Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG still detects IDP.Program.D1B0A5C0


  • This topic is locked This topic is locked
23 replies to this topic

#1 enjoy97

enjoy97

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 16 July 2014 - 01:48 PM

Hi,

 

I write to you with problem of IDP.Program.D1B0A5C0. AVG detecting this since week. I tried delete this, but ineffective.

I'm from Poland and sorry if my english will bad, but I try to write a sentence that you understand.

I don't know how I got this virus.

I hope that you help mi with this problem.

I had not noticed that my computer run slower. Though, yesterday it suspended a several times.

 

Below is the requested log from the sticky post.
DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.60.2
Run by enjoy at 20:09:33 on 2014-07-16
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.2968.1372 [GMT 2:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\schtasks.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\temp\svchost.exe" -o stratum+tcp://p.0839f88ae61efaa3e91fdf5b732b242f.com:3333  -O trponilov.13s:13 --thread-concurrency 8192 -I 12 -w 64
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\enjoy\AppData\Local\GG\Application\gghub.exe
C:\Users\enjoy\AppData\Local\GG\Application\ggapp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\enjoy\AppData\Local\GG\Application\ggdrive\ggdrive.exe
C:\Users\enjoy\AppData\Local\GG\Application\xulrunner\gghub.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisallowCpl = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 31.128.24.2 31.128.0.31
TCP: Interfaces\{BC99F5C1-7DCA-450D-9D06-553B55D2799C} : DHCPNameServer = 31.128.24.2 31.128.0.31
SSODL: WebCheck - <orphaned>
x64-Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
x64-Run: [FingerPrintSoftwareSplashScreen] "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \s
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Notify: ATFUS - <no file>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-17 153368]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-7-10 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-30 238080]
R2 ATService;AuthenTec Fingerprint Service;C:\Windows\System32\ATService.exe [2011-5-31 2715976]
R2 avgfws;Zapora AVG;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-6-17 1417160]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-6-27 3241488]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-6-17 289328]
R2 dtsvc;Data Transfer Service;C:\Windows\System32\DTS.exe [2011-5-31 117760]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2014-6-19 2252600]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-5-31 735616]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2014-6-25 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2014-6-25 35104]
R3 e1yexpress;Sterownik kart Intel(R) Gigabit Network Connection;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 NETw5s64;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2014-2-10 14112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ADMonitor;AD Monitor;C:\Windows\System32\ADMonitor.exe [2011-5-31 130048]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-15 111616]
S3 netw5v64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 64-bitowej;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-13 19456]
S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-9-13 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-13 30208]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-13 1255736]
.
=============== Created Last 30 ================
.
2014-07-14 16:40:41 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-14 16:31:01 98816 ----a-w- C:\Windows\sed.exe
2014-07-14 16:31:01 256000 ----a-w- C:\Windows\PEV.exe
2014-07-14 16:31:01 208896 ----a-w- C:\Windows\MBR.exe
2014-07-13 20:00:08 -------- d-----w- C:\Program Files\Enigma Software Group
2014-07-13 19:59:49 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 19:59:43 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-07-13 19:35:40 -------- d-----w- C:\AdwCleaner
2014-07-10 19:25:56 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-07-10 19:25:50 -------- d-----w- C:\Users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 19:25:49 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2014-07-10 19:25:31 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2014-07-10 13:23:18 -------- d-----w- C:\Users\enjoy\AppData\Local\gtk-2.0
2014-07-10 13:19:26 -------- d-----w- C:\Users\enjoy\.thumbnails
2014-07-10 13:18:08 -------- d-----w- C:\Users\enjoy\AppData\Local\fontconfig
2014-07-10 13:18:03 -------- d-----w- C:\Users\enjoy\.gimp-2.8
2014-07-10 13:18:02 -------- d-----w- C:\Users\enjoy\AppData\Local\gegl-0.2
2014-07-08 17:45:54 -------- d-----w- C:\Program Files\GIMP 2
2014-07-08 17:40:30 -------- d-----w- C:\Users\enjoy\AppData\Roaming\MAGIX
2014-07-08 17:40:19 -------- d-----w- C:\ProgramData\MAGIX
2014-07-08 17:40:18 -------- d-----w- C:\Users\enjoy\AppData\Local\Xara
2014-07-08 17:39:49 -------- d-----w- C:\ProgramData\Xara
2014-07-08 17:39:49 -------- d-----w- C:\Program Files (x86)\Xara
2014-07-08 17:39:49 -------- d-----w- C:\Program Files (x86)\Common Files\Xara Services
2014-07-08 17:39:49 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2014-07-08 17:39:05 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-07-05 21:51:59 -------- d-----w- C:\Users\enjoy\AppData\Local\Adobe
2014-07-05 19:34:21 15584 ----a-w- C:\Users\enjoy\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2014-07-05 19:26:26 -------- d-----w- C:\ProgramData\Codemasters
2014-07-05 19:22:45 17686528 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2014-07-05 19:22:45 1380352 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2014-07-05 19:22:43 -------- d-----w- C:\Program Files (x86)\BRS
2014-07-05 19:22:41 -------- d-----w- C:\Program Files (x86)\OpenAL
2014-07-05 19:17:11 -------- d-----w- C:\Windows\SysWow64\xlive
2014-07-05 19:17:11 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 16:30:17 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2014-07-05 16:30:17 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2014-07-05 16:30:17 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2014-07-05 16:30:17 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2014-07-05 16:30:15 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2014-07-05 16:30:15 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2014-07-05 15:11:03 -------- d-----w- C:\Users\enjoy\AppData\Local\Origin
2014-07-05 15:08:03 -------- d-----w- C:\ProgramData\Electronic Arts
2014-07-05 15:03:43 -------- d--h--w- C:\Users\enjoy\AppData\Roaming\Origin
2014-07-05 15:00:44 -------- d-----w- C:\ProgramData\Origin
2014-06-30 14:42:29 -------- d-----w- C:\Program Files (x86)\FotoCyfra
2014-06-28 19:54:33 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-25 18:27:00 -------- d-----w- C:\AuthLog
2014-06-25 18:26:37 37440 ----a-w- C:\Windows\System32\drivers\psadd.sys
2014-06-25 18:26:27 -------- d-----w- C:\Program Files\Lenovo Fingerprint Software
2014-06-25 18:25:16 -------- d-----w- C:\Users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 18:24:25 -------- d-----w- C:\Users\enjoy\AppData\Local\Broadcom
2014-06-25 18:22:50 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2014-06-25 18:22:50 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2014-06-25 18:22:49 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2014-06-25 18:22:49 21288 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2014-06-25 18:21:22 -------- d-----w- C:\Program Files\ThinkPad
2014-06-25 18:20:08 54824 ----a-w- C:\Windows\System32\drivers\btusbflt.sys
2014-06-25 18:20:04 -------- d-----w- C:\SWTOOLS
2014-06-25 18:14:14 -------- d-----w- C:\Users\enjoy\AppData\Local\ElevatedDiagnostics
2014-06-25 18:11:51 -------- d-----w- C:\Program Files (x86)\LG Electronics
2014-06-25 13:30:38 -------- d-----w- C:\ProgramData\GG
2014-06-22 16:17:37 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2014-06-22 16:17:04 -------- d-----w- C:\Program Files (x86)\Audacity
2014-06-19 12:31:59 -------- d-----w- C:\Users\enjoy\AppData\Roaming\AIMP3
2014-06-19 12:31:57 -------- d-----w- C:\Program Files (x86)\AIMP3
2014-06-19 12:26:39 -------- d-----w- C:\Users\enjoy\AppData\Local\Programs
2014-06-18 16:25:24 -------- d-----w- C:\Program Files (x86)\fotostart
2014-06-18 14:45:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 14:45:33 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-18 14:45:19 -------- d-s---w- C:\Users\enjoy\GG dysk
2014-06-18 14:44:03 -------- d-----w- C:\Users\enjoy\AppData\Roaming\OpenFM
2014-06-18 14:43:28 -------- d-----w- C:\Users\enjoy\AppData\Roaming\GG
2014-06-18 14:43:20 -------- d-----w- C:\Users\enjoy\AppData\Local\GG
2014-06-18 14:43:19 -------- d-----w- C:\Users\enjoy\AppData\Local\OpenFM
2014-06-18 06:59:34 -------- d-----w- C:\Users\enjoy\AppData\Roaming\TS3Client
2014-06-18 06:59:22 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2014-06-18 06:51:33 -------- d-----w- C:\Users\enjoy\AppData\Roaming\AVG2014
2014-06-18 06:49:31 -------- d-----w- C:\Users\enjoy\AppData\Roaming\TuneUp Software
2014-06-18 06:48:00 -------- d-----w- C:\ProgramData\AVG2014
2014-06-18 06:48:00 -------- d-----w- C:\$AVG
2014-06-18 06:44:31 -------- d-----w- C:\Users\enjoy\AppData\Local\MFAData
2014-06-18 06:44:31 -------- d-----w- C:\Users\enjoy\AppData\Local\Avg2014
2014-06-18 06:44:31 -------- d-----w- C:\ProgramData\MFAData
2014-06-18 06:31:29 -------- d-----w- C:\Users\enjoy\AppData\Local\ATI
2014-06-18 06:31:16 -------- d-----w- C:\ProgramData\AMD
2014-06-18 06:31:10 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-06-18 06:31:06 -------- d-----w- C:\Program Files (x86)\AMD APP
2014-06-18 06:30:56 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-06-18 06:30:56 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-06-18 06:29:19 0 ----a-w- C:\Windows\ativpsrm.bin
2014-06-18 06:28:40 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-06-18 06:28:32 -------- d-----w- C:\Program Files\ATI
2014-06-18 06:28:04 -------- d-----w- C:\Program Files\ATI Technologies
2014-06-18 05:40:24 -------- d-----w- C:\Program Files\CONEXANT
2014-06-18 05:28:56 42808 ----a-w- C:\Windows\System32\uxtuneup.dll
2014-06-18 05:28:55 35640 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2014-06-18 05:27:37 40248 ----a-w- C:\Windows\System32\TURegOpt.exe
2014-06-18 05:27:36 29496 ----a-w- C:\Windows\System32\authuitu.dll
2014-06-18 05:27:34 25400 ----a-w- C:\Windows\SysWow64\authuitu.dll
2014-06-18 05:27:07 -------- d-----w- C:\Users\enjoy\AppData\Roaming\AVG
2014-06-18 05:27:07 -------- d-----w- C:\Users\enjoy\AppData\Local\AVG
2014-06-18 05:26:42 -------- d-----w- C:\Program Files (x86)\AVG
2014-06-18 05:25:28 -------- d-----w- C:\ProgramData\AVG
2014-06-18 05:25:18 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-18 05:25:16 -------- d--h--w- C:\ProgramData\Common Files
2014-06-18 05:24:40 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2014-06-18 05:21:14 -------- d-----w- C:\Users\enjoy\AppData\Roaming\Maxthon3
2014-06-18 05:21:02 -------- d-----w- C:\Program Files (x86)\Maxthon
2014-06-17 14:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 14:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 14:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 14:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 14:06:22 242968 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-06-17 14:06:22 153368 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-17 14:06:20 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-06-17 14:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
==================== Find3M  ====================
.
2014-06-05 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2014-06-05 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
.
============= FINISH: 20:10:09,51 ===============

Thanks very much.

enjoy.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:09 PM

Posted 21 July 2014 - 09:12 AM

Hello and Welcome on board enjoy97,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 enjoy97

enjoy97
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 July 2014 - 12:36 PM

Below are logs from FRST.

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by enjoy (administrator) on LAPTOP on 21-07-2014 19:34:30
Running from C:\Users\enjoy\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(Microsoft Corporation) C:\Windows\System32\dllhost.exe




==================== Registry (Whitelisted) ==================


HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
GroupPolicyUsers\S-1-5-21-1556474197-412149889-861348747-1003\User: Group Policy restriction detected <======= ATTENTION


==================== Internet (Whitelisted) ====================


HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 31.128.24.2 31.128.0.31


FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


==================== Services (Whitelisted) =================


S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () [File not signed]
S2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2252600 2014-06-19] (AVG)
S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-06-19] (AVG)


==================== Drivers (Whitelisted) ====================


S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-10] (Disc Soft Ltd)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]


==================== NetSvcs (Whitelisted) ===================




==================== One Month Created Files and Folders ========


2014-07-21 19:30 - 2014-07-21 19:31 - 00011226 _____ () C:\Users\enjoy\Desktop\Addition.txt
2014-07-21 19:29 - 2014-07-21 19:35 - 00007680 _____ () C:\Users\enjoy\Desktop\FRST.txt
2014-07-21 19:29 - 2014-07-21 19:34 - 00000000 ____D () C:\FRST
2014-07-21 19:28 - 2014-07-21 19:28 - 02089984 _____ (Farbar) C:\Users\enjoy\Desktop\FRST64.exe
2014-07-20 15:34 - 2014-07-20 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-07-20 15:34 - 2014-07-20 15:34 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-20 15:34 - 2014-07-20 15:34 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-20 15:33 - 2014-07-20 15:33 - 00000000 ____D () C:\Program Files\Bluestacks
2014-07-20 15:31 - 2014-07-20 15:41 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-20 15:31 - 2014-07-20 15:31 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Bluestacks
2014-07-18 08:36 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-18 08:36 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-18 07:45 - 2014-07-18 07:45 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 07:26 - 2014-07-18 07:26 - 00003109 _____ () C:\Users\enjoy\AppData\Local\recently-used.xbel
2014-07-18 07:16 - 2014-07-18 07:16 - 00000000 ____D () C:\Windows\CheckSur
2014-07-18 07:09 - 2014-07-18 07:10 - 00262948 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-17 20:27 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-17 20:27 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-17 20:27 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-17 20:27 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-17 20:27 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-17 20:27 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-17 20:27 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-17 20:27 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-17 20:27 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-17 20:27 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-17 20:27 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-17 20:27 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-17 20:27 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-17 20:27 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-17 20:27 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-17 20:27 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-17 20:27 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-17 20:27 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-17 20:27 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-17 20:27 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-17 20:27 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-17 20:27 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-17 20:27 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-17 20:27 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-17 20:27 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-17 20:27 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-17 20:27 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-17 20:27 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-17 20:27 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-17 20:27 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-17 20:27 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-17 20:27 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-17 20:27 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-17 20:27 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-17 20:27 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-17 20:27 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-17 20:27 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-17 20:27 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-17 20:27 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-17 20:27 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-17 20:27 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-17 20:27 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-17 20:27 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-17 20:27 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-17 20:27 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-17 20:27 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-17 20:27 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-17 20:27 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-17 20:27 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-17 20:27 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-17 20:27 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-17 20:27 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-17 20:27 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-17 20:27 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-17 20:27 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-17 20:27 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-17 20:27 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-17 20:27 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-17 20:27 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-17 20:27 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-17 20:27 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-17 20:27 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-17 20:22 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-17 20:22 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-17 20:22 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-16 20:10 - 2014-07-16 20:10 - 00018960 ____N () C:\Users\enjoy\Desktop\dds.txt
2014-07-16 20:10 - 2014-07-16 20:10 - 00005125 ____N () C:\Users\enjoy\Desktop\attach.txt
2014-07-16 20:08 - 2014-07-16 20:08 - 00688992 ____R (Swearware) C:\Users\enjoy\Desktop\dds.com
2014-07-14 18:42 - 2014-07-14 18:42 - 00854390 ____N () C:\Users\enjoy\Desktop\SecurityCheck.exe
2014-07-14 18:40 - 2014-07-14 18:40 - 00018468 _____ () C:\ComboFix.txt
2014-07-14 18:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-14 18:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-14 18:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-14 18:30 - 2014-07-14 18:40 - 00000000 ____D () C:\Qoobox
2014-07-14 18:30 - 2014-07-14 18:39 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 18:26 - 2014-07-14 18:26 - 05219590 ____R (Swearware) C:\Users\enjoy\Desktop\ComboFix.exe
2014-07-13 22:00 - 2014-07-13 22:00 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-13 21:59 - 2014-07-13 23:20 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 21:35 - 2014-07-13 21:39 - 00000000 ____D () C:\AdwCleaner
2014-07-13 21:35 - 2014-07-13 21:35 - 01348263 ____N () C:\Users\enjoy\Desktop\AdwCleaner.exe
2014-07-11 00:46 - 2014-07-11 00:46 - 00001411 ____N () C:\Users\enjoy\Desktop\fifa14-www.skidrowcrack.com — skrót.lnk
2014-07-10 21:47 - 2014-07-20 17:03 - 00000000 ____D () C:\Users\enjoy\Documents\FIFA 14
2014-07-10 21:38 - 2014-07-10 21:38 - 00003120 _____ () C:\Windows\System32\Tasks\Origin
2014-07-10 21:26 - 2014-07-10 21:26 - 00001960 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-07-10 21:25 - 2014-07-10 21:28 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:28 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:26 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-10 21:25 - 2014-07-10 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:25 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-10 15:23 - 2014-07-18 07:25 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gtk-2.0
2014-07-10 15:23 - 2014-07-10 16:34 - 00821779 ____N () C:\Users\enjoy\Desktop\Bez nazwy.xcf
2014-07-10 15:19 - 2014-07-10 15:19 - 00000000 ____D () C:\Users\enjoy\.thumbnails
2014-07-10 15:18 - 2014-07-18 07:26 - 00000000 ____D () C:\Users\enjoy\.gimp-2.8
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gegl-0.2
2014-07-09 08:06 - 2014-07-09 08:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-07-08 19:46 - 2014-07-08 19:46 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:46 - 00000886 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-07-08 19:45 - 2014-07-08 19:46 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-08 19:40 - 2014-07-08 19:40 - 00001274 _____ () C:\Users\Public\Desktop\Xara Photo & Graphic Designer 7 SE.lnk
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\MAGIX
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\MAGIX
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ___RD () C:\Users\enjoy\Documents\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\ProgramData\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-07 16:13 - 2014-07-07 16:15 - 00000000 ____D () C:\Users\Jola\AppData\Roaming\TS3Client
2014-07-07 16:12 - 2014-07-07 16:12 - 00000000 ____D () C:\Users\Jola\AppData\Local\Origin
2014-07-07 10:53 - 2014-07-07 10:54 - 04755200 ____N (AVG Technologies) C:\Users\enjoy\Desktop\avg_internet_security_2014.exe
2014-07-07 10:45 - 2014-07-07 10:45 - 00000175 ____N () C:\Users\enjoy\Desktop\license keys avg.txt
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\Documents\Bluetooth Exchange Folder
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\AppData\Local\Broadcom
2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Adobe
2014-07-05 23:50 - 2014-07-06 11:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-05 23:50 - 2014-07-05 23:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-05 23:50 - 2014-07-05 23:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 21:26 - 2014-07-05 22:13 - 00000000 ____D () C:\Users\enjoy\Documents\My Games
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-07-05 21:22 - 2010-07-28 19:10 - 01380352 _____ (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll
2014-07-05 21:22 - 2010-03-01 20:51 - 17686528 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\SysWOW64\mkl_blueripple.dll
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-05 18:30 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-07-05 18:29 - 2014-07-05 21:22 - 00035026 _____ () C:\Windows\DirectX.log
2014-07-05 17:11 - 2014-07-05 17:11 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000524 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-05 17:03 - 2014-07-10 21:38 - 00000000 ___HD () C:\Users\enjoy\AppData\Roaming\Origin
2014-07-05 17:00 - 2014-07-13 19:43 - 00000000 ____D () C:\ProgramData\Origin
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-30 16:42 - 2014-06-30 16:42 - 00001932 _____ () C:\Users\Public\Desktop\Fotocyfra.lnk
2014-06-30 16:42 - 2014-06-30 16:42 - 00000047 _____ () C:\Program Files (x86)\FotoCyfraFotocyfra.url
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotocyfra - odbitki przez Internet
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\Program Files (x86)\FotoCyfra
2014-06-28 21:54 - 2014-06-28 21:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Sun
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-25 20:43 - 2014-06-25 20:44 - 16620032 ____N () C:\Users\enjoy\Desktop\CAM00963.mp4
2014-06-25 20:27 - 2014-06-25 20:27 - 00000000 ____D () C:\AuthLog
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Software
2014-06-25 20:26 - 2009-12-08 15:11 - 00037440 _____ (Lenovo (United States) Inc.) C:\Windows\system32\Drivers\psadd.sys
2014-06-25 20:25 - 2014-06-25 20:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\Documents\Bluetooth Exchange Folder
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Broadcom
2014-06-25 20:22 - 2010-01-15 13:23 - 00132648 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-06-25 20:22 - 2010-01-15 13:23 - 00098344 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-06-25 20:22 - 2010-01-15 13:23 - 00021288 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-06-25 20:22 - 2009-04-07 14:33 - 00035104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2014-06-25 20:21 - 2014-06-25 20:21 - 00000000 ____D () C:\Program Files\ThinkPad
2014-06-25 20:20 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\DIFX
2014-06-25 20:20 - 2014-06-25 20:20 - 00000000 ____D () C:\SWTOOLS
2014-06-25 20:20 - 2010-04-08 23:11 - 00054824 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btusbflt.sys
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-06-25 15:30 - 2014-06-25 15:30 - 00000000 ____D () C:\ProgramData\GG
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 18:17 - 2014-07-07 11:54 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00001017 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Audacity


