x-kom hosting

[Rozwiązany] Różne komunikaty podczas pobierania, trojany - logi do sprawdzenia

maryjanek
utworzono
utworzono

Witam! Udostępniłem komuter na kilka dni siostrze, gdyż jej został odesłany na gwarancję. Dzisiaj ona do mnie przyszła i powiedziała że komputer źle działa i chyba kiedyś pobrała wirusa. Nie wiem jaki był to plik, nie wiem skąd, niestety się już nie dowiem pewnie nigdy. Włączyłem Malwarebytes i zeskanowałem cały komputer, po czym usunąłem zagrożenia. Wiem że mimo tego co zrobiłem i tak pewnie coś zostało tak więc wrzucam logi. Dodam, że jak np. chce coś pobrać to wyskakuje mi komunikat, że pliku nie da sie pobrać, po czym pobieram drugi raz i jest OK. Przy włączaniu komputera także pojawia się komunikat, że brakuje jakiegoś pliku. Proszę o szybką odpowiedź i od razu dziękuję.

OTL:
[spoiler]OTL logfile created on: 2013-09-30 19:31:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,96% Memory free
4,00 Gb Paging File | 2,52 Gb Available in Paging File | 63,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 2,31 Gb Free Space | 6,63% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 32,59 Gb Free Space | 82,36% Space Free | Partition Type: NTFS

Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-09-30 19:30:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
PRC - [2013-09-30 19:23:28 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013-09-18 21:35:50 | 000,274,840 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe
PRC - [2013-08-15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgui.exe
PRC - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgwdsvc.exe
PRC - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG2013\avgidsagent.exe
PRC - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-02-12 17:58:27 | 001,705,416 | ---- | M] (AIMP DevTeam) -- D:\Programy\AIMP3\AIMP3.exe
PRC - [2013-02-07 19:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- D:\Programy\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-12-03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2009-10-09 20:19:12 | 001,622,016 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2009-08-19 09:55:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-09-30 19:23:28 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013-09-18 21:35:50 | 003,279,768 | ---- | M] () -- D:\Programy\Mozilla Firefox\mozjs.dll
MOD - [2013-02-12 17:58:27 | 001,733,120 | ---- | M] () -- D:\Programy\AIMP3\Modules\aimp_libvorbis.dll
MOD - [2013-02-12 17:58:27 | 000,475,136 | ---- | M] () -- D:\Programy\AIMP3\sqlite3.dll
MOD - [2013-02-12 17:58:27 | 000,237,568 | ---- | M] () -- D:\Programy\AIMP3\Plugins\OptimFROG.dll
MOD - [2013-02-12 17:58:27 | 000,220,672 | ---- | M] () -- D:\Programy\AIMP3\Modules\MACDll.dll
MOD - [2013-02-12 17:58:27 | 000,155,648 | ---- | M] () -- D:\Programy\AIMP3\Modules\libFLAC.dll
MOD - [2013-02-12 17:58:27 | 000,131,016 | ---- | M] () -- D:\Programy\AIMP3\Plugins\PandemicAnalogMeter.dll
MOD - [2013-02-12 17:58:27 | 000,058,824 | ---- | M] () -- D:\Programy\AIMP3\Plugins\aimp_lastfm.dll
MOD - [2013-02-12 17:58:27 | 000,026,624 | ---- | M] () -- D:\Programy\AIMP3\Plugins\Aorta.svp
MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009-10-06 09:35:32 | 000,901,120 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-02-07 19:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- D:\Programy\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013-02-04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-12-03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-09-20 14:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programy\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012-01-30 22:56:34 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-08-19 09:55:28 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009-08-19 09:55:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013-09-05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2013-07-20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:[b]64bit:[/b] - [2013-07-20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2013-07-20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2013-07-20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2013-07-01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2013-03-21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2013-03-19 18:17:54 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:[b]64bit:[/b] - [2013-03-19 18:17:54 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:[b]64bit:[/b] - [2013-02-12 17:34:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2013-01-27 15:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012-08-23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012-07-03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-12-01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:[b]64bit:[/b] - [2011-12-01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 03:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2010-08-12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:[b]64bit:[/b] - [2010-02-25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2009-09-15 12:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-07-29 05:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2012-01-21 16:38:29 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://www.delta-search.com/?q="]http://www.delta-search.com/?q=[/url]{searchTerms}&affID=119816&babsrc=SP_ss&mntrId=1018af8c00000000000000241da4ea74
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl/firefox"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Programy\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: D:\Programy\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Programy\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programy\Adobe Reader X\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Windows\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: D:\Programy\Mozilla Firefox\components [2013-09-18 21:35:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2013-09-18 21:35:44 | 000,000,000 | ---D | M]

[2012-04-10 11:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions
[2013-09-26 21:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\ypbnexiu.default\extensions
[2013-01-27 22:31:37 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\translator@zoli.bod.xpi
[2013-09-14 23:49:43 | 000,316,800 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013-07-31 21:43:10 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-02-12 17:35:51 | 000,001,294 | ---- | M] () -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\searchplugins\delta.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [BCSSync] D:\Programy\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] D:\Programy\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [360Amigo] D:\Programy\360Amigo\360Amigo.exe (360Amigo)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [AdobeUpdate] C:\Users\Windows\AppData\Roaming\Adobe64x\invis.vbs ()
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [AVG-Secure-Search-Update_0913b] C:\Users\Windows\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 870237606faf47d09ec1d16d5b400387-76e62802911e242017087025e91af1f89fdfeecd --CMPID 0913b File not found
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [ej-technologies] C:\Users\Windows\AppData\Roaming\18AF8C\18AF8C.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab"]http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab[/url] (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab"]http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab[/url] (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab"]http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab[/url] (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1B85D3-3C4B-44AD-AE06-DFD20B981DAD}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3abd42a5-fd9d-11e1-a1bc-a89d472b46d9}\Shell - "" = AutoRun
O33 - MountPoints2\{3abd42a5-fd9d-11e1-a1bc-a89d472b46d9}\Shell\AutoRun\command - "" = G:\RunGame.exe
O33 - MountPoints2\{630560cf-90a0-11e2-b595-c26708e558b1}\Shell - "" = AutoRun
O33 - MountPoints2\{630560cf-90a0-11e2-b595-c26708e558b1}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{dd9348c9-3199-11e1-9a10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9348c9-3199-11e1-9a10-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-09-30 19:30:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2013-09-30 16:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013-09-30 16:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013-09-30 16:18:17 | 000,000,000 | -HSD | C] -- C:\Users\Windows\lbsan
[2013-09-27 13:41:17 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Adobe64x
[2013-09-21 19:07:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013-09-13 12:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013-09-12 17:11:01 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2013-09-12 14:14:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-09-12 14:14:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-09-12 14:14:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-09-12 14:14:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-09-12 14:14:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-09-12 14:14:55 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-09-12 14:14:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-09-12 14:14:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-09-12 14:14:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-09-12 14:14:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-09-12 14:14:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-09-12 14:14:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-09-12 14:14:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-09-12 14:14:52 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-09-12 14:14:51 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-09-11 15:05:00 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013-09-11 15:04:57 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-09-11 15:04:57 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-09-11 15:04:56 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-09-11 15:04:56 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-09-11 15:04:55 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013-09-11 15:04:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013-09-11 15:04:55 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-09-11 15:04:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013-09-11 15:04:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013-09-11 15:04:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-09-11 15:04:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013-09-11 15:04:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013-09-11 15:04:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013-09-11 15:04:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-09-11 15:04:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013-09-11 15:04:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 15:04:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 15:04:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 15:04:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 15:04:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-09-11 15:04:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 15:04:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-09-11 15:04:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-09-11 15:04:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013-09-11 15:04:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013-09-11 15:04:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 15:04:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 15:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 15:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 15:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 15:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013-09-11 15:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013-09-11 15:04:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-09-11 15:04:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013-09-05 01:43:42 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-09-30 19:30:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2013-09-30 19:28:58 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-09-30 19:28:58 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-09-30 19:23:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-09-30 19:23:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-09-30 19:21:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-09-30 17:26:14 | 001,662,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-09-30 17:26:14 | 000,737,730 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-09-30 17:26:14 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-09-30 17:26:14 | 000,154,418 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-09-30 17:26:14 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-09-27 16:48:35 | 008,932,235 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Bobo & Irene Cara-Who a feeling (Bodybangers Mix).mp3
[2013-09-27 16:44:53 | 008,226,444 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark ft. B-Case & U-Jean-House Party.mp3
[2013-09-25 12:36:34 | 009,334,132 | ---- | M] () -- C:\Users\Windows\Desktop\Ellie Goulding-Burn.mp3
[2013-09-25 12:19:38 | 004,935,723 | ---- | M] () -- C:\Users\Windows\Desktop\Kase & Wrethov-Break Down.mp3
[2013-09-21 13:18:07 | 008,746,038 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Assad ft. Alain Ramanisum & Willy William-Li Tourner.mp3
[2013-09-19 15:10:34 | 002,761,856 | ---- | M] () -- C:\Users\Windows\Desktop\Solidshark-Move Ya.mp3
[2013-09-19 14:59:20 | 007,700,916 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Bobo ft. Mike Candys-Take Control.mp3
[2013-09-12 16:35:00 | 000,417,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-09-05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-09-27 16:47:57 | 008,932,235 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Bobo & Irene Cara-Who a feeling (Bodybangers Mix).mp3
[2013-09-27 16:44:46 | 008,226,444 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark ft. B-Case & U-Jean-House Party.mp3
[2013-09-25 12:36:03 | 009,334,132 | ---- | C] () -- C:\Users\Windows\Desktop\Ellie Goulding-Burn.mp3
[2013-09-25 12:19:24 | 004,935,723 | ---- | C] () -- C:\Users\Windows\Desktop\Kase & Wrethov-Break Down.mp3
[2013-09-21 13:18:02 | 008,746,038 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Assad ft. Alain Ramanisum & Willy William-Li Tourner.mp3
[2013-09-19 15:10:34 | 002,761,856 | ---- | C] () -- C:\Users\Windows\Desktop\Solidshark-Move Ya.mp3
[2013-09-19 14:59:11 | 007,700,916 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Bobo ft. Mike Candys-Take Control.mp3
[2013-08-19 16:25:30 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2013-01-24 17:05:50 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-01-24 17:05:45 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-01-22 19:51:11 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012-11-23 17:31:30 | 000,007,597 | ---- | C] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2012-11-16 22:35:04 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012-08-14 16:04:18 | 000,000,391 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\burnaware.ini
[2012-07-27 11:13:54 | 000,001,758 | ---- | C] () -- C:\Users\Windows\AppData\Local\recently-used.xbel
[2012-07-01 11:51:01 | 000,000,001 | ---- | C] () -- C:\Users\Windows\AppData\Local\llftool.4.12.agreement
[2012-01-30 22:56:59 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012-01-29 20:10:49 | 000,001,749 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012-01-29 12:13:12 | 000,059,904 | ---- | C] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-29 14:04:08 | 001,637,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-28 23:35:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013-09-30 16:19:02 | 000,005,632 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013-09-30 16:19:02 | 000,007,168 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012-12-09 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-12-09 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012-12-09 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software
[2013-02-12 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\.Torrent Stream
[2013-09-30 16:18:39 | 000,000,000 | -HSD | M] -- C:\Users\Windows\AppData\Roaming\18AF8C
[2013-09-30 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AIMP3
[2012-02-07 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AnvSoft
[2012-12-26 20:47:55 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AVG2013
[2013-09-30 16:24:11 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Azureus
[2012-05-14 20:36:44 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Canneverbe Limited
[2012-01-14 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ChomikBox
[2012-02-11 11:53:16 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DAEMON Tools Lite
[2012-11-03 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DMCache
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DVDVideoSoft
[2013-01-09 19:20:00 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\FreemakeVideoDownloader
[2011-12-29 18:57:22 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Gadu-Gadu 10
[2013-09-28 13:35:08 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\GG
[2012-05-06 16:49:01 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\gtk-2.0
[2012-01-05 21:00:07 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IObit
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ipla
[2012-12-28 21:21:03 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IrfanView
[2013-02-07 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Leadertech
[2013-02-17 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Need for Speed World
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Nokia
[2013-02-12 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Notepad++
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Orbit
[2013-09-19 18:30:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Origin
[2012-09-28 19:20:19 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\PC Suite
[2013-01-03 19:16:24 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ProgSense
[2012-02-11 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Samsung
[2012-01-04 18:06:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Software Informer
[2012-11-28 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\TuneUp Software
[2012-12-25 20:27:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Ubisoft
[2012-08-31 19:00:14 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Unity
[2012-03-14 21:20:13 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\wargaming.net

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

[/spoiler]

Extras:
[spoiler]OTL Extras logfile created on: 2013-09-30 19:31:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,96% Memory free
4,00 Gb Paging File | 2,52 Gb Available in Paging File | 63,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 2,31 Gb Free Space | 6,63% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 32,59 Gb Free Space | 82,36% Space Free | Partition Type: NTFS

Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0015-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0016-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0018-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-0019-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001B-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-1000-0000000FF1CE}_Office14.PROPLUS_{329A3D98-9583-4B84-B18B-498E7AB65C43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-002C-0415-1000-0000000FF1CE}_Office14.PROPLUS_{BFEB53FA-3044-47FD-BB50-9DCBBEED79EF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010
"{90140000-0043-0415-1000-0000000FF1CE}_Office14.PROPLUS_{FF5F6090-64DF-4BF6-BADD-71A64FDA70D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-0044-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-006E-0415-1000-0000000FF1CE}_Office14.PROPLUS_{3A96ABFF-5202-47B1-B5A2-DDE76563AF61}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00A1-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90140000-00BA-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAD6E537-3EFC-4ECB-825D-C17094DB5076}" = HP Deskjet 2050 J510 series Podstawowe oprogramowanie urządzenia
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC20D4CC-C409-42A9-A783-B3ACBD5ABE91}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2013
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.66.1
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Pomoc
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Polish
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"360Amigo" = 360Amigo System Speedup Free
"3643efd4" = Contextual Tool Extrafind
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMP3" = AIMP3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps
"Freemake Youtube Mp3 Converter_is1" = Freemake Youtube Mp3 Converter
"IrfanView" = IrfanView (remove only)
"LiveVDO" = LiveVDO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Mozilla Firefox 24.0 (x86 pl)" = Mozilla Firefox 24.0 (x86 pl)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"SopCast" = SopCast 3.5.0
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GG" = GG
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2013-09-25 08:53:56 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2013-09-25 09:37:37 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2013-09-26 05:56:24 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2013-09-27 07:12:42 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2013-09-27 07:56:36 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Error - 2013-09-27 08:04:28 | Computer Name = Win-Komputer | Source = Application
Error | ID = 1000

Error - 2013-09-28 12:28:45 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2013-09-28 13:31:41 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2013-09-29 07:24:47 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2013-09-29 08:18:30 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2013-09-30 10:17:25 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000

Error encountered while reading event logs.

