sys -- (IT9135BDA) DRV - [2015-10-05 17:31:57 | 000,329,384 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2013-12-06 23:51:04 | 011,527,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2013-12-06 22:20:32 | 000,501,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2013-09-24 16:52:20 | 000,077,312 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2013-09-19 23:05:04 | 000,050,432 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.2.0) DRV - [2013-06-27 23:50:44 | 000,034,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata) DRV - [2013-06-27 23:50:42 | 000,070,464 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata) DRV - [2013-06-02 05:56:40 | 000,026,032 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice) DRV - [2013-05-28 03:09:38 | 000,178,496 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdxhc.sys -- (amdxhc) DRV - [2013-05-28 03:09:36 | 000,085,312 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdhub30.sys -- (amdhub30) DRV - [2012-11-08 13:00:46 | 000,016,896 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews) DRV - [2011-10-03 23:46:14 | 002,205,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011-09-20 09:56:42 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AiCharger.sys -- (AiCharger) DRV - [2011-05-25 19:06:18 | 000,015,488 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys -- (ATKWMIACPIIO) DRV - [2011-03-13 10:57:54 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter) DRV - [2011-03-13 10:57:54 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2011-03-13 10:57:54 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2011-03-13 10:57:54 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV - [2011-03-13 10:57:54 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2011-03-13 10:57:54 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2011-03-13 10:57:52 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-29 02:55:38 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-07-02 17:36:10 | 000,013,880 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys -- (ASMMAP) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 6F 99 BD AE AA D1 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "PL" FF - prefs.js..browser.search.region: "PL" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:48.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.131.2: C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2: C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 48.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 48.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2017-04-12 21:18:19 | 000,000,000 | ---D | M] [2015-09-29 17:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\Extensions [2017-05-15 19:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\Firefox\Profiles\mr6xse0v.default\extensions [2016-09-09 17:43:38 | 000,023,373 | ---- | M] () (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\firefox\profiles\mr6xse0v.default\extensions\firefox-hotfix@mozilla.org.xpi [2016-04-18 20:06:14 | 000,070,626 | ---- | M] () (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\firefox\profiles\mr6xse0v.default\extensions\jid1-S5LxNhFnjqd4fg@jetpack.xpi [2017-05-15 01:11:55 | 000,352,829 | ---- | M] () (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\firefox\profiles\mr6xse0v.default\extensions\sp@avast.com.xpi [2017-05-15 01:11:55 | 000,692,271 | ---- | M] () (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\firefox\profiles\mr6xse0v.default\extensions\wrc@avast.com.xpi [2016-12-19 19:54:08 | 001,055,311 | ---- | M] () (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\firefox\profiles\mr6xse0v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-11 20:28:24 | 000,007,076 | ---- | M] () (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\firefox\profiles\mr6xse0v.default\features\{1c66520e-42fb-46c0-9db7-ddec5693a75c}\e10srollout@mozilla.org.xpi [2016-10-11 20:28:23 | 000,781,661 | ---- | M] () (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\firefox\profiles\mr6xse0v.default\features\{1c66520e-42fb-46c0-9db7-ddec5693a75c}\firefox@getpocket.com.xpi [2016-10-11 20:28:24 | 000,005,391 | ---- | M] () (No name found) -- C:\Users\Michał\AppData\Roaming\mozilla\firefox\profiles\mr6xse0v.default\features\{1c66520e-42fb-46c0-9db7-ddec5693a75c}\loop@mozilla.org.xpi [2016-08-25 19:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2015-02-10 15:13:12 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp\2.0_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\3.10.0_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\12.0.209_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop\2.2.6_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdhieelnnodbhbfhgdjcjfjipgknbpbc\1.3_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch\4.1_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ CHR - Extension: No name found = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [Gadwin PrintScreen (32-bit)] C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen32.exe (Gadwin Systems) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync — kliknij, aby połączyć - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync — kliknij, aby połączyć - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Zaufane witryny) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{092D29F5-1DBC-424B-884D-80E3112E75E8}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{194DFF62-928F-45ED-A35C-ED3FCFAFEE56}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{301364FF-7DBD-490F-A41C-6CB13B02C036}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{442A82B0-6513-40DF-A457-F675A8358A61}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58A5C936-0EF0-41BD-ABC7-DB176D02D894}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E6F44A0-C908-40A6-8FA3-22E459D9FAA2}: DhcpNameServer = 31.41.80.66 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4DD5D29-095B-4521-9932-CA155CF64AE9}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7F8118F-BE91-4D18-B803-5BEAB51941F4}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA266E19-04B8-4D3F-9CDE-82FB1A306523}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA5B0923-D6E7-4E13-A730-BE66EE3AB7DA}: DhcpNameServer = 192.168.8.1 192.168.8.1 