==================== One Month Modified Files and Folders =======


2014-07-21 19:35 - 2014-07-21 19:29 - 00007680 _____ () C:\Users\enjoy\Desktop\FRST.txt
2014-07-21 19:34 - 2014-07-21 19:29 - 00000000 ____D () C:\FRST
2014-07-21 19:31 - 2014-07-21 19:30 - 00011226 _____ () C:\Users\enjoy\Desktop\Addition.txt
2014-07-21 19:28 - 2014-07-21 19:28 - 02089984 _____ (Farbar) C:\Users\enjoy\Desktop\FRST64.exe
2014-07-21 18:44 - 2014-06-18 07:11 - 01259359 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 18:26 - 2014-06-18 08:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-21 18:09 - 2013-10-09 14:26 - 00039023 _____ () C:\Windows\setupact.log
2014-07-21 18:06 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 18:06 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 18:05 - 2014-06-18 16:43 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\GG
2014-07-21 15:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 17:17 - 2014-06-19 14:31 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\AIMP3
2014-07-20 17:03 - 2014-07-10 21:47 - 00000000 ____D () C:\Users\enjoy\Documents\FIFA 14
2014-07-20 15:41 - 2014-07-20 15:31 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-20 15:34 - 2014-07-20 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-07-20 15:34 - 2014-07-20 15:34 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-20 15:34 - 2014-07-20 15:34 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-07-20 15:34 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-20 15:33 - 2014-07-20 15:33 - 00000000 ____D () C:\Program Files\Bluestacks
2014-07-20 15:31 - 2014-07-20 15:31 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Bluestacks
2014-07-18 08:29 - 2014-06-19 20:31 - 00000640 __RSH () C:\Users\enjoy\ntuser.pol
2014-07-18 08:29 - 2014-06-18 07:16 - 00000000 ____D () C:\Users\enjoy
2014-07-18 08:24 - 2009-07-14 06:45 - 00279888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 08:21 - 2011-04-12 15:32 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-18 07:56 - 2013-09-13 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 07:50 - 2014-01-15 20:19 - 01642212 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-18 07:50 - 2011-04-12 15:21 - 00740446 _____ () C:\Windows\system32\perfh015.dat
2014-07-18 07:50 - 2011-04-12 15:21 - 00155988 _____ () C:\Windows\system32\perfc015.dat
2014-07-18 07:50 - 2009-07-14 07:13 - 01642212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 07:45 - 2014-07-18 07:45 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 07:26 - 2014-07-18 07:26 - 00003109 _____ () C:\Users\enjoy\AppData\Local\recently-used.xbel
2014-07-18 07:26 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\.gimp-2.8
2014-07-18 07:25 - 2014-07-10 15:23 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gtk-2.0
2014-07-18 07:16 - 2014-07-18 07:16 - 00000000 ____D () C:\Windows\CheckSur
2014-07-18 07:10 - 2014-07-18 07:09 - 00262948 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-17 19:55 - 2014-06-18 16:45 - 00000000 ___SD () C:\Users\enjoy\GG dysk
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-16 20:10 - 2014-07-16 20:10 - 00018960 ____N () C:\Users\enjoy\Desktop\dds.txt
2014-07-16 20:10 - 2014-07-16 20:10 - 00005125 ____N () C:\Users\enjoy\Desktop\attach.txt
2014-07-16 20:08 - 2014-07-16 20:08 - 00688992 ____R (Swearware) C:\Users\enjoy\Desktop\dds.com
2014-07-15 21:22 - 2014-06-18 08:59 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\TS3Client
2014-07-14 20:57 - 2013-10-09 14:25 - 00021142 _____ () C:\Windows\PFRO.log
2014-07-14 20:12 - 2014-06-18 16:43 - 00000000 ____D () C:\Users\enjoy\AppData\Local\GG
2014-07-14 18:42 - 2014-07-14 18:42 - 00854390 ____N () C:\Users\enjoy\Desktop\SecurityCheck.exe
2014-07-14 18:40 - 2014-07-14 18:40 - 00018468 _____ () C:\ComboFix.txt
2014-07-14 18:40 - 2014-07-14 18:30 - 00000000 ____D () C:\Qoobox
2014-07-14 18:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-14 18:39 - 2014-07-14 18:30 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 18:38 - 2009-07-14 04:34 - 00000215 ____N () C:\Windows\system.ini
2014-07-14 18:31 - 2010-11-21 04:50 - 00000000 ____D () C:\Users\Administrator
2014-07-14 18:26 - 2014-07-14 18:26 - 05219590 ____R (Swearware) C:\Users\enjoy\Desktop\ComboFix.exe
2014-07-13 23:20 - 2014-07-13 21:59 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 22:00 - 2014-07-13 22:00 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-13 21:39 - 2014-07-13 21:35 - 00000000 ____D () C:\AdwCleaner
2014-07-13 21:35 - 2014-07-13 21:35 - 01348263 ____N () C:\Users\enjoy\Desktop\AdwCleaner.exe
2014-07-13 19:43 - 2014-07-05 17:00 - 00000000 ____D () C:\ProgramData\Origin
2014-07-11 00:46 - 2014-07-11 00:46 - 00001411 ____N () C:\Users\enjoy\Desktop\fifa14-www.skidrowcrack.com — skrót.lnk
2014-07-10 21:38 - 2014-07-10 21:38 - 00003120 _____ () C:\Windows\System32\Tasks\Origin
2014-07-10 21:38 - 2014-07-05 17:03 - 00000000 ___HD () C:\Users\enjoy\AppData\Roaming\Origin
2014-07-10 21:28 - 2014-07-10 21:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 21:28 - 2014-07-10 21:25 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-10 21:26 - 2014-07-10 21:26 - 00001960 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-07-10 21:26 - 2014-07-10 21:25 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-10 21:26 - 2014-07-10 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:25 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-10 16:34 - 2014-07-10 15:23 - 00821779 ____N () C:\Users\enjoy\Desktop\Bez nazwy.xcf
2014-07-10 16:28 - 2014-06-18 07:16 - 00060736 _____ () C:\Users\enjoy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 15:19 - 2014-07-10 15:19 - 00000000 ____D () C:\Users\enjoy\.thumbnails
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gegl-0.2
2014-07-09 08:06 - 2014-07-09 08:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-07-08 19:46 - 2014-07-08 19:46 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:46 - 00000886 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-08 19:40 - 2014-07-08 19:40 - 00001274 _____ () C:\Users\Public\Desktop\Xara Photo & Graphic Designer 7 SE.lnk
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\MAGIX
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\MAGIX
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ___RD () C:\Users\enjoy\Documents\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\ProgramData\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-07 16:15 - 2014-07-07 16:13 - 00000000 ____D () C:\Users\Jola\AppData\Roaming\TS3Client
2014-07-07 16:12 - 2014-07-07 16:12 - 00000000 ____D () C:\Users\Jola\AppData\Local\Origin
2014-07-07 12:13 - 2014-06-18 08:48 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-07 11:54 - 2014-06-22 18:17 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Audacity
2014-07-07 10:54 - 2014-07-07 10:53 - 04755200 ____N (AVG Technologies) C:\Users\enjoy\Desktop\avg_internet_security_2014.exe
2014-07-07 10:45 - 2014-07-07 10:45 - 00000175 ____N () C:\Users\enjoy\Desktop\license keys avg.txt
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\Documents\Bluetooth Exchange Folder
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\AppData\Local\Broadcom
2014-07-06 11:53 - 2014-07-05 23:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-05 23:52 - 2014-07-05 23:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Adobe
2014-07-05 23:51 - 2014-06-18 07:17 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Adobe
2014-07-05 23:50 - 2014-07-05 23:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 22:13 - 2014-07-05 21:26 - 00000000 ____D () C:\Users\enjoy\Documents\My Games
2014-07-05 22:13 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-07-05 21:22 - 2014-07-05 18:29 - 00035026 _____ () C:\Windows\DirectX.log
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-05 21:18 - 2014-07-05 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-05 17:11 - 2014-07-05 17:11 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000524 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-06-18 08:49 - 00001005 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 16:57 - 2014-06-18 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-30 16:42 - 2014-06-30 16:42 - 00001932 _____ () C:\Users\Public\Desktop\Fotocyfra.lnk
2014-06-30 16:42 - 2014-06-30 16:42 - 00000047 _____ () C:\Program Files (x86)\FotoCyfraFotocyfra.url
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotocyfra - odbitki przez Internet
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\Program Files (x86)\FotoCyfra
2014-06-28 21:54 - 2014-06-28 21:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Sun
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-26 17:40 - 2014-01-15 20:16 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-25 20:44 - 2014-06-25 20:43 - 16620032 ____N () C:\Users\enjoy\Desktop\CAM00963.mp4
2014-06-25 20:27 - 2014-06-25 20:27 - 00000000 ____D () C:\AuthLog
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Software
2014-06-25 20:26 - 2014-06-25 20:20 - 00000000 ____D () C:\Program Files\DIFX
2014-06-25 20:26 - 2014-06-18 07:39 - 00013896 _____ () C:\Windows\DPINST.LOG
2014-06-25 20:25 - 2014-06-25 20:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\Documents\Bluetooth Exchange Folder
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Broadcom
2014-06-25 20:22 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 20:21 - 2014-06-25 20:21 - 00000000 ____D () C:\Program Files\ThinkPad
2014-06-25 20:20 - 2014-06-25 20:20 - 00000000 ____D () C:\SWTOOLS
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-06-25 15:30 - 2014-06-25 15:30 - 00000000 ____D () C:\ProgramData\GG
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 18:17 - 2014-06-22 18:17 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00001017 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-21 21:26 - 2014-06-19 20:47 - 00000000 ____D () C:\Users\Jola\AppData\Local\VirtualStore


Files to move or delete:
====================
C:\Users\enjoy\AppData\Roaming\Origin\update.vbe




Some content of TEMP:
====================
C:\Users\enjoy\AppData\Local\Temp\ggdrive-menu.exe
C:\Users\enjoy\AppData\Local\Temp\ggdrive-overlay.exe
C:\Users\enjoy\AppData\Local\Temp\installstats.exe




==================== Bamital & volsnap Check =================


C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2014-06-18 19:41


==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014Ran by enjoy at 2014-07-21 19:35:48
Running from C:\Users\enjoy\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================




==================== Security Center ========================


AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}


==================== Installed Programs ======================


Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1350, 16.06.2014 - AIMP DevTeam)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.489 - AVG)
AVG PC TuneUp 2014 (pl-PL) (x32 Version: 14.0.1001.489 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.489 - AVG) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0429.2313.39747 - Nazwa firmy) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Fotocyfra - odbitki przez Internet - 1.134 (HKLM-x32\...\Fotocyfra - odbitki przez Internet_is1) (Version:  - )
fotostart 3.0 (HKLM-x32\...\fotostart_is1) (Version:  - ISIT)
GG (HKCU\...\GG) (Version: 12 - GG Network S.A.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Mega Codec Pack 10.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.2.50 - AuthenTec, Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.1.2000 - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenFM (HKCU\...\OpenFM) (Version: 2 - GG Network S.A.)
OpenOffice.org 3.4.1 (HKLM-x32\...\{18192D3F-5537-4560-AD89-D695F72AF91D}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Pakiet sterowników systemu Windows - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
Rapture3D 2.4.4 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Setup - FIFA 14 Ultimate Edition ... (HKLM-x32\...\Setup - FIFA 14 Ultimate Edition ...) (Version: ... - Electronic Arts)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.10 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Xara Photo & Graphic Designer 7 SE (HKLM-x32\...\MX.{8D7723BF-7CD9-49D5-BFC6-9D27B6D7C620}) (Version: 7.1.3.30976 - Xara Group Ltd)
Xara Photo & Graphic Designer 7 SE (Version: 7.1.3.30976 - Xara Group Ltd) Hidden


==================== Restore Points  =========================




==================== Hosts content: ==========================


2009-07-14 04:34 - 2014-07-14 18:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============


Task: {23F02CFE-9260-4DB0-A289-A91E6D57D8BC} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-05-14] (Maxthon International ltd.)
Task: {292B32A5-6518-4415-AFA3-9FE6833C87A2} - System32\Tasks\Origin => C:\Users\enjoy\AppData\Roaming\Origin\update.vbe [2014-07-10] () <==== ATTENTION
Task: {6E5EC436-FEFB-431E-AEB8-C770312240CE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-06-19] (AVG)
Task: {78245774-3C23-413E-B39D-CA50A40B23AA} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
Task: {DDDF0516-ED17-42EB-B8FD-7A89B44A7A93} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)


==================== Loaded Modules (whitelisted) =============


2011-05-31 06:29 - 2011-05-31 06:29 - 00117760 _____ () C:\Windows\system32\DTS.exe
2014-06-19 07:28 - 2014-06-19 07:28 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-06-19 07:28 - 2014-06-19 07:28 - 00407864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tuavga.dll
2011-01-24 13:28 - 2011-01-24 13:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-14 20:58 - 2014-07-21 15:43 - 00451086 _____ () C:\Windows\temp\svchost.exe
2013-01-18 13:20 - 2013-01-18 13:20 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-07-14 20:58 - 2014-07-21 15:43 - 00279955 _____ () C:\Windows\temp\libidn-11.dll
2014-07-14 20:58 - 2014-07-21 15:42 - 00113166 _____ () C:\Windows\temp\zlib1.dll
2014-07-14 20:58 - 2014-07-21 15:43 - 00148760 _____ () C:\Windows\temp\libpdcurses.dll
2014-07-14 20:58 - 2014-07-21 15:42 - 00112142 _____ () C:\Windows\temp\libgcc_s_dw2-1.dll
2014-05-28 11:29 - 2014-07-14 20:12 - 03205184 _____ () C:\Users\enjoy\AppData\Local\GG\Application\xulrunner\mozjs.dll
2014-05-28 11:29 - 2014-06-25 15:30 - 00122432 _____ () C:\Users\enjoy\AppData\Local\GG\Application\ggdrive\ZLIB1.dll
2014-05-28 11:29 - 2014-06-25 15:30 - 16361120 _____ () C:\Users\enjoy\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
2014-06-18 07:21 - 2013-11-18 03:18 - 00258944 _____ () C:\Program Files (x86)\Maxthon\bin\Maxzlib.dll
2014-06-18 07:21 - 2013-11-18 03:18 - 00258944 _____ () C:\Program Files (x86)\Maxthon\Bin\maxzlib.dll
2014-06-18 07:21 - 2014-05-29 04:40 - 00247096 _____ () C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll
2014-06-18 07:21 - 2013-11-21 08:37 - 00887064 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libglesv2.dll
2014-06-18 07:21 - 2013-11-21 08:37 - 00109336 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libegl.dll


==================== Safe Mode (whitelisted) ===================


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"


==================== EXE Association (whitelisted) =============




==================== MSCONFIG/TASK MANAGER disabled items =========




==================== Faulty Device Manager Devices =============


Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


Name: Kontroler pamięci PCI
Description: Kontroler pamięci PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: Kontroler PCI Simple Communications
Description: Kontroler PCI Simple Communications
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: Port szeregowy PCI
Description: Port szeregowy PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.