< End of report >

[/spoiler]

Gmer:
[spoiler]GMER 2.1.19163 - [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2013-09-30 20:04:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BB-00DKA0 rev.77.07W77 74,53GB
Running: gmer.exe; Driver: C:\Users\Windows\AppData\Local\Temp\uxrirpow.sys


---- User code sections - GMER 2.1 ----

.text D:\Programy\AVG2013\avgwdsvc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text D:\Programy\AVG2013\avgwdsvc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
.text D:\Programy\AVG2013\avgui.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text D:\Programy\AVG2013\avgui.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [1124:1392] 000007fefa1a331c
Thread C:\Windows\System32\svchost.exe [1124:1596] 000007fef9d059a0
Thread C:\Windows\System32\svchost.exe [1124:1976] 000007fef3ee20c0
Thread C:\Windows\System32\svchost.exe [1124:1240] 000007fef3ee26a8
Thread C:\Windows\System32\svchost.exe [1124:2140] 000007fef3ee29dc
Thread C:\Windows\System32\svchost.exe [1124:3304] 000007fef4cd44e0
Thread C:\Windows\system32\svchost.exe [1304:1508] 000007fefa4f8274
Thread C:\Windows\system32\svchost.exe [1304:1360] 000007fefa4f8274
Thread C:\Windows\System32\spoolsv.exe [1656:1340] 000007fef83b10c8
Thread C:\Windows\System32\spoolsv.exe [1656:1876] 000007fef8376144
Thread C:\Windows\System32\spoolsv.exe [1656:1880] 000007fef8165fd0
Thread C:\Windows\System32\spoolsv.exe [1656:2028] 000007fef8123438
Thread C:\Windows\System32\spoolsv.exe [1656:1388] 000007fef81663ec
Thread C:\Windows\System32\spoolsv.exe [1656:2060] 000007fef84a5e5c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3512:3484] 000007fefaf52a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3512:2204] 000007feee82d618

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\
Reg HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764 800
Reg HKLM\SYSTEM\ControlSet002\services\ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\@Parameters\0\x202e\x2764 800

---- EOF - GMER 2.1 ----

[/spoiler]


sprawdzi ktoś ?

piotrk2683
komentarz
komentarz

co do errora przy włączaniu kompa,

 

jeśli Vista lub nowszy:

1)klikaj na F8 w czasie uruchamiania kompa i wybierz opcję napraw,

2)w wierszu poleceń uruchomionym jako administrator wpisz:

a)chdksk /R

b)sfc /scannow

3)spróbuj zrobić przywracanie systemu z dnia kiedy komp jeszcze dobrze chodził,

Natsuki Kuga
komentarz
komentarz

Przy włączaniu komputera także pojawia się komunikat, że brakuje jakiegoś pliku.

 

Jaki komunikat? Pokaż screena.

 

1. Do OTL wklej:


:OTL
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=1018af8c00000000000000241da4ea74
[2013-02-12 17:35:51 | 000,001,294 | ---- | M] () -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\searchplugins\delta.xml
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [AdobeUpdate] C:\Users\Windows\AppData\Roaming\Adobe64x\invis.vbs ()
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [AVG-Secure-Search-Update_0913b] C:\Users\Windows\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 870237606faf47d09ec1d16d5b400387-76e62802911e242017087025e91af1f89fdfeecd --CMPID 0913b File not found
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [ej-technologies] C:\Users\Windows\AppData\Roaming\18AF8C\18AF8C.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [Google Update] Reg Error: Value error. File not found

:Files
C:\Users\Windows\AppData\Roaming\Adobe64x
C:\Users\Windows\AppData\Roaming\18AF8C
C:\Users\Windows\lbsan\*.*

Kliknij Wykonaj skrypt, pokaż raport.

2. Z raportów wynika również, że posiadasz rootkita ZeroAccess. Potrzebne będą mi dokładniejsze skany. Dostarcz mi logi z:

maryjanek
komentarz
komentarz (edytowane)

OTL (10052013_110606):

[spoiler]========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\searchplugins\delta.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdate deleted successfully.
C:\Users\Windows\AppData\Roaming\Adobe64x\invis.vbs moved successfully.
Registry value HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913b deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ej-technologies deleted successfully.
C:\Users\Windows\AppData\Roaming\18AF8C\18AF8C.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
========== FILES ==========
C:\Users\Windows\AppData\Roaming\Adobe64x folder moved successfully.
C:\Users\Windows\AppData\Roaming\18AF8C folder moved successfully.
C:\Users\Windows\lbsan\10555.yuv moved successfully.
C:\Users\Windows\lbsan\10714.heq moved successfully.
C:\Users\Windows\lbsan\1126436.ITP moved successfully.
C:\Users\Windows\lbsan\11746.szl moved successfully.
C:\Users\Windows\lbsan\1328.cez moved successfully.
C:\Users\Windows\lbsan\13781.wgi moved successfully.
C:\Users\Windows\lbsan\14557.mtg moved successfully.
C:\Users\Windows\lbsan\1550.knw moved successfully.
C:\Users\Windows\lbsan\15691.smf moved successfully.
C:\Users\Windows\lbsan\16192.vqq moved successfully.
C:\Users\Windows\lbsan\16441.qgb moved successfully.
C:\Users\Windows\lbsan\16445.thw moved successfully.
C:\Users\Windows\lbsan\16529.qom moved successfully.
C:\Users\Windows\lbsan\16909.evu moved successfully.
C:\Users\Windows\lbsan\18040.cao moved successfully.
C:\Users\Windows\lbsan\18256.oya moved successfully.
C:\Users\Windows\lbsan\1851977.vbs moved successfully.
C:\Users\Windows\lbsan\2016.sng moved successfully.
C:\Users\Windows\lbsan\21238.qpy moved successfully.
C:\Users\Windows\lbsan\22155.qhb moved successfully.
C:\Users\Windows\lbsan\23580.mfe moved successfully.
C:\Users\Windows\lbsan\23588.rqk moved successfully.
C:\Users\Windows\lbsan\23617.whf moved successfully.
C:\Users\Windows\lbsan\23730.mly moved successfully.
C:\Users\Windows\lbsan\23774.qel moved successfully.
C:\Users\Windows\lbsan\24023.lme moved successfully.
C:\Users\Windows\lbsan\24311.pld moved successfully.
C:\Users\Windows\lbsan\24324.qaz moved successfully.
C:\Users\Windows\lbsan\24634.fzz moved successfully.
C:\Users\Windows\lbsan\24917.hpj moved successfully.
C:\Users\Windows\lbsan\25072.szh moved successfully.
C:\Users\Windows\lbsan\25212.ude moved successfully.
C:\Users\Windows\lbsan\2544.gzd moved successfully.
C:\Users\Windows\lbsan\25481.owl moved successfully.
C:\Users\Windows\lbsan\26156.fin moved successfully.
C:\Users\Windows\lbsan\26377.yar moved successfully.
C:\Users\Windows\lbsan\26448.tvi moved successfully.
C:\Users\Windows\lbsan\27043.pql moved successfully.
C:\Users\Windows\lbsan\28390.gds moved successfully.
C:\Users\Windows\lbsan\28810.gvv moved successfully.
C:\Users\Windows\lbsan\29673.pzk moved successfully.
C:\Users\Windows\lbsan\30007.zzj moved successfully.
C:\Users\Windows\lbsan\30462.xtt moved successfully.
C:\Users\Windows\lbsan\30604.tzc moved successfully.
C:\Users\Windows\lbsan\31556.nqg moved successfully.
C:\Users\Windows\lbsan\32332.fhi moved successfully.
C:\Users\Windows\lbsan\32621.inr moved successfully.
C:\Users\Windows\lbsan\32937.fss moved successfully.
C:\Users\Windows\lbsan\33438.dap moved successfully.
C:\Users\Windows\lbsan\33547.iki moved successfully.
C:\Users\Windows\lbsan\34146.mzw moved successfully.
C:\Users\Windows\lbsan\3421.ylw moved successfully.
C:\Users\Windows\lbsan\34380.tws moved successfully.
C:\Users\Windows\lbsan\35012.gtu moved successfully.
C:\Users\Windows\lbsan\35991.taq moved successfully.
C:\Users\Windows\lbsan\3627.qxi moved successfully.
C:\Users\Windows\lbsan\37506.wob moved successfully.
C:\Users\Windows\lbsan\37786.gnq moved successfully.
C:\Users\Windows\lbsan\38224.rmk moved successfully.
C:\Users\Windows\lbsan\38360.ykp moved successfully.
C:\Users\Windows\lbsan\40235.tpf moved successfully.
C:\Users\Windows\lbsan\40360.drc moved successfully.
C:\Users\Windows\lbsan\42602.vje moved successfully.
C:\Users\Windows\lbsan\42787.fek moved successfully.
C:\Users\Windows\lbsan\43880.svh moved successfully.
C:\Users\Windows\lbsan\44262.msy moved successfully.
C:\Users\Windows\lbsan\45523.fhl moved successfully.
C:\Users\Windows\lbsan\46033.xgq moved successfully.
C:\Users\Windows\lbsan\46184.lvl moved successfully.
C:\Users\Windows\lbsan\46366.xsb moved successfully.
C:\Users\Windows\lbsan\46789.AJT moved successfully.
C:\Users\Windows\lbsan\46801.exf moved successfully.
C:\Users\Windows\lbsan\46958.qkt moved successfully.
C:\Users\Windows\lbsan\47196.mlb moved successfully.
C:\Users\Windows\lbsan\47335.pnx moved successfully.
C:\Users\Windows\lbsan\47588.wqy moved successfully.
C:\Users\Windows\lbsan\4851.pud moved successfully.
C:\Users\Windows\lbsan\49207.ioj moved successfully.
C:\Users\Windows\lbsan\49682.tnu moved successfully.
C:\Users\Windows\lbsan\49901.tfd moved successfully.
C:\Users\Windows\lbsan\49947.wbx moved successfully.
C:\Users\Windows\lbsan\51904.vcp moved successfully.
C:\Users\Windows\lbsan\52338.avo moved successfully.
C:\Users\Windows\lbsan\52821.ouc moved successfully.
C:\Users\Windows\lbsan\53560.wzs moved successfully.
C:\Users\Windows\lbsan\54833.ezx moved successfully.
C:\Users\Windows\lbsan\54858.bbt moved successfully.
C:\Users\Windows\lbsan\55299.aqm moved successfully.
C:\Users\Windows\lbsan\5551.aop moved successfully.
C:\Users\Windows\lbsan\55882.zrd moved successfully.
C:\Users\Windows\lbsan\57199.edz moved successfully.
C:\Users\Windows\lbsan\57423.rrz moved successfully.
C:\Users\Windows\lbsan\57658.ozt moved successfully.
C:\Users\Windows\lbsan\59600.qzz moved successfully.
C:\Users\Windows\lbsan\60648.ktl moved successfully.
C:\Users\Windows\lbsan\61166.ido moved successfully.
C:\Users\Windows\lbsan\62310.vtp moved successfully.
C:\Users\Windows\lbsan\62346.kid moved successfully.
C:\Users\Windows\lbsan\6261.pmo moved successfully.
C:\Users\Windows\lbsan\62620.prj moved successfully.
C:\Users\Windows\lbsan\62909.ily moved successfully.
C:\Users\Windows\lbsan\63439.ogd moved successfully.
C:\Users\Windows\lbsan\63887.bbo moved successfully.
C:\Users\Windows\lbsan\63972.kwa moved successfully.
C:\Users\Windows\lbsan\64141.vmf moved successfully.
C:\Users\Windows\lbsan\65066.ekn moved successfully.
C:\Users\Windows\lbsan\65794.zxg moved successfully.
C:\Users\Windows\lbsan\66266.ygk moved successfully.
C:\Users\Windows\lbsan\6654.NRY moved successfully.
C:\Users\Windows\lbsan\66928.fiw moved successfully.
C:\Users\Windows\lbsan\66962.kvj moved successfully.
C:\Users\Windows\lbsan\66982.eza moved successfully.
C:\Users\Windows\lbsan\67407.jki moved successfully.
C:\Users\Windows\lbsan\68438.tmy moved successfully.
C:\Users\Windows\lbsan\70030.lfz moved successfully.
C:\Users\Windows\lbsan\70206.yvz moved successfully.
C:\Users\Windows\lbsan\70448.rqd moved successfully.
C:\Users\Windows\lbsan\71423.rsf moved successfully.
C:\Users\Windows\lbsan\71818.oaf moved successfully.
C:\Users\Windows\lbsan\74095.cpk moved successfully.
C:\Users\Windows\lbsan\74097.ois moved successfully.
C:\Users\Windows\lbsan\74546.iuq moved successfully.
C:\Users\Windows\lbsan\74815.txc moved successfully.
C:\Users\Windows\lbsan\74846.kgt moved successfully.
C:\Users\Windows\lbsan\75632.qei moved successfully.
C:\Users\Windows\lbsan\75770.rdu moved successfully.
C:\Users\Windows\lbsan\76089.cbb moved successfully.
C:\Users\Windows\lbsan\78822.cnd moved successfully.
C:\Users\Windows\lbsan\7971.oti moved successfully.
C:\Users\Windows\lbsan\81404.hfn moved successfully.
C:\Users\Windows\lbsan\81855.ztf moved successfully.
C:\Users\Windows\lbsan\82483.auj moved successfully.
C:\Users\Windows\lbsan\83144.als moved successfully.
C:\Users\Windows\lbsan\8334.ilw moved successfully.
C:\Users\Windows\lbsan\8338.fye moved successfully.
C:\Users\Windows\lbsan\84580.nsv moved successfully.
C:\Users\Windows\lbsan\84721.ope moved successfully.
C:\Users\Windows\lbsan\85680.tro moved successfully.
C:\Users\Windows\lbsan\85958.vej moved successfully.
C:\Users\Windows\lbsan\86625.btg moved successfully.
C:\Users\Windows\lbsan\86930.cct moved successfully.
C:\Users\Windows\lbsan\87494.sst moved successfully.
C:\Users\Windows\lbsan\87849.afj moved successfully.
C:\Users\Windows\lbsan\89230.kjt moved successfully.
C:\Users\Windows\lbsan\8935.iqy moved successfully.
C:\Users\Windows\lbsan\8942.yym moved successfully.
C:\Users\Windows\lbsan\89918.raw moved successfully.
C:\Users\Windows\lbsan\9011.kvk moved successfully.
C:\Users\Windows\lbsan\90132.imv moved successfully.
C:\Users\Windows\lbsan\90355.ckg moved successfully.
C:\Users\Windows\lbsan\90368.nvz moved successfully.
C:\Users\Windows\lbsan\90531.ugo moved successfully.
C:\Users\Windows\lbsan\9061.euy moved successfully.
C:\Users\Windows\lbsan\90953.gml moved successfully.
C:\Users\Windows\lbsan\91648.jgn moved successfully.
C:\Users\Windows\lbsan\92487.xuk moved successfully.
C:\Users\Windows\lbsan\93506.gdj moved successfully.
C:\Users\Windows\lbsan\9381.agj moved successfully.
C:\Users\Windows\lbsan\93976.nua moved successfully.
C:\Users\Windows\lbsan\94134.oiq moved successfully.
C:\Users\Windows\lbsan\94189.jzu moved successfully.
C:\Users\Windows\lbsan\95909.aad moved successfully.
C:\Users\Windows\lbsan\96690.akt moved successfully.
C:\Users\Windows\lbsan\96696.kmz moved successfully.
C:\Users\Windows\lbsan\96724.vvp moved successfully.
C:\Users\Windows\lbsan\97150.slt moved successfully.
C:\Users\Windows\lbsan\97181.qyw moved successfully.
C:\Users\Windows\lbsan\97299.srf moved successfully.
C:\Users\Windows\lbsan\97391.jrt moved successfully.
C:\Users\Windows\lbsan\97641.bmi moved successfully.
C:\Users\Windows\lbsan\97720.kxw moved successfully.
C:\Users\Windows\lbsan\97870.twx moved successfully.
C:\Users\Windows\lbsan\98165.ila moved successfully.
C:\Users\Windows\lbsan\98882.uwg moved successfully.
C:\Users\Windows\lbsan\99486.sal moved successfully.
C:\Users\Windows\lbsan\99718.wsl moved successfully.
C:\Users\Windows\lbsan\ponl.exe moved successfully.
C:\Users\Windows\lbsan\start.cmd moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 10052013_110606

