Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Roman (administrator) on DOMOWY-PC on 04-02-2015 14:02:44 Running from C:\Users\Roman\Downloads\FRst Loaded Profiles: Roman (Available profiles: Roman & Administrator) Platform: Windows Vista (TM) Ultimate Service Pack 2 (X64) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe () C:\Windows\SysWOW64\ASGT.exe () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Windows\System32\Locator.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\pg_ctl.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Roman\Downloads\FRst\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [1923640 2009-10-07] (ESET) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [606208 2009-12-09] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-327346500-4025672244-3197130516-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-327346500-4025672244-3197130516-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-327346500-4025672244-3197130516-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-327346500-4025672244-3197130516-1000\...\MountPoints2: {1e3b62e3-f9d5-11e1-a476-806e6f6e6963} - I:\sharan.exe HKU\S-1-5-21-327346500-4025672244-3197130516-1000\...\MountPoints2: {344fe7b2-6944-11e2-9e19-c86000c5db3c} - K:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-327346500-4025672244-3197130516-1000\...\MountPoints2: {7d93a525-899f-11e3-acea-c86000c5db3c} - I:\SETUP.EXE HKU\S-1-5-21-327346500-4025672244-3197130516-1000\...\MountPoints2: {98aff775-8325-11e3-a7b8-c86000c5db3c} - M:\Install.exe HKU\S-1-5-21-327346500-4025672244-3197130516-1000\...\MountPoints2: {e94950fc-fcc2-11e1-885e-c86000c5db3c} - L:\LaunchU3.exe -a IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IFEO\dvdregionfree.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IFEO\fixitcenter.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IFEO\lifecam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IFEO\pdf architect 2.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IFEO\Skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IFEO\teamviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank HKU\S-1-5-21-327346500-4025672244-3197130516-1000\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank HKU\S-1-5-21-327346500-4025672244-3197130516-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-327346500-4025672244-3197130516-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-327346500-4025672244-3197130516-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-327346500-4025672244-3197130516-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-327346500-4025672244-3197130516-1000 -> No Name - {F23E2FD6-D25D-4C52-8669-2B9C0133D6EE} - No File ShellExecuteHooks-x32: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files (x86)\DVD Region+CSS Free\DVDShell.dll [49152 2004-10-09] (Fengtao Software Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{6BE80719-4606-4634-ABFD-3AD0C0296002}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\7hd6vir9.default FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1483 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Extension: Adblock Plus - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\7hd6vir9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-15] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-05] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-30] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] () [File