O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{19d11f0d-3717-11e7-a792-742f68f8dd08}\Shell - "" = AutoRun O33 - MountPoints2\{19d11f0d-3717-11e7-a792-742f68f8dd08}\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe O33 - MountPoints2\{1b8668e9-8924-11e6-8187-742f68f8dd08}\Shell - "" = AutoRun O33 - MountPoints2\{1b8668e9-8924-11e6-8187-742f68f8dd08}\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe O33 - MountPoints2\{1b8668fd-8924-11e6-8187-742f68f8dd08}\Shell - "" = AutoRun O33 - MountPoints2\{1b8668fd-8924-11e6-8187-742f68f8dd08}\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe O33 - MountPoints2\{c6d8b779-6756-11e5-8bb0-742f68f8dd08}\Shell - "" = AutoRun O33 - MountPoints2\{c6d8b779-6756-11e5-8bb0-742f68f8dd08}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f2bdd914-3408-11e7-a4f9-742f68f8dd08}\Shell - "" = AutoRun O33 - MountPoints2\{f2bdd914-3408-11e7-a4f9-742f68f8dd08}\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2017-05-16 14:54:22 | 000,000,000 | R--D | C] -- C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2017-05-15 13:55:51 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LennarDigital [2017-05-15 13:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LennarDigital [2017-05-15 13:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg [2017-05-15 10:18:31 | 000,161,720 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys [2017-05-15 10:18:21 | 000,097,208 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys [2017-05-15 10:18:20 | 000,065,824 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys [2017-05-15 10:18:12 | 000,039,360 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys [2017-05-15 10:17:59 | 000,220,088 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2017-05-15 10:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2017-05-15 10:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2017-05-15 10:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes [2017-05-15 09:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SWCUTemp [2017-05-15 01:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2017-05-15 01:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2017-05-15 01:25:08 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2017-05-15 01:14:32 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2017-05-15 01:13:27 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\AVAST Software [2017-05-15 01:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software [2017-05-15 01:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV [2017-05-15 01:12:30 | 000,482,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2017-05-15 01:12:30 | 000,279,800 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys [2017-05-15 01:12:30 | 000,115,152 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys [2017-05-15 01:12:30 | 000,062,152 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys [2017-05-15 01:12:29 | 000,764,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2017-05-15 01:12:29 | 000,268,016 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswblogx.sys [2017-05-15 01:12:29 | 000,258,288 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidsdriverx.sys [2017-05-15 01:12:29 | 000,148,696 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidshx.sys [2017-05-15 01:12:29 | 000,107,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2017-05-15 01:12:29 | 000,090,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2017-05-15 01:12:29 | 000,041,664 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbunivx.sys [2017-05-15 01:12:29 | 000,034,136 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys [2017-05-15 01:12:11 | 000,921,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\ucrtbase.dll [2017-05-15 01:12:11 | 000,330,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2017-05-15 01:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2017-05-15 01:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2017-05-12 09:28:15 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Google [2017-05-08 21:20:52 | 000,000,000 | ---D | C] -- C:\Users\Michał\Documents\ITIL [2017-05-08 20:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite [2017-05-08 20:06:28 | 000,249,856 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\hw_quusbnet.sys [2017-05-08 20:06:28 | 000,199,680 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\hw_quusbmdm.sys [2017-05-08 20:06:28 | 000,113,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\hw_cdcacm.sys [2017-05-08 20:06:28 | 000,102,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\hw_usbdev.sys [2017-05-08 20:06:28 | 000,015,360 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbccgpfilter.sys [2017-05-08 20:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\HiSuite [2017-04-25 15:26:00 | 000,000,000 | ---D | C] -- C:\Users\Michał\Documents\BootcampFront-End [2017-04-25 15:14:48 | 000,000,000 | ---D | C] -- C:\Users\Michał\Documents\25021 [2017-04-23 15:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2017-04-23 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Notepad++ [2017-04-23 15:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2017-04-22 16:54:01 | 000,000,000 | ---D | C] -- C:\9a6392fee94b5a513ef003 [2017-04-22 14:16:59 | 000,000,000 | ---D | C] -- C:\Users\Michał\node_modules [2017-04-22 00:16:07 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\npm-cache [2017-04-22 00:12:11 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\npm [2017-04-22 00:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\nodejs [2017-04-22 00:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js [2017-04-20 00:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2017-04-17 21:48:37 | 000,000,000 | ---D | C] -- C:\Users\Michał\Documents\GIT [2017-04-17 21:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Git [2017-04-17 21:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git [2017-04-17 21:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Git [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2017-05-16 15:11:02 | 000,065,824 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys [2017-05-16 15:03:12 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2017-05-16 15:03:12 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2017-05-16 14:54:49 | 000,097,208 