[/spoiler]

 

Gmer:

[spoiler]GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-05 11:29:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BB-00DKA0 rev.77.07W77 74,53GB
Running: gmer.exe; Driver: C:\Users\Windows\AppData\Local\Temp\uxrirpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000075281465 2 bytes [28, 75]
.text   C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000752814bb 2 bytes [28, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000075281465 2 bytes [28, 75]
.text   C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000752814bb 2 bytes [28, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075281465 2 bytes [28, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752814bb 2 bytes [28, 75]
.text   ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [1076:1256]                                                                                              000007fefa6cf2f4
Thread  C:\Windows\System32\svchost.exe [1076:1276]                                                                                              000007fefa606204
Thread  C:\Windows\System32\svchost.exe [1076:1484]                                                                                              000007fef93c5428
Thread  C:\Windows\System32\svchost.exe [1076:3588]                                                                                              000007fef9a52070
Thread  C:\Windows\System32\svchost.exe [1076:1412]                                                                                              000007fef93c3118
Thread  C:\Windows\system32\svchost.exe [1148:216]                                                                                               000007fef2850ea8
Thread  C:\Windows\system32\svchost.exe [1148:2964]                                                                                              000007fef2849db0
Thread  C:\Windows\system32\svchost.exe [1148:2992]                                                                                              000007fef2851c94
Thread  C:\Windows\system32\svchost.exe [1148:3320]                                                                                              000007fef2e738e4
Thread  C:\Windows\system32\svchost.exe [1148:3508]                                                                                              000007fef284aa10
Thread  C:\Windows\system32\svchost.exe [1148:3616]                                                                                              000007fef2e7ccc4
Thread  C:\Windows\system32\svchost.exe [1296:1480]                                                                                              000007fef9ed8274
Thread  C:\Windows\system32\svchost.exe [1296:1220]                                                                                              000007fef9ed8274
Thread  C:\Windows\System32\spoolsv.exe [1652:2260]                                                                                              000007fef71110c8
Thread  C:\Windows\System32\spoolsv.exe [1652:2308]                                                                                              000007fef70d6144
Thread  C:\Windows\System32\spoolsv.exe [1652:2312]                                                                                              000007fef6ec5fd0
Thread  C:\Windows\System32\spoolsv.exe [1652:2316]                                                                                              000007fef6eb3438
Thread  C:\Windows\System32\spoolsv.exe [1652:2320]                                                                                              000007fef6ec63ec
Thread  C:\Windows\System32\spoolsv.exe [1652:2328]                                                                                              000007fef7c45e5c
Thread  C:\Windows\System32\spoolsv.exe [1652:2332]                                                                                              000007fef7c75074
Thread  C:\Windows\System32\svchost.exe [1160:2244]                                                                                              000007fef2cd2888
Thread  C:\Windows\System32\svchost.exe [1160:2512]                                                                                              000007fef2b72940
Thread  C:\Windows\System32\svchost.exe [1160:2196]                                                                                              000007fef2cd2a40
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3564:1108]                                                                           000007fefa932a7c

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\                                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764                                                                         800
Reg     HKLM\SYSTEM\ControlSet002\services\ (not active ControlSet)                                                                              
Reg     HKLM\SYSTEM\ControlSet002\services\@Parameters\0\x202e\x2764                                                                             800

---- EOF - GMER 2.1 ----

[/spoiler]

 

FSS:

[spoiler]Farbar Service Scanner Version: 13-09-2013
Ran by Windows (administrator) on 05-10-2013 at 11:32:42
Running from "C:\Users\Windows\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****[/spoiler]

 

FRST:

[spoiler]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Windows (administrator) on WIN-KOMPUTER on 05-10-2013 11:33:15
Running from C:\Users\Windows\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Ellora Assets Corp.) D:\Programy\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes Corporation) D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) D:\Programy\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Programy\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6952480 2008-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-12-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BCSSync] - D:\Programy\Microsoft Office 2010\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKCU\...\Run: [360Amigo] - D:\Programy\360Amigo\360Amigo.exe [5156128 2013-02-12] (360Amigo)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {3abd42a5-fd9d-11e1-a1bc-a89d472b46d9} - G:\RunGame.exe
MountPoints2: {630560cf-90a0-11e2-b595-c26708e558b1} - F:\Startme.exe
MountPoints2: {dd9348c9-3199-11e1-9a10-806e6f6e6963} - E:\setup.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs:    [0 ] ()

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default
FF user.js: detected! => C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\user.js
FF Homepage: www.google.pl/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - D:\Programy\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - D:\Programy\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - D:\Programy\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - D:\Programy\Adobe Reader X\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Windows\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: translator - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
FF Extension: No Name - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - D:\Programy\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 FreemakeVideoCapture; D:\Programy\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-07] (Ellora Assets Corp.)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-01-30] ()
R2 MBAMScheduler; D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programy\Microsoft Office 2010\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a34cf040-c727-b1f8-d26f-80917e4659e8}\   \...\???\{a34cf040-c727-b1f8-d26f-80917e4659e8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-12] (DT Soft Ltd)
S3 gdrv; C:\Windows\gdrv.sys [23080 2012-01-21] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [23080 2012-01-21] (Windows (R) Server 2003 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ALSysIO; \??\C:\Users\Windows\AppData\Local\Temp\ALSysIO64.sys [x]
S3 NPF; system32\drivers\NPF.sys [x]
S3 NVENETFD; system32\DRIVERS\nvmfdx64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S0 PxHelp20; system32\DRIVERS\PxHelp20.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 uxrirpow; \??\C:\Users\Windows\AppData\Local\Temp\uxrirpow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-05 11:33 - 2013-10-05 11:33 - 00000000 ____D C:\FRST
2013-10-05 11:32 - 2013-10-05 11:32 - 00002875 _____ C:\Users\Windows\Desktop\FSS.txt
2013-10-05 11:30 - 2013-10-05 11:31 - 01954124 _____ (Farbar) C:\Users\Windows\Desktop\FRST64.exe
2013-10-05 11:30 - 2013-10-05 11:30 - 00358923 _____ (Farbar) C:\Users\Windows\Desktop\FSS.exe
2013-10-05 11:29 - 2013-10-05 11:29 - 00006461 _____ C:\Users\Windows\Desktop\Gmer.txt
2013-10-05 11:07 - 2013-10-05 11:06 - 00023278 _____ C:\Users\Windows\Desktop\10052013_110606.log
2013-10-05 11:06 - 2013-10-05 11:06 - 00000000 ____D C:\_OTL
2013-10-03 14:48 - 2013-10-03 14:48 - 00000000 ____D C:\Users\Windows\AppData\Roaming\AVG2014
2013-10-03 14:45 - 2013-10-03 14:45 - 00000995 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-03 14:44 - 2013-10-03 14:47 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-03 14:44 - 2013-10-03 14:44 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-03 14:22 - 2013-10-03 14:48 - 00000000 ____D C:\Users\Windows\AppData\Local\Avg2014
2013-09-30 19:46 - 2013-04-04 09:55 - 00377856 _____ C:\Users\Windows\Desktop\gmer.exe
2013-09-30 19:30 - 2013-09-30 19:30 - 00602112 _____ (OldTimer Tools) C:\Users\Windows\Desktop\OTL.exe
2013-09-30 16:27 - 2013-09-30 17:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-30 16:18 - 2013-10-05 11:06 - 00000000 __SHD C:\Users\Windows\lbsan
2013-09-30 16:18 - 2013-09-30 16:18 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-30 16:05 - 2013-10-05 11:04 - 00000174 _____ C:\Users\Windows\Desktop\assas.txt
2013-09-21 19:07 - 2013-09-21 19:07 - 00000000 ____D C:\Windows\Sun
2013-09-12 17:11 - 2013-09-12 17:11 - 00000000 ____D C:\Windows\rescache
2013-09-12 14:14 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 14:14 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 14:14 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 14:14 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 14:14 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 14:14 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 14:14 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 14:14 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 14:14 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 14:14 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 14:14 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 14:14 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 15:05 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 15:04 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 15:04 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 15:04 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 15:04 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 15:04 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 15:04 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 15:04 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 15:04 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 15:04 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 15:04 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 15:04 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 15:04 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 15:04 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 15:04 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 15:04 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 15:04 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 15:04 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 15:04 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 15:04 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 15:04 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 15:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:04 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 15:04 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 15:04 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 15:04 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 14:47 - 2013-10-03 14:52 - 00008240 _____ C:\Windows\PFRO.log
2013-09-08 22:11 - 2013-09-08 22:11 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2013-10-05 11:33 - 2013-10-05 11:33 - 00000000 ____D C:\FRST
2013-10-05 11:32 - 2013-10-05 11:32 - 00002875 _____ C:\Users\Windows\Desktop\FSS.txt
2013-10-05 11:31 - 2013-10-05 11:30 - 01954124 _____ (Farbar) C:\Users\Windows\Desktop\FRST64.exe
2013-10-05 11:30 - 2013-10-05 11:30 - 00358923 _____ (Farbar) C:\Users\Windows\Desktop\FSS.exe
2013-10-05 11:29 - 2013-10-05 11:29 - 00006461 _____ C:\Users\Windows\Desktop\Gmer.txt
2013-10-05 11:21 - 2011-12-28 23:46 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2FAC6E8-D6C9-4122-A3A0-500676F0CA09}
2013-10-05 11:06 - 2013-10-05 11:07 - 00023278 _____ C:\Users\Windows\Desktop\10052013_110606.log
2013-10-05 11:06 - 2013-10-05 11:06 - 00000000 ____D C:\_OTL
2013-10-05 11:06 - 2013-09-30 16:18 - 00000000 __SHD C:\Users\Windows\lbsan
2013-10-05 11:05 - 2009-07-14 06:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 11:05 - 2009-07-14 06:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 11:04 - 2013-09-30 16:05 - 00000174 _____ C:\Users\Windows\Desktop\assas.txt
2013-10-05 11:03 - 2012-11-28 21:46 - 00000000 ____D C:\ProgramData\MFAData
2013-10-05 10:59 - 2013-07-20 10:49 - 01155072 ___SH C:\Users\Windows\Desktop\Thumbs.db
2013-10-05 10:57 - 2013-08-20 10:11 - 00003808 _____ C:\Windows\setupact.log
2013-10-05 10:57 - 2011-12-29 12:39 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-05 10:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 21:52 - 2013-02-12 17:42 - 00000000 ____D C:\Users\Windows\AppData\Roaming\GG
2013-10-04 19:24 - 2012-01-02 17:14 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Azureus
2013-10-04 14:59 - 2013-02-12 17:58 - 00000000 ____D C:\Users\Windows\AppData\Roaming\AIMP3
2013-10-03 14:52 - 2013-09-11 14:47 - 00008240 _____ C:\Windows\PFRO.log
2013-10-03 14:48 - 2013-10-03 14:48 - 00000000 ____D C:\Users\Windows\AppData\Roaming\AVG2014
2013-10-03 14:48 - 2013-10-03 14:22 - 00000000 ____D C:\Users\Windows\AppData\Local\Avg2014
2013-10-03 14:48 - 2012-12-26 20:46 - 00000000 ___HD C:\$AVG
2013-10-03 14:47 - 2013-10-03 14:44 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-03 14:47 - 2012-12-26 20:46 - 00000000 ____D C:\ProgramData\AVG2013
2013-10-03 14:45 - 2013-10-03 14:45 - 00000995 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-03 14:44 - 2013-10-03 14:44 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-30 19:30 - 2013-09-30 19:30 - 00602112 _____ (OldTimer Tools) C:\Users\Windows\Desktop\OTL.exe
2013-09-30 19:23 - 2012-08-25 11:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-30 19:23 - 2011-12-28 23:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-30 17:26 - 2009-07-14 19:55 - 00737730 _____ C:\Windows\system32\perfh015.dat
2013-09-30 17:26 - 2009-07-14 19:55 - 00154418 _____ C:\Windows\system32\perfc015.dat
2013-09-30 17:26 - 2009-07-14 07:13 - 01662192 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 17:23 - 2011-12-28 23:32 - 00000000 ___RD C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-30 17:21 - 2013-09-30 16:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-30 16:19 - 2011-12-28 23:24 - 01843651 _____ C:\Windows\WindowsUpdate.log
2013-09-30 16:18 - 2013-09-30 16:18 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-30 16:18 - 2011-12-28 23:48 - 00000000 ____D C:\Users\Windows\AppData\Local\Google
2013-09-30 16:18 - 2011-12-28 23:30 - 00000000 ____D C:\Users\Windows
2013-09-21 19:07 - 2013-09-21 19:07 - 00000000 ____D C:\Windows\Sun
2013-09-21 18:40 - 2012-09-14 13:48 - 00000000 ____D C:\ProgramData\Origin
2013-09-19 18:30 - 2012-09-14 13:52 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Origin
2013-09-19 14:22 - 2012-01-04 21:39 - 00000000 ____D C:\Users\Windows\AppData\Local\Mozilla
2013-09-12 17:11 - 2013-09-12 17:11 - 00000000 ____D C:\Windows\rescache
2013-09-12 16:36 - 2011-12-28 23:32 - 00000000 ___RD C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 16:35 - 2009-07-14 06:45 - 00417696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 14:17 - 2012-01-05 16:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 14:14 - 2013-07-12 12:06 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 14:10 - 2011-12-31 13:17 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 17:10 - 2013-08-25 22:18 - 00018934 _____ C:\Windows\DirectX.log
2013-09-08 22:11 - 2013-09-08 22:11 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-06 14:36 - 2013-02-12 17:42 - 00000000 ____D C:\Users\Windows\AppData\Local\GG