==================== Event log errors: =========================


Application errors:
==================
Error: (07/21/2014 07:33:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (07/21/2014 06:04:53 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: ATI EEU initialization of PX failed


Error: (07/21/2014 03:40:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (07/21/2014 03:39:19 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: ATI EEU initialization of PX failed


Error: (07/20/2014 05:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: fifa14-www.skidrowcrack.com.exe, wersja: 1.2.0.0, sygnatura czasowa: 0x03f40040
Nazwa modułu powodującego błąd: fifa14-www.skidrowcrack.com.exe, wersja: 1.2.0.0, sygnatura czasowa: 0x03f40040
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0358737c
Identyfikator procesu powodującego błąd: 0x1efc
Godzina uruchomienia aplikacji powodującej błąd: 0xfifa14-www.skidrowcrack.com.exe0
Ścieżka aplikacji powodującej błąd: fifa14-www.skidrowcrack.com.exe1
Ścieżka modułu powodującego błąd: fifa14-www.skidrowcrack.com.exe2
Identyfikator raportu: fifa14-www.skidrowcrack.com.exe3


Error: (07/20/2014 01:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (07/20/2014 01:46:15 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: ATI EEU initialization of PX failed


Error: (07/20/2014 01:22:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: fifa14-www.skidrowcrack.com.exe, wersja: 1.2.0.0, sygnatura czasowa: 0x03f40040
Nazwa modułu powodującego błąd: fifa14-www.skidrowcrack.com.exe, wersja: 1.2.0.0, sygnatura czasowa: 0x03f40040
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0358737c
Identyfikator procesu powodującego błąd: 0xc54
Godzina uruchomienia aplikacji powodującej błąd: 0xfifa14-www.skidrowcrack.com.exe0
Ścieżka aplikacji powodującej błąd: fifa14-www.skidrowcrack.com.exe1
Ścieżka modułu powodującego błąd: fifa14-www.skidrowcrack.com.exe2
Identyfikator raportu: fifa14-www.skidrowcrack.com.exe3


Error: (07/20/2014 00:18:34 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: ATI EEU initialization of PX failed


Error: (07/20/2014 11:29:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003




System errors:
=============
Error: (07/21/2014 07:34:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068


Error: (07/21/2014 07:34:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068


Error: (07/21/2014 07:34:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068


Error: (07/21/2014 07:34:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068


Error: (07/21/2014 07:34:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068


Error: (07/21/2014 07:34:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068


Error: (07/21/2014 07:34:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068


Error: (07/21/2014 07:34:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068


Error: (07/21/2014 07:34:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068


Error: (07/21/2014 07:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: 
%%1068




Microsoft Office Sessions:
=========================
Error: (07/21/2014 07:33:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (07/21/2014 06:04:53 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: 


Error: (07/21/2014 03:40:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (07/21/2014 03:39:19 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: 


Error: (07/20/2014 05:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fifa14-www.skidrowcrack.com.exe1.2.0.003f40040fifa14-www.skidrowcrack.com.exe1.2.0.003f40040c00000050358737c1efc01cfa42192320260D:\GRY\FIFA 14 Ultimate Edition\Game\fifa14-www.skidrowcrack.com.exeD:\GRY\FIFA 14 Ultimate Edition\Game\fifa14-www.skidrowcrack.com.exee4e6678d-101f-11e4-8cfc-00234dfe179f


Error: (07/20/2014 01:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (07/20/2014 01:46:15 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: 


Error: (07/20/2014 01:22:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fifa14-www.skidrowcrack.com.exe1.2.0.003f40040fifa14-www.skidrowcrack.com.exe1.2.0.003f40040c00000050358737cc5401cfa40092e4e2acD:\GRY\FIFA 14 Ultimate Edition\Game\fifa14-www.skidrowcrack.com.exeD:\GRY\FIFA 14 Ultimate Edition\Game\fifa14-www.skidrowcrack.com.exe2d813245-1000-11e4-a1f7-00234dfe179f


Error: (07/20/2014 00:18:34 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: 


Error: (07/20/2014 11:29:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003




CodeIntegrity Errors:
===================================
  Date: 2014-07-14 18:37:42.100
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2014-07-14 18:37:42.053
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.




==================== Memory info =========================== 


Percentage of memory in use: 42%
Total physical RAM: 2968.01 MB
Available physical RAM: 1697.12 MB
Total Pagefile: 5934.2 MB
Available Pagefile: 4670.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:55.88 GB) (Free:27.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:93.16 GB) (Free:71.89 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: DB98DB98)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=93 GB) - (Type=07 NTFS)


==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:09 PM

Posted 21 July 2014 - 01:30 PM

Boot Mode: Safe Mode (with Networking)

Why are you in Safe Mode?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 enjoy97

enjoy97
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 July 2014 - 02:19 PM

" If you booted into safe mode on your computer then print my instructions! "

 

I think I don't understand.

 

Now I create a new logs in a normal mode.


Edited by enjoy97, 21 July 2014 - 02:23 PM.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:09 PM

Posted 21 July 2014 - 02:24 PM

Yeah, there is an "If...." :P

Yes , please do the steps in normal mode.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 enjoy97

enjoy97
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 July 2014 - 02:29 PM

Sorry, it's my bad. :P 

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by enjoy (administrator) on LAPTOP on 21-07-2014 21:26:42
Running from C:\Users\enjoy\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(GG Network S.A.) C:\Users\enjoy\AppData\Local\GG\Application\gghub.exe
(GG Network S.A.) C:\Users\enjoy\AppData\Local\GG\Application\ggapp.exe
(Electronic Arts) D:\GRY\FIFA 14 Ultimate Edition\Game\fifa14-www.skidrowcrack.com.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(GG Network S.A.) C:\Users\enjoy\AppData\Local\GG\Application\ggdrive\ggdrive.exe
(GG Network S.A.) C:\Users\enjoy\AppData\Local\GG\Application\xulrunner\gghub.exe
() C:\Windows\temp\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
GroupPolicyUsers\S-1-5-21-1556474197-412149889-861348747-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 31.128.24.2 31.128.0.31

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () [File not signed]
R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2252600 2014-06-19] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-06-19] (AVG)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-10] (Disc Soft Ltd)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 21:21 - 2014-07-21 21:21 - 00000000 ____D () C:\Users\enjoy\Desktop\FRST-OlderVersion
2014-07-21 20:39 - 2014-07-21 20:39 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-21 19:30 - 2014-07-21 21:25 - 00025280 _____ () C:\Users\enjoy\Desktop\Addition.txt
2014-07-21 19:29 - 2014-07-21 21:27 - 00009553 _____ () C:\Users\enjoy\Desktop\FRST.txt
2014-07-21 19:29 - 2014-07-21 21:26 - 00000000 ____D () C:\FRST
2014-07-21 19:28 - 2014-07-21 21:21 - 02090496 _____ (Farbar) C:\Users\enjoy\Desktop\FRST64.exe
2014-07-20 15:33 - 2014-07-20 15:33 - 00000000 ____D () C:\Program Files\Bluestacks
2014-07-20 15:31 - 2014-07-20 15:41 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-18 08:36 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-18 08:36 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-18 07:45 - 2014-07-18 07:45 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 07:26 - 2014-07-18 07:26 - 00003109 _____ () C:\Users\enjoy\AppData\Local\recently-used.xbel
2014-07-18 07:16 - 2014-07-18 07:16 - 00000000 ____D () C:\Windows\CheckSur
2014-07-18 07:09 - 2014-07-18 07:10 - 00262948 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-17 20:27 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-17 20:27 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-17 20:27 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-17 20:27 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-17 20:27 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-17 20:27 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-17 20:27 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-17 20:27 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-17 20:27 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-17 20:27 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-17 20:27 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-17 20:27 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-17 20:27 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-17 20:27 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-17 20:27 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-17 20:27 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-17 20:27 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-17 20:27 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-17 20:27 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-17 20:27 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-17 20:27 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-17 20:27 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-17 20:27 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-17 20:27 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-17 20:27 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-17 20:27 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-17 20:27 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-17 20:27 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-17 20:27 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-17 20:27 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-17 20:27 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-17 20:27 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-17 20:27 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-17 20:27 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-17 20:27 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-17 20:27 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-17 20:27 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-17 20:27 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-17 20:27 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-17 20:27 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-17 20:27 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-17 20:27 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-17 20:27 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-17 20:27 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-17 20:27 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-17 20:27 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-17 20:27 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-17 20:27 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-17 20:27 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-17 20:27 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-17 20:27 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-17 20:27 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-17 20:27 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-17 20:27 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-17 20:27 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-17 20:27 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-17 20:27 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-17 20:27 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-17 20:27 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-17 20:27 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-17 20:27 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-17 20:27 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-17 20:22 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-17 20:22 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-17 20:22 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-16 20:10 - 2014-07-16 20:10 - 00018960 ____N () C:\Users\enjoy\Desktop\dds.txt
2014-07-16 20:10 - 2014-07-16 20:10 - 00005125 ____N () C:\Users\enjoy\Desktop\attach.txt
2014-07-16 20:08 - 2014-07-16 20:08 - 00688992 ____R (Swearware) C:\Users\enjoy\Desktop\dds.com
2014-07-14 18:42 - 2014-07-14 18:42 - 00854390 ____N () C:\Users\enjoy\Desktop\SecurityCheck.exe
2014-07-14 18:40 - 2014-07-14 18:40 - 00018468 _____ () C:\ComboFix.txt
2014-07-14 18:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-14 18:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-14 18:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-14 18:30 - 2014-07-14 18:40 - 00000000 ____D () C:\Qoobox
2014-07-14 18:30 - 2014-07-14 18:39 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 18:26 - 2014-07-14 18:26 - 05219590 ____R (Swearware) C:\Users\enjoy\Desktop\ComboFix.exe
2014-07-13 22:00 - 2014-07-13 22:00 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-13 21:59 - 2014-07-13 23:20 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 21:35 - 2014-07-13 21:39 - 00000000 ____D () C:\AdwCleaner
2014-07-13 21:35 - 2014-07-13 21:35 - 01348263 ____N () C:\Users\enjoy\Desktop\AdwCleaner.exe
2014-07-11 00:46 - 2014-07-11 00:46 - 00001411 ____N () C:\Users\enjoy\Desktop\fifa14-www.skidrowcrack.com — skrót.lnk
2014-07-10 21:47 - 2014-07-21 21:18 - 00000000 ____D () C:\Users\enjoy\Documents\FIFA 14
2014-07-10 21:38 - 2014-07-10 21:38 - 00003120 _____ () C:\Windows\System32\Tasks\Origin
2014-07-10 21:26 - 2014-07-10 21:26 - 00001960 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-07-10 21:25 - 2014-07-10 21:28 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:28 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:26 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-10 21:25 - 2014-07-10 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:25 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-10 15:23 - 2014-07-18 07:25 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gtk-2.0
2014-07-10 15:23 - 2014-07-10 16:34 - 00821779 ____N () C:\Users\enjoy\Desktop\Bez nazwy.xcf
2014-07-10 15:19 - 2014-07-10 15:19 - 00000000 ____D () C:\Users\enjoy\.thumbnails
2014-07-10 15:18 - 2014-07-18 07:26 - 00000000 ____D () C:\Users\enjoy\.gimp-2.8
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gegl-0.2
2014-07-09 08:06 - 2014-07-09 08:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-07-08 19:46 - 2014-07-08 19:46 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:46 - 00000886 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-07-08 19:45 - 2014-07-08 19:46 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-08 19:40 - 2014-07-08 19:40 - 00001274 _____ () C:\Users\Public\Desktop\Xara Photo & Graphic Designer 7 SE.lnk
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\MAGIX
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\MAGIX
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ___RD () C:\Users\enjoy\Documents\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\ProgramData\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-07 16:13 - 2014-07-07 16:15 - 00000000 ____D () C:\Users\Jola\AppData\Roaming\TS3Client
2014-07-07 16:12 - 2014-07-07 16:12 - 00000000 ____D () C:\Users\Jola\AppData\Local\Origin
2014-07-07 10:53 - 2014-07-07 10:54 - 04755200 ____N (AVG Technologies) C:\Users\enjoy\Desktop\avg_internet_security_2014.exe
2014-07-07 10:45 - 2014-07-07 10:45 - 00000175 ____N () C:\Users\enjoy\Desktop\license keys avg.txt
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\Documents\Bluetooth Exchange Folder
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\AppData\Local\Broadcom
2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Adobe
2014-07-05 23:50 - 2014-07-06 11:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-05 23:50 - 2014-07-05 23:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-05 23:50 - 2014-07-05 23:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 21:26 - 2014-07-05 22:13 - 00000000 ____D () C:\Users\enjoy\Documents\My Games
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-07-05 21:22 - 2010-07-28 19:10 - 01380352 _____ (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll
2014-07-05 21:22 - 2010-03-01 20:51 - 17686528 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\SysWOW64\mkl_blueripple.dll
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-05 18:30 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-07-05 18:29 - 2014-07-05 21:22 - 00035026 _____ () C:\Windows\DirectX.log
2014-07-05 17:11 - 2014-07-05 17:11 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000524 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-05 17:03 - 2014-07-10 21:38 - 00000000 ___HD () C:\Users\enjoy\AppData\Roaming\Origin
2014-07-05 17:00 - 2014-07-13 19:43 - 00000000 ____D () C:\ProgramData\Origin
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-30 16:42 - 2014-06-30 16:42 - 00001932 _____ () C:\Users\Public\Desktop\Fotocyfra.lnk
2014-06-30 16:42 - 2014-06-30 16:42 - 00000047 _____ () C:\Program Files (x86)\FotoCyfraFotocyfra.url
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotocyfra - odbitki przez Internet
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\Program Files (x86)\FotoCyfra
2014-06-28 21:54 - 2014-06-28 21:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Sun
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-25 20:43 - 2014-06-25 20:44 - 16620032 ____N () C:\Users\enjoy\Desktop\CAM00963.mp4
2014-06-25 20:27 - 2014-06-25 20:27 - 00000000 ____D () C:\AuthLog
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Software
2014-06-25 20:26 - 2009-12-08 15:11 - 00037440 _____ (Lenovo (United States) Inc.) C:\Windows\system32\Drivers\psadd.sys
2014-06-25 20:25 - 2014-06-25 20:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\Documents\Bluetooth Exchange Folder
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Broadcom
2014-06-25 20:22 - 2010-01-15 13:23 - 00132648 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-06-25 20:22 - 2010-01-15 13:23 - 00098344 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-06-25 20:22 - 2010-01-15 13:23 - 00021288 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-06-25 20:22 - 2009-04-07 14:33 - 00035104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2014-06-25 20:21 - 2014-06-25 20:21 - 00000000 ____D () C:\Program Files\ThinkPad
2014-06-25 20:20 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\DIFX
2014-06-25 20:20 - 2014-06-25 20:20 - 00000000 ____D () C:\SWTOOLS
2014-06-25 20:20 - 2010-04-08 23:11 - 00054824 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btusbflt.sys
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-06-25 15:30 - 2014-06-25 15:30 - 00000000 ____D () C:\ProgramData\GG
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 18:17 - 2014-07-07 11:54 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00001017 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Audacity