not signed] R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] () R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed] R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] () R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] () R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) [File not signed] S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-10-07] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [472280 2009-10-07] (ESET) S4 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [171008 2007-11-14] (Brio) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] S4 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S4 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738344 2014-04-30] (pdfforge GmbH) S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software) S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-02-26] (Ulead Systems, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation) R2 WorkshopDbService; C:\Program Files (x86)\ATRis_Technik\pgsql\bin\pg_ctl.exe [99840 2012-06-01] (PostgreSQL Global Development Group) [File not signed] S4 atashost; "C:\Windows\SysWOW64\atashost.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.) S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11175424 2012-05-24] (Advanced Micro Devices, Inc.) [File not signed] S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [343040 2012-05-24] (Advanced Micro Devices, Inc.) [File not signed] S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] () S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation) S3 CV2K1; C:\Windows\System32\DRIVERS\cv2k1.sys [21608 2012-09-25] (TamoSoft) R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [44944 2009-10-07] (ESET) R1 easdrv; C:\Windows\System32\DRIVERS\easdrv.sys [54232 2009-10-07] (ESET) R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [38776 2009-10-07] () R0 hotcore3; C:\Windows\SysWow64\drivers\hotcore3.sys [35096 2007-03-07] (Paragon Software Group) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-19] () S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-20] (Duplex Secure Ltd.) S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2010-04-27] (MCCI Corporation) S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2010-04-27] (MCCI Corporation) S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2010-04-27] (MCCI Corporation) R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2012-12-10] (Acronis) S3 TsVlb; C:\Windows\System32\DRIVERS\tsvlb.sys [22120 2010-04-21] (TamoSoft) R1 TsVp; C:\Windows\System32\DRIVERS\tsvp.sys [26256 2012-06-27] (TamoSoft) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-02-10] (TuneUp Software) S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [18392 2013-01-25] (Scott) U3 adhi2o85; C:\Windows\System32\Drivers\adhi2o85.