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\Windows\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Windows\AppData\Local\Temp\18045.exe
C:\Users\Windows\AppData\Local\Temp\31406.exe
C:\Users\Windows\AppData\Local\Temp\412.exe
C:\Users\Windows\AppData\Local\Temp\49050.exe
C:\Users\Windows\AppData\Local\Temp\49660.exe
C:\Users\Windows\AppData\Local\Temp\96459.exe
C:\Users\Windows\AppData\Local\Temp\ggdrive-menu.exe
C:\Users\Windows\AppData\Local\Temp\ggdrive-overlay.exe
C:\Users\Windows\AppData\Local\Temp\i4jdel0.exe
C:\Users\Windows\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Windows\AppData\Local\Temp\installstats.exe
C:\Users\Windows\AppData\Local\Temp\NEwBSDynDNS.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-10-01 16:59

==================== End Of Log ============================[/spoiler]

 

FRST (Addition):

[spoiler]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Windows at 2013-10-05 11:33:57
Running from C:\Users\Windows\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

360Amigo System Speedup Free (x32 Version: 1.2.1.8000)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.8) - Polish (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
AIMP3 (x32 Version: v3.20.1165, 21.12.2012)
Aktualizacje NVIDIA 1.11.3 (Version: 1.11.3)
AVG 2014 (Version: 14.0.3604)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 2014.0.4142)
CDBurnerXP (Version: 4.5.0.3717)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Contextual Tool Extrafind (x32)
CPUID CPU-Z 1.66.1
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DiRT 3 (x32 Version: 1.0.0000.130)
Fraps (x32)
Freemake Youtube Mp3 Converter (x32 Version: 3.5.0)
GG (HKCU Version: 11)
HP Deskjet 2050 J510 series Podstawowe oprogramowanie urządzenia (Version: 22.0.334.0)
HP Deskjet 2050 J510 series Pomoc (x32 Version: 140.0.61.61)
IrfanView (remove only) (x32 Version: 4.35)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
K-Lite Codec Pack 5.5.0 (64-bit) (Version: 5.5.0)
LiveVDO (x32 Version: 1.3)
Malwarebytes Anti-Malware wersja 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Polish) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 pl) (x32 Version: 24.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Oprogramowanie systemu PhysX 9.12.1031 (Version: 9.12.1031)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Sterownik 3D Vision 311.06 (Version: 311.06)
NVIDIA Sterownik dźwięku HD 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Sterownik graficzny 311.06 (Version: 311.06)
NVIDIA Sterownik kontrolera 3D Vision 310.70 (Version: 310.70)
NVIDIA Update Components (Version: 1.11.3)
OpenAL (x32)
Panel sterowania NVIDIA 311.06 (Version: 311.06)
PowerISO (x32 Version: 5.5)
Ralink RT2870 Wireless LAN Card (x32 Version: 1.5.5.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5755)
Sony Ericsson Update Engine (x32 Version: 2.13.3.43)
Sony PC Companion 2.10.136 (x32 Version: 2.10.136)
SopCast 3.5.0 (x32 Version: 3.5.0)
swMSM (x32 Version: 12.0.0.1)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Veetle TV (x32 Version: 0.9.19)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
Vuze (Version: 4.8.1.2)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.01 (64-bitowy) (Version: 4.01.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2F16F9FF-D8DB-47A5-82C7-4645076D79B8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {58D99696-B3D7-47CB-BCEB-9003FC106EA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3579618863-3005018423-1962738702-1000Core => C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {8B81712E-9F25-480B-8DC9-EDBA861E4800} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3579618863-3005018423-1962738702-1000UA => C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {CDE92EB7-E42A-406E-B56F-E331C80DC8CA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-08-19 16:25 - 2009-10-06 09:35 - 00901120 _____ () C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
2013-09-18 21:35 - 2013-09-18 21:35 - 03279768 _____ () D:\Programy\Mozilla Firefox\mozjs.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-30 19:23 - 2013-09-30 19:23 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2013 09:52:35 PM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 24.0.0.5001, sygnatura czasowa: 0x522fd228
Nazwa modułu powodującego błąd: NPSWF32_11_8_800_168.dll, wersja: 11.8.800.168, sygnatura czasowa: 0x52223de3
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0033eea2
Identyfikator procesu powodującego błąd: 0xc38
Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0
Ścieżka aplikacji powodującej błąd: plugin-container.exe1
Ścieżka modułu powodującego błąd: plugin-container.exe2
Identyfikator raportu: plugin-container.exe3

Error: (10/03/2013 02:39:44 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/02/2013 06:37:08 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (10/02/2013 05:32:21 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (10/02/2013 03:12:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/01/2013 04:43:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/30/2013 10:07:28 PM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: firefox.exe, wersja: 24.0.0.5001, sygnatura czasowa: 0x522fd29f
Nazwa modułu powodującego błąd: xul.dll, wersja: 24.0.0.5001, sygnatura czasowa: 0x522fd1a4
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x001b72a8
Identyfikator procesu powodującego błąd: 0xe80
Godzina uruchomienia aplikacji powodującej błąd: 0xfirefox.exe0
Ścieżka aplikacji powodującej błąd: firefox.exe1
Ścieżka modułu powodującego błąd: firefox.exe2
Identyfikator raportu: firefox.exe3

Error: (09/30/2013 04:17:25 PM) (Source: Application Error) (User: )
Description: Nazwa aplikacji powodującej błąd: winhv.exe, wersja: 1.1.0.0, sygnatura czasowa: 0x52442530
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18229, sygnatura czasowa: 0x51fb1116
Kod wyjątku: 0xe053534f
Przesunięcie błędu: 0x0000c41f
Identyfikator procesu powodującego błąd: 0x%9
Godzina uruchomienia aplikacji powodującej błąd: 0xwinhv.exe0
Ścieżka aplikacji powodującej błąd: winhv.exe1
Ścieżka modułu powodującego błąd: winhv.exe2
Identyfikator raportu: winhv.exe3

Error: (09/29/2013 02:18:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/29/2013 01:24:47 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (10/05/2013 10:59:30 AM) (Source: Service Control Manager) (User: )
Description: Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd:
%%-2147024891

Error: (10/05/2013 10:59:30 AM) (Source: Service Control Manager) (User: )
Description: Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu:
%%-2147024891

Error: (10/05/2013 10:59:13 AM) (Source: Service Control Manager) (User: )
Description: Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu:
%%-2147024891

Error: (10/05/2013 10:59:13 AM) (Source: Service Control Manager) (User: )
Description: Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd:
%%-2147024891

Error: (10/05/2013 10:59:07 AM) (Source: Service Control Manager) (User: )
Description: Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu:
%%-2147024891

Error: (10/05/2013 10:59:07 AM) (Source: Service Control Manager) (User: )
Description: Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd:
%%-2147024891

Error: (10/05/2013 10:58:24 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WinPcap Packet Driver (NPF) z powodu następującego błędu:
%%2

Error: (10/05/2013 10:58:24 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WinPcap Packet Driver (NPF) z powodu następującego błędu:
%%2

Error: (10/05/2013 10:58:24 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WinPcap Packet Driver (NPF) z powodu następującego błędu:
%%2

Error: (10/05/2013 10:58:23 AM) (Source: Service Control Manager) (User: )
Description: Nie można uruchomić usługi WinPcap Packet Driver (NPF) z powodu następującego błędu:
%%2


Microsoft Office Sessions:
=========================
Error: (10/04/2013 09:52:35 PM) (Source: Application Error)(User: )
Description: plugin-container.exe24.0.0.5001522fd228NPSWF32_11_8_800_168.dll11.8.800.16852223de3c00000050033eea2c3801cec1238ba14830D:\Programy\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll836429e0-2d2e-11e3-8674-9d8747d6c8b4

Error: (10/03/2013 02:39:44 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/02/2013 06:37:08 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (10/02/2013 05:32:21 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (10/02/2013 03:12:06 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/01/2013 04:43:30 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (09/30/2013 10:07:28 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a8e8001cebe1831bab030D:\Programy\Mozilla Firefox\firefox.exeD:\Programy\Mozilla Firefox\xul.dllee10cc60-2a0b-11e3-a636-8a5f336c4ba1

Error: (09/30/2013 04:17:25 PM) (Source: Application Error)(User: )
Description: winhv.exe1.1.0.052442530KERNELBASE.dll6.1.7601.1822951fb1116e053534f0000c41f

Error: (09/29/2013 02:18:30 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (09/29/2013 01:24:47 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


CodeIntegrity Errors:
===================================
  Date: 2012-02-03 17:10:17.185
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Windows\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-02-03 17:10:17.146
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Windows\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-02-03 17:10:16.537
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Programy\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-02-03 17:10:16.497
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Programy\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-29 17:54:53.015
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Windows\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-29 17:54:52.977
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Windows\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-29 17:54:52.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Programy\Everest\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-29 17:54:52.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Programy\Everest\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-28 20:49:19.082
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Windows\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-01-28 20:49:19.046
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Windows\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 2047.55 MB
Available physical RAM: 816.45 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 2627.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:34.86 GB) (Free:2.23 GB) NTFS
Drive d: () (Fixed) (Total:39.57 GB) (Free:32.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 07990798)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)

==================== End Of Log ============================[/spoiler]

 

SystemLook:

[spoiler]SystemLook 30.07.11 by jpshortstuff
Log created at 11:39 on 05/10/2013 by Windows
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}]
@="Microsoft WBEM New Event Subsystem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
@="%systemroot%\system32\wbem\wbemess.dll"
"ThreadingModel"="Both"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
@="MruPidlList"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@="%SystemRoot%\system32\shell32.dll"
"ThreadingModel"="Apartment"


-= EOF =-[/spoiler]

Natsuki Kuga
komentarz
komentarz

1. Wklej to do notatnika:


HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
AppInit_DLLs:    [0 ] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a34cf040-c727-b1f8-d26f-80917e4659e8}\   \...\???\{a34cf040-c727-b1f8-d26f-80917e4659e8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Program Files (x86)\Google
C:\Users\Windows\lbsan
C:\Users\Windows\AppData\Local\Google
C:\Users\Windows\AppData\Local\Temp
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender

Zapisz jako fixlist.txt i umieść obok FRST. W otwartym oknie programu użyj opcji Fix. Pokaż raport.

2. Do SystemLook wklej:


:filefind
services.exe

:dir
C:\Program Files\Windows Defender

Look, pokaż raport.

3. Pokaż nowy zestaw logów z OTL, FRST, FSS, Gmer.
 

 

maryjanek
komentarz
komentarz (edytowane)

OTL:

[spoiler]OTL logfile created on: 2013-10-06 16:54:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,80% Memory free
4,00 Gb Paging File | 2,63 Gb Available in Paging File | 65,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 1,99 Gb Free Space | 5,71% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 32,71 Gb Free Space | 82,66% Space Free | Partition Type: NTFS
 
Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-09-30 19:30:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
PRC - [2013-09-22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013-09-15 23:12:16 | 004,851,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013-09-03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-02-07 19:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- D:\Programy\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-12-03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2009-10-09 20:19:12 | 001,622,016 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2009-08-19 09:55:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009-10-06 09:35:32 | 000,901,120 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-09-22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013-09-03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-02-07 19:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- D:\Programy\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013-02-04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-12-03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-09-20 14:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programy\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012-01-30 22:56:34 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-08-19 09:55:28 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009-08-19 09:55:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013-09-08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013-09-02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013-09-02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013-09-02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013-09-02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013-08-20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013-08-01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013-08-01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-03-19 18:17:54 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2013-03-19 18:17:54 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2013-02-12 17:34:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013-01-27 15:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-08-23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-12-01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011-12-01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 03:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010-08-12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010-02-25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009-09-15 12:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-07-29 05:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2012-01-21 16:38:29 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl/firefox"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Programy\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: D:\Programy\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Programy\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programy\Adobe Reader X\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Windows\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: D:\Programy\Mozilla Firefox\components [2013-09-18 21:35:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2013-09-18 21:35:44 | 000,000,000 | ---D | M]
 
[2012-04-10 11:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions
[2013-09-26 21:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\ypbnexiu.default\extensions
[2013-01-27 22:31:37 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\translator@zoli.bod.xpi
[2013-09-14 23:49:43 | 000,316,800 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013-07-31 21:43:10 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BCSSync] D:\Programy\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [360Amigo] D:\Programy\360Amigo\360Amigo.exe (360Amigo)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1B85D3-3C4B-44AD-AE06-DFD20B981DAD}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3abd42a5-fd9d-11e1-a1bc-a89d472b46d9}\Shell - "" = AutoRun
O33 - MountPoints2\{3abd42a5-fd9d-11e1-a1bc-a89d472b46d9}\Shell\AutoRun\command - "" = G:\RunGame.exe
O33 - MountPoints2\{630560cf-90a0-11e2-b595-c26708e558b1}\Shell - "" = AutoRun
O33 - MountPoints2\{630560cf-90a0-11e2-b595-c26708e558b1}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{dd9348c9-3199-11e1-9a10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9348c9-3199-11e1-9a10-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-10-05 11:33:04 | 000,000,000 | ---D | C] -- C:\FRST
[2013-10-05 11:30:52 | 000,358,923 | ---- | C] (Farbar) -- C:\Users\Windows\Desktop\FSS.exe
[2013-10-05 11:30:42 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\Windows\Desktop\FRST64.exe
[2013-10-05 11:06:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-10-03 14:48:27 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\AVG2014
[2013-10-03 14:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013-10-03 14:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013-10-03 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Avg2014
[2013-09-30 19:30:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2013-09-30 16:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013-09-21 19:07:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013-09-13 12:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013-09-12 17:11:01 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2013-09-12 14:14:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-09-12 14:14:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-09-12 14:14:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-09-12 14:14:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-09-12 14:14:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-09-12 14:14:55 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-09-12 14:14:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-09-12 14:14:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-09-12 14:14:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-09-12 14:14:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-09-12 14:14:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-09-12 14:14:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-09-12 14:14:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-09-12 14:14:52 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-09-12 14:14:51 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-09-11 15:05:00 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013-09-11 15:04:57 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-09-11 15:04:57 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-09-11 15:04:56 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-09-11 15:04:56 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-09-11 15:04:55 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013-09-11 15:04:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013-09-11 15:04:55 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-09-11 15:04:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013-09-11 15:04:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013-09-11 15:04:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-09-11 15:04:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013-09-11 15:04:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013-09-11 15:04:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013-09-11 15:04:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-09-11 15:04:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013-09-11 15:04:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 15:04:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 15:04:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 15:04:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 15:04:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-09-11 15:04:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 15:04:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-09-11 15:04:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-09-11 15:04:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013-09-11 15:04:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013-09-11 15:04:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 15:04:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 15:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 15:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 15:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 15:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013-09-11 15:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013-09-11 15:04:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-09-11 15:04:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013-09-08 22:11:42 | 000,031,544 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013-10-06 15:10:15 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-10-06 15:10:15 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-10-06 15:02:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-10-05 13:50:16 | 004,405,445 | ---- | M] () -- C:\Users\Windows\Desktop\Lolita Jolie - Moi Lolita.mp3
[2013-10-05 13:49:26 | 005,001,029 | ---- | M] () -- C:\Users\Windows\Desktop\Darius & Finlay ft. Mr Shammi-Summer is here.mp3
[2013-10-05 13:47:43 | 004,759,415 | ---- | M] () -- C:\Users\Windows\Desktop\Robert M & Matheo ft. Akon & Tony T & Desa-Famous.mp3
[2013-10-05 13:43:59 | 006,068,933 | ---- | M] () -- C:\Users\Windows\Desktop\Ellie Goulding-Burn (Tiesto Remix).mp3
[2013-10-05 13:41:59 | 003,045,912 | ---- | M] () -- C:\Users\Windows\Desktop\Loona-Caliente (French Version).mp3
[2013-10-05 11:39:28 | 000,165,376 | ---- | M] () -- C:\Users\Windows\Desktop\SystemLook_x64.exe
[2013-10-05 11:31:24 | 001,954,124 | ---- | M] (Farbar) -- C:\Users\Windows\Desktop\FRST64.exe
[2013-10-05 11:30:48 | 000,358,923 | ---- | M] (Farbar) -- C:\Users\Windows\Desktop\FSS.exe
[2013-10-01 21:01:16 | 000,287,768 | ---- | M] () -- C:\Users\Windows\Desktop\Magnet 3 Odpowiedzi do ćwiczeń.pdf
[2013-09-30 19:30:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2013-09-30 19:23:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-09-30 19:23:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-09-30 17:26:14 | 001,662,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-09-30 17:26:14 | 000,737,730 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-09-30 17:26:14 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-09-30 17:26:14 | 000,154,418 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-09-30 17:26:14 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-09-27 16:48:35 | 008,932,235 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Bobo & Irene Cara-Who a feeling (Bodybangers Mix).mp3
[2013-09-27 16:44:53 | 008,226,444 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark ft. B-Case & U-Jean-House Party.mp3
[2013-09-25 12:19:38 | 004,935,723 | ---- | M] () -- C:\Users\Windows\Desktop\Kase & Wrethov-Break Down.mp3
[2013-09-21 13:18:07 | 008,746,038 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Assad ft. Alain Ramanisum & Willy William-Li Tourner.mp3
[2013-09-19 15:10:34 | 002,761,856 | ---- | M] () -- C:\Users\Windows\Desktop\Solidshark-Move Ya.mp3
[2013-09-19 14:59:20 | 007,700,916 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Bobo ft. Mike Candys-Take Control.mp3
[2013-09-12 16:35:00 | 000,417,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-09-08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
 