==================== One Month Modified Files and Folders =======

2014-07-21 21:27 - 2014-07-21 19:29 - 00009553 _____ () C:\Users\enjoy\Desktop\FRST.txt
2014-07-21 21:26 - 2014-07-21 19:29 - 00000000 ____D () C:\FRST
2014-07-21 21:25 - 2014-07-21 19:30 - 00025280 _____ () C:\Users\enjoy\Desktop\Addition.txt
2014-07-21 21:21 - 2014-07-21 21:21 - 00000000 ____D () C:\Users\enjoy\Desktop\FRST-OlderVersion
2014-07-21 21:21 - 2014-07-21 19:28 - 02090496 _____ (Farbar) C:\Users\enjoy\Desktop\FRST64.exe
2014-07-21 21:18 - 2014-07-10 21:47 - 00000000 ____D () C:\Users\enjoy\Documents\FIFA 14
2014-07-21 20:40 - 2013-10-09 14:26 - 00039247 _____ () C:\Windows\setupact.log
2014-07-21 20:39 - 2014-07-21 20:39 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-21 20:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-21 20:28 - 2014-06-19 14:31 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\AIMP3
2014-07-21 20:20 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 20:20 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 20:16 - 2014-06-18 07:11 - 01266898 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 20:14 - 2014-06-18 16:43 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\GG
2014-07-21 20:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 18:26 - 2014-06-18 08:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-20 15:41 - 2014-07-20 15:31 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-20 15:33 - 2014-07-20 15:33 - 00000000 ____D () C:\Program Files\Bluestacks
2014-07-18 08:29 - 2014-06-19 20:31 - 00000640 __RSH () C:\Users\enjoy\ntuser.pol
2014-07-18 08:29 - 2014-06-18 07:16 - 00000000 ____D () C:\Users\enjoy
2014-07-18 08:24 - 2009-07-14 06:45 - 00279888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 08:21 - 2011-04-12 15:32 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-18 07:56 - 2013-09-13 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 07:50 - 2014-01-15 20:19 - 01642212 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-18 07:50 - 2011-04-12 15:21 - 00740446 _____ () C:\Windows\system32\perfh015.dat
2014-07-18 07:50 - 2011-04-12 15:21 - 00155988 _____ () C:\Windows\system32\perfc015.dat
2014-07-18 07:50 - 2009-07-14 07:13 - 01642212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 07:45 - 2014-07-18 07:45 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 07:26 - 2014-07-18 07:26 - 00003109 _____ () C:\Users\enjoy\AppData\Local\recently-used.xbel
2014-07-18 07:26 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\.gimp-2.8
2014-07-18 07:25 - 2014-07-10 15:23 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gtk-2.0
2014-07-18 07:16 - 2014-07-18 07:16 - 00000000 ____D () C:\Windows\CheckSur
2014-07-18 07:10 - 2014-07-18 07:09 - 00262948 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-17 19:55 - 2014-06-18 16:45 - 00000000 ___SD () C:\Users\enjoy\GG dysk
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-16 20:10 - 2014-07-16 20:10 - 00018960 ____N () C:\Users\enjoy\Desktop\dds.txt
2014-07-16 20:10 - 2014-07-16 20:10 - 00005125 ____N () C:\Users\enjoy\Desktop\attach.txt
2014-07-16 20:08 - 2014-07-16 20:08 - 00688992 ____R (Swearware) C:\Users\enjoy\Desktop\dds.com
2014-07-15 21:22 - 2014-06-18 08:59 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\TS3Client
2014-07-14 20:57 - 2013-10-09 14:25 - 00021142 _____ () C:\Windows\PFRO.log
2014-07-14 20:12 - 2014-06-18 16:43 - 00000000 ____D () C:\Users\enjoy\AppData\Local\GG
2014-07-14 18:42 - 2014-07-14 18:42 - 00854390 ____N () C:\Users\enjoy\Desktop\SecurityCheck.exe
2014-07-14 18:40 - 2014-07-14 18:40 - 00018468 _____ () C:\ComboFix.txt
2014-07-14 18:40 - 2014-07-14 18:30 - 00000000 ____D () C:\Qoobox
2014-07-14 18:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-14 18:39 - 2014-07-14 18:30 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 18:38 - 2009-07-14 04:34 - 00000215 ____N () C:\Windows\system.ini
2014-07-14 18:31 - 2010-11-21 04:50 - 00000000 ____D () C:\Users\Administrator
2014-07-14 18:26 - 2014-07-14 18:26 - 05219590 ____R (Swearware) C:\Users\enjoy\Desktop\ComboFix.exe
2014-07-13 23:20 - 2014-07-13 21:59 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 22:00 - 2014-07-13 22:00 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-13 21:39 - 2014-07-13 21:35 - 00000000 ____D () C:\AdwCleaner
2014-07-13 21:35 - 2014-07-13 21:35 - 01348263 ____N () C:\Users\enjoy\Desktop\AdwCleaner.exe
2014-07-13 19:43 - 2014-07-05 17:00 - 00000000 ____D () C:\ProgramData\Origin
2014-07-11 00:46 - 2014-07-11 00:46 - 00001411 ____N () C:\Users\enjoy\Desktop\fifa14-www.skidrowcrack.com — skrót.lnk
2014-07-10 21:38 - 2014-07-10 21:38 - 00003120 _____ () C:\Windows\System32\Tasks\Origin
2014-07-10 21:38 - 2014-07-05 17:03 - 00000000 ___HD () C:\Users\enjoy\AppData\Roaming\Origin
2014-07-10 21:28 - 2014-07-10 21:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 21:28 - 2014-07-10 21:25 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-10 21:26 - 2014-07-10 21:26 - 00001960 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-07-10 21:26 - 2014-07-10 21:25 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-10 21:26 - 2014-07-10 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:25 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-10 16:34 - 2014-07-10 15:23 - 00821779 ____N () C:\Users\enjoy\Desktop\Bez nazwy.xcf
2014-07-10 16:28 - 2014-06-18 07:16 - 00060736 _____ () C:\Users\enjoy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 15:19 - 2014-07-10 15:19 - 00000000 ____D () C:\Users\enjoy\.thumbnails
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gegl-0.2
2014-07-09 08:06 - 2014-07-09 08:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-07-08 19:46 - 2014-07-08 19:46 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:46 - 00000886 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-08 19:40 - 2014-07-08 19:40 - 00001274 _____ () C:\Users\Public\Desktop\Xara Photo & Graphic Designer 7 SE.lnk
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\MAGIX
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\MAGIX
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ___RD () C:\Users\enjoy\Documents\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\ProgramData\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-07 16:15 - 2014-07-07 16:13 - 00000000 ____D () C:\Users\Jola\AppData\Roaming\TS3Client
2014-07-07 16:12 - 2014-07-07 16:12 - 00000000 ____D () C:\Users\Jola\AppData\Local\Origin
2014-07-07 12:13 - 2014-06-18 08:48 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-07 11:54 - 2014-06-22 18:17 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Audacity
2014-07-07 10:54 - 2014-07-07 10:53 - 04755200 ____N (AVG Technologies) C:\Users\enjoy\Desktop\avg_internet_security_2014.exe
2014-07-07 10:45 - 2014-07-07 10:45 - 00000175 ____N () C:\Users\enjoy\Desktop\license keys avg.txt
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\Documents\Bluetooth Exchange Folder
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\AppData\Local\Broadcom
2014-07-06 11:53 - 2014-07-05 23:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-05 23:52 - 2014-07-05 23:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Adobe
2014-07-05 23:51 - 2014-06-18 07:17 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Adobe
2014-07-05 23:50 - 2014-07-05 23:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 22:13 - 2014-07-05 21:26 - 00000000 ____D () C:\Users\enjoy\Documents\My Games
2014-07-05 22:13 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-07-05 21:22 - 2014-07-05 18:29 - 00035026 _____ () C:\Windows\DirectX.log
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-05 21:18 - 2014-07-05 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-05 17:11 - 2014-07-05 17:11 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000524 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-06-18 08:49 - 00001005 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 16:57 - 2014-06-18 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-30 16:42 - 2014-06-30 16:42 - 00001932 _____ () C:\Users\Public\Desktop\Fotocyfra.lnk
2014-06-30 16:42 - 2014-06-30 16:42 - 00000047 _____ () C:\Program Files (x86)\FotoCyfraFotocyfra.url
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotocyfra - odbitki przez Internet
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\Program Files (x86)\FotoCyfra
2014-06-28 21:54 - 2014-06-28 21:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Sun
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-26 17:40 - 2014-01-15 20:16 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-25 20:44 - 2014-06-25 20:43 - 16620032 ____N () C:\Users\enjoy\Desktop\CAM00963.mp4
2014-06-25 20:27 - 2014-06-25 20:27 - 00000000 ____D () C:\AuthLog
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Software
2014-06-25 20:26 - 2014-06-25 20:20 - 00000000 ____D () C:\Program Files\DIFX
2014-06-25 20:26 - 2014-06-18 07:39 - 00013896 _____ () C:\Windows\DPINST.LOG
2014-06-25 20:25 - 2014-06-25 20:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\Documents\Bluetooth Exchange Folder
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Broadcom
2014-06-25 20:22 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 20:21 - 2014-06-25 20:21 - 00000000 ____D () C:\Program Files\ThinkPad
2014-06-25 20:20 - 2014-06-25 20:20 - 00000000 ____D () C:\SWTOOLS
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-06-25 15:30 - 2014-06-25 15:30 - 00000000 ____D () C:\ProgramData\GG
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 18:17 - 2014-06-22 18:17 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00001017 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-21 21:26 - 2014-06-19 20:47 - 00000000 ____D () C:\Users\Jola\AppData\Local\VirtualStore

Files to move or delete:
====================
C:\Users\enjoy\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\enjoy\AppData\Local\Temp\ggdrive-menu.exe
C:\Users\enjoy\AppData\Local\Temp\ggdrive-overlay.exe
C:\Users\enjoy\AppData\Local\Temp\installstats.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 19:41

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by enjoy at 2014-07-21 21:28:06
Running from C:\Users\enjoy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1350, 16.06.2014 - AIMP DevTeam)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.489 - AVG)
AVG PC TuneUp 2014 (pl-PL) (x32 Version: 14.0.1001.489 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.489 - AVG) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0429.2313.39747 - Nazwa firmy) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Fotocyfra - odbitki przez Internet - 1.134 (HKLM-x32\...\Fotocyfra - odbitki przez Internet_is1) (Version:  - )
fotostart 3.0 (HKLM-x32\...\fotostart_is1) (Version:  - ISIT)
GG (HKCU\...\GG) (Version: 12 - GG Network S.A.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Mega Codec Pack 10.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.2.50 - AuthenTec, Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.1.2000 - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenFM (HKCU\...\OpenFM) (Version: 2 - GG Network S.A.)
OpenOffice.org 3.4.1 (HKLM-x32\...\{18192D3F-5537-4560-AD89-D695F72AF91D}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Pakiet sterowników systemu Windows - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
Rapture3D 2.4.4 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Setup - FIFA 14 Ultimate Edition ... (HKLM-x32\...\Setup - FIFA 14 Ultimate Edition ...) (Version: ... - Electronic Arts)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.10 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Xara Photo & Graphic Designer 7 SE (HKLM-x32\...\MX.{8D7723BF-7CD9-49D5-BFC6-9D27B6D7C620}) (Version: 7.1.3.30976 - Xara Group Ltd)
Xara Photo & Graphic Designer 7 SE (Version: 7.1.3.30976 - Xara Group Ltd) Hidden

==================== Restore Points  =========================

21-07-2014 18:35:18 Removed BlueStacks Notification Center

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-07-14 18:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {23F02CFE-9260-4DB0-A289-A91E6D57D8BC} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-05-14] (Maxthon International ltd.)
Task: {292B32A5-6518-4415-AFA3-9FE6833C87A2} - System32\Tasks\Origin => C:\Users\enjoy\AppData\Roaming\Origin\update.vbe [2014-07-10] () <==== ATTENTION
Task: {6E5EC436-FEFB-431E-AEB8-C770312240CE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-06-19] (AVG)
Task: {78245774-3C23-413E-B39D-CA50A40B23AA} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
Task: {DDDF0516-ED17-42EB-B8FD-7A89B44A7A93} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)

==================== Loaded Modules (whitelisted) =============

2011-05-31 06:29 - 2011-05-31 06:29 - 00117760 _____ () C:\Windows\system32\DTS.exe
2011-01-24 13:28 - 2011-01-24 13:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2014-06-19 07:28 - 2014-06-19 07:28 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-06-19 07:28 - 2014-06-19 07:28 - 00407864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tuavga.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-14 20:58 - 2014-07-21 20:15 - 00451086 _____ () C:\Windows\temp\svchost.exe
2013-01-18 13:20 - 2013-01-18 13:20 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-05-28 11:29 - 2014-07-14 20:12 - 03205184 _____ () C:\Users\enjoy\AppData\Local\GG\Application\xulrunner\mozjs.dll
2014-05-28 11:29 - 2014-06-25 15:30 - 00122432 _____ () C:\Users\enjoy\AppData\Local\GG\Application\ggdrive\ZLIB1.dll
2014-05-28 11:29 - 2014-06-25 15:30 - 16361120 _____ () C:\Users\enjoy\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
2014-07-14 20:58 - 2014-07-21 20:15 - 00279955 _____ () C:\Windows\temp\libidn-11.dll
2014-07-14 20:58 - 2014-07-21 20:15 - 00113166 _____ () C:\Windows\temp\zlib1.dll
2014-07-14 20:58 - 2014-07-21 20:15 - 00148760 _____ () C:\Windows\temp\libpdcurses.dll
2014-07-14 20:58 - 2014-07-21 20:15 - 00112142 _____ () C:\Windows\temp\libgcc_s_dw2-1.dll
2014-06-19 14:31 - 2014-06-19 14:31 - 00505344 _____ () C:\Program Files (x86)\AIMP3\Sqlite3.dll
2014-06-19 14:31 - 2014-06-19 14:31 - 00218112 _____ () C:\Program Files (x86)\AIMP3\libsoxr.dll
2014-06-19 14:31 - 2014-06-19 14:31 - 00220672 _____ () C:\Program Files (x86)\AIMP3\Modules\MACDll.dll
2014-06-19 14:31 - 2014-06-19 14:31 - 00294400 _____ () C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll
2014-06-19 14:31 - 2014-06-19 14:31 - 01733120 _____ () C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll
2014-06-19 14:31 - 2014-06-19 14:31 - 00072136 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll
2014-06-19 14:31 - 2014-06-19 14:31 - 00026624 _____ () C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp
2014-06-19 14:31 - 2014-06-19 14:31 - 00237568 _____ () C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll
2014-06-19 14:31 - 2014-06-19 14:31 - 00141768 _____ () C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll
2014-06-18 07:21 - 2013-11-18 03:18 - 00258944 _____ () C:\Program Files (x86)\Maxthon\bin\Maxzlib.dll
2014-06-18 07:21 - 2013-11-18 03:18 - 00258944 _____ () C:\Program Files (x86)\Maxthon\Bin\maxzlib.dll
2014-06-18 07:21 - 2014-05-29 04:40 - 00247096 _____ () C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll
2014-06-18 07:21 - 2013-11-21 08:37 - 00887064 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libglesv2.dll
2014-06-18 07:21 - 2013-11-21 08:37 - 00109336 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libegl.dll
2014-06-18 07:21 - 2014-05-29 04:40 - 04055504 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\pdf.dll
2014-06-18 07:21 - 2014-05-29 04:40 - 16361136 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\Npplugins\NPSWF32_13_0_0_214.dll
2014-06-18 07:21 - 2013-11-21 08:37 - 02128152 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\ffmpegsumo.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Zewnętrzne urządzenie Bluetooth
Description: Zewnętrzne urządzenie Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Kontroler pamięci PCI
Description: Kontroler pamięci PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Kontroler PCI Simple Communications
Description: Kontroler PCI Simple Communications
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Port szeregowy PCI
Description: Port szeregowy PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 08:40:11 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: ATI EEU initialization of PX failed

Error: (07/21/2014 08:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 08:14:39 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Nie można uruchomić usługi. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   w BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   w System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/21/2014 08:10:31 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: ATI EEU initialization of PX failed

Error: (07/21/2014 07:46:10 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Nie można uruchomić usługi. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   w BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   w System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/21/2014 07:42:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 07:40:20 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: ATI EEU initialization of PX failed

Error: (07/21/2014 07:33:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 06:04:53 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: ATI EEU initialization of PX failed

Error: (07/21/2014 03:40:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/21/2014 08:38:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa BlueStacks Updater Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (07/21/2014 08:14:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa BlueStacks Android Service zakończyła działanie; wystąpił następujący błąd: 
%%1064

Error: (07/21/2014 08:13:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Usługa Udostępnianie połączenia internetowego (ICS) zawiesiła się podczas uruchamiania.

Error: (07/21/2014 08:13:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Usługa BlueStacks Android Service zawiesiła się podczas uruchamiania.

Error: (07/21/2014 08:11:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Cobian Backup 11 wywoływacz Volume Shadow Copy z powodu następującego błędu: 
%%1053

Error: (07/21/2014 08:11:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Cobian Backup 11 wywoływacz Volume Shadow Copy.

Error: (07/21/2014 08:10:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 20:08:41 na ‎2014-‎07-‎21 było nieoczekiwane.

Error: (07/21/2014 07:46:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa BlueStacks Android Service zakończyła działanie; wystąpił następujący błąd: 
%%1064

Error: (07/21/2014 07:43:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Usługa BlueStacks Android Service zawiesiła się podczas uruchamiania.

Error: (07/21/2014 07:41:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Cobian Backup 11 wywoływacz Volume Shadow Copy z powodu następującego błędu: 
%%1053


Microsoft Office Sessions:
=========================
Error: (07/21/2014 08:40:11 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: 

Error: (07/21/2014 08:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 08:14:39 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Nie można uruchomić usługi. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   w BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   w System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/21/2014 08:10:31 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: 

Error: (07/21/2014 07:46:10 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Nie można uruchomić usługi. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   w BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   w System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/21/2014 07:42:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 07:40:20 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: 

Error: (07/21/2014 07:33:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 06:04:53 PM) (Source: ATIeRecord) (EventID: 16397) (User: )
Description: 

Error: (07/21/2014 03:40:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-07-14 18:37:42.100
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-14 18:37:42.053
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 64%
Total physical RAM: 2968.01 MB
Available physical RAM: 1056.44 MB
Total Pagefile: 5934.2 MB
Available Pagefile: 3081.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.88 GB) (Free:27.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:93.16 GB) (Free:71.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: DB98DB98)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=93 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:09 PM

Posted 21 July 2014 - 02:29 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 enjoy97

enjoy97
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 July 2014 - 03:38 PM

AdwCleaner

# AdwCleaner v3.216 - Log utworzony 21/07/2014 o 21:46:51
# Aktualizacja 17/07/2014 przez Xplode
# System operacyjny : Windows 7 Professional Service Pack 1 (64 bits)
# Użytkownik : enjoy - LAPTOP
# Ścieżka : C:\Users\enjoy\Desktop\AdwCleaner.exe
# Opcja : Usuń

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****


***** [ Skróty ] *****


***** [ Rejestr ] *****


***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v11.0.9600.17207


*************************

AdwCleaner[R0].txt - [701 octets] - [13/07/2014 21:35:43]
AdwCleaner[R1].txt - [767 octets] - [21/07/2014 21:41:46]
AdwCleaner[S0].txt - [756 octets] - [13/07/2014 21:39:30]
AdwCleaner[S1].txt - [686 octets] - [21/07/2014 21:46:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [745 octets] ##########

MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014-07-21
Scan Time: 22:00:59
Logfile: mbam scan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.21.08
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: enjoy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352238
Time Elapsed: 12 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.Agent.Gen, C:\Windows\temp\svchost.exe, 5044, Delete-on-Reboot, [bae7e5bb077443f3def6993d10f352ae]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Malware.Trace, HKU\S-1-5-21-1556474197-412149889-861348747-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, @biocpl.dll,-1, Quarantined, [b5eca1ff1c5fc76f38edafae60a3817f]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Agent.Gen, C:\Windows\temp\svchost.exe, Delete-on-Reboot, [bae7e5bb077443f3def6993d10f352ae], 
Trojan.BitcoinMiner, C:\Windows\temp\scrypt140121.cl, Quarantined, [524f8f11611a0234ee742ad79371cc34], 

Physical Sectors: 0
(No malicious items detected)