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 14:00 - 2015-02-04 14:02 - 00000000 ____D () C:\Users\Roman\Downloads\FRst 2015-02-04 13:57 - 2015-02-04 13:57 - 00370943 _____ () C:\Users\Roman\Downloads\gmer.zip 2015-02-04 13:53 - 2015-02-04 13:54 - 00000072 _____ () C:\Users\Roman\Desktop\Nowy dokument tekstowy.txt 2015-02-04 07:41 - 2015-02-04 07:41 - 00008196 _____ () C:\Users\Roman\Desktop\kasperski.txt 2015-02-03 23:45 - 2015-02-03 23:45 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-03 23:40 - 2015-02-03 23:40 - 00001246 _____ () C:\Users\Roman\Desktop\FixExec.txt 2015-02-03 22:43 - 2015-02-03 22:58 - 00002437 _____ () C:\Users\Roman\Desktop\fixlist.txt 2015-02-03 22:38 - 2015-02-03 22:38 - 00185278 _____ () C:\Users\Roman\Downloads\Shortcut.txt 2015-02-03 22:37 - 2015-02-03 22:37 - 00000000 ____D () C:\Users\Roman\Downloads\FRST-OlderVersion 2015-02-03 21:31 - 2015-02-03 21:31 - 00000000 ____D () C:\Windows\System32\Tasks\Zadania podglądu zdarzeń 2015-02-03 21:14 - 2015-02-03 21:14 - 02241496 _____ (www.PCFixKit.com ) C:\Users\Roman\Downloads\PCFixKit_Setup.exe 2015-02-03 21:14 - 2015-02-03 21:14 - 00000000 ____D () C:\Users\Roman\AppData\Roaming\PCFixKit 2015-02-03 21:07 - 2015-02-03 21:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-03 21:06 - 2015-02-03 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-03 21:05 - 2015-02-03 21:05 - 00000000 ____D () C:\Program Files (x86)\Java 2015-02-03 21:03 - 2015-02-03 21:03 - 00639400 _____ (Oracle Corporation) C:\Users\Roman\Downloads\jre-8u31-windows-i586-iftw.exe 2015-02-03 18:17 - 2015-02-03 17:54 - 00450713 ____R () C:\Windows\system32\Drivers\etc\hosts.20150203-181720.backup 2015-02-03 17:54 - 2014-08-16 21:45 - 00450649 _____ () C:\Windows\system32\Drivers\etc\hosts.20150203-175446.backup 2015-02-03 07:49 - 2015-02-03 07:49 - 00000000 ____D () C:\Users\Roman\Desktop\filmy 2015-02-03 07:45 - 2015-02-01 23:10 - 00000062 _____ () C:\Users\Roman\Desktop\dane auta sprawcy kolizji - Kopia.txt 2015-02-03 07:21 - 2015-02-03 07:21 - 00001749 _____ () C:\Users\Roman\Desktop\zarażone.txt 2015-02-02 21:13 - 2015-02-02 21:13 - 00000962 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-02-02 17:31 - 2015-02-02 17:55 - 00000061 _____ () C:\Users\Roman\Desktop\PLEY ALA.txt 2015-02-02 17:25 - 2015-02-02 17:25 - 00302011 _____ () C:\Users\Roman\Downloads\WindowsUpdateDiagnostic.diagcab 2015-02-02 17:20 - 2015-02-02 17:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Roman\Downloads\MicrosoftFixit.wu.LB.3346315652109171.4.1.Run.exe 2015-02-02 17:19 - 2015-02-02 17:19 - 642364882 _____ () C:\Users\Roman\Desktop\HKLM ROMAN.reg 2015-02-01 23:08 - 2015-02-01 23:10 - 00000062 _____ () C:\Users\Roman\Desktop\dane auta sprawcy kolizji.txt 2015-02-01 14:56 - 2015-02-01 23:03 - 00000004 ___SH () C:\Help_MValidator.Lck 2015-02-01 14:56 - 2015-02-01 14:56 - 01199376 ___SH () C:\Help_MTOC_help.H1H 2015-02-01 14:56 - 2015-02-01 14:56 - 00485104 ___SH () C:\Help_MKWD_AssetId.H1W 2015-02-01 14:56 - 2015-02-01 14:56 - 00366208 ___SH () C:\Help_MKWD_BestBet.H1W 2015-02-01 14:56 - 2015-02-01 14:56 - 00015512 ___SH () C:\Help_MValidator.H1D 2015-02-01 14:56 - 2015-02-01 14:56 - 00013624 ___SH () C:\Help_MKWD_SubjectTerm.H1W 2015-02-01 14:56 - 2015-02-01 14:56 - 00013618 ___SH () C:\Help_MKWD_LinkTerm.H1W 2015-02-01 14:56 - 2015-02-01 14:56 - 00000000 __SHD () C:\Windows\system32\%USERPROFILE% 2015-02-01 14:56 - 2015-02-01 14:56 - 00000000 __SHD () C:\Windows\system32\%APPDATA% 2015-02-01 14:53 - 2015-02-01 14:53 - 00000000 ____D () C:\NVIDIA Corporation 2015-02-01 14:33 - 2015-02-01 14:34 - 00971528 _____ (Foolish IT LLC ) C:\Users\Roman\Downloads\CryptoPreventSetup.exe 2015-02-01 13:59 - 2015-02-01 13:59 - 00709564 _____ () C:\Users\Roman\Downloads\delfix_10.8.exe 2015-02-01 13:34 - 2015-02-01 13:34 - 00007474 _____ () C:\Users\Roman\Desktop\profile usera.reg 2015-02-01 13:10 - 2015-02-01 13:10 - 00347816 _____ (Microsoft Corporation) C:\Users\Roman\Downloads\MicrosoftFixit.malware.RNP.Run.exe 2015-02-01 12:25 - 2015-02-01 12:25 - 00165376 _____ () C:\Users\Roman\Downloads\SystemLook_x64.exe 2015-01-25 11:27 - 2015-01-25 11:32 - 169872128 _____ () C:\Users\Roman\Downloads\setup_11.0.3.8.x01_2015_01_22_19_39.exe 2015-01-24 20:00 - 2015-02-04 14:02 - 00000000 ____D () C:\FRST 2015-01-24 20:00 - 2015-02-03 22:38 - 00049418 _____ () C:\Users\Roman\Downloads\FRST.txt 2015-01-24 20:00 - 2015-01-24 20:01 - 00053815 _____ () C:\Users\Roman\Downloads\Addition.txt 2015-01-24 13:44 - 2015-01-24 13:54 - 00000054 _____ () C:\Users\Roman\Desktop\Kurier plików.txt 2015-01-24 13:04 - 2015-01-24 13:04 - 02194432 _____ () C:\Users\Roman\Downloads\adwcleaner_4.109.exe 2015-01-23 18:07 - 2015-01-23 18:07 - 00455739 _____ () C:\Users\Roman\Downloads\SetACL (executable version).zip 2015-01-23 17:02 - 2015-01-23 17:02 - 00000630 _____ () C:\Users\Roman\Desktop\Zwrot czujnika uzgodniony telefonicznie.txt 2015-01-20 21:32 - 2015-01-20 21:32 - 00001979 _____ () C:\Users\Roman\Desktop\Atris Vivid 2012-2.lnk 2015-01-20 21:27 - 2015-01-20 21:27 - 00404886 _____ () C:\Users\Roman\AppData\Local\dd_vcredistMSI59CE.txt 2015-01-20 21:27 - 2015-01-20 21:27 - 00012544 _____ () C:\Users\Roman\AppData\Local\dd_vcredistUI59CE.txt 2015-01-20 21:27 - 2015-01-20 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATRis_Technik 2015-01-20 21:23 - 2015-01-20 21:27 - 00000000 ____D () C:\ProgramData\WorkshopData 2015-01-20 20:57 - 2015-01-20 20:57 - 00000295 _____ () C:\Windows\Atris_STG.INI 2015-01-20 20:57 - 2015-01-20 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATRis STAHLGRUBER DVD 2015-01-20 20:20 - 2015-01-20 20:27 - 00000000 ____D () C:\Program Files (x86)\RegCleaner 2015-01-20 20:20 - 2015-01-20 20:20 - 00000818 _____ () C:\Users\Roman\Desktop\RegCleaner.lnk 2015-01-20 20:20 - 2015-01-20 20:20 - 00000818 _____ () C:\Users\Administrator\Desktop\RegCleaner.lnk 2015-01-20 20:19 - 2015-01-20 21:36 - 00000000 ____D () C:\Users\Roman\AppData\Roaming\DAEMON Tools Lite 2015-01-20 20:19 - 2015-01-20 20:40 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-01-18 20:41 - 2015-01-18 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential Data Tools 2015-01-18 20:41 - 2015-01-18 20:41 - 00000000 ____D () C:\Program Files (x86)\Essential Data Tools 2015-01-18 18:14 - 2015-01-18 18:14 - 02186752 _____ () C:\Users\Roman\Downloads\AdwCleaner.exe 2015-01-18 18:10 - 2015-01-18 18:11 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Roman\Downloads\tdsskiller.exe 2015-01-18 17:41 - 2015-01-18 20:03 - 00000000 ____D () C:\Program Files (x86)\nLite 2015-01-18 17:41 - 2015-01-18 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite 2015-01-18 17:36 - 2015-01-18 17:36 - 02665796 _____ (Dino Nuhagic (nuhi) ) C:\Users\Roman\Downloads\nLite-1.4.9.1.installer.exe 2015-01-14 15:10 - 2014-12-19 01:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 15:09 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 15:09 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 15:09 - 2014-12-06 03:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 15:09 - 2014-12-06 03:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 