========== Files Created - No Company Name ==========
 
[2013-10-05 13:49:38 | 004,405,445 | ---- | C] () -- C:\Users\Windows\Desktop\Lolita Jolie - Moi Lolita.mp3
[2013-10-05 13:47:42 | 004,759,415 | ---- | C] () -- C:\Users\Windows\Desktop\Robert M & Matheo ft. Akon & Tony T & Desa-Famous.mp3
[2013-10-05 13:47:07 | 005,001,029 | ---- | C] () -- C:\Users\Windows\Desktop\Darius & Finlay ft. Mr Shammi-Summer is here.mp3
[2013-10-05 13:42:08 | 006,068,933 | ---- | C] () -- C:\Users\Windows\Desktop\Ellie Goulding-Burn (Tiesto Remix).mp3
[2013-10-05 13:42:07 | 003,045,912 | ---- | C] () -- C:\Users\Windows\Desktop\Loona-Caliente (French Version).mp3
[2013-10-05 11:39:31 | 000,165,376 | ---- | C] () -- C:\Users\Windows\Desktop\SystemLook_x64.exe
[2013-10-01 21:01:18 | 000,287,768 | ---- | C] () -- C:\Users\Windows\Desktop\Magnet 3 Odpowiedzi do ćwiczeń.pdf
[2013-09-30 19:46:47 | 000,377,856 | ---- | C] () -- C:\Users\Windows\Desktop\gmer.exe
[2013-09-27 16:47:57 | 008,932,235 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Bobo & Irene Cara-Who a feeling (Bodybangers Mix).mp3
[2013-09-27 16:44:46 | 008,226,444 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark ft. B-Case & U-Jean-House Party.mp3
[2013-09-25 12:19:24 | 004,935,723 | ---- | C] () -- C:\Users\Windows\Desktop\Kase & Wrethov-Break Down.mp3
[2013-09-21 13:18:02 | 008,746,038 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Assad ft. Alain Ramanisum & Willy William-Li Tourner.mp3
[2013-09-19 15:10:34 | 002,761,856 | ---- | C] () -- C:\Users\Windows\Desktop\Solidshark-Move Ya.mp3
[2013-09-19 14:59:11 | 007,700,916 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Bobo ft. Mike Candys-Take Control.mp3
[2013-08-19 16:25:30 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2013-01-24 17:05:50 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-01-24 17:05:45 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-01-22 19:51:11 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012-11-23 17:31:30 | 000,007,597 | ---- | C] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2012-11-16 22:35:04 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012-08-14 16:04:18 | 000,000,391 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\burnaware.ini
[2012-07-27 11:13:54 | 000,001,758 | ---- | C] () -- C:\Users\Windows\AppData\Local\recently-used.xbel
[2012-07-01 11:51:01 | 000,000,001 | ---- | C] () -- C:\Users\Windows\AppData\Local\llftool.4.12.agreement
[2012-01-30 22:56:59 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012-01-29 20:10:49 | 000,001,749 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012-01-29 12:13:12 | 000,059,904 | ---- | C] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-29 14:04:08 | 001,637,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-28 23:35:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013-09-30 16:19:02 | 000,005,632 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013-09-30 16:19:02 | 000,007,168 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012-12-09 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-12-09 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012-12-09 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software
[2013-02-12 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\.Torrent Stream
[2013-10-04 14:59:10 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AIMP3
[2012-02-07 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AnvSoft
[2013-10-03 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AVG2014
[2013-10-04 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Azureus
[2012-05-14 20:36:44 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Canneverbe Limited
[2012-01-14 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ChomikBox
[2012-02-11 11:53:16 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DAEMON Tools Lite
[2012-11-03 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DMCache
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DVDVideoSoft
[2013-01-09 19:20:00 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\FreemakeVideoDownloader
[2011-12-29 18:57:22 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Gadu-Gadu 10
[2013-10-05 22:42:43 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\GG
[2012-05-06 16:49:01 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\gtk-2.0
[2012-01-05 21:00:07 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IObit
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ipla
[2012-12-28 21:21:03 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IrfanView
[2013-02-07 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Leadertech
[2013-02-17 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Need for Speed World
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Nokia
[2013-02-12 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Notepad++
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Orbit
[2013-09-19 18:30:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Origin
[2012-09-28 19:20:19 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\PC Suite
[2013-01-03 19:16:24 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ProgSense
[2012-02-11 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Samsung
[2012-01-04 18:06:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Software Informer
[2012-11-28 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\TuneUp Software
[2012-12-25 20:27:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Ubisoft
[2012-08-31 19:00:14 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Unity
[2012-03-14 21:20:13 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 

< End of report >

[/spoiler]

 

OTL (Extras):

[spoiler]OTL Extras logfile created on: 2013-10-06 16:54:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,80% Memory free
4,00 Gb Paging File | 2,63 Gb Available in Paging File | 65,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 1,99 Gb Free Space | 5,71% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 32,71 Gb Free Space | 82,66% Space Free | Partition Type: NTFS
 
Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2EA43D50-131A-44DE-A678-47F6D572AB30}" = AVG 2014
"{4B1977BE-7B68-458C-9638-03672C1A15A9}" = AVG 2014
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0015-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0016-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0018-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-0019-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001B-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-1000-0000000FF1CE}_Office14.PROPLUS_{329A3D98-9583-4B84-B18B-498E7AB65C43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-002C-0415-1000-0000000FF1CE}_Office14.PROPLUS_{BFEB53FA-3044-47FD-BB50-9DCBBEED79EF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010
"{90140000-0043-0415-1000-0000000FF1CE}_Office14.PROPLUS_{FF5F6090-64DF-4BF6-BADD-71A64FDA70D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-0044-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-006E-0415-1000-0000000FF1CE}_Office14.PROPLUS_{3A96ABFF-5202-47B1-B5A2-DDE76563AF61}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00A1-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90140000-00BA-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAD6E537-3EFC-4ECB-825D-C17094DB5076}" = HP Deskjet 2050 J510 series Podstawowe oprogramowanie urządzenia
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2014
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.66.1
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Pomoc
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Polish
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"360Amigo" = 360Amigo System Speedup Free
"3643efd4" = Contextual Tool Extrafind
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMP3" = AIMP3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps
"Freemake Youtube Mp3 Converter_is1" = Freemake Youtube Mp3 Converter
"IrfanView" = IrfanView (remove only)
"LiveVDO" = LiveVDO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Mozilla Firefox 24.0 (x86 pl)" = Mozilla Firefox 24.0 (x86 pl)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"SopCast" = SopCast 3.5.0
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GG" = GG
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2013-09-30 10:17:25 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Error - 2013-09-30 16:07:28 | Computer Name = Win-Komputer | Source = Application
 Error | ID = 1000
 
Description = Nazwa aplikacji powodującej błąd: firefox.exe, wersja: 24.0.0.5001, sygnatura czasowa: 0x522fd29f
Nazwa modułu powodującego błąd: xul.dll, wersja: 24.0.0.5001, sygnatura czasowa: 0x522fd1a4
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x001b72a8
Identyfikator procesu powodującego błąd: 0xe80
Godzina uruchomienia aplikacji powodującej błąd: 0x01cebe1831bab030
Ścieżka aplikacji powodującej błąd: D:\Programy\Mozilla Firefox\firefox.exe
Ścieżka modułu powodującego błąd: D:\Programy\Mozilla Firefox\xul.dll
Identyfikator raportu: ee10cc60-2a0b-11e3-a636-8a5f336c4ba1
Error - 2013-10-01 10:43:30 | Computer Name = Win-Komputer | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description =
Error - 2013-10-02 09:12:06 | Computer Name = Win-Komputer | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description =
Error - 2013-10-02 11:32:21 | Computer Name = Win-Komputer | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description =
Error - 2013-10-02 12:37:08 | Computer Name = Win-Komputer | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description =
Error - 2013-10-03 08:39:44 | Computer Name = Win-Komputer | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description =
Error - 2013-10-04 15:52:35 | Computer Name = Win-Komputer | Source = Application
 Error | ID = 1000
 
Description = Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 24.0.0.5001, sygnatura czasowa: 0x522fd228
Nazwa modułu powodującego błąd: NPSWF32_11_8_800_168.dll, wersja: 11.8.800.168, sygnatura czasowa: 0x52223de3
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0033eea2
Identyfikator procesu powodującego błąd: 0xc38
Godzina uruchomienia aplikacji powodującej błąd: 0x01cec1238ba14830
Ścieżka aplikacji powodującej błąd: D:\Programy\Mozilla Firefox\plugin-container.exe
Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
Identyfikator raportu: 836429e0-2d2e-11e3-8674-9d8747d6c8b4
Error - 2013-10-05 06:05:16 | Computer Name = Win-Komputer | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description =
Error - 2013-10-05 15:23:22 | Computer Name = Win-Komputer | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description =
Error - 2013-10-05 16:05:23 | Computer Name = Win-Komputer | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description =
Error - 2013-10-06 10:49:28 | Computer Name = Win-Komputer | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description =
 
Error encountered while reading event logs.
 
< End of report >

[/spoiler]

 

Gmer:

[spoiler]GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-06 17:58:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BB-00DKA0 rev.77.07W77 74,53GB
Running: gmer.exe; Driver: C:\Users\Windows\AppData\Local\Temp\uxrirpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075ef1465 2 bytes [EF, 75]
.text   C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075ef14bb 2 bytes [EF, 75]
.text   ...                                                                                                          * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\spoolsv.exe [1656:1888]                                                                  000007fef79f10c8
Thread  C:\Windows\System32\spoolsv.exe [1656:1812]                                                                  000007fef79b6144
Thread  C:\Windows\System32\spoolsv.exe [1656:2056]                                                                  000007fef77a5fd0
Thread  C:\Windows\System32\spoolsv.exe [1656:2116]                                                                  000007fef7743438
Thread  C:\Windows\System32\spoolsv.exe [1656:2124]                                                                  000007fef77a63ec
Thread  C:\Windows\System32\spoolsv.exe [1656:2132]                                                                  000007fef7ae5e5c
Thread  C:\Windows\System32\spoolsv.exe [1656:2136]                                                                  000007fef7b15074
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3620:4028]                                               000007fefa692a7c

---- EOF - GMER 2.1 ----

[/spoiler]

 

FSS:

[spoiler]Farbar Service Scanner Version: 13-09-2013
Ran by Windows (administrator) on 06-10-2013 at 17:59:51
Running from "C:\Users\Windows\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****[/spoiler]

 

FRST:

[spoiler]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Windows (administrator) on WIN-KOMPUTER on 06-10-2013 18:00:10
Running from C:\Users\Windows\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Ellora Assets Corp.) D:\Programy\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes Corporation) D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) D:\Programy\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Programy\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6952480 2008-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-12-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BCSSync] - D:\Programy\Microsoft Office 2010\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKCU\...\Run: [360Amigo] - D:\Programy\360Amigo\360Amigo.exe [5156128 2013-02-12] (360Amigo)
MountPoints2: {3abd42a5-fd9d-11e1-a1bc-a89d472b46d9} - G:\RunGame.exe
MountPoints2: {630560cf-90a0-11e2-b595-c26708e558b1} - F:\Startme.exe
MountPoints2: {dd9348c9-3199-11e1-9a10-806e6f6e6963} - E:\setup.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default
FF user.js: detected! => C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\user.js
FF Homepage: www.google.pl/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - D:\Programy\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - D:\Programy\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - D:\Programy\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - D:\Programy\Adobe Reader X\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Windows\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: translator - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
FF Extension: No Name - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - D:\Programy\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 FreemakeVideoCapture; D:\Programy\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-07] (Ellora Assets Corp.)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-01-30] ()
R2 MBAMScheduler; D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programy\Microsoft Office 2010\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-12] (DT Soft Ltd)
S3 gdrv; C:\Windows\gdrv.sys [23080 2012-01-21] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [23080 2012-01-21] (Windows (R) Server 2003 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ALSysIO; \??\C:\Users\Windows\AppData\Local\Temp\ALSysIO64.sys [x]
S3 NPF; system32\drivers\NPF.sys [x]
S3 NVENETFD; system32\DRIVERS\nvmfdx64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S0 PxHelp20; system32\DRIVERS\PxHelp20.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 uxrirpow; \??\C:\Users\Windows\AppData\Local\Temp\uxrirpow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 17:59 - 2013-10-06 17:59 - 00002875 _____ C:\Users\Windows\Desktop\FSS.txt
2013-10-06 17:59 - 2013-10-06 17:59 - 00001896 _____ C:\Users\Windows\Desktop\Gmer.txt
2013-10-06 17:02 - 2013-10-06 17:02 - 00104656 _____ C:\Users\Windows\Desktop\OTL.Txt
2013-10-06 17:02 - 2013-10-06 17:02 - 00037476 _____ C:\Users\Windows\Desktop\Extras.Txt
2013-10-06 15:06 - 2013-10-06 15:09 - 00003124 _____ C:\Users\Windows\Desktop\SystemLook.txt
2013-10-05 11:39 - 2013-10-05 11:39 - 00165376 _____ C:\Users\Windows\Desktop\SystemLook_x64.exe
2013-10-05 11:33 - 2013-10-06 15:03 - 00000000 ____D C:\FRST
2013-10-05 11:30 - 2013-10-05 11:31 - 01954124 _____ (Farbar) C:\Users\Windows\Desktop\FRST64.exe
2013-10-05 11:30 - 2013-10-05 11:30 - 00358923 _____ (Farbar) C:\Users\Windows\Desktop\FSS.exe
2013-10-05 11:06 - 2013-10-05 11:06 - 00000000 ____D C:\_OTL
2013-10-03 14:48 - 2013-10-03 14:48 - 00000000 ____D C:\Users\Windows\AppData\Roaming\AVG2014
2013-10-03 14:44 - 2013-10-03 14:47 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-03 14:44 - 2013-10-03 14:44 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-03 14:22 - 2013-10-03 14:48 - 00000000 ____D C:\Users\Windows\AppData\Local\Avg2014
2013-09-30 19:46 - 2013-04-04 09:55 - 00377856 _____ C:\Users\Windows\Desktop\gmer.exe
2013-09-30 19:30 - 2013-09-30 19:30 - 00602112 _____ (OldTimer Tools) C:\Users\Windows\Desktop\OTL.exe
2013-09-30 16:27 - 2013-09-30 17:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-30 16:05 - 2013-10-05 13:46 - 00000000 _____ C:\Users\Windows\Desktop\assas.txt
2013-09-21 19:07 - 2013-09-21 19:07 - 00000000 ____D C:\Windows\Sun
2013-09-12 17:11 - 2013-09-12 17:11 - 00000000 ____D C:\Windows\rescache
2013-09-12 14:14 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 14:14 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 14:14 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 14:14 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 14:14 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 14:14 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 14:14 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 14:14 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 14:14 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 14:14 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 14:14 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 14:14 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 15:05 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 15:04 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 15:04 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 15:04 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 15:04 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 15:04 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 15:04 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 15:04 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 15:04 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 15:04 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 15:04 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 15:04 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 15:04 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 15:04 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 15:04 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 15:04 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 15:04 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 15:04 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 15:04 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 15:04 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 15:04 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 15:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:04 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 15:04 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 15:04 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 15:04 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 14:47 - 2013-10-06 15:02 - 00008826 _____ C:\Windows\PFRO.log
2013-09-08 22:11 - 2013-09-08 22:11 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2013-10-06 17:59 - 2013-10-06 17:59 - 00002875 _____ C:\Users\Windows\Desktop\FSS.txt
2013-10-06 17:59 - 2013-10-06 17:59 - 00001896 _____ C:\Users\Windows\Desktop\Gmer.txt
2013-10-06 17:52 - 2011-12-28 23:46 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2FAC6E8-D6C9-4122-A3A0-500676F0CA09}
2013-10-06 17:02 - 2013-10-06 17:02 - 00104656 _____ C:\Users\Windows\Desktop\OTL.Txt
2013-10-06 17:02 - 2013-10-06 17:02 - 00037476 _____ C:\Users\Windows\Desktop\Extras.Txt
2013-10-06 15:10 - 2009-07-14 06:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 15:10 - 2009-07-14 06:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 15:09 - 2013-10-06 15:06 - 00003124 _____ C:\Users\Windows\Desktop\SystemLook.txt
2013-10-06 15:03 - 2013-10-05 11:33 - 00000000 ____D C:\FRST
2013-10-06 15:02 - 2013-09-11 14:47 - 00008826 _____ C:\Windows\PFRO.log
2013-10-06 15:02 - 2013-08-20 10:11 - 00003920 _____ C:\Windows\setupact.log
2013-10-06 15:02 - 2011-12-29 12:39 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-06 15:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 15:00 - 2011-12-28 23:30 - 00000000 ____D C:\Users\Windows
2013-10-06 12:03 - 2012-11-28 21:46 - 00000000 ____D C:\ProgramData\MFAData
2013-10-05 22:42 - 2013-02-12 17:42 - 00000000 ____D C:\Users\Windows\AppData\Roaming\GG
2013-10-05 21:54 - 2013-07-20 10:49 - 01178624 ___SH C:\Users\Windows\Desktop\Thumbs.db
2013-10-05 13:46 - 2013-09-30 16:05 - 00000000 _____ C:\Users\Windows\Desktop\assas.txt
2013-10-05 11:39 - 2013-10-05 11:39 - 00165376 _____ C:\Users\Windows\Desktop\SystemLook_x64.exe
2013-10-05 11:31 - 2013-10-05 11:30 - 01954124 _____ (Farbar) C:\Users\Windows\Desktop\FRST64.exe
2013-10-05 11:30 - 2013-10-05 11:30 - 00358923 _____ (Farbar) C:\Users\Windows\Desktop\FSS.exe
2013-10-05 11:06 - 2013-10-05 11:06 - 00000000 ____D C:\_OTL
2013-10-04 19:24 - 2012-01-02 17:14 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Azureus
2013-10-04 14:59 - 2013-02-12 17:58 - 00000000 ____D C:\Users\Windows\AppData\Roaming\AIMP3
2013-10-03 14:48 - 2013-10-03 14:48 - 00000000 ____D C:\Users\Windows\AppData\Roaming\AVG2014
2013-10-03 14:48 - 2013-10-03 14:22 - 00000000 ____D C:\Users\Windows\AppData\Local\Avg2014
2013-10-03 14:48 - 2012-12-26 20:46 - 00000000 ___HD C:\$AVG
2013-10-03 14:47 - 2013-10-03 14:44 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-03 14:47 - 2012-12-26 20:46 - 00000000 ____D C:\ProgramData\AVG2013
2013-10-03 14:44 - 2013-10-03 14:44 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-30 19:30 - 2013-09-30 19:30 - 00602112 _____ (OldTimer Tools) C:\Users\Windows\Desktop\OTL.exe
2013-09-30 19:23 - 2012-08-25 11:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-30 19:23 - 2011-12-28 23:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-30 17:26 - 2009-07-14 19:55 - 00737730 _____ C:\Windows\system32\perfh015.dat
2013-09-30 17:26 - 2009-07-14 19:55 - 00154418 _____ C:\Windows\system32\perfc015.dat
2013-09-30 17:26 - 2009-07-14 07:13 - 01662192 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 17:23 - 2011-12-28 23:32 - 00000000 ___RD C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-30 17:21 - 2013-09-30 16:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-30 16:19 - 2011-12-28 23:24 - 01843651 _____ C:\Windows\WindowsUpdate.log
2013-09-21 19:07 - 2013-09-21 19:07 - 00000000 ____D C:\Windows\Sun
2013-09-21 18:40 - 2012-09-14 13:48 - 00000000 ____D C:\ProgramData\Origin
2013-09-19 18:30 - 2012-09-14 13:52 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Origin
2013-09-19 14:22 - 2012-01-04 21:39 - 00000000 ____D C:\Users\Windows\AppData\Local\Mozilla
2013-09-12 17:11 - 2013-09-12 17:11 - 00000000 ____D C:\Windows\rescache
2013-09-12 16:36 - 2011-12-28 23:32 - 00000000 ___RD C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 16:35 - 2009-07-14 06:45 - 00417696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 14:17 - 2012-01-05 16:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 14:14 - 2013-07-12 12:06 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 14:10 - 2011-12-31 13:17 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 17:10 - 2013-08-25 22:18 - 00018934 _____ C:\Windows\DirectX.log
2013-09-08 22:11 - 2013-09-08 22:11 - 00031544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-09-06 14:36 - 2013-02-12 17:42 - 00000000 ____D C:\Users\Windows\AppData\Local\GG

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 16:59

==================== End Of Log ============================[/spoiler]

 

FRST (Fixlog):

[spoiler]Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Windows at 2013-10-06 15:00:24 Run:1
Running from C:\Users\Windows\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
AppInit_DLLs:    [0 ] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a34cf040-c727-b1f8-d26f-80917e4659e8}\   \...\???\{a34cf040-c727-b1f8-d26f-80917e4659e8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Program Files (x86)\Google
C:\Users\Windows\lbsan
C:\Users\Windows\AppData\Local\Google
C:\Users\Windows\AppData\Local\Temp
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
*etadpug => Service deleted successfully.
C:\Program Files (x86)\Google => Moved successfully.
C:\Users\Windows\lbsan => Moved successfully.
C:\Users\Windows\AppData\Local\Google => Moved successfully.

"C:\Users\Windows\AppData\Local\Temp" directory move:

C:\Users\Windows\AppData\Local\Temp\0guACKgG.jpg.part => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\0T8DEP4g.exe.part => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\18045.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\31406.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\37A3.tmp => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\412.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\49050.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\49660.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\49FB.tmp => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\6VPPEiVf.exe.part => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\96459.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\A95CA4Vv.exe.part => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\adminlevel.ini => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\AVG-Secure-Search-Update_0913b.ini => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\AVG-Secure-Search-Update_{2EB57D6B-C475-457F-A9F5-8F26B139A4C5}.ini => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\AVG-Secure-Search-Update_{78571E12-7E9C-4690-BEC9-48E85A55E747}.ini => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\AVG-Secure-Search-Update_{78FC3B59-8445-432A-BE9A-BACFEB00E6EC}.ini => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\avginfo.id => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\e4jA0F8.tmp => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\E7t88ad+.jpg.part => Moved successfully.
Could not move "C:\Users\Windows\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Windows\AppData\Local\Temp\gEJ9s1ia.exe.part => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ggdrive-menu.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ggdrive-overlay.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\H7tGJhaL.exe.part => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ichcop => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\installstats.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\instls => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\Kf4Cza7C.zip.part => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\NEwBSDynDNS.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\nseBD6A.tmp => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\nssFF36.tmp => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\nsx1E1B.tmp => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\nszC057.tmp => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\toolbar_log.txt => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\WERDB25.tmp.WERInternalMetadata.xml => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\~DF13E8C1EFA47787C0.TMP => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\~DF1D5E974F5788AB5E.TMP => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\~DF4D51A93BE3F8D139.TMP => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\~DF6AD7F1B8379EBA28.TMP => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\~DFB286D3A731FB679A.TMP => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\~DFB753904BA1B8B3E3.TMP => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\~DFCC6E56D2B9265146.TMP => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\~DFFC3B15DA14A1683A.TMP => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\{B837B109-3558-4BFC-BBB9-81E0C2D8EF9B}\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\{4CA1B744-C549-4CA6-A677-2886403B4637}\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ztmp\tmp85520.bat => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ztmp\tmp86970.bat => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\TCDFDB1.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\Rar$EX44.896\password.txt => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-5\plugin-annotations_invideo => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-5\plugin-crossdomain-1.xml => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-5\plugin-crossdomain-2.xml => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-5\plugin-crossdomain-3.xml => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-5\plugin-crossdomain-4.xml => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-5\plugin-crossdomain.xml => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-5\plugin-ImaMessages_pl.xlb => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-5\plugin-watch-strings-pl_PL-vflFoRRQ3.xlb => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-2\plugin-crossdomain-1.xml => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-2\plugin-crossdomain.xml => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-2\plugin-ImaMessages_pl.xlb => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\plugtmp-2\plugin-watch-strings-pl_PL-vfluO52bO.xlb => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\mozilla-media-cache\media_cache => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\csshover3.htc => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\form.bmp.Mask => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\locale\PL.locale => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\BG.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Close.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Close_Hover.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Color_Button.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Color_Button_Hover.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\girl.gif => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\girl.swf => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Grey_Button.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Grey_Button_Hover.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Icon_Generic.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Loader.gif => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Pause_Button.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Progress.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\ProgressBar.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Quick_Specs.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\images\Resume_Button.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\ie6_main.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\main.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\sdk-ui\browse.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\sdk-ui\button.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\sdk-ui\checkbox.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\sdk-ui\progress-bar.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\sdk-ui\images\button-bg.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\sdk-ui\images\progress-bg-corner.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\sdk-ui\images\progress-bg.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25842096\css\sdk-ui\images\progress-bg2.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\csshover3.htc => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\form.bmp.Mask => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\locale\PL.locale => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\BG.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Close.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Close_Hover.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Color_Button.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Color_Button_Hover.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\girl.gif => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\girl.swf => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Grey_Button.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Grey_Button_Hover.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Icon_Generic.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Loader.gif => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Pause_Button.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Progress.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\ProgressBar.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Quick_Specs.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\images\Resume_Button.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\ie6_main.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\main.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\sdk-ui\browse.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\sdk-ui\button.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\sdk-ui\checkbox.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\sdk-ui\progress-bar.css => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\sdk-ui\images\button-bg.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\sdk-ui\images\progress-bg-corner.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\sdk-ui\images\progress-bg.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\ish25837431\css\sdk-ui\images\progress-bg2.png => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\is1890775716\25843246_Setup.EXE => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\is1890775716\25843246_Setup.EXE.part => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\is1890775716\25843324_Setup.CIS => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\is1890775716\25843324_Setup.CIS.part => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\HP\AtStatus\hpinksts8711lm.log => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\e4jA0F8.tmp_dir1377453767\exe4jlib.jar => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\e4jA0F8.tmp_dir1377453767\i4jdel.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.2.4255.exe => Moved successfully.
C:\Users\Windows\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.2.4291.exe => Moved successfully.
Could not move "C:\Users\Windows\AppData\Local\Temp" directory. => Scheduled to move on reboot.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\pl-PL" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

=========== Result of Scheduled Files to move ===========

"C:\Users\Windows\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
"C:\Users\Windows\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====[/spoiler]

 

SystemLook:

[spoiler]SystemLook 30.07.11 by jpshortstuff
Log created at 15:06 on 06/10/2013 by Windows
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe    --a---- 328704 bytes    [23:19 13/07/2009]    [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe    --a---- 328704 bytes    [23:19 13/07/2009]    [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== dir ==========

C:\Program Files\Windows Defender - Parameters: "(none)"

---Files---
MpAsDesc.dll    --a---- 10752 bytes    [23:53 13/07/2009]    [01:41 14/07/2009]
MpClient.dll    --a---- 571904 bytes    [15:45 10/07/2013]    [05:50 27/05/2013]
MpCmdRun.exe    --a---- 190976 bytes    [23:53 13/07/2009]    [01:39 14/07/2009]
MpCommu.dll    --a---- 314880 bytes    [15:45 10/07/2013]    [05:50 27/05/2013]
MpEvMsg.dll    --a---- 52224 bytes    [23:53 13/07/2009]    [01:29 14/07/2009]
MpOAV.dll    --a---- 52224 bytes    [23:53 13/07/2009]    [01:41 14/07/2009]
MpRTP.dll    --a---- 200192 bytes    [23:53 13/07/2009]    [01:41 14/07/2009]
MpSvc.dll    --a---- 1011712 bytes    [15:45 10/07/2013]    [05:50 27/05/2013]
MSASCui.exe    --a---- 961024 bytes    [23:53 13/07/2009]    [01:39 14/07/2009]
MsMpCom.dll    --a---- 60928 bytes    [20:29 30/12/2011]    [04:27 20/11/2010]
MsMpLics.dll    --a---- 4608 bytes    [23:53 13/07/2009]    [01:29 14/07/2009]
MsMpRes.dll    --a---- 487936 bytes    [23:53 13/07/2009]    [01:41 14/07/2009]

---Folders---
pl-PL    d-a----    [17:55 14/07/2009]

-= EOF =-[/spoiler]

Natsuki Kuga
komentarz
komentarz

1. W pasek wyszukiwania wpisz cmd > PPM na pozycję > Uruchom jako Administrator > w otwartym oknie wpisz:

netsh winsock reset

Enter, restart systemu.