(end)

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by enjoy on 2014-07-21 at 22:25:41,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-07-21 at 22:34:21,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by enjoy (administrator) on LAPTOP on 21-07-2014 22:34:52
Running from C:\Users\enjoy\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
GroupPolicyUsers\S-1-5-21-1556474197-412149889-861348747-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 31.128.24.2 31.128.0.31

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () [File not signed]
R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2252600 2014-06-19] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-06-19] (AVG)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-10] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 22:34 - 2014-07-21 22:34 - 00000625 _____ () C:\Users\enjoy\Desktop\JRT.txt
2014-07-21 22:25 - 2014-07-21 22:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 22:23 - 2014-07-21 22:23 - 01016261 _____ (Thisisu) C:\Users\enjoy\Desktop\JRT.exe
2014-07-21 22:20 - 2014-07-21 22:20 - 00001528 _____ () C:\Users\enjoy\Desktop\mbam scan.txt
2014-07-21 21:58 - 2014-07-21 21:58 - 00000062 _____ () C:\Users\enjoy\Desktop\MALWAREBYTES ANTI-MALWARE 2.0.2 (WSZYSTKIE WERSJE) KEY+ID!.txt
2014-07-21 21:56 - 2014-07-21 22:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 21:56 - 2014-07-21 21:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 21:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 21:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 21:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-21 21:54 - 2014-07-21 21:54 - 00000824 _____ () C:\Users\enjoy\Desktop\adw.txt
2014-07-21 21:41 - 2014-07-21 21:41 - 01354223 _____ () C:\Users\enjoy\Desktop\AdwCleaner.exe
2014-07-21 20:39 - 2014-07-21 20:39 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-21 19:29 - 2014-07-21 22:35 - 00010028 _____ () C:\Users\enjoy\Desktop\FRST.txt
2014-07-21 19:29 - 2014-07-21 22:34 - 00000000 ____D () C:\FRST
2014-07-21 19:28 - 2014-07-21 21:21 - 02090496 _____ (Farbar) C:\Users\enjoy\Desktop\FRST64.exe
2014-07-20 15:33 - 2014-07-20 15:33 - 00000000 ____D () C:\Program Files\Bluestacks
2014-07-20 15:31 - 2014-07-20 15:41 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-18 08:36 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-18 08:36 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-18 07:45 - 2014-07-18 07:45 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 07:26 - 2014-07-18 07:26 - 00003109 _____ () C:\Users\enjoy\AppData\Local\recently-used.xbel
2014-07-18 07:16 - 2014-07-18 07:16 - 00000000 ____D () C:\Windows\CheckSur
2014-07-18 07:09 - 2014-07-18 07:10 - 00262948 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-17 20:27 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-17 20:27 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-17 20:27 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-17 20:27 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-17 20:27 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-17 20:27 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-17 20:27 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-17 20:27 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-17 20:27 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-17 20:27 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-17 20:27 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-17 20:27 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-17 20:27 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-17 20:27 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-17 20:27 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-17 20:27 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-17 20:27 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-17 20:27 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-17 20:27 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-17 20:27 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-17 20:27 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-17 20:27 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-17 20:27 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-17 20:27 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-17 20:27 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-17 20:27 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-17 20:27 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-17 20:27 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-17 20:27 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-17 20:27 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-17 20:27 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-17 20:27 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-17 20:27 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-17 20:27 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-17 20:27 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-17 20:27 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-17 20:27 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-17 20:27 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-17 20:27 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-17 20:27 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-17 20:27 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-17 20:27 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-17 20:27 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-17 20:27 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-17 20:27 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-17 20:27 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-17 20:27 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-17 20:27 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-17 20:27 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-17 20:27 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-17 20:27 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-17 20:27 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-17 20:27 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-17 20:27 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-17 20:27 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-17 20:27 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-17 20:27 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-17 20:27 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-17 20:27 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-17 20:27 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-17 20:27 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-17 20:27 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-17 20:22 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-17 20:22 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-17 20:22 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-16 20:10 - 2014-07-16 20:10 - 00018960 ____N () C:\Users\enjoy\Desktop\dds.txt
2014-07-16 20:10 - 2014-07-16 20:10 - 00005125 ____N () C:\Users\enjoy\Desktop\attach.txt
2014-07-16 20:08 - 2014-07-16 20:08 - 00688992 ____R (Swearware) C:\Users\enjoy\Desktop\dds.com
2014-07-14 18:42 - 2014-07-14 18:42 - 00854390 ____N () C:\Users\enjoy\Desktop\SecurityCheck.exe
2014-07-14 18:40 - 2014-07-14 18:40 - 00018468 _____ () C:\ComboFix.txt
2014-07-14 18:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-14 18:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-14 18:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-14 18:30 - 2014-07-14 18:40 - 00000000 ____D () C:\Qoobox
2014-07-14 18:30 - 2014-07-14 18:39 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 18:26 - 2014-07-14 18:26 - 05219590 ____R (Swearware) C:\Users\enjoy\Desktop\ComboFix.exe
2014-07-13 22:00 - 2014-07-13 22:00 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-13 21:59 - 2014-07-13 23:20 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 21:35 - 2014-07-21 21:46 - 00000000 ____D () C:\AdwCleaner
2014-07-11 00:46 - 2014-07-11 00:46 - 00001411 ____N () C:\Users\enjoy\Desktop\fifa14-www.skidrowcrack.com — skrót.lnk
2014-07-10 21:47 - 2014-07-21 21:46 - 00000000 ____D () C:\Users\enjoy\Documents\FIFA 14
2014-07-10 21:38 - 2014-07-10 21:38 - 00003120 _____ () C:\Windows\System32\Tasks\Origin
2014-07-10 21:26 - 2014-07-10 21:26 - 00001960 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-07-10 21:25 - 2014-07-10 21:28 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:28 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:26 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-10 21:25 - 2014-07-10 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:25 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-10 15:23 - 2014-07-18 07:25 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gtk-2.0
2014-07-10 15:23 - 2014-07-10 16:34 - 00821779 ____N () C:\Users\enjoy\Desktop\Bez nazwy.xcf
2014-07-10 15:19 - 2014-07-10 15:19 - 00000000 ____D () C:\Users\enjoy\.thumbnails
2014-07-10 15:18 - 2014-07-18 07:26 - 00000000 ____D () C:\Users\enjoy\.gimp-2.8
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gegl-0.2
2014-07-09 08:06 - 2014-07-09 08:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-07-08 19:46 - 2014-07-08 19:46 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:46 - 00000886 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-07-08 19:45 - 2014-07-08 19:46 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-08 19:40 - 2014-07-08 19:40 - 00001274 _____ () C:\Users\Public\Desktop\Xara Photo & Graphic Designer 7 SE.lnk
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\MAGIX
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\MAGIX
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ___RD () C:\Users\enjoy\Documents\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\ProgramData\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-07 16:13 - 2014-07-07 16:15 - 00000000 ____D () C:\Users\Jola\AppData\Roaming\TS3Client
2014-07-07 16:12 - 2014-07-07 16:12 - 00000000 ____D () C:\Users\Jola\AppData\Local\Origin
2014-07-07 10:53 - 2014-07-07 10:54 - 04755200 ____N (AVG Technologies) C:\Users\enjoy\Desktop\avg_internet_security_2014.exe
2014-07-07 10:45 - 2014-07-07 10:45 - 00000175 ____N () C:\Users\enjoy\Desktop\license keys avg.txt
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\Documents\Bluetooth Exchange Folder
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\AppData\Local\Broadcom
2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Adobe
2014-07-05 23:50 - 2014-07-06 11:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-05 23:50 - 2014-07-05 23:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-05 23:50 - 2014-07-05 23:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 21:26 - 2014-07-05 22:13 - 00000000 ____D () C:\Users\enjoy\Documents\My Games
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-07-05 21:22 - 2010-07-28 19:10 - 01380352 _____ (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll
2014-07-05 21:22 - 2010-03-01 20:51 - 17686528 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\SysWOW64\mkl_blueripple.dll
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-05 18:30 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-07-05 18:29 - 2014-07-05 21:22 - 00035026 _____ () C:\Windows\DirectX.log
2014-07-05 17:11 - 2014-07-05 17:11 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000524 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-05 17:03 - 2014-07-10 21:38 - 00000000 ___HD () C:\Users\enjoy\AppData\Roaming\Origin
2014-07-05 17:00 - 2014-07-13 19:43 - 00000000 ____D () C:\ProgramData\Origin
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-30 16:42 - 2014-06-30 16:42 - 00001932 _____ () C:\Users\Public\Desktop\Fotocyfra.lnk
2014-06-30 16:42 - 2014-06-30 16:42 - 00000047 _____ () C:\Program Files (x86)\FotoCyfraFotocyfra.url
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotocyfra - odbitki przez Internet
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\Program Files (x86)\FotoCyfra
2014-06-28 21:54 - 2014-06-28 21:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Sun
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-25 20:43 - 2014-06-25 20:44 - 16620032 ____N () C:\Users\enjoy\Desktop\CAM00963.mp4
2014-06-25 20:27 - 2014-06-25 20:27 - 00000000 ____D () C:\AuthLog
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Software
2014-06-25 20:26 - 2009-12-08 15:11 - 00037440 _____ (Lenovo (United States) Inc.) C:\Windows\system32\Drivers\psadd.sys
2014-06-25 20:25 - 2014-06-25 20:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\Documents\Bluetooth Exchange Folder
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Broadcom
2014-06-25 20:22 - 2010-01-15 13:23 - 00132648 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-06-25 20:22 - 2010-01-15 13:23 - 00098344 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-06-25 20:22 - 2010-01-15 13:23 - 00021288 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-06-25 20:22 - 2009-04-07 14:33 - 00035104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2014-06-25 20:21 - 2014-06-25 20:21 - 00000000 ____D () C:\Program Files\ThinkPad
2014-06-25 20:20 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\DIFX
2014-06-25 20:20 - 2014-06-25 20:20 - 00000000 ____D () C:\SWTOOLS
2014-06-25 20:20 - 2010-04-08 23:11 - 00054824 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btusbflt.sys
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-06-25 15:30 - 2014-06-25 15:30 - 00000000 ____D () C:\ProgramData\GG
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 18:17 - 2014-07-07 11:54 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00001017 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Audacity

==================== One Month Modified Files and Folders =======

2014-07-21 22:35 - 2014-07-21 19:29 - 00010028 _____ () C:\Users\enjoy\Desktop\FRST.txt
2014-07-21 22:34 - 2014-07-21 22:34 - 00000625 _____ () C:\Users\enjoy\Desktop\JRT.txt
2014-07-21 22:34 - 2014-07-21 19:29 - 00000000 ____D () C:\FRST
2014-07-21 22:25 - 2014-07-21 22:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 22:25 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 22:25 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 22:23 - 2014-07-21 22:23 - 01016261 _____ (Thisisu) C:\Users\enjoy\Desktop\JRT.exe
2014-07-21 22:21 - 2014-06-18 07:11 - 01282614 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 22:20 - 2014-07-21 22:20 - 00001528 _____ () C:\Users\enjoy\Desktop\mbam scan.txt
2014-07-21 22:19 - 2014-07-21 21:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 22:16 - 2013-10-09 14:26 - 00039359 _____ () C:\Windows\setupact.log
2014-07-21 22:16 - 2013-10-09 14:25 - 00021962 _____ () C:\Windows\PFRO.log
2014-07-21 22:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 22:14 - 2014-06-18 16:43 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\GG
2014-07-21 22:11 - 2014-06-19 14:31 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\AIMP3
2014-07-21 22:05 - 2014-06-18 08:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-21 21:58 - 2014-07-21 21:58 - 00000062 _____ () C:\Users\enjoy\Desktop\MALWAREBYTES ANTI-MALWARE 2.0.2 (WSZYSTKIE WERSJE) KEY+ID!.txt
2014-07-21 21:56 - 2014-07-21 21:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 21:54 - 2014-07-21 21:54 - 00000824 _____ () C:\Users\enjoy\Desktop\adw.txt
2014-07-21 21:46 - 2014-07-13 21:35 - 00000000 ____D () C:\AdwCleaner
2014-07-21 21:46 - 2014-07-10 21:47 - 00000000 ____D () C:\Users\enjoy\Documents\FIFA 14
2014-07-21 21:41 - 2014-07-21 21:41 - 01354223 _____ () C:\Users\enjoy\Desktop\AdwCleaner.exe
2014-07-21 21:21 - 2014-07-21 19:28 - 02090496 _____ (Farbar) C:\Users\enjoy\Desktop\FRST64.exe
2014-07-21 20:39 - 2014-07-21 20:39 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-21 20:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-20 15:41 - 2014-07-20 15:31 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-20 15:33 - 2014-07-20 15:33 - 00000000 ____D () C:\Program Files\Bluestacks
2014-07-18 08:29 - 2014-06-19 20:31 - 00000640 __RSH () C:\Users\enjoy\ntuser.pol
2014-07-18 08:29 - 2014-06-18 07:16 - 00000000 ____D () C:\Users\enjoy
2014-07-18 08:24 - 2009-07-14 06:45 - 00279888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 08:21 - 2011-04-12 15:32 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-18 07:56 - 2013-09-13 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 07:50 - 2014-01-15 20:19 - 01642212 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-18 07:50 - 2011-04-12 15:21 - 00740446 _____ () C:\Windows\system32\perfh015.dat
2014-07-18 07:50 - 2011-04-12 15:21 - 00155988 _____ () C:\Windows\system32\perfc015.dat
2014-07-18 07:50 - 2009-07-14 07:13 - 01642212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 07:45 - 2014-07-18 07:45 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 07:26 - 2014-07-18 07:26 - 00003109 _____ () C:\Users\enjoy\AppData\Local\recently-used.xbel
2014-07-18 07:26 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\.gimp-2.8
2014-07-18 07:25 - 2014-07-10 15:23 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gtk-2.0
2014-07-18 07:16 - 2014-07-18 07:16 - 00000000 ____D () C:\Windows\CheckSur
2014-07-18 07:10 - 2014-07-18 07:09 - 00262948 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-17 19:55 - 2014-06-18 16:45 - 00000000 ___SD () C:\Users\enjoy\GG dysk
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-16 20:10 - 2014-07-16 20:10 - 00018960 ____N () C:\Users\enjoy\Desktop\dds.txt
2014-07-16 20:10 - 2014-07-16 20:10 - 00005125 ____N () C:\Users\enjoy\Desktop\attach.txt
2014-07-16 20:08 - 2014-07-16 20:08 - 00688992 ____R (Swearware) C:\Users\enjoy\Desktop\dds.com
2014-07-15 21:22 - 2014-06-18 08:59 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\TS3Client
2014-07-14 20:12 - 2014-06-18 16:43 - 00000000 ____D () C:\Users\enjoy\AppData\Local\GG
2014-07-14 18:42 - 2014-07-14 18:42 - 00854390 ____N () C:\Users\enjoy\Desktop\SecurityCheck.exe
2014-07-14 18:40 - 2014-07-14 18:40 - 00018468 _____ () C:\ComboFix.txt
2014-07-14 18:40 - 2014-07-14 18:30 - 00000000 ____D () C:\Qoobox
2014-07-14 18:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-14 18:39 - 2014-07-14 18:30 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 18:38 - 2009-07-14 04:34 - 00000215 ____N () C:\Windows\system.ini
2014-07-14 18:31 - 2010-11-21 04:50 - 00000000 ____D () C:\Users\Administrator
2014-07-14 18:26 - 2014-07-14 18:26 - 05219590 ____R (Swearware) C:\Users\enjoy\Desktop\ComboFix.exe
2014-07-13 23:20 - 2014-07-13 21:59 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 22:00 - 2014-07-13 22:00 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-13 19:43 - 2014-07-05 17:00 - 00000000 ____D () C:\ProgramData\Origin
2014-07-11 00:46 - 2014-07-11 00:46 - 00001411 ____N () C:\Users\enjoy\Desktop\fifa14-www.skidrowcrack.com — skrót.lnk
2014-07-10 21:38 - 2014-07-10 21:38 - 00003120 _____ () C:\Windows\System32\Tasks\Origin
2014-07-10 21:38 - 2014-07-05 17:03 - 00000000 ___HD () C:\Users\enjoy\AppData\Roaming\Origin
2014-07-10 21:28 - 2014-07-10 21:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 21:28 - 2014-07-10 21:25 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-10 21:26 - 2014-07-10 21:26 - 00001960 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-07-10 21:26 - 2014-07-10 21:25 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-10 21:26 - 2014-07-10 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:25 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-10 16:34 - 2014-07-10 15:23 - 00821779 ____N () C:\Users\enjoy\Desktop\Bez nazwy.xcf
2014-07-10 16:28 - 2014-06-18 07:16 - 00060736 _____ () C:\Users\enjoy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 15:19 - 2014-07-10 15:19 - 00000000 ____D () C:\Users\enjoy\.thumbnails
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gegl-0.2
2014-07-09 08:06 - 2014-07-09 08:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-07-08 19:46 - 2014-07-08 19:46 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:46 - 00000886 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-08 19:40 - 2014-07-08 19:40 - 00001274 _____ () C:\Users\Public\Desktop\Xara Photo & Graphic Designer 7 SE.lnk
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\MAGIX
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\MAGIX
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ___RD () C:\Users\enjoy\Documents\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\ProgramData\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-07 16:15 - 2014-07-07 16:13 - 00000000 ____D () C:\Users\Jola\AppData\Roaming\TS3Client
2014-07-07 16:12 - 2014-07-07 16:12 - 00000000 ____D () C:\Users\Jola\AppData\Local\Origin
2014-07-07 12:13 - 2014-06-18 08:48 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-07 11:54 - 2014-06-22 18:17 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Audacity
2014-07-07 10:54 - 2014-07-07 10:53 - 04755200 ____N (AVG Technologies) C:\Users\enjoy\Desktop\avg_internet_security_2014.exe
2014-07-07 10:45 - 2014-07-07 10:45 - 00000175 ____N () C:\Users\enjoy\Desktop\license keys avg.txt
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\Documents\Bluetooth Exchange Folder
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\AppData\Local\Broadcom
2014-07-06 11:53 - 2014-07-05 23:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-05 23:52 - 2014-07-05 23:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Adobe
2014-07-05 23:51 - 2014-06-18 07:17 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Adobe
2014-07-05 23:50 - 2014-07-05 23:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 22:13 - 2014-07-05 21:26 - 00000000 ____D () C:\Users\enjoy\Documents\My Games
2014-07-05 22:13 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-07-05 21:22 - 2014-07-05 18:29 - 00035026 _____ () C:\Windows\DirectX.log
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-05 21:18 - 2014-07-05 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-05 17:11 - 2014-07-05 17:11 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000524 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-06-18 08:49 - 00001005 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 16:57 - 2014-06-18 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-30 16:42 - 2014-06-30 16:42 - 00001932 _____ () C:\Users\Public\Desktop\Fotocyfra.lnk
2014-06-30 16:42 - 2014-06-30 16:42 - 00000047 _____ () C:\Program Files (x86)\FotoCyfraFotocyfra.url
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotocyfra - odbitki przez Internet
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\Program Files (x86)\FotoCyfra
2014-06-28 21:54 - 2014-06-28 21:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Sun
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-26 17:40 - 2014-01-15 20:16 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-25 20:44 - 2014-06-25 20:43 - 16620032 ____N () C:\Users\enjoy\Desktop\CAM00963.mp4
2014-06-25 20:27 - 2014-06-25 20:27 - 00000000 ____D () C:\AuthLog
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Software
2014-06-25 20:26 - 2014-06-25 20:20 - 00000000 ____D () C:\Program Files\DIFX
2014-06-25 20:26 - 2014-06-18 07:39 - 00013896 _____ () C:\Windows\DPINST.LOG
2014-06-25 20:25 - 2014-06-25 20:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\Documents\Bluetooth Exchange Folder
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Broadcom
2014-06-25 20:22 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 20:21 - 2014-06-25 20:21 - 00000000 ____D () C:\Program Files\ThinkPad
2014-06-25 20:20 - 2014-06-25 20:20 - 00000000 ____D () C:\SWTOOLS
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-06-25 15:30 - 2014-06-25 15:30 - 00000000 ____D () C:\ProgramData\GG
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 18:17 - 2014-06-22 18:17 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00001017 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-21 21:26 - 2014-06-19 20:47 - 00000000 ____D () C:\Users\Jola\AppData\Local\VirtualStore