15:09 - 2014-12-06 03:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-11 21:25 - 2015-02-03 13:29 - 00000099 _____ () C:\Users\Public\LMDebug.log 2015-01-11 21:19 - 2015-01-11 21:20 - 00000000 ____D () C:\Users\Roman\Desktop\Instrukcja do c maxa html 2015-01-11 20:24 - 2015-01-11 20:24 - 00042718 _____ () C:\Users\Roman\Downloads\mondeo_seat climate control.zip 2015-01-11 20:24 - 2015-01-11 20:24 - 00000000 ____D () C:\Users\Roman\Downloads\mondeo_seat climate control 2015-01-10 19:26 - 2015-01-11 09:26 - 00078372 _____ () C:\Users\Roman\wirdia.svg 2015-01-06 12:48 - 2015-01-06 12:48 - 00000040 _____ () C:\Autoconfig.ini 2015-01-06 12:48 - 2015-01-06 12:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers 2015-01-06 12:48 - 2013-06-01 06:13 - 01571160 ____N () C:\Windows\TotalUninstaller.exe 2015-01-06 12:46 - 2013-05-10 10:48 - 00162136 _____ () C:\Windows\system32\spe__ci.exe 2015-01-06 12:46 - 2012-11-17 09:28 - 00000357 _____ () C:\Windows\system32\spe__l.smt 2015-01-06 12:46 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\system32\spe__l.dll 2015-01-06 12:46 - 2010-10-20 09:46 - 00089600 _____ (SS) C:\Windows\system32\spe__ci.dll 2015-01-06 12:45 - 2015-01-06 12:45 - 00000000 ____D () C:\RaidTool 2015-01-06 12:45 - 2015-01-06 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp 2015-01-06 12:45 - 2010-09-07 16:40 - 01976920 _____ (JMicron Technology Corp.) C:\Windows\SysWOW64\xRaidSetup.exe 2015-01-06 12:45 - 2010-09-07 16:40 - 00162392 _____ (JMicron Technology Corp.) C:\Windows\SysWOW64\xRaidAPI.dll 2015-01-06 12:41 - 2012-09-17 14:05 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys 2015-01-06 12:40 - 2015-01-06 12:40 - 00000000 ____D () C:\Program Files\Logitech 2015-01-06 12:38 - 2015-01-06 12:39 - 00000000 ____D () C:\Users\Roman\AppData\Roaming\Logishrd 2015-01-06 12:25 - 2015-01-06 12:25 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3 2015-01-05 23:56 - 2015-01-05 23:56 - 00000904 _____ () C:\Users\Roman\Desktop\drivers — skrót.lnk 2015-01-05 23:47 - 2015-02-03 18:37 - 00000000 ___RD () C:\Users\Roman\Desktop\Zawirusowanie rozwiązywanie 2015-01-05 23:46 - 2015-01-05 23:46 - 00000000 ____D () C:\Users\Roman\Downloads\stopgpcode_tool 2015-01-05 23:45 - 2015-01-05 23:46 - 00072935 _____ () C:\Users\Roman\Downloads\stopgpcode_tool.zip 2015-01-05 23:39 - 2015-01-05 23:39 - 12283989 _____ () C:\Users\Roman\Downloads\testdisk-7.0-WIP.win.zip 2015-01-05 22:49 - 2015-01-05 22:49 - 00000000 ____D () C:\Users\Roman\AppData\Roaming\Easeware 2015-01-05 22:49 - 2015-01-05 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy 2015-01-05 22:49 - 2015-01-05 22:49 - 00000000 ____D () C:\Program Files\Easeware 2015-01-05 22:48 - 2015-01-05 22:49 - 03123224 _____ (Easeware ) C:\Users\Roman\Downloads\DriverEasy_Setup.exe 2015-01-05 20:57 - 2015-02-03 22:37 - 02131456 _____ (Farbar) C:\Users\Roman\Downloads\FRST64.exe 2015-01-05 09:13 - 2015-01-05 09:13 - 02744965 _____ () C:\Users\Roman\Downloads\idtool.zip 2015-01-05 09:13 - 2015-01-05 09:13 - 00000000 ____D () C:\Users\Roman\Downloads\idtool ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 14:03 - 2014-11-13 07:58 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-04 13:51 - 2014-10-26 16:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 13:14 - 2014-11-13 07:58 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-04 