2. Do OTL wklej:


:Files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Wykonaj skrypt, pokaż raport.

3. Pokaż nowe logi z OTL i FRST.

 

maryjanek
komentarz
komentarz

FRST:

[spoiler]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Windows (administrator) on WIN-KOMPUTER on 09-10-2013 15:33:04
Running from C:\Users\Windows\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Ellora Assets Corp.) D:\Programy\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes Corporation) D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6952480 2008-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-12-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BCSSync] - D:\Programy\Microsoft Office 2010\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKCU\...\Run: [360Amigo] - D:\Programy\360Amigo\360Amigo.exe [5156128 2013-02-12] (360Amigo)
MountPoints2: {3abd42a5-fd9d-11e1-a1bc-a89d472b46d9} - G:\RunGame.exe
MountPoints2: {630560cf-90a0-11e2-b595-c26708e558b1} - F:\Startme.exe
MountPoints2: {dd9348c9-3199-11e1-9a10-806e6f6e6963} - E:\setup.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default
FF user.js: detected! => C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\user.js
FF Homepage: www.google.pl/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - D:\Programy\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - D:\Programy\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - D:\Programy\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - D:\Programy\Adobe Reader X\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Windows\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: translator - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
FF Extension: No Name - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\ypbnexiu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - D:\Programy\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 FreemakeVideoCapture; D:\Programy\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-07] (Ellora Assets Corp.)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-01-30] ()
R2 MBAMScheduler; D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programy\Microsoft Office 2010\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-12] (DT Soft Ltd)
S3 gdrv; C:\Windows\gdrv.sys [23080 2012-01-21] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [23080 2012-01-21] (Windows (R) Server 2003 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ALSysIO; \??\C:\Users\Windows\AppData\Local\Temp\ALSysIO64.sys [x]
S3 NPF; system32\drivers\NPF.sys [x]
S3 NVENETFD; system32\DRIVERS\nvmfdx64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S0 PxHelp20; system32\DRIVERS\PxHelp20.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-09 15:28 - 2013-10-09 15:28 - 00042538 _____ C:\Users\Windows\Desktop\Extras.Txt
2013-10-09 15:26 - 2013-10-09 15:26 - 00099312 _____ C:\Users\Windows\Desktop\OTL.Txt
2013-10-09 15:12 - 2013-10-09 15:11 - 00000440 _____ C:\Users\Windows\Desktop\10092013_151148.log
2013-10-05 11:33 - 2013-10-06 15:03 - 00000000 ____D C:\FRST
2013-10-05 11:30 - 2013-10-05 11:31 - 01954124 _____ (Farbar) C:\Users\Windows\Desktop\FRST64.exe
2013-10-05 11:06 - 2013-10-05 11:06 - 00000000 ____D C:\_OTL
2013-10-03 14:48 - 2013-10-03 14:48 - 00000000 ____D C:\Users\Windows\AppData\Roaming\AVG2014
2013-10-03 14:44 - 2013-10-03 14:47 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-03 14:44 - 2013-10-03 14:44 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-03 14:22 - 2013-10-03 14:48 - 00000000 ____D C:\Users\Windows\AppData\Local\Avg2014
2013-09-30 19:30 - 2013-09-30 19:30 - 00602112 _____ (OldTimer Tools) C:\Users\Windows\Desktop\OTL.exe
2013-09-30 16:27 - 2013-09-30 17:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-30 16:05 - 2013-10-07 21:31 - 00000686 _____ C:\Users\Windows\Desktop\assas.txt
2013-09-21 19:07 - 2013-09-21 19:07 - 00000000 ____D C:\Windows\Sun
2013-09-12 17:11 - 2013-09-12 17:11 - 00000000 ____D C:\Windows\rescache
2013-09-12 14:14 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 14:14 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 14:14 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 14:14 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 14:14 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 14:14 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 14:14 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 14:14 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 14:14 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 14:14 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 14:14 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 14:14 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 14:14 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 14:14 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 15:05 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 15:04 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 15:04 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 15:04 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 15:04 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 15:04 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 15:04 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 15:04 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 15:04 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 15:04 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 15:04 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 15:04 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 15:04 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 15:04 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 15:04 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 15:04 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 15:04 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 15:04 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 15:04 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 15:04 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 15:04 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 15:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:04 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 15:04 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 15:04 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 15:04 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 14:47 - 2013-10-06 15:02 - 00008826 _____ C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

2013-10-09 15:28 - 2013-10-09 15:28 - 00042538 _____ C:\Users\Windows\Desktop\Extras.Txt
2013-10-09 15:27 - 2011-12-28 23:46 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2FAC6E8-D6C9-4122-A3A0-500676F0CA09}
2013-10-09 15:26 - 2013-10-09 15:26 - 00099312 _____ C:\Users\Windows\Desktop\OTL.Txt
2013-10-09 15:16 - 2009-07-14 06:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 15:16 - 2009-07-14 06:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 15:11 - 2013-10-09 15:12 - 00000440 _____ C:\Users\Windows\Desktop\10092013_151148.log
2013-10-09 15:09 - 2013-08-20 10:11 - 00004200 _____ C:\Windows\setupact.log
2013-10-09 15:09 - 2011-12-29 12:39 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-09 15:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 14:52 - 2012-11-28 21:46 - 00000000 ____D C:\ProgramData\MFAData
2013-10-08 21:57 - 2013-02-12 17:42 - 00000000 ____D C:\Users\Windows\AppData\Roaming\GG
2013-10-07 21:31 - 2013-09-30 16:05 - 00000686 _____ C:\Users\Windows\Desktop\assas.txt
2013-10-06 20:00 - 2013-02-12 17:58 - 00000000 ____D C:\Users\Windows\AppData\Roaming\AIMP3
2013-10-06 15:03 - 2013-10-05 11:33 - 00000000 ____D C:\FRST
2013-10-06 15:02 - 2013-09-11 14:47 - 00008826 _____ C:\Windows\PFRO.log
2013-10-06 15:00 - 2011-12-28 23:30 - 00000000 ____D C:\Users\Windows
2013-10-05 21:54 - 2013-07-20 10:49 - 01178624 ___SH C:\Users\Windows\Desktop\Thumbs.db
2013-10-05 11:31 - 2013-10-05 11:30 - 01954124 _____ (Farbar) C:\Users\Windows\Desktop\FRST64.exe
2013-10-05 11:06 - 2013-10-05 11:06 - 00000000 ____D C:\_OTL
2013-10-04 19:24 - 2012-01-02 17:14 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Azureus
2013-10-03 14:48 - 2013-10-03 14:48 - 00000000 ____D C:\Users\Windows\AppData\Roaming\AVG2014
2013-10-03 14:48 - 2013-10-03 14:22 - 00000000 ____D C:\Users\Windows\AppData\Local\Avg2014
2013-10-03 14:48 - 2012-12-26 20:46 - 00000000 ___HD C:\$AVG
2013-10-03 14:47 - 2013-10-03 14:44 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-03 14:47 - 2012-12-26 20:46 - 00000000 ____D C:\ProgramData\AVG2013
2013-10-03 14:44 - 2013-10-03 14:44 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-30 19:30 - 2013-09-30 19:30 - 00602112 _____ (OldTimer Tools) C:\Users\Windows\Desktop\OTL.exe
2013-09-30 19:23 - 2012-08-25 11:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-30 19:23 - 2011-12-28 23:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-30 17:26 - 2009-07-14 19:55 - 00737730 _____ C:\Windows\system32\perfh015.dat
2013-09-30 17:26 - 2009-07-14 19:55 - 00154418 _____ C:\Windows\system32\perfc015.dat
2013-09-30 17:26 - 2009-07-14 07:13 - 01662192 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 17:23 - 2011-12-28 23:32 - 00000000 ___RD C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-30 17:21 - 2013-09-30 16:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-30 16:19 - 2011-12-28 23:24 - 01843651 _____ C:\Windows\WindowsUpdate.log
2013-09-21 19:07 - 2013-09-21 19:07 - 00000000 ____D C:\Windows\Sun
2013-09-21 18:40 - 2012-09-14 13:48 - 00000000 ____D C:\ProgramData\Origin
2013-09-19 18:30 - 2012-09-14 13:52 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Origin
2013-09-19 14:22 - 2012-01-04 21:39 - 00000000 ____D C:\Users\Windows\AppData\Local\Mozilla
2013-09-12 17:11 - 2013-09-12 17:11 - 00000000 ____D C:\Windows\rescache
2013-09-12 16:36 - 2011-12-28 23:32 - 00000000 ___RD C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 16:35 - 2009-07-14 06:45 - 00417696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 14:17 - 2012-01-05 16:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 14:14 - 2013-07-12 12:06 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 14:10 - 2011-12-31 13:17 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 17:10 - 2013-08-25 22:18 - 00018934 _____ C:\Windows\DirectX.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 16:59

==================== End Of Log ============================[/spoiler]

 

OTL (10092013_151148):

[spoiler]========== FILES ==========
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 10092013_151148

[/spoiler]

 

OTL:

[spoiler]OTL logfile created on: 2013-10-09 15:13:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,74% Memory free
4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 2,13 Gb Free Space | 6,11% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 32,71 Gb Free Space | 82,66% Space Free | Partition Type: NTFS
 
Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013-09-30 19:30:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
PRC - [2013-09-30 19:23:28 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013-09-22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013-09-18 21:35:50 | 000,274,840 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe
PRC - [2013-09-15 23:12:16 | 004,851,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013-09-03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-02-07 19:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- D:\Programy\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-12-03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2009-10-09 20:19:12 | 001,622,016 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2009-08-19 09:55:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013-09-30 19:23:28 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013-09-18 21:35:50 | 003,279,768 | ---- | M] () -- D:\Programy\Mozilla Firefox\mozjs.dll
MOD - [2009-10-06 09:35:32 | 000,901,120 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-09-22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013-09-03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programy\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-02-07 19:08:46 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- D:\Programy\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013-02-04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-12-03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-09-20 14:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programy\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012-01-30 22:56:34 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-08-19 09:55:28 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009-08-19 09:55:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013-09-08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2013-09-02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2013-09-02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:[b]64bit:[/b] - [2013-09-02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2013-09-02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2013-08-20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2013-08-01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2013-08-01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:[b]64bit:[/b] - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2013-03-19 18:17:54 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:[b]64bit:[/b] - [2013-03-19 18:17:54 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:[b]64bit:[/b] - [2013-02-12 17:34:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2013-01-27 15:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012-08-23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012-07-03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-12-01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:[b]64bit:[/b] - [2011-12-01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 03:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2010-08-12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:[b]64bit:[/b] - [2010-02-25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2009-09-15 12:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008-07-29 05:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2012-01-21 16:38:29 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl/firefox"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Programy\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: D:\Programy\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Programy\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programy\Adobe Reader X\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Windows\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: D:\Programy\Mozilla Firefox\components [2013-09-18 21:35:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2013-09-18 21:35:44 | 000,000,000 | ---D | M]
 
