Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus open adultcameras.info while opening new window in opera


  • This topic is locked This topic is locked
62 replies to this topic

#1 icar

icar

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 25 January 2015 - 10:37 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by icar (administrator) on KANCELARIA on 25-01-2015 15:11:04
Running from C:\Users\icar\Downloads
Loaded Profiles: icar (Available profiles: icar)
Platform: Windows 8.1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Farbar) C:\Users\icar\Downloads\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-12-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [DellSystemDetect] => C:\Users\icar\AppData\Local\Apps\2.0\L64XY1GN.EKL\2WHETOBD.24E\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-24] (Dell)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1084307622-131046002-2435356648-1002 -> DefaultScope {F1C109EB-3DFA-4141-A2CD-5968B90E8865} URL = http://www.google.com/search?hl=pl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1084307622-131046002-2435356648-1002 -> {73C68E13-826B-41AA-B913-A13797172EA8} URL = 
SearchScopes: HKU\S-1-5-21-1084307622-131046002-2435356648-1002 -> {F1C109EB-3DFA-4141-A2CD-5968B90E8865} URL = http://www.google.com/search?hl=pl&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 31.41.143.2 80.48.52.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-17]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-01-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-10]
StartMenuInternet: Opera - C:\Program Files (x86)\Opera\Opera.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-10] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-10] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-16] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-10] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-05] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-16] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-21] (DT Soft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 ssm_bus; C:\Windows\System32\drivers\ssm_bus.sys [136192 2014-10-13] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [18944 2014-10-13] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\system32\DRIVERS\ssm_mdm.sys [172032 2014-10-13] (MCCI Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-10] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 TDKLIB; \??\C:\Users\icar\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 15:09 - 2015-01-25 15:10 - 00041688 _____ () C:\Users\icar\Desktop\FRST.txt
2015-01-25 14:28 - 2015-01-25 14:28 - 02129920 _____ (Farbar) C:\Users\icar\Downloads\FRST64 (2).exe
2015-01-25 14:25 - 2015-01-25 14:27 - 00000197 _____ () C:\WINDOWS\system32\2015-01-25-13-25-55.014-AvastVBoxSVC.exe-4936.log
2015-01-25 14:23 - 2015-01-25 14:25 - 00307536 _____ () C:\WINDOWS\Minidump\012515-41890-01.dmp
2015-01-25 14:23 - 2015-01-25 14:23 - 709879417 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-25 14:23 - 2015-01-25 14:23 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-24 21:33 - 2015-01-24 21:34 - 00037501 _____ () C:\Users\icar\Downloads\Addition.txt
2015-01-24 21:32 - 2015-01-25 15:11 - 00020323 _____ () C:\Users\icar\Downloads\FRST.txt
2015-01-24 21:32 - 2015-01-25 15:11 - 00000000 ____D () C:\FRST
2015-01-24 21:32 - 2015-01-24 21:32 - 02129920 _____ (Farbar) C:\Users\icar\Downloads\FRST64.exe
2015-01-24 21:32 - 2015-01-24 21:32 - 02129920 _____ (Farbar) C:\Users\icar\Downloads\FRST64 (1).exe
2015-01-24 20:56 - 2015-01-24 20:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-01-24 20:56 - 2013-09-03 22:53 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-01-24 20:56 - 2013-09-03 22:53 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2015-01-24 20:51 - 2015-01-24 20:51 - 00417064 _____ () C:\Users\icar\Downloads\DellSystemDetect.exe
2015-01-23 22:01 - 2015-01-23 22:03 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-21-01-18.020-AvastVBoxSVC.exe-3440.log
2015-01-23 21:24 - 2015-01-23 21:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\icar\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-23 21:18 - 2015-01-23 21:27 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Free Download Manager
2015-01-23 21:17 - 2015-01-23 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-01-23 21:17 - 2015-01-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2015-01-23 21:14 - 2015-01-23 21:14 - 08059224 _____ (FreeDownloadManager.ORG ) C:\Users\icar\Downloads\fdminst.exe
2015-01-23 21:09 - 2015-01-23 21:09 - 04176437 _____ () C:\Users\icar\Downloads\tdsskiller (1).zip
2015-01-23 21:08 - 2015-01-23 21:08 - 04176437 _____ () C:\Users\icar\Downloads\tdsskiller.zip
2015-01-23 13:45 - 2015-01-23 13:45 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-12-45-32.007-AvastVBoxSVC.exe-4340.log
2015-01-23 13:43 - 2015-01-25 14:22 - 00002934 _____ () C:\WINDOWS\PFRO.log
2015-01-23 13:29 - 2015-01-23 13:29 - 02186752 _____ () C:\Users\icar\Downloads\adwcleaner_4.108.exe
2015-01-23 11:23 - 2015-01-23 11:28 - 00012052 _____ () C:\Users\icar\Desktop\biala.odt
2015-01-22 10:10 - 2015-01-22 10:10 - 00000130 _____ () C:\Users\icar\Desktop\1.txt
2015-01-22 08:39 - 2015-01-22 08:39 - 02347384 _____ (ESET) C:\Users\icar\Downloads\esetsmartinstaller_plk.exe
2015-01-22 08:39 - 2015-01-22 08:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-21 22:37 - 2015-01-25 14:23 - 00002327 _____ () C:\WINDOWS\setupact.log
2015-01-21 22:37 - 2015-01-21 22:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-21 21:22 - 2015-01-21 21:35 - 00047874 _____ () C:\Users\icar\Desktop\wołczyn pogrzeb.odt
2015-01-21 21:20 - 2015-01-25 14:49 - 00447412 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-21 20:34 - 2015-01-21 20:34 - 00000665 _____ () C:\INSTALL.LOG
2015-01-21 20:34 - 2015-01-21 20:34 - 00000000 ____D () C:\WINDOWS\027B5748C40941FE949B7B81A8304EF4.TMP
2015-01-20 13:52 - 2015-01-22 10:11 - 00025344 _____ () C:\Users\icar\Desktop\cofnięcie pozew pątnów.odt
2015-01-20 13:15 - 2015-01-20 13:15 - 00017327 _____ () C:\Users\icar\Downloads\uchwała o uchyleniu uchwału o przydomowych oczyszczalniach ścieków Gmina Sokolniki.odt
2015-01-20 13:13 - 2015-01-20 13:14 - 00058058 _____ () C:\Users\icar\Desktop\utstalenie stawek opłat Gmina Sokolniki - uchwała 19.01.2015 r.odt
2015-01-20 13:11 - 2015-01-20 13:11 - 00021541 _____ () C:\Users\icar\Downloads\utstalenie stawek opłat Gmina Sokolniki - uchwała 19.01.2015 r.odt
2015-01-20 12:39 - 2015-01-20 12:39 - 00016004 _____ () C:\Users\icar\Downloads\AKtPismo do Burmistrza 20 stycznia 2015 roku.odt
2015-01-20 10:47 - 2015-01-20 10:47 - 00012479 _____ () C:\Users\icar\Downloads\uchwała w sparwie studium.odt
2015-01-19 19:19 - 2015-01-19 19:19 - 09211481 _____ () C:\Users\icar\Downloads\Szczyt.zip
2015-01-16 11:53 - 2015-01-16 11:54 - 05609736 _____ (Swearware) C:\Users\icar\Downloads\ComboFix (2).exe
2015-01-16 11:53 - 2015-01-16 11:54 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-10-53-54.014-AvastVBoxSVC.exe-3992.log
2015-01-16 11:32 - 2015-01-16 11:32 - 05609736 _____ (Swearware) C:\Users\icar\Downloads\ComboFix (1).exe
2015-01-16 11:11 - 2015-01-16 13:36 - 00062683 _____ () C:\Users\icar\Desktop\dodatek mieszkaniowy.odt
2015-01-16 11:04 - 2015-01-16 11:05 - 05609736 _____ (Swearware) C:\Users\icar\Downloads\ComboFix.exe
2015-01-16 10:28 - 2015-01-22 13:32 - 00000000 ____D () C:\EEK
2015-01-16 10:28 - 2015-01-16 10:28 - 00000757 _____ () C:\Users\icar\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-16 10:20 - 2015-01-16 10:26 - 166547056 _____ () C:\Users\icar\Downloads\EmsisoftEmergencyKit.exe
2015-01-16 10:06 - 2015-01-16 10:06 - 00000247 _____ () C:\WINDOWS\system32\2015-01-16-09-06-35.057-aswFe.exe-6432.log
2015-01-16 09:57 - 2015-01-16 10:06 - 00000247 _____ () C:\WINDOWS\system32\2015-01-16-08-57-22.094-aswFe.exe-4416.log
2015-01-16 09:57 - 2015-01-16 09:57 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-08-57-17.096-AvastVBoxSVC.exe-6152.log
2015-01-16 09:55 - 2015-01-16 09:55 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-01-16 09:19 - 2015-01-16 09:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-16 09:18 - 2015-01-16 09:18 - 11225840 _____ (SurfRight B.V.) C:\Users\icar\Downloads\HitmanPro_x64.exe
2015-01-16 09:10 - 2015-01-16 09:11 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\icar\Downloads\tdsskiller (1).exe
2015-01-16 09:03 - 2015-01-23 13:42 - 00000000 ____D () C:\AdwCleaner
2015-01-16 09:02 - 2015-01-16 09:02 - 00000999 _____ () C:\Users\icar\Desktop\JRT.txt
2015-01-16 08:58 - 2015-01-23 22:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-16 08:57 - 2015-01-16 08:57 - 01707939 _____ (Thisisu) C:\Users\icar\Downloads\JRT.exe
2015-01-16 08:56 - 2015-01-16 08:56 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\icar\Downloads\tdsskiller.exe
2015-01-15 22:59 - 2015-01-15 23:00 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-21-59-22.053-AvastVBoxSVC.exe-4516.log
2015-01-15 21:53 - 2015-01-15 21:53 - 00024052 _____ () C:\Users\icar\Downloads\Zażalenie II.odt
2015-01-15 21:27 - 2015-01-15 21:28 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-27-42.010-AvastVBoxSVC.exe-3644.log
2015-01-15 21:23 - 2015-01-15 21:23 - 00093550 _____ () C:\spyhunter.fix
2015-01-15 21:23 - 2015-01-15 21:19 - 00008192 _____ () C:\shldr.mbr
2015-01-15 21:23 - 2012-11-02 16:23 - 00285747 _____ () C:\shldr
2015-01-15 21:19 - 2015-01-15 21:19 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-01-15 21:03 - 2015-01-15 21:03 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-03-16.061-AvastVBoxSVC.exe-2888.log
2015-01-15 20:53 - 2015-01-15 22:46 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Microsoft FxCop
2015-01-15 20:53 - 2015-01-15 20:53 - 46175312 ___RH () C:\Users\icar\Desktop\spyhunterS4.exe
2015-01-15 20:52 - 2015-01-15 20:52 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-52-17.047-AvastVBoxSVC.exe-1996.log
2015-01-15 20:44 - 2015-01-15 20:44 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-44-17.055-AvastVBoxSVC.exe-3960.log
2015-01-15 11:23 - 2015-01-15 11:23 - 00000000 _____ () C:\autoexec.bat
2015-01-15 11:14 - 2015-01-15 11:14 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\icar\Downloads\SpyHunter-Installer.exe
2015-01-15 11:02 - 2015-01-15 11:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-10-02-04.063-AvastVBoxSVC.exe-3844.log
2015-01-15 10:27 - 2015-01-15 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 09:49 - 2015-01-15 09:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\icar\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 13:47 - 2015-01-