13:12 - 2014-06-20 10:07 - 00032044 _____ () C:\Windows\error.log 2015-02-04 13:12 - 2006-11-02 13:34 - 00000270 _____ () C:\Windows\win.ini 2015-02-04 13:11 - 2014-06-20 10:07 - 00012636 _____ () C:\Windows\errord.log 2015-02-04 13:11 - 2013-03-06 08:13 - 00047502 _____ () C:\Windows\PFRO.log 2015-02-04 13:11 - 2012-09-17 19:11 - 23676031 _____ () C:\Windows\SysWOW64\http_ss.log 2015-02-04 13:11 - 2012-09-17 19:11 - 00000074 _____ () C:\Windows\SysWOW64\log.log 2015-02-04 13:11 - 2006-11-02 16:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-04 13:11 - 2006-11-02 16:21 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-04 13:11 - 2006-11-02 16:21 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-04 13:11 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\registration 2015-02-04 13:09 - 2008-01-21 02:53 - 01585523 _____ () C:\Windows\WindowsUpdate.log 2015-02-04 13:09 - 2006-11-02 16:40 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-04 10:15 - 2012-09-04 19:49 - 00151552 _____ () C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-04 09:30 - 2008-01-21 10:59 - 01624994 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-04 09:30 - 2008-01-21 10:59 - 00718052 _____ () C:\Windows\system32\perfh015.dat 2015-02-04 09:30 - 2008-01-21 10:59 - 00152832 _____ () C:\Windows\system32\perfc015.dat 2015-02-03 23:41 - 2015-01-04 21:26 - 00007037 _____ () C:\Users\Roman\Downloads\PandaRamsonwareDecrypt.log 2015-02-03 23:27 - 2012-09-04 23:55 - 00000000 ____D () C:\Users\Roman 2015-02-03 23:04 - 2012-09-04 23:56 - 00090248 _____ () C:\Users\Roman\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-03 23:02 - 2006-11-02 16:21 - 00334120 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-03 21:07 - 2013-10-22 04:08 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-03 20:33 - 2012-12-23 22:24 - 00000000 ____D () C:\Program Files (x86)\CloneDVD 2015-02-03 20:27 - 2012-09-08 13:46 - 00001069 _____ () C:\Windows\SysWOW64\atasinst.log 2015-02-03 10:40 - 2014-12-11 11:15 - 00000000 ____D () C:\Users\Roman\Desktop\Victoria test 2015-02-03 10:40 - 2014-12-09 17:08 - 00000000 ____D () C:\Users\Roman\Downloads\Sterowniki dla Roberta 2015-02-03 10:40 - 2014-09-20 22:05 - 00000000 ____D () C:\Users\Roman\Downloads\CINEBENCH_R15 2015-02-03 10:40 - 2014-09-20 22:00 - 00000000 ____D () C:\Users\Roman\Downloads\3DMark-v1-3-708 2015-02-03 10:40 - 2014-09-20 21:55 - 00000000 ____D () C:\Users\Roman\Downloads\OCCTPT4.4.1 2015-02-03 10:40 - 2014-09-14 18:56 - 00000000 ____D () C:\Users\Roman\SecurityScans 2015-02-03 10:40 - 2014-06-20 10:00 - 00000000 ____D () C:\Program Files (x86)\ATRis_Technik 2015-02-03 10:40 - 2014-06-10 18:16 - 00000000 ____D () C:\Users\Roman\Downloads\2001-2002 Toyota RAV4 Repair Manual 2015-02-03 10:40 - 2014-02-27 12:43 - 00000000 ____D () C:\Users\Roman\Downloads\AIRBAG SRS 2015-02-03 10:40 - 2013-06-27 06:12 - 00000000 ____D () C:\Users\Roman\Desktop\Do aut 2015-02-03 10:40 - 2012-09-04 23:58 - 00000000 ____D () C:\Users\Roman\AppData\Local\Google 2015-02-03 10:40 - 2012-09-04 23:57 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-03 08:11 - 2012-09-08 17:34 - 00000000 ___RD () C:\Users\Roman\Desktop\programy pulpit 2015-02-02 21:13 - 2014-10-26 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-02-02 21:13 - 2014-10-26 15:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-02-02 20:54 - 2014-09-06 21:57 - 00001024 ____H () C:\AMTAG.BIN 2015-02-02 20:54 - 2014-09-06 21:54 - 00000000 ____D () C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 5.5 2015-02-02 20:44 - 2012-12-14 09:32 - 00000000 ____D () C:\Program Files (x86)\PowerDataRecovery 2015-02-02 17:54 - 2012-12-06 14:26 - 01607020 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-02-02 17:15 - 2012-09-04 23:55 - 00010236 _____ () C:\Users\Roman\AppData\Local\d3d9caps64.dat 2015-02-01 23:14 - 2012-11-06 14:57 - 00000000 ____D () C:\VueScan 2015-02-01 15:12 - 2012-12-23 20:26 - 00000000 ____D () C:\Users\Roman\AppData\Roaming\Winamp 2015-02-01 15:12 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\spool 2015-01-29 00:55 - 2014-01-05 13:25 - 00019254 _____ () C:\Windows\setupact.log 2015-01-28 09:58 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache 2015-01-28 09:44 - 2006-11-02 14:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-28 07:35 - 2006-11-02 16:06 - 00000000 ____D () C:\Windows\ShellNew 2015-01-27 16:34 - 2013-02-19 21:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-27 16:34 - 2012-09-06 18:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-27 16:34 - 2012-09-06 18:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 20:14 - 2014-12-11 23:11 - 00000000 ____D () C:\Users\Roman\Downloads\Wyciągi bankowe 2015-01-24 19:59 - 2014-10-26 15:49 - 00000000 ____D () C:\AdwCleaner 2015-01-24 14:42 - 2014-02-09 00:00 - 00000000 ____D () C:\Users\Roman\Desktop\pfy pulpitu 2015-01-23 21:29 - 2013-09-14 21:05 - 00000000 ____D () C:\Users\Roman\Desktop\PRZEDSZKOLE 2015-01-23 21:21 - 2014-02-09 00:03 - 00000000 ___RD () C:\Users\Roman\Desktop\Tekstowe 2015-01-23 21:21 - 2014-02-09 00:01 - 00000000 ___RD () C:\Users\Roman\Desktop\Dokumenty word pulpit 2015-01-20 20:57 - 2014-06-20 08:29 - 00000374 _____ () C:\Windows\Atris_St.INI 2015-01-20 20:57 - 2014-06-20 08:29 - 00000345 _____ () C:\Windows\ODBC.INI 2015-01-20 20:43 - 2014-06-20 08:19 - 00000000 ____D () C:\ATRIS_ST 2015-01-20 20:20 - 2012-09-04 19:42 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2015-01-18 21:46 - 2013-08-05 10:54 - 00000000 ____D () C:\Users\Roman\AppData\Local\ChomikBox 2015-01-14 15:09 - 2013-07-21 21:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 15:00 - 2006-11-02 13:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-01-07 23:23 - 2013-04-13 15:25 - 00003816 _____ () C:\Windows\System32\Tasks\Update and information manager 2015-01-06 13:22 - 2014-09-23 16:39 - 00000000 ____D () C:\ProgramData\AMD 2015-01-06 12:52 - 2014-09-23 16:33 - 00000000 ____D () C:\AMD 2015-01-06 12:48 - 2013-08-02 09:53 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-06 12:48 - 2012-09-17 19:10 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-06 12:45 - 2012-09-04 18:04 - 00000000 ____D () C:\Windows\RaidTool 2015-01-06 12:41 - 2013-04-14 18:30 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-01-06 12:41 - 2013-04-14 18:30 - 00002040 _____ () C:\Windows\LkmdfCoInst.log 2015-01-06 12:41 - 2013-04-14 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-01-06 12:41 - 2013-04-14 18:27 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd 2015-01-06 12:41 - 2013-04-14 18:12 - 00034048 _____ () C:\Windows\LDPINST.LOG 2015-01-06 12:40 - 2012-09-06 16:03 - 00000000 ____D () C:\ProgramData\LogiShrd 2015-01-06 12:26 - 2013-06-17 10:25 - 00089580 _____ () C:\Windows\DPINST.LOG 2015-01-06 04:36 - 2012-09-04 19:06 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2012-12-25 09:39 - 2012-12-25 09:52 - 0000043 ___SH () C:\Users\Roman\AppData\Roaming\.zreglib 2012-12-25 09:59 - 2012-12-25 10:15 - 0099384 _____ () C:\Users\Roman\AppData\Roaming\inst.exe 2012-12-25 09:59 - 2012-12-25 10:15 - 0007859 _____ () C:\Users\Roman\AppData\Roaming\pcouffin.cat 2012-12-25 09:59 - 2012-12-25 10:15 - 0001167 _____ () C:\Users\Roman\AppData\Roaming\pcouffin.inf 2012-12-25 10:00 - 2012-12-25 10:15 - 0000033 _____ () C:\Users\Roman\AppData\Roaming\pcouffin.log 2012-12-25 09:59 - 2012-12-25 10:15 - 0082816 _____ (VSO Software) C:\Users\Roman\AppData\Roaming\pcouffin.sys 2014-01-05 14:29 - 2014-01-05 14:29 - 0027528 _____ () C:\Users\Roman\AppData\Roaming\UserTile.png 2013-12-19 12:25 - 2014-03-31 21:37 - 0000091 _____ () C:\Users\Roman\AppData\Roaming\WB.CFG 2013-05-19 21:21 - 2014-10-28 12:26 - 0007944 _____ () C:\Users\Roman\AppData\Local\d3d9caps.dat 2012-09-04 23:55 - 2015-02-02 17:15 - 0010236 _____ () C:\Users\Roman\AppData\Local\d3d9caps64.dat 2012-09-04 19:49 - 2015-02-04 10:15 - 0151552 _____ () C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-06-20 10:06 - 2014-06-20 10:06 - 0432204 _____ () C:\Users\Roman\AppData\Local\dd_vcredistMSI0003.txt 2013-04-14 18:28 - 2013-04-14 18:28 - 0452678 _____ () C:\Users\Roman\AppData\Local\dd_vcredistMSI26E8.txt 2014-11-17 20:52 - 2014-11-17 20:55 - 0419390 _____ () C:\Users\Roman\AppData\Local\dd_vcredistMSI36D0.txt 2014-06-20 11:38 - 2014-06-20 11:38 - 0415190 _____ () C:\Users\Roman\AppData\Local\dd_vcredistMSI467E.txt 2014-06-20 08:56 - 2014-06-20 08:57 - 0388328 _____ () C:\Users\Roman\AppData\Local\dd_vcredistMSI4AF9.txt 2015-01-20 21:27 - 2015-01-20 21:27 - 0404886 _____ () C:\Users\Roman\AppData\Local\dd_vcredistMSI59CE.txt 2014-01-30 15:38 - 2014-01-30 15:38 - 0426262 _____ () C:\Users\Roman\AppData\Local\dd_vcredistMSI7585.txt 2014-06-20 10:06 - 2014-06-20 10:06 - 0012800 _____ () C:\Users\Roman\AppData\Local\dd_vcredistUI0003.txt 2013-04-14 18:28 - 2013-04-14 18:28 - 0011772 _____ () C:\Users\Roman\AppData\Local\dd_vcredistUI26E8.txt 2014-11-17 20:52 - 2014-11-17 20:55 - 0011390 _____ () C:\Users\Roman\AppData\Local\dd_vcredistUI36D0.txt 2014-06-20 11:38 - 2014-06-20 11:38 - 0015852 _____ () C:\Users\Roman\AppData\Local\dd_vcredistUI467E.txt 2014-06-20 08:56 - 2014-06-20 08:57 - 0013160 _____ () C:\Users\Roman\AppData\Local\dd_vcredistUI4AF9.txt 2015-01-20 21:27 - 2015-01-20 21:27 - 0012544 _____ () C:\Users\Roman\AppData\Local\dd_vcredistUI59CE.txt 2014-01-30 15:38 - 2014-01-30 15:38 - 0011366 _____ () C:\Users\Roman\AppData\Local\dd_vcredistUI7585.txt 2014-06-20 10:30 - 2014-06-20 10:30 - 0000000 _____ () C:\Users\Roman\AppData\Local\max.ini 2014-02-15 16:06 - 2014-02-15 16:06 - 0003259 _____ () C:\Users\Roman\AppData\Local\unins000.dat 2014-02-15 16:06 - 2014-02-15 16:06 - 0707504 _____ () C:\Users\Roman\AppData\Local\unins000.exe 2014-02-15 16:06 - 2014-02-15 16:06 - 0011761 _____ () C:\Users\Roman\AppData\Local\unins000.msg 2012-09-08 13:46 - 2012-09-08 13:46 - 8892928 _____ () C:\ProgramData\atscie.msi ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-04 13:20 ==================== End Of Log ============================