[2012-04-10 11:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions
[2013-09-26 21:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\ypbnexiu.default\extensions
[2013-01-27 22:31:37 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\translator@zoli.bod.xpi
[2013-09-14 23:49:43 | 000,316,800 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013-07-31 21:43:10 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\firefox\profiles\ypbnexiu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [BCSSync] D:\Programy\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1000..\Run: [360Amigo] D:\Programy\360Amigo\360Amigo.exe (360Amigo)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3579618863-3005018423-1962738702-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:[b]64bit:[/b] - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Wyślij &do programu OneNote - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programy\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1B85D3-3C4B-44AD-AE06-DFD20B981DAD}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programy\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3abd42a5-fd9d-11e1-a1bc-a89d472b46d9}\Shell - "" = AutoRun
O33 - MountPoints2\{3abd42a5-fd9d-11e1-a1bc-a89d472b46d9}\Shell\AutoRun\command - "" = G:\RunGame.exe
O33 - MountPoints2\{630560cf-90a0-11e2-b595-c26708e558b1}\Shell - "" = AutoRun
O33 - MountPoints2\{630560cf-90a0-11e2-b595-c26708e558b1}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{dd9348c9-3199-11e1-9a10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9348c9-3199-11e1-9a10-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013-10-05 11:33:04 | 000,000,000 | ---D | C] -- C:\FRST
[2013-10-05 11:30:42 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\Windows\Desktop\FRST64.exe
[2013-10-05 11:06:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-10-03 14:48:27 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\AVG2014
[2013-10-03 14:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013-10-03 14:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013-10-03 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Avg2014
[2013-09-30 19:30:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2013-09-30 16:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013-09-21 19:07:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013-09-13 12:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013-09-12 17:11:01 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2013-09-12 14:14:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-09-12 14:14:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-09-12 14:14:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-09-12 14:14:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-09-12 14:14:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-09-12 14:14:55 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013-09-12 14:14:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013-09-12 14:14:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-09-12 14:14:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-09-12 14:14:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-09-12 14:14:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-09-12 14:14:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-09-12 14:14:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-09-12 14:14:52 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-09-12 14:14:51 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-09-11 15:05:00 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013-09-11 15:04:57 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-09-11 15:04:57 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-09-11 15:04:56 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-09-11 15:04:56 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-09-11 15:04:55 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013-09-11 15:04:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013-09-11 15:04:55 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-09-11 15:04:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013-09-11 15:04:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013-09-11 15:04:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-09-11 15:04:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013-09-11 15:04:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013-09-11 15:04:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013-09-11 15:04:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-09-11 15:04:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013-09-11 15:04:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 15:04:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 15:04:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 15:04:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 15:04:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-09-11 15:04:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 15:04:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 15:04:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 15:04:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 15:04:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 15:04:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 15:04:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-09-11 15:04:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-09-11 15:04:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013-09-11 15:04:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013-09-11 15:04:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 15:04:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 15:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 15:04:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 15:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 15:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013-09-11 15:04:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013-09-11 15:04:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-09-11 15:04:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013-10-09 15:16:38 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-10-09 15:16:38 | 000,017,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-10-09 15:08:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-10-07 21:42:10 | 008,108,325 | ---- | M] () -- C:\Users\Windows\Desktop\eXelent-Ciuszki (V-Project Remix).mp3
[2013-10-05 13:50:16 | 004,405,445 | ---- | M] () -- C:\Users\Windows\Desktop\Lolita Jolie - Moi Lolita.mp3
[2013-10-05 13:49:26 | 005,001,029 | ---- | M] () -- C:\Users\Windows\Desktop\Darius & Finlay ft. Mr Shammi-Summer is here.mp3
[2013-10-05 13:47:43 | 004,759,415 | ---- | M] () -- C:\Users\Windows\Desktop\Robert M & Matheo ft. Akon & Tony T & Desa-Famous.mp3
[2013-10-05 13:43:59 | 006,068,933 | ---- | M] () -- C:\Users\Windows\Desktop\Ellie Goulding-Burn (Tiesto Remix).mp3
[2013-10-05 13:41:59 | 003,045,912 | ---- | M] () -- C:\Users\Windows\Desktop\Loona-Caliente (French Version).mp3
[2013-10-05 11:31:24 | 001,954,124 | ---- | M] (Farbar) -- C:\Users\Windows\Desktop\FRST64.exe
[2013-10-01 21:01:16 | 000,287,768 | ---- | M] () -- C:\Users\Windows\Desktop\Magnet 3 Odpowiedzi do ćwiczeń.pdf
[2013-09-30 19:30:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2013-09-30 19:23:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-09-30 19:23:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-09-30 17:26:14 | 001,662,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-09-30 17:26:14 | 000,737,730 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013-09-30 17:26:14 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-09-30 17:26:14 | 000,154,418 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013-09-30 17:26:14 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-09-27 16:48:35 | 008,932,235 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Bobo & Irene Cara-Who a feeling (Bodybangers Mix).mp3
[2013-09-27 16:44:53 | 008,226,444 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark ft. B-Case & U-Jean-House Party.mp3
[2013-09-25 12:19:38 | 004,935,723 | ---- | M] () -- C:\Users\Windows\Desktop\Kase & Wrethov-Break Down.mp3
[2013-09-21 13:18:07 | 008,746,038 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Assad ft. Alain Ramanisum & Willy William-Li Tourner.mp3
[2013-09-19 15:10:34 | 002,761,856 | ---- | M] () -- C:\Users\Windows\Desktop\Solidshark-Move Ya.mp3
[2013-09-19 14:59:20 | 007,700,916 | ---- | M] () -- C:\Users\Windows\Desktop\DJ Bobo ft. Mike Candys-Take Control.mp3
[2013-09-12 16:35:00 | 000,417,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013-10-07 21:37:51 | 008,108,325 | ---- | C] () -- C:\Users\Windows\Desktop\eXelent-Ciuszki (V-Project Remix).mp3
[2013-10-05 13:49:38 | 004,405,445 | ---- | C] () -- C:\Users\Windows\Desktop\Lolita Jolie - Moi Lolita.mp3
[2013-10-05 13:47:42 | 004,759,415 | ---- | C] () -- C:\Users\Windows\Desktop\Robert M & Matheo ft. Akon & Tony T & Desa-Famous.mp3
[2013-10-05 13:47:07 | 005,001,029 | ---- | C] () -- C:\Users\Windows\Desktop\Darius & Finlay ft. Mr Shammi-Summer is here.mp3
[2013-10-05 13:42:08 | 006,068,933 | ---- | C] () -- C:\Users\Windows\Desktop\Ellie Goulding-Burn (Tiesto Remix).mp3
[2013-10-05 13:42:07 | 003,045,912 | ---- | C] () -- C:\Users\Windows\Desktop\Loona-Caliente (French Version).mp3
[2013-10-01 21:01:18 | 000,287,768 | ---- | C] () -- C:\Users\Windows\Desktop\Magnet 3 Odpowiedzi do ćwiczeń.pdf
[2013-09-27 16:47:57 | 008,932,235 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Bobo & Irene Cara-Who a feeling (Bodybangers Mix).mp3
[2013-09-27 16:44:46 | 008,226,444 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Antoine vs Mad Mark ft. B-Case & U-Jean-House Party.mp3
[2013-09-25 12:19:24 | 004,935,723 | ---- | C] () -- C:\Users\Windows\Desktop\Kase & Wrethov-Break Down.mp3
[2013-09-21 13:18:02 | 008,746,038 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Assad ft. Alain Ramanisum & Willy William-Li Tourner.mp3
[2013-09-19 15:10:34 | 002,761,856 | ---- | C] () -- C:\Users\Windows\Desktop\Solidshark-Move Ya.mp3
[2013-09-19 14:59:11 | 007,700,916 | ---- | C] () -- C:\Users\Windows\Desktop\DJ Bobo ft. Mike Candys-Take Control.mp3
[2013-08-19 16:25:30 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2013-01-24 17:05:50 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-01-24 17:05:45 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-01-22 19:51:11 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012-11-23 17:31:30 | 000,007,597 | ---- | C] () -- C:\Users\Windows\AppData\Local\Resmon.ResmonCfg
[2012-11-16 22:35:04 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012-08-14 16:04:18 | 000,000,391 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\burnaware.ini
[2012-07-27 11:13:54 | 000,001,758 | ---- | C] () -- C:\Users\Windows\AppData\Local\recently-used.xbel
[2012-07-01 11:51:01 | 000,000,001 | ---- | C] () -- C:\Users\Windows\AppData\Local\llftool.4.12.agreement
[2012-01-30 22:56:59 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012-01-29 20:10:49 | 000,001,749 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012-01-29 12:13:12 | 000,059,904 | ---- | C] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-29 14:04:08 | 001,637,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-28 23:35:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012-12-09 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-12-09 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012-12-09 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software
[2013-02-12 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\.Torrent Stream
[2013-10-06 20:00:55 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AIMP3
[2012-02-07 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AnvSoft
[2013-10-03 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\AVG2014
[2013-10-04 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Azureus
[2012-05-14 20:36:44 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Canneverbe Limited
[2012-01-14 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ChomikBox
[2012-02-11 11:53:16 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DAEMON Tools Lite
[2012-11-03 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DMCache
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DVDVideoSoft
[2013-01-09 19:20:00 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\FreemakeVideoDownloader
[2011-12-29 18:57:22 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Gadu-Gadu 10
[2013-10-08 21:57:58 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\GG
[2012-05-06 16:49:01 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\gtk-2.0
[2012-01-05 21:00:07 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IObit
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ipla
[2012-12-28 21:21:03 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\IrfanView
[2013-02-07 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Leadertech
[2013-02-17 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Need for Speed World
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Nokia
[2013-02-12 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Notepad++
[2013-02-12 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Orbit
[2013-09-19 18:30:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Origin
[2012-09-28 19:20:19 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\PC Suite
[2013-01-03 19:16:24 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ProgSense
[2012-02-11 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Samsung
[2012-01-04 18:06:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Software Informer
[2012-11-28 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\TuneUp Software
[2012-12-25 20:27:56 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Ubisoft
[2012-08-31 19:00:14 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Unity
[2012-03-14 21:20:13 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\wargaming.net
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

[/spoiler]

 

Extras:

[spoiler]OTL Extras logfile created on: 2013-10-09 15:13:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Windows\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,74% Memory free
4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34,86 Gb Total Space | 2,13 Gb Free Space | 6,11% Space Free | Partition Type: NTFS
Drive D: | 39,57 Gb Total Space | 32,71 Gb Free Space | 82,66% Space Free | Partition Type: NTFS
 
Computer Name: WIN-KOMPUTER | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Programy\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Programy\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{4B1977BE-7B68-458C-9638-03672C1A15A9}" = AVG 2014
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0015-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0016-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0018-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-0019-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001B-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-1000-0000000FF1CE}_Office14.PROPLUS_{329A3D98-9583-4B84-B18B-498E7AB65C43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-002C-0415-1000-0000000FF1CE}_Office14.PROPLUS_{BFEB53FA-3044-47FD-BB50-9DCBBEED79EF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010
"{90140000-0043-0415-1000-0000000FF1CE}_Office14.PROPLUS_{FF5F6090-64DF-4BF6-BADD-71A64FDA70D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-0044-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-006E-0415-1000-0000000FF1CE}_Office14.PROPLUS_{3A96ABFF-5202-47B1-B5A2-DDE76563AF61}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00A1-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90140000-00BA-0415-1000-0000000FF1CE}_Office14.PROPLUS_{E363E2E9-6AE1-4B10-94B6-015819AE201D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAD6E537-3EFC-4ECB-825D-C17094DB5076}" = HP Deskjet 2050 J510 series Podstawowe oprogramowanie urządzenia
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C28192C9-A8B9-40F1-A310-C2B2754D3DD0}" = AVG 2014
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2014
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.66.1
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Pomoc
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Polish
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"360Amigo" = 360Amigo System Speedup Free
"3643efd4" = Contextual Tool Extrafind
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMP3" = AIMP3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps
"Freemake Youtube Mp3 Converter_is1" = Freemake Youtube Mp3 Converter
"IrfanView" = IrfanView (remove only)
"LiveVDO" = LiveVDO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Mozilla Firefox 24.0 (x86 pl)" = Mozilla Firefox 24.0 (x86 pl)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"SopCast" = SopCast 3.5.0
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3579618863-3005018423-1962738702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GG" = GG
"UnityWebPlayer" = Unity Web Player
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2013-10-02 11:32:21 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-02 12:37:08 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-03 08:39:44 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-04 15:52:35 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 24.0.0.5001,
 sygnatura czasowa: 0x522fd228  Nazwa modułu powodującego błąd: NPSWF32_11_8_800_168.dll,
 wersja: 11.8.800.168, sygnatura czasowa: 0x52223de3  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x0033eea2  Identyfikator procesu powodującego błąd: 0xc38  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01cec1238ba14830  Ścieżka aplikacji powodującej błąd:
 D:\Programy\Mozilla Firefox\plugin-container.exe  Ścieżka modułu powodującego błąd:
 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll  Identyfikator raportu:
 836429e0-2d2e-11e3-8674-9d8747d6c8b4
 
Error - 2013-10-05 06:05:16 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-05 15:23:22 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-05 16:05:23 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-06 10:49:28 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-06 11:06:10 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-07 10:43:44 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-08 10:23:33 | Computer Name = Win-Komputer | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2013-10-08 15:14:32 | Computer Name = Win-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 24.0.0.5001,
 sygnatura czasowa: 0x522fd228  Nazwa modułu powodującego błąd: NPSWF32_11_8_800_168.dll,
 wersja: 11.8.800.168, sygnatura czasowa: 0x52223de3  Kod wyjątku: 0xc0000005  Przesunięcie
 błędu: 0x0033eea2  Identyfikator procesu powodującego błąd: 0xc28  Godzina uruchomienia
 aplikacji powodującej błąd: 0x01cec44bca63f9c0  Ścieżka aplikacji powodującej błąd:
 D:\Programy\Mozilla Firefox\plugin-container.exe  Ścieżka modułu powodującego błąd:
 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll  Identyfikator raportu:
 dbfa16b0-304d-11e3-b851-8bf6d50320a9
 
[ System Events ]
Error - 2013-10-09 09:09:36 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi WinPcap Packet Driver (NPF) z powodu następującego
 błędu:   %%2
 
Error - 2013-10-09 09:09:36 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi WinPcap Packet Driver (NPF) z powodu następującego
 błędu:   %%2
 
Error - 2013-10-09 09:09:36 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi WinPcap Packet Driver (NPF) z powodu następującego
 błędu:   %%2
 
Error - 2013-10-09 09:09:36 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi WinPcap Packet Driver (NPF) z powodu następującego
 błędu:   %%2
 
Error - 2013-10-09 09:10:02 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7023
Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie;
 wystąpił następujący błąd:   %%-2147024891
 
Error - 2013-10-09 09:10:02 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów
odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu:   %%-2147024891
 
Error - 2013-10-09 09:10:20 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7023
Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie;
 wystąpił następujący błąd:   %%-2147024891
 
Error - 2013-10-09 09:10:20 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów
odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu:   %%-2147024891
 
Error - 2013-10-09 09:10:37 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów
odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu:   %%-2147024891
 
Error - 2013-10-09 09:10:37 | Computer Name = Win-Komputer | Source = Service Control Manager | ID = 7023
Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie;
 wystąpił następujący błąd:   %%-2147024891
 
 
< End of report >

[/spoiler]

Natsuki Kuga
komentarz
komentarz

Użyj ESET ServicesRepair.

Jak zachowuje się komputer? Jeśli jest już dobrze, to podam kroki końcowe.

maryjanek
komentarz
komentarz

SvcRepair:

[spoiler]Log Opened: 2013-10-12 @ 18:48:54
18:48:54 - -----------------
18:48:54 - | Begin Logging |
18:48:54 - -----------------
18:48:54 - Fix started on a WIN_7 X64 computer
18:48:54 - Prep in progress.  Please Wait.
18:48:56 - Prep complete
18:48:56 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: Nie można odnaleźć określonego pliku.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: Nie można odnaleźć określonego pliku.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: Nie można odnaleźć określonego pliku.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: Nie można odnaleźć określonego pliku.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
18:49:09 - Services Repair Complete.
18:54:29 - Reboot Initiated

[/spoiler]

 

Komputer zachowuje się już normalnie, nie ma żadnych głupich komunikatów, wydaje mi się że jest już ok.

 

Dodam tylko, że AVG ostatnio wykrył mi niby jakieś wirusy i nie wiem co z tym zrobić, po prostu je usunąć czy jak ? Poniżej dodaje screen'a.

Natsuki Kuga
komentarz
komentarz

Dodam tylko, że AVG ostatnio wykrył mi niby jakieś wirusy i nie wiem co z tym zrobić, po prostu je usunąć czy jak ?

 

Widzę, że wykrył je już jakiś czas temu, więc tych plików może już nie być na dysku. Zawsze możesz spróbować je usunąć. Jeśli się da, to zrób to. ;)

 

Kroki końcowe:

 

1. W OTL kliknij Sprzątanie, usuń też resztę narzędzi użytych w temacie

 

2. Opróżnij foldery przywracania systemu: http://www.fixitpc.pl/topic/5-dezynfekcja-kroki-finalizuj%C4%85ce-temat/#entry50

 

To wszystko z mojej strony.

maryjanek
komentarz
komentarz

Dziękuję bardzo za pomoc ;)

  • Dobra wypowiedź 1

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.