Files to move or delete:
====================
C:\Users\enjoy\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\enjoy\AppData\Local\Temp\ggdrive-menu.exe
C:\Users\enjoy\AppData\Local\Temp\ggdrive-overlay.exe
C:\Users\enjoy\AppData\Local\Temp\installstats.exe
C:\Users\enjoy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 19:41

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by enjoy at 2014-07-21 22:35:44
Running from C:\Users\enjoy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1350, 16.06.2014 - AIMP DevTeam)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.489 - AVG)
AVG PC TuneUp 2014 (pl-PL) (x32 Version: 14.0.1001.489 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.489 - AVG) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0429.2313.39747 - Nazwa firmy) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Fotocyfra - odbitki przez Internet - 1.134 (HKLM-x32\...\Fotocyfra - odbitki przez Internet_is1) (Version:  - )
fotostart 3.0 (HKLM-x32\...\fotostart_is1) (Version:  - ISIT)
GG (HKCU\...\GG) (Version: 12 - GG Network S.A.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Mega Codec Pack 10.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.2.50 - AuthenTec, Inc.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Malwarebytes Anti-Malware wersja 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.1.2000 - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenFM (HKCU\...\OpenFM) (Version: 2 - GG Network S.A.)
OpenOffice.org 3.4.1 (HKLM-x32\...\{18192D3F-5537-4560-AD89-D695F72AF91D}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Pakiet sterowników systemu Windows - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
Rapture3D 2.4.4 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Setup - FIFA 14 Ultimate Edition ... (HKLM-x32\...\Setup - FIFA 14 Ultimate Edition ...) (Version: ... - Electronic Arts)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.10 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Xara Photo & Graphic Designer 7 SE (HKLM-x32\...\MX.{8D7723BF-7CD9-49D5-BFC6-9D27B6D7C620}) (Version: 7.1.3.30976 - Xara Group Ltd)
Xara Photo & Graphic Designer 7 SE (Version: 7.1.3.30976 - Xara Group Ltd) Hidden

==================== Restore Points  =========================

21-07-2014 18:35:18 Removed BlueStacks Notification Center

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-07-14 18:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {23F02CFE-9260-4DB0-A289-A91E6D57D8BC} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-05-14] (Maxthon International ltd.)
Task: {292B32A5-6518-4415-AFA3-9FE6833C87A2} - System32\Tasks\Origin => C:\Users\enjoy\AppData\Roaming\Origin\update.vbe [2014-07-10] () <==== ATTENTION
Task: {6E5EC436-FEFB-431E-AEB8-C770312240CE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-06-19] (AVG)
Task: {78245774-3C23-413E-B39D-CA50A40B23AA} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
Task: {DDDF0516-ED17-42EB-B8FD-7A89B44A7A93} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)

==================== Loaded Modules (whitelisted) =============

2011-05-31 06:29 - 2011-05-31 06:29 - 00117760 _____ () C:\Windows\system32\DTS.exe
2014-06-19 07:28 - 2014-06-19 07:28 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-06-19 07:28 - 2014-06-19 07:28 - 00407864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tuavga.dll
2011-01-24 13:28 - 2011-01-24 13:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-01-18 13:20 - 2013-01-18 13:20 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-06-18 07:21 - 2013-11-18 03:18 - 00258944 _____ () C:\Program Files (x86)\Maxthon\bin\Maxzlib.dll
2014-06-18 07:21 - 2013-11-18 03:18 - 00258944 _____ () C:\Program Files (x86)\Maxthon\Bin\maxzlib.dll
2014-06-18 07:21 - 2014-05-29 04:40 - 00247096 _____ () C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll
2014-06-18 07:21 - 2013-11-21 08:37 - 00887064 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libglesv2.dll
2014-06-18 07:21 - 2013-11-21 08:37 - 00109336 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libegl.dll
2014-06-18 07:21 - 2013-11-21 08:37 - 02128152 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\ffmpegsumo.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Zewnętrzne urządzenie Bluetooth
Description: Zewnętrzne urządzenie Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Kontroler pamięci PCI
Description: Kontroler pamięci PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Kontroler PCI Simple Communications
Description: Kontroler PCI Simple Communications
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Port szeregowy PCI
Description: Port szeregowy PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-14 18:37:42.100
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-14 18:37:42.053
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 2968.01 MB
Available physical RAM: 1391 MB
Total Pagefile: 5934.2 MB
Available Pagefile: 3723.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.88 GB) (Free:27.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:93.16 GB) (Free:71.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: DB98DB98)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=93 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:09 PM

Posted 21 July 2014 - 03:40 PM

I have still a weird feeling ...

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Please download Combofix from one of the following locations:

Download Mirror #1
Download Mirror #2
Download Mirror #3


Note: You must save this directly to your Desktop.
  • Save any open documents, then close any open programs.
  • Disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Double-click on combofix.exe then follow the on screen prompts
  • When Combofix finishes, it will open the log. Please Copy (Ctrl + C) and Paste (Ctrl + V) all of this text into your next post.
If, for whatever reason, the log does not open, it can be found in this location: C:\combofix.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 enjoy97

enjoy97
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 July 2014 - 03:57 PM

ComboFix.txt

ComboFix 14-07-21.01 - enjoy 2014-07-21  22:48:07.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.2968.1233 [GMT 2:00]
Uruchomiony z: c:\users\enjoy\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB2758694-enu.LOG
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-06-21 do 2014-07-21  )))))))))))))))))))))))))))))))
.
.
2014-07-21 20:54 . 2014-07-21 20:54	--------	d-----w-	c:\users\Jola\AppData\Local\temp
2014-07-21 20:54 . 2014-07-21 20:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-21 20:54 . 2014-07-21 20:54	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-07-21 20:25 . 2014-07-21 20:25	--------	d-----w-	c:\windows\ERUNT
2014-07-21 19:56 . 2014-07-21 20:19	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-21 19:56 . 2014-07-21 19:56	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-21 19:56 . 2014-07-21 19:56	--------	d-----w-	c:\programdata\Malwarebytes
2014-07-21 19:56 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-07-21 19:56 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-07-21 19:56 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-07-21 18:39 . 2014-07-21 18:39	--------	d-----w-	c:\windows\system32\appmgmt
2014-07-21 17:29 . 2014-07-21 20:36	--------	d-----w-	C:\FRST
2014-07-20 13:33 . 2014-07-20 13:33	--------	d-----w-	c:\program files\Bluestacks
2014-07-20 13:31 . 2014-07-20 13:41	--------	d-----w-	c:\programdata\BlueStacksSetup
2014-07-18 06:36 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-07-18 05:45 . 2014-07-18 05:45	--------	d-----w-	c:\users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 05:16 . 2014-07-18 05:16	--------	d-----w-	c:\windows\CheckSur
2014-07-17 18:28 . 2014-06-03 10:02	1719296	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2014-07-17 18:28 . 2014-06-03 10:02	1389568	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2014-07-17 18:28 . 2014-06-03 10:02	1380864	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2014-07-17 18:28 . 2014-06-03 10:02	1354240	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-17 18:28 . 2014-06-03 09:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-17 18:22 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-17 18:22 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-17 18:22 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-07-16 18:29 . 2014-07-16 18:29	--------	d-----w-	c:\program files (x86)\Cobian Backup 11
2014-07-13 20:00 . 2014-07-13 20:00	--------	d-----w-	c:\program files\Enigma Software Group
2014-07-13 19:59 . 2014-07-13 21:20	--------	d-----w-	c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 19:59 . 2014-07-13 19:59	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2014-07-13 19:35 . 2014-07-21 19:46	--------	d-----w-	C:\AdwCleaner
2014-07-10 19:25 . 2014-07-10 19:26	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2014-07-10 19:25 . 2014-07-10 19:28	--------	d-----w-	c:\users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 19:25 . 2014-07-10 19:25	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2014-07-10 19:25 . 2014-07-10 19:28	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2014-07-10 13:23 . 2014-07-18 05:25	--------	d-----w-	c:\users\enjoy\AppData\Local\gtk-2.0
2014-07-10 13:19 . 2014-07-10 13:19	--------	d-----w-	c:\users\enjoy\.thumbnails
2014-07-10 13:18 . 2014-07-10 13:18	--------	d-----w-	c:\users\enjoy\AppData\Local\fontconfig
2014-07-10 13:18 . 2014-07-18 05:26	--------	d-----w-	c:\users\enjoy\.gimp-2.8
2014-07-10 13:18 . 2014-07-10 13:18	--------	d-----w-	c:\users\enjoy\AppData\Local\gegl-0.2
2014-07-08 17:45 . 2014-07-08 17:46	--------	d-----w-	c:\program files\GIMP 2
2014-07-08 17:40 . 2014-07-08 17:40	--------	d-----w-	c:\users\enjoy\AppData\Roaming\MAGIX
2014-07-08 17:40 . 2014-07-08 17:40	--------	d-----w-	c:\programdata\MAGIX
2014-07-08 17:40 . 2014-07-08 17:40	--------	d-----w-	c:\users\enjoy\AppData\Local\Xara
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\programdata\Xara
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\program files (x86)\Xara
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\program files (x86)\Common Files\Xara Services
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\program files (x86)\Common Files\MAGIX Services
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2014-07-07 14:13 . 2014-07-07 14:15	--------	d-----w-	c:\users\Jola\AppData\Roaming\TS3Client
2014-07-07 14:12 . 2014-07-07 14:12	--------	d-----w-	c:\users\Jola\AppData\Local\Origin
2014-07-06 10:45 . 2014-07-06 10:45	--------	d-----w-	c:\users\Jola\AppData\Local\Broadcom
2014-07-05 21:51 . 2014-07-05 21:51	--------	d-----w-	c:\users\enjoy\AppData\Local\Adobe
2014-07-05 21:50 . 2014-07-05 21:50	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2014-07-05 19:26 . 2014-07-05 19:26	--------	d-----w-	c:\programdata\Codemasters
2014-07-05 19:22 . 2010-07-28 17:10	1380352	----a-w-	c:\windows\SysWow64\rapture3d_oal.dll
2014-07-05 19:22 . 2010-03-01 18:51	17686528	----a-w-	c:\windows\SysWow64\mkl_blueripple.dll
2014-07-05 19:22 . 2014-07-05 19:22	--------	d-----w-	c:\program files (x86)\BRS
2014-07-05 19:22 . 2014-07-05 19:22	--------	d-----w-	c:\program files (x86)\OpenAL
2014-07-05 19:17 . 2014-07-05 19:18	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 19:17 . 2014-07-05 19:17	--------	d-----w-	c:\windows\SysWow64\xlive
2014-07-05 16:30 . 2008-10-15 04:22	519000	----a-w-	c:\windows\system32\d3dx10_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	452440	----a-w-	c:\windows\SysWow64\d3dx10_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	2605920	----a-w-	c:\windows\system32\D3DCompiler_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	2036576	----a-w-	c:\windows\SysWow64\D3DCompiler_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	5631312	----a-w-	c:\windows\system32\D3DX9_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	4379984	----a-w-	c:\windows\SysWow64\D3DX9_40.dll
2014-07-05 15:11 . 2014-07-05 15:11	--------	d-----w-	c:\users\enjoy\AppData\Local\Origin
2014-07-05 15:08 . 2014-07-05 15:08	--------	d-----w-	c:\programdata\Electronic Arts
2014-07-05 15:03 . 2014-07-10 19:38	--------	d--h--w-	c:\users\enjoy\AppData\Roaming\Origin
2014-07-05 15:00 . 2014-07-13 17:43	--------	d-----w-	c:\programdata\Origin
2014-07-01 14:57 . 2014-07-01 14:57	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2014-06-30 14:42 . 2014-06-30 14:42	--------	d-----w-	c:\program files (x86)\FotoCyfra
2014-06-28 19:54 . 2014-06-28 19:54	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-06-28 19:54 . 2014-06-28 19:54	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-28 19:54 . 2014-06-28 19:54	--------	d-----w-	c:\program files (x86)\Java
2014-06-25 18:27 . 2014-06-25 18:27	--------	d-----w-	C:\AuthLog
2014-06-25 18:26 . 2009-12-08 13:11	37440	----a-w-	c:\windows\system32\drivers\psadd.sys
2014-06-25 18:26 . 2014-06-25 18:26	--------	d-----w-	c:\program files\Lenovo Fingerprint Software
2014-06-25 18:25 . 2014-06-25 18:25	--------	d-----w-	c:\users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 18:24 . 2014-06-25 18:24	--------	d-----w-	c:\users\enjoy\AppData\Local\Broadcom
2014-06-25 18:22 . 2010-01-15 11:23	132648	----a-w-	c:\windows\system32\drivers\btwavdt.sys
2014-06-25 18:22 . 2009-04-07 12:33	35104	----a-w-	c:\windows\system32\drivers\btwl2cap.sys
2014-06-25 18:22 . 2010-01-15 11:23	98344	----a-w-	c:\windows\system32\drivers\btwaudio.sys
2014-06-25 18:22 . 2010-01-15 11:23	21288	----a-w-	c:\windows\system32\drivers\btwrchid.sys
2014-06-25 18:21 . 2014-06-25 18:21	--------	d-----w-	c:\program files\ThinkPad
2014-06-25 18:20 . 2014-06-25 18:26	--------	d-----w-	c:\program files\DIFX
2014-06-25 18:20 . 2010-04-08 21:11	54824	----a-w-	c:\windows\system32\drivers\btusbflt.sys
2014-06-25 18:20 . 2014-06-25 18:20	--------	d-----w-	C:\SWTOOLS
2014-06-25 18:14 . 2014-06-25 18:14	--------	d-----w-	c:\users\enjoy\AppData\Local\ElevatedDiagnostics
2014-06-25 18:11 . 2014-06-25 18:11	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2014-06-25 18:11 . 2014-06-25 18:11	--------	d-----w-	c:\program files (x86)\LG Electronics
2014-06-25 13:30 . 2014-06-25 13:30	--------	d-----w-	c:\programdata\GG
2014-06-22 16:17 . 2014-06-22 16:17	--------	d-----w-	c:\program files (x86)\Lame For Audacity
2014-06-22 16:17 . 2014-07-07 09:54	--------	d-----w-	c:\users\enjoy\AppData\Roaming\Audacity
2014-06-22 16:17 . 2014-06-22 16:17	--------	d-----w-	c:\program files (x86)\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-26 15:40 . 2014-01-15 18:16	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-06-19 05:28 . 2014-06-18 05:27	40248	----a-w-	c:\windows\system32\TURegOpt.exe
2014-06-19 05:28 . 2014-06-18 05:28	42808	----a-w-	c:\windows\system32\uxtuneup.dll
2014-06-19 05:28 . 2014-06-18 05:28	35640	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2014-06-19 05:28 . 2014-06-18 05:27	29496	----a-w-	c:\windows\system32\authuitu.dll
2014-06-19 05:28 . 2014-06-18 05:27	25400	----a-w-	c:\windows\SysWow64\authuitu.dll
2014-06-18 14:45 . 2014-06-18 14:45	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 14:45 . 2014-06-18 14:45	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-17 14:21 . 2014-06-17 14:21	235800	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07	328984	----a-w-	c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06	269080	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06	190744	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06	242968	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06	153368	----a-w-	c:\windows\system32\drivers\avgdiska.sys
2014-06-17 14:06 . 2014-06-17 14:06	123672	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06	31512	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2014-06-05 18:00 . 2014-06-19 12:28	127488	----a-w-	c:\windows\system32\ff_vfw.dll
2014-06-05 18:00 . 2014-06-19 12:28	112640	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2014-05-08 09:32 . 2014-06-18 05:37	3178496	----a-w-	c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-18 05:37	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-25 02:34 . 2014-06-18 05:37	801280	----a-w-	c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-18 05:37	626688	----a-w-	c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
.
c:\users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2013-1-18 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe;c:\windows\SYSNATIVE\ADMonitor.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 64-bitowej;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\ATService.exe;c:\windows\SYSNATIVE\ATService.exe [x]
S2 avgfws;Zapora AVG;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cbVSCService11;Cobian Backup 11 wywoływacz Volume Shadow Copy;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe;c:\windows\SYSNATIVE\DTS.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 e1yexpress;Sterownik kart Intel(R) Gigabit Network Connection;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NETw5s64;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - MBAMSWISSARMY
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	2023936	----a-w-	c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	2023936	----a-w-	c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	2023936	----a-w-	c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	2023936	----a-w-	c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 31.128.24.2 31.128.0.31
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-07-21  22:57:43
ComboFix-quarantined-files.txt  2014-07-21 20:57
ComboFix2.txt  2014-07-14 16:40
.
Przed: 29 072 977 920 bajtów wolnych
Po: 29 513 048 064 bajtów wolnych
.
- - End Of File - - 293A370771D3E6E6AA32B1F1B23E5CD5
A36C5E4F47E84449FF07ED3517B43A31



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:09 PM

Posted 21 July 2014 - 04:31 PM

  • Close all open Windows and disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    
    Folder::
    c:\program files\Enigma Software Group
    
    
  • Go to File > Save As... and save it to your Desktop named CFScript.txt.

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it will produce a log that can be found at C:\ComboFix.txt. Copy and paste the contents of this into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 enjoy97

enjoy97
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 July 2014 - 04:47 PM

ComboFix.txt

ComboFix 14-07-21.01 - enjoy 2014-07-21  23:41:25.3.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.2968.1502 [GMT 2:00]
Uruchomiony z: c:\users\enjoy\Desktop\ComboFix.exe
Użyto następujących komend :: c:\users\enjoy\Desktop\CFScript.txt
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\cos.dat
c:\program files\Enigma Software Group\SpyHunter\gas.dat
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140713_220027.log
c:\program files\Enigma Software Group\SpyHunter\safeol.dat
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Enigma Software Group\SpyHunter\unkcache.dat
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-06-21 do 2014-07-21  )))))))))))))))))))))))))))))))
.
.
2014-07-21 21:46 . 2014-07-21 21:46	--------	d-----w-	c:\users\Jola\AppData\Local\temp
2014-07-21 21:46 . 2014-07-21 21:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-21 21:46 . 2014-07-21 21:46	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-07-21 20:25 . 2014-07-21 20:25	--------	d-----w-	c:\windows\ERUNT
2014-07-21 19:56 . 2014-07-21 21:16	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-21 19:56 . 2014-07-21 19:56	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-21 19:56 . 2014-07-21 19:56	--------	d-----w-	c:\programdata\Malwarebytes
2014-07-21 19:56 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-07-21 19:56 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-07-21 19:56 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-07-21 18:39 . 2014-07-21 18:39	--------	d-----w-	c:\windows\system32\appmgmt
2014-07-21 17:29 . 2014-07-21 20:36	--------	d-----w-	C:\FRST
2014-07-20 13:33 . 2014-07-20 13:33	--------	d-----w-	c:\program files\Bluestacks
2014-07-20 13:31 . 2014-07-20 13:41	--------	d-----w-	c:\programdata\BlueStacksSetup
2014-07-18 06:36 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-07-18 05:45 . 2014-07-18 05:45	--------	d-----w-	c:\users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 05:16 . 2014-07-18 05:16	--------	d-----w-	c:\windows\CheckSur
2014-07-17 18:28 . 2014-06-03 10:02	1719296	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2014-07-17 18:28 . 2014-06-03 10:02	1389568	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2014-07-17 18:28 . 2014-06-03 10:02	1380864	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2014-07-17 18:28 . 2014-06-03 10:02	1354240	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-17 18:28 . 2014-06-03 09:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-17 18:22 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-17 18:22 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-17 18:22 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-07-16 18:29 . 2014-07-16 18:29	--------	d-----w-	c:\program files (x86)\Cobian Backup 11
2014-07-13 19:59 . 2014-07-13 21:20	--------	d-----w-	c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 19:59 . 2014-07-13 19:59	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2014-07-13 19:35 . 2014-07-21 19:46	--------	d-----w-	C:\AdwCleaner
2014-07-10 19:25 . 2014-07-10 19:26	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2014-07-10 19:25 . 2014-07-10 19:28	--------	d-----w-	c:\users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 19:25 . 2014-07-10 19:25	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2014-07-10 19:25 . 2014-07-10 19:28	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2014-07-10 13:23 . 2014-07-18 05:25	--------	d-----w-	c:\users\enjoy\AppData\Local\gtk-2.0
2014-07-10 13:19 . 2014-07-10 13:19	--------	d-----w-	c:\users\enjoy\.thumbnails
2014-07-10 13:18 . 2014-07-10 13:18	--------	d-----w-	c:\users\enjoy\AppData\Local\fontconfig
2014-07-10 13:18 . 2014-07-18 05:26	--------	d-----w-	c:\users\enjoy\.gimp-2.8
2014-07-10 13:18 . 2014-07-10 13:18	--------	d-----w-	c:\users\enjoy\AppData\Local\gegl-0.2
2014-07-08 17:45 . 2014-07-08 17:46	--------	d-----w-	c:\program files\GIMP 2
2014-07-08 17:40 . 2014-07-08 17:40	--------	d-----w-	c:\users\enjoy\AppData\Roaming\MAGIX
2014-07-08 17:40 . 2014-07-08 17:40	--------	d-----w-	c:\programdata\MAGIX
2014-07-08 17:40 . 2014-07-08 17:40	--------	d-----w-	c:\users\enjoy\AppData\Local\Xara
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\programdata\Xara
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\program files (x86)\Xara
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\program files (x86)\Common Files\Xara Services
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\program files (x86)\Common Files\MAGIX Services
2014-07-08 17:39 . 2014-07-08 17:39	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2014-07-07 14:13 . 2014-07-07 14:15	--------	d-----w-	c:\users\Jola\AppData\Roaming\TS3Client
2014-07-07 14:12 . 2014-07-07 14:12	--------	d-----w-	c:\users\Jola\AppData\Local\Origin
2014-07-06 10:45 . 2014-07-06 10:45	--------	d-----w-	c:\users\Jola\AppData\Local\Broadcom
2014-07-05 21:51 . 2014-07-05 21:51	--------	d-----w-	c:\users\enjoy\AppData\Local\Adobe
2014-07-05 21:50 . 2014-07-05 21:50	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2014-07-05 19:26 . 2014-07-05 19:26	--------	d-----w-	c:\programdata\Codemasters
2014-07-05 19:22 . 2010-07-28 17:10	1380352	----a-w-	c:\windows\SysWow64\rapture3d_oal.dll
2014-07-05 19:22 . 2010-03-01 18:51	17686528	----a-w-	c:\windows\SysWow64\mkl_blueripple.dll
2014-07-05 19:22 . 2014-07-05 19:22	--------	d-----w-	c:\program files (x86)\BRS
2014-07-05 19:22 . 2014-07-05 19:22	--------	d-----w-	c:\program files (x86)\OpenAL
2014-07-05 19:17 . 2014-07-05 19:18	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 19:17 . 2014-07-05 19:17	--------	d-----w-	c:\windows\SysWow64\xlive
2014-07-05 16:30 . 2008-10-15 04:22	519000	----a-w-	c:\windows\system32\d3dx10_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	452440	----a-w-	c:\windows\SysWow64\d3dx10_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	2605920	----a-w-	c:\windows\system32\D3DCompiler_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	2036576	----a-w-	c:\windows\SysWow64\D3DCompiler_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	5631312	----a-w-	c:\windows\system32\D3DX9_40.dll
2014-07-05 16:30 . 2008-10-15 04:22	4379984	----a-w-	c:\windows\SysWow64\D3DX9_40.dll
2014-07-05 15:11 . 2014-07-05 15:11	--------	d-----w-	c:\users\enjoy\AppData\Local\Origin
2014-07-05 15:08 . 2014-07-05 15:08	--------	d-----w-	c:\programdata\Electronic Arts
2014-07-05 15:03 . 2014-07-10 19:38	--------	d--h--w-	c:\users\enjoy\AppData\Roaming\Origin
2014-07-05 15:00 . 2014-07-13 17:43	--------	d-----w-	c:\programdata\Origin
2014-07-01 14:57 . 2014-07-01 14:57	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2014-06-30 14:42 . 2014-06-30 14:42	--------	d-----w-	c:\program files (x86)\FotoCyfra
2014-06-28 19:54 . 2014-06-28 19:54	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-06-28 19:54 . 2014-06-28 19:54	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-28 19:54 . 2014-06-28 19:54	--------	d-----w-	c:\program files (x86)\Java
2014-06-25 18:27 . 2014-06-25 18:27	--------	d-----w-	C:\AuthLog
2014-06-25 18:26 . 2009-12-08 13:11	37440	----a-w-	c:\windows\system32\drivers\psadd.sys
2014-06-25 18:26 . 2014-06-25 18:26	--------	d-----w-	c:\program files\Lenovo Fingerprint Software
2014-06-25 18:25 . 2014-06-25 18:25	--------	d-----w-	c:\users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 18:24 . 2014-06-25 18:24	--------	d-----w-	c:\users\enjoy\AppData\Local\Broadcom
2014-06-25 18:22 . 2010-01-15 11:23	132648	----a-w-	c:\windows\system32\drivers\btwavdt.sys
2014-06-25 18:22 . 2009-04-07 12:33	35104	----a-w-	c:\windows\system32\drivers\btwl2cap.sys
2014-06-25 18:22 . 2010-01-15 11:23	98344	----a-w-	c:\windows\system32\drivers\btwaudio.sys
2014-06-25 18:22 . 2010-01-15 11:23	21288	----a-w-	c:\windows\system32\drivers\btwrchid.sys
2014-06-25 18:21 . 2014-06-25 18:21	--------	d-----w-	c:\program files\ThinkPad
2014-06-25 18:20 . 2014-06-25 18:26	--------	d-----w-	c:\program files\DIFX
2014-06-25 18:20 . 2010-04-08 21:11	54824	----a-w-	c:\windows\system32\drivers\btusbflt.sys
2014-06-25 18:20 . 2014-06-25 18:20	--------	d-----w-	C:\SWTOOLS
2014-06-25 18:14 . 2014-06-25 18:14	--------	d-----w-	c:\users\enjoy\AppData\Local\ElevatedDiagnostics
2014-06-25 18:11 . 2014-06-25 18:11	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2014-06-25 18:11 . 2014-06-25 18:11	--------	d-----w-	c:\program files (x86)\LG Electronics
2014-06-25 13:30 . 2014-06-25 13:30	--------	d-----w-	c:\programdata\GG
2014-06-22 16:17 . 2014-06-22 16:17	--------	d-----w-	c:\program files (x86)\Lame For Audacity
2014-06-22 16:17 . 2014-07-07 09:54	--------	d-----w-	c:\users\enjoy\AppData\Roaming\Audacity
2014-06-22 16:17 . 2014-06-22 16:17	--------	d-----w-	c:\program files (x86)\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-26 15:40 . 2014-01-15 18:16	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-06-19 05:28 . 2014-06-18 05:27	40248	----a-w-	c:\windows\system32\TURegOpt.exe
2014-06-19 05:28 . 2014-06-18 05:28	42808	----a-w-	c:\windows\system32\uxtuneup.dll
2014-06-19 05:28 . 2014-06-18 05:28	35640	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2014-06-19 05:28 . 2014-06-18 05:27	29496	----a-w-	c:\windows\system32\authuitu.dll
2014-06-19 05:28 . 2014-06-18 05:27	25400	----a-w-	c:\windows\SysWow64\authuitu.dll
2014-06-18 14:45 . 2014-06-18 14:45	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 14:45 . 2014-06-18 14:45	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-17 14:21 . 2014-06-17 14:21	235800	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07	328984	----a-w-	c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06	269080	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06	190744	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06	242968	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06	153368	----a-w-	c:\windows\system32\drivers\avgdiska.sys
2014-06-17 14:06 . 2014-06-17 14:06	123672	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06	31512	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2014-06-05 18:00 . 2014-06-19 12:28	127488	----a-w-	c:\windows\system32\ff_vfw.dll
2014-06-05 18:00 . 2014-06-19 12:28	112640	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2014-05-08 09:32 . 2014-06-18 05:37	3178496	----a-w-	c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-18 05:37	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-25 02:34 . 2014-06-18 05:37	801280	----a-w-	c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-18 05:37	626688	----a-w-	c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
.
c:\users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2013-1-18 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe;c:\windows\SYSNATIVE\ADMonitor.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 64-bitowej;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\ATService.exe;c:\windows\SYSNATIVE\ATService.exe [x]
S2 avgfws;Zapora AVG;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cbVSCService11;Cobian Backup 11 wywoływacz Volume Shadow Copy;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe;c:\windows\SYSNATIVE\DTS.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 e1yexpress;Sterownik kart Intel(R) Gigabit Network Connection;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 NETw5s64;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	2023936	----a-w-	c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	2023936	----a-w-	c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	2023936	----a-w-	c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2013-01-17 14:43	2023936	----a-w-	c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 31.128.24.2 31.128.0.31
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-07-21  23:47:59
ComboFix-quarantined-files.txt  2014-07-21 21:47
ComboFix2.txt  2014-07-21 20:57
ComboFix3.txt  2014-07-14 16:40
.
Przed: 29 562 175 488 bajtów wolnych
Po: 29 278 920 704 bajtów wolnych
.
- - End Of File - - 42CDACDE3FE8D83E952FBDCE580FCB59
A36C5E4F47E84449FF07ED3517B43A31



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:09 PM

Posted 21 July 2014 - 04:55 PM

Let me again see a new FRST Log.
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 enjoy97

enjoy97
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 July 2014 - 05:02 PM

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by enjoy (administrator) on LAPTOP on 21-07-2014 23:59:25
Running from C:\Users\enjoy\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582920 2011-05-31] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2011-05-31] (AuthenTec, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1556474197-412149889-861348747-1000\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
GroupPolicyUsers\S-1-5-21-1556474197-412149889-861348747-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 31.128.24.2 31.128.0.31

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () [File not signed]
R2 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2252600 2014-06-19] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-06-19] (AVG)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-10] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 23:48 - 2014-07-21 23:48 - 00022198 _____ () C:\ComboFix.txt
2014-07-21 22:35 - 2014-07-21 22:36 - 00016872 _____ () C:\Users\enjoy\Desktop\Addition.txt
2014-07-21 22:34 - 2014-07-21 22:34 - 00000625 _____ () C:\Users\enjoy\Desktop\JRT.txt
2014-07-21 22:25 - 2014-07-21 22:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 22:23 - 2014-07-21 22:23 - 01016261 _____ (Thisisu) C:\Users\enjoy\Desktop\JRT.exe
2014-07-21 22:20 - 2014-07-21 22:20 - 00001528 _____ () C:\Users\enjoy\Desktop\mbam scan.txt
2014-07-21 21:58 - 2014-07-21 21:58 - 00000062 _____ () C:\Users\enjoy\Desktop\MALWAREBYTES ANTI-MALWARE 2.0.2 (WSZYSTKIE WERSJE) KEY+ID!.txt
2014-07-21 21:56 - 2014-07-21 23:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 21:56 - 2014-07-21 21:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 21:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 21:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 21:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-21 21:54 - 2014-07-21 21:54 - 00000824 _____ () C:\Users\enjoy\Desktop\adw.txt
2014-07-21 21:41 - 2014-07-21 21:41 - 01354223 _____ () C:\Users\enjoy\Desktop\AdwCleaner.exe
2014-07-21 20:39 - 2014-07-21 20:39 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-21 19:29 - 2014-07-21 23:59 - 00010191 _____ () C:\Users\enjoy\Desktop\FRST.txt
2014-07-21 19:29 - 2014-07-21 23:59 - 00000000 ____D () C:\FRST
2014-07-21 19:28 - 2014-07-21 21:21 - 02090496 _____ (Farbar) C:\Users\enjoy\Desktop\FRST64.exe
2014-07-20 15:33 - 2014-07-20 15:33 - 00000000 ____D () C:\Program Files\Bluestacks
2014-07-20 15:31 - 2014-07-20 15:41 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-18 08:36 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-18 08:36 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-18 07:45 - 2014-07-18 07:45 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 07:26 - 2014-07-18 07:26 - 00003109 _____ () C:\Users\enjoy\AppData\Local\recently-used.xbel
2014-07-18 07:16 - 2014-07-18 07:16 - 00000000 ____D () C:\Windows\CheckSur
2014-07-17 20:27 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-17 20:27 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-17 20:27 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-17 20:27 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-17 20:27 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-17 20:27 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-17 20:27 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-17 20:27 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-17 20:27 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-17 20:27 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-17 20:27 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-17 20:27 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-17 20:27 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-17 20:27 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-17 20:27 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-17 20:27 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-17 20:27 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-17 20:27 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-17 20:27 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-17 20:27 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-17 20:27 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-17 20:27 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-17 20:27 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-17 20:27 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-17 20:27 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-17 20:27 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-17 20:27 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-17 20:27 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-17 20:27 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-17 20:27 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-17 20:27 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-17 20:27 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-17 20:27 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-17 20:27 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-17 20:27 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-17 20:27 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-17 20:27 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-17 20:27 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-17 20:27 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-17 20:27 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-17 20:27 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-17 20:27 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-17 20:27 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-17 20:27 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-17 20:27 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-17 20:27 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-17 20:27 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-17 20:27 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-17 20:27 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-17 20:27 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-17 20:27 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-17 20:27 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-17 20:27 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-17 20:27 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-17 20:27 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-17 20:27 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-17 20:27 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-17 20:27 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-17 20:27 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-17 20:27 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-17 20:27 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-17 20:27 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-17 20:27 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-17 20:27 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-17 20:22 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-17 20:22 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-17 20:22 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-16 20:10 - 2014-07-16 20:10 - 00018960 ____N () C:\Users\enjoy\Desktop\dds.txt
2014-07-16 20:10 - 2014-07-16 20:10 - 00005125 ____N () C:\Users\enjoy\Desktop\attach.txt
2014-07-16 20:08 - 2014-07-16 20:08 - 00688992 ____R (Swearware) C:\Users\enjoy\Desktop\dds.com
2014-07-14 18:42 - 2014-07-14 18:42 - 00854390 ____N () C:\Users\enjoy\Desktop\SecurityCheck.exe
2014-07-14 18:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-14 18:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-14 18:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-14 18:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-14 18:30 - 2014-07-21 23:48 - 00000000 ____D () C:\Qoobox
2014-07-14 18:30 - 2014-07-14 18:39 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 18:26 - 2014-07-21 22:45 - 05562504 ____R (Swearware) C:\Users\enjoy\Desktop\ComboFix.exe
2014-07-13 21:59 - 2014-07-13 23:20 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 21:35 - 2014-07-21 21:46 - 00000000 ____D () C:\AdwCleaner
2014-07-11 00:46 - 2014-07-11 00:46 - 00001411 ____N () C:\Users\enjoy\Desktop\fifa14-www.skidrowcrack.com — skrót.lnk
2014-07-10 21:47 - 2014-07-21 21:46 - 00000000 ____D () C:\Users\enjoy\Documents\FIFA 14
2014-07-10 21:38 - 2014-07-10 21:38 - 00003120 _____ () C:\Windows\System32\Tasks\Origin
2014-07-10 21:26 - 2014-07-10 21:26 - 00001960 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-07-10 21:25 - 2014-07-10 21:28 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:28 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:26 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-10 21:25 - 2014-07-10 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:25 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-10 15:23 - 2014-07-18 07:25 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gtk-2.0
2014-07-10 15:23 - 2014-07-10 16:34 - 00821779 ____N () C:\Users\enjoy\Desktop\Bez nazwy.xcf
2014-07-10 15:19 - 2014-07-10 15:19 - 00000000 ____D () C:\Users\enjoy\.thumbnails
2014-07-10 15:18 - 2014-07-18 07:26 - 00000000 ____D () C:\Users\enjoy\.gimp-2.8
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gegl-0.2
2014-07-09 08:06 - 2014-07-09 08:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-07-08 19:46 - 2014-07-08 19:46 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:46 - 00000886 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-07-08 19:45 - 2014-07-08 19:46 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-08 19:40 - 2014-07-08 19:40 - 00001274 _____ () C:\Users\Public\Desktop\Xara Photo & Graphic Designer 7 SE.lnk
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\MAGIX
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\MAGIX
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ___RD () C:\Users\enjoy\Documents\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\ProgramData\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-07 16:13 - 2014-07-07 16:15 - 00000000 ____D () C:\Users\Jola\AppData\Roaming\TS3Client
2014-07-07 16:12 - 2014-07-07 16:12 - 00000000 ____D () C:\Users\Jola\AppData\Local\Origin
2014-07-07 10:53 - 2014-07-07 10:54 - 04755200 ____N (AVG Technologies) C:\Users\enjoy\Desktop\avg_internet_security_2014.exe
2014-07-07 10:45 - 2014-07-07 10:45 - 00000175 ____N () C:\Users\enjoy\Desktop\license keys avg.txt
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\Documents\Bluetooth Exchange Folder
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\AppData\Local\Broadcom
2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Adobe
2014-07-05 23:50 - 2014-07-06 11:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-05 23:50 - 2014-07-05 23:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-05 23:50 - 2014-07-05 23:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 21:26 - 2014-07-05 22:13 - 00000000 ____D () C:\Users\enjoy\Documents\My Games
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-07-05 21:22 - 2010-07-28 19:10 - 01380352 _____ (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll
2014-07-05 21:22 - 2010-03-01 20:51 - 17686528 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\SysWOW64\mkl_blueripple.dll
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-05 18:30 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-07-05 18:30 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-07-05 18:29 - 2014-07-05 21:22 - 00035026 _____ () C:\Windows\DirectX.log
2014-07-05 17:11 - 2014-07-05 17:11 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000524 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-05 17:03 - 2014-07-10 21:38 - 00000000 ___HD () C:\Users\enjoy\AppData\Roaming\Origin
2014-07-05 17:00 - 2014-07-13 19:43 - 00000000 ____D () C:\ProgramData\Origin
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-06-30 16:42 - 2014-06-30 16:42 - 00001932 _____ () C:\Users\Public\Desktop\Fotocyfra.lnk
2014-06-30 16:42 - 2014-06-30 16:42 - 00000047 _____ () C:\Program Files (x86)\FotoCyfraFotocyfra.url
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotocyfra - odbitki przez Internet
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\Program Files (x86)\FotoCyfra
2014-06-28 21:54 - 2014-06-28 21:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Sun
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-25 20:43 - 2014-06-25 20:44 - 16620032 ____N () C:\Users\enjoy\Desktop\CAM00963.mp4
2014-06-25 20:27 - 2014-06-25 20:27 - 00000000 ____D () C:\AuthLog
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Software
2014-06-25 20:26 - 2009-12-08 15:11 - 00037440 _____ (Lenovo (United States) Inc.) C:\Windows\system32\Drivers\psadd.sys
2014-06-25 20:25 - 2014-06-25 20:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\Documents\Bluetooth Exchange Folder
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Broadcom
2014-06-25 20:22 - 2010-01-15 13:23 - 00132648 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-06-25 20:22 - 2010-01-15 13:23 - 00098344 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-06-25 20:22 - 2010-01-15 13:23 - 00021288 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-06-25 20:22 - 2009-04-07 14:33 - 00035104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2014-06-25 20:21 - 2014-06-25 20:21 - 00000000 ____D () C:\Program Files\ThinkPad
2014-06-25 20:20 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\DIFX
2014-06-25 20:20 - 2014-06-25 20:20 - 00000000 ____D () C:\SWTOOLS
2014-06-25 20:20 - 2010-04-08 23:11 - 00054824 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btusbflt.sys
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-06-25 15:30 - 2014-06-25 15:30 - 00000000 ____D () C:\ProgramData\GG
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 18:17 - 2014-07-07 11:54 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00001017 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Audacity

==================== One Month Modified Files and Folders =======

2014-07-22 00:02 - 2014-07-21 19:29 - 00010191 _____ () C:\Users\enjoy\Desktop\FRST.txt
2014-07-21 23:59 - 2014-07-21 19:29 - 00000000 ____D () C:\FRST
2014-07-21 23:48 - 2014-07-21 23:48 - 00022198 _____ () C:\ComboFix.txt
2014-07-21 23:48 - 2014-07-14 18:30 - 00000000 ____D () C:\Qoobox
2014-07-21 23:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-21 23:16 - 2014-07-21 21:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 22:45 - 2014-07-14 18:26 - 05562504 ____R (Swearware) C:\Users\enjoy\Desktop\ComboFix.exe
2014-07-21 22:36 - 2014-07-21 22:35 - 00016872 _____ () C:\Users\enjoy\Desktop\Addition.txt
2014-07-21 22:34 - 2014-07-21 22:34 - 00000625 _____ () C:\Users\enjoy\Desktop\JRT.txt
2014-07-21 22:25 - 2014-07-21 22:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 22:25 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 22:25 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 22:23 - 2014-07-21 22:23 - 01016261 _____ (Thisisu) C:\Users\enjoy\Desktop\JRT.exe
2014-07-21 22:21 - 2014-06-18 07:11 - 01282614 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 22:20 - 2014-07-21 22:20 - 00001528 _____ () C:\Users\enjoy\Desktop\mbam scan.txt
2014-07-21 22:16 - 2013-10-09 14:26 - 00039359 _____ () C:\Windows\setupact.log
2014-07-21 22:16 - 2013-10-09 14:25 - 00021962 _____ () C:\Windows\PFRO.log
2014-07-21 22:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 22:14 - 2014-06-18 16:43 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\GG
2014-07-21 22:11 - 2014-06-19 14:31 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\AIMP3
2014-07-21 22:05 - 2014-06-18 08:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-21 21:58 - 2014-07-21 21:58 - 00000062 _____ () C:\Users\enjoy\Desktop\MALWAREBYTES ANTI-MALWARE 2.0.2 (WSZYSTKIE WERSJE) KEY+ID!.txt
2014-07-21 21:56 - 2014-07-21 21:56 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 21:56 - 2014-07-21 21:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 21:54 - 2014-07-21 21:54 - 00000824 _____ () C:\Users\enjoy\Desktop\adw.txt
2014-07-21 21:46 - 2014-07-13 21:35 - 00000000 ____D () C:\AdwCleaner
2014-07-21 21:46 - 2014-07-10 21:47 - 00000000 ____D () C:\Users\enjoy\Documents\FIFA 14
2014-07-21 21:41 - 2014-07-21 21:41 - 01354223 _____ () C:\Users\enjoy\Desktop\AdwCleaner.exe
2014-07-21 21:21 - 2014-07-21 19:28 - 02090496 _____ (Farbar) C:\Users\enjoy\Desktop\FRST64.exe
2014-07-21 20:39 - 2014-07-21 20:39 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-21 20:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-20 15:41 - 2014-07-20 15:31 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-20 15:33 - 2014-07-20 15:33 - 00000000 ____D () C:\Program Files\Bluestacks
2014-07-18 08:29 - 2014-06-19 20:31 - 00000640 __RSH () C:\Users\enjoy\ntuser.pol
2014-07-18 08:29 - 2014-06-18 07:16 - 00000000 ____D () C:\Users\enjoy
2014-07-18 08:24 - 2009-07-14 06:45 - 00279888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 08:21 - 2011-04-12 15:32 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-18 08:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-18 07:56 - 2013-09-13 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 07:50 - 2014-01-15 20:19 - 01642212 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-18 07:50 - 2011-04-12 15:21 - 00740446 _____ () C:\Windows\system32\perfh015.dat
2014-07-18 07:50 - 2011-04-12 15:21 - 00155988 _____ () C:\Windows\system32\perfc015.dat
2014-07-18 07:50 - 2009-07-14 07:13 - 01642212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 07:45 - 2014-07-18 07:45 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\OpenOffice.org
2014-07-18 07:26 - 2014-07-18 07:26 - 00003109 _____ () C:\Users\enjoy\AppData\Local\recently-used.xbel
2014-07-18 07:26 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\.gimp-2.8
2014-07-18 07:25 - 2014-07-10 15:23 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gtk-2.0
2014-07-18 07:16 - 2014-07-18 07:16 - 00000000 ____D () C:\Windows\CheckSur
2014-07-17 19:55 - 2014-06-18 16:45 - 00000000 ___SD () C:\Users\enjoy\GG dysk
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-16 20:29 - 2014-07-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-16 20:10 - 2014-07-16 20:10 - 00018960 ____N () C:\Users\enjoy\Desktop\dds.txt
2014-07-16 20:10 - 2014-07-16 20:10 - 00005125 ____N () C:\Users\enjoy\Desktop\attach.txt
2014-07-16 20:08 - 2014-07-16 20:08 - 00688992 ____R (Swearware) C:\Users\enjoy\Desktop\dds.com
2014-07-15 21:22 - 2014-06-18 08:59 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\TS3Client
2014-07-14 20:12 - 2014-06-18 16:43 - 00000000 ____D () C:\Users\enjoy\AppData\Local\GG
2014-07-14 18:42 - 2014-07-14 18:42 - 00854390 ____N () C:\Users\enjoy\Desktop\SecurityCheck.exe
2014-07-14 18:40 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-14 18:39 - 2014-07-14 18:30 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 18:31 - 2010-11-21 04:50 - 00000000 ____D () C:\Users\Administrator
2014-07-13 23:20 - 2014-07-13 21:59 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-13 19:43 - 2014-07-05 17:00 - 00000000 ____D () C:\ProgramData\Origin
2014-07-11 00:46 - 2014-07-11 00:46 - 00001411 ____N () C:\Users\enjoy\Desktop\fifa14-www.skidrowcrack.com — skrót.lnk
2014-07-10 21:38 - 2014-07-10 21:38 - 00003120 _____ () C:\Windows\System32\Tasks\Origin
2014-07-10 21:38 - 2014-07-05 17:03 - 00000000 ___HD () C:\Users\enjoy\AppData\Roaming\Origin
2014-07-10 21:28 - 2014-07-10 21:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\DAEMON Tools Lite
2014-07-10 21:28 - 2014-07-10 21:25 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-07-10 21:26 - 2014-07-10 21:26 - 00001960 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-07-10 21:26 - 2014-07-10 21:25 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-07-10 21:26 - 2014-07-10 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-07-10 21:25 - 2014-07-10 21:25 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-07-10 16:34 - 2014-07-10 15:23 - 00821779 ____N () C:\Users\enjoy\Desktop\Bez nazwy.xcf
2014-07-10 16:28 - 2014-06-18 07:16 - 00060736 _____ () C:\Users\enjoy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 15:19 - 2014-07-10 15:19 - 00000000 ____D () C:\Users\enjoy\.thumbnails
2014-07-10 15:18 - 2014-07-10 15:18 - 00000000 ____D () C:\Users\enjoy\AppData\Local\gegl-0.2
2014-07-09 08:06 - 2014-07-09 08:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-07-08 19:46 - 2014-07-08 19:46 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:46 - 00000886 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-07-08 19:46 - 2014-07-08 19:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-08 19:40 - 2014-07-08 19:40 - 00001274 _____ () C:\Users\Public\Desktop\Xara Photo & Graphic Designer 7 SE.lnk
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\MAGIX
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2014-07-08 19:40 - 2014-07-08 19:40 - 00000000 ____D () C:\ProgramData\MAGIX
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ___RD () C:\Users\enjoy\Documents\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\ProgramData\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\Xara
2014-07-08 19:39 - 2014-07-08 19:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-07 16:15 - 2014-07-07 16:13 - 00000000 ____D () C:\Users\Jola\AppData\Roaming\TS3Client
2014-07-07 16:12 - 2014-07-07 16:12 - 00000000 ____D () C:\Users\Jola\AppData\Local\Origin
2014-07-07 12:13 - 2014-06-18 08:48 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-07 11:54 - 2014-06-22 18:17 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Audacity
2014-07-07 10:54 - 2014-07-07 10:53 - 04755200 ____N (AVG Technologies) C:\Users\enjoy\Desktop\avg_internet_security_2014.exe
2014-07-07 10:45 - 2014-07-07 10:45 - 00000175 ____N () C:\Users\enjoy\Desktop\license keys avg.txt
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\Documents\Bluetooth Exchange Folder
2014-07-06 12:45 - 2014-07-06 12:45 - 00000000 ____D () C:\Users\Jola\AppData\Local\Broadcom
2014-07-06 11:53 - 2014-07-05 23:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-05 23:52 - 2014-07-05 23:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-05 23:51 - 2014-07-05 23:51 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Adobe
2014-07-05 23:51 - 2014-06-18 07:17 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Adobe
2014-07-05 23:50 - 2014-07-05 23:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 22:13 - 2014-07-05 21:26 - 00000000 ____D () C:\Users\enjoy\Documents\My Games
2014-07-05 22:13 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-05 21:26 - 2014-07-05 21:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-05 21:22 - 2014-07-05 21:22 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-07-05 21:22 - 2014-07-05 18:29 - 00035026 _____ () C:\Windows\DirectX.log
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-07-05 21:18 - 2014-07-05 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-05 21:17 - 2014-07-05 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-07-05 17:11 - 2014-07-05 17:11 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000524 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-05 17:08 - 2014-07-05 17:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-07-01 16:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-07-01 16:57 - 2014-06-18 08:49 - 00001005 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-01 16:57 - 2014-06-18 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-30 16:42 - 2014-06-30 16:42 - 00001932 _____ () C:\Users\Public\Desktop\Fotocyfra.lnk
2014-06-30 16:42 - 2014-06-30 16:42 - 00000047 _____ () C:\Program Files (x86)\FotoCyfraFotocyfra.url
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotocyfra - odbitki przez Internet
2014-06-30 16:42 - 2014-06-30 16:42 - 00000000 ____D () C:\Program Files (x86)\FotoCyfra
2014-06-28 21:54 - 2014-06-28 21:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 21:54 - 2014-06-28 21:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Sun
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 21:54 - 2014-06-28 21:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-26 17:40 - 2014-01-15 20:16 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-25 20:44 - 2014-06-25 20:43 - 16620032 ____N () C:\Users\enjoy\Desktop\CAM00963.mp4
2014-06-25 20:27 - 2014-06-25 20:27 - 00000000 ____D () C:\AuthLog
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
2014-06-25 20:26 - 2014-06-25 20:26 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Software
2014-06-25 20:26 - 2014-06-25 20:20 - 00000000 ____D () C:\Program Files\DIFX
2014-06-25 20:26 - 2014-06-18 07:39 - 00013896 _____ () C:\Windows\DPINST.LOG
2014-06-25 20:25 - 2014-06-25 20:25 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\CachedFiles
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\Documents\Bluetooth Exchange Folder
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
2014-06-25 20:24 - 2014-06-25 20:24 - 00000000 ____D () C:\Users\enjoy\AppData\Local\Broadcom
2014-06-25 20:22 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 20:21 - 2014-06-25 20:21 - 00000000 ____D () C:\Program Files\ThinkPad
2014-06-25 20:20 - 2014-06-25 20:20 - 00000000 ____D () C:\SWTOOLS
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-25 20:11 - 2014-06-25 20:11 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-06-25 15:30 - 2014-06-25 15:30 - 00000000 ____D () C:\ProgramData\GG
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Users\enjoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 18:18 - 2014-06-22 18:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 18:17 - 2014-06-22 18:17 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00001017 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-06-22 18:17 - 2014-06-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Audacity

Files to move or delete:
====================
C:\Users\enjoy\AppData\Roaming\Origin\update.vbe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 19:41

==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users