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys [2017-05-16 14:54:48 | 000,039,360 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys [2017-05-16 14:54:44 | 000,220,088 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2017-05-16 14:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2017-05-16 14:53:52 | 1995,104,256 | -HS- | M] () -- C:\hiberfil.sys [2017-05-15 10:40:27 | 000,743,216 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2017-05-15 10:40:27 | 000,656,628 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2017-05-15 10:40:27 | 000,156,784 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2017-05-15 10:40:27 | 000,122,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2017-05-15 10:18:32 | 000,161,720 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys [2017-05-15 01:25:11 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2017-05-15 01:15:17 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone Browser.lnk [2017-05-15 01:14:31 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2017-05-15 01:12:51 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk [2017-05-15 01:12:43 | 000,115,152 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys [2017-05-15 01:12:08 | 000,482,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2017-05-15 01:12:08 | 000,279,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys [2017-05-15 01:12:08 | 000,107,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2017-05-15 01:12:08 | 000,062,152 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys [2017-05-15 01:12:08 | 000,034,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys [2017-05-15 01:12:07 | 000,090,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2017-05-15 01:12:02 | 000,921,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\ucrtbase.dll [2017-05-15 01:12:01 | 000,330,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2017-05-15 01:11:55 | 000,764,576 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2017-05-15 01:11:53 | 000,268,016 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswblogx.sys [2017-05-15 01:11:53 | 000,258,288 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidsdriverx.sys [2017-05-15 01:11:53 | 000,148,696 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidshx.sys [2017-05-15 01:11:53 | 000,041,664 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbunivx.sys [2017-05-14 22:58:18 | 005,277,849 | ---- | M] () -- C:\Users\Michał\Desktop\Suabicii - ID (Big Room).mp3 [2017-05-13 19:19:42 | 000,012,123 | ---- | M] () -- C:\Users\Michał\.bash_history [2017-05-12 00:15:08 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2017-05-10 16:52:45 | 000,006,171 | ---- | M] () -- C:\Users\Michał\Documents\codepen_ybvPKr 2.zip [2017-05-09 21:46:55 | 000,803,320 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2017-05-09 21:46:55 | 000,144,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2017-05-09 16:37:58 | 000,059,904 | ---- | M] () -- C:\Windows\System32\drivers\mbae.sys [2017-05-08 20:06:37 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\HiSuite.lnk [2017-05-07 20:57:41 | 000,117,269 | ---- | M] () -- C:\Users\Michał\Documents\rozklad zajec na lato.pdf [2017-04-25 15:20:18 | 000,001,799 | ---- | M] () -- C:\Users\Michał\.viminfo [2017-04-25 15:14:39 | 000,005,920 | ---- | M] () -- C:\Users\Michał\Documents\25021.zip [2017-04-23 15:06:51 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk [2017-04-22 14:17:15 | 000,000,363 | ---- | M] () -- C:\Users\Michał\package.json [2017-04-22 00:14:57 | 000,000,007 | ---- | M] () -- C:\Users\Michał\.node_repl_history [2017-04-20 00:03:38 | 000,095,808 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2017-05-15 10:17:48 | 000,059,904 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys [2017-05-15 01:25:11 | 000,002,687 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2017-05-15 01:15:18 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Avast SafeZone Browser.lnk [2017-05-15 01:15:18 | 000,001,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk [2017-05-15 01:12:51 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk [2017-05-10 16:52:40 | 000,006,171 | ---- | C] () -- C:\Users\Michał\Documents\codepen_ybvPKr 2.zip [2017-05-08 20:06:37 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\HiSuite.lnk [2017-05-07 20:57:36 | 000,117,269 | ---- | C] () -- C:\Users\Michał\Documents\rozklad zajec na lato.pdf [2017-05-04 12:48:28 | 005,277,849 | ---- | C] () -- C:\Users\Michał\Desktop\Suabicii - ID (Big Room).mp3 [2017-04-25 15:14:26 | 000,005,920 | ---- | C] () -- C:\Users\Michał\Documents\25021.zip [2017-04-23 15:06:51 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk [2017-04-22 14:17:15 | 000,000,363 | ---- | C] () -- C:\Users\Michał\package.json [2017-04-22 00:14:48 | 000,000,007 | ---- | C] () -- C:\Users\Michał\.node_repl_history [2017-04-20 22:47:35 | 000,001,799 | ---- | C] () -- C:\Users\Michał\.viminfo [2017-04-18 01:11:30 | 000,012,123 | ---- | C] () -- C:\Users\Michał\.bash_history [2016-12-20 18:13:14 | 000,000,163 | ---- | C] () -- C:\Windows\ODBC.INI [2016-10-06 00:06:18 | 000,003,584 | ---- | C] () -- C:\Users\Michał\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2016-08-19 13:54:05 | 000,049,152 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll [2016-08-19 13:54:02 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe [2016-08-19 13:54:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\HPM1210LM.DLL [2016-08-19 13:53:21 | 000,029,184 | ---- | C] () -- C:\Windows\System32\HPImgFlt.dll [2016-08-19 13:52:25 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2015-11-15 23:29:33 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2015-11-15 23:29:02 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini [2015-10-25 17:45:07 | 000,000,014 | ---- | C] () -- C:\Windows\System32\SysInfo_6.dll [2015-10-25 17:16:25 | 000,000,245 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2015-10-18 18:47:08 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe [2015-10-18 18:46:51 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp7ml3.dll [2015-09-30 12:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2015-09-29 17:46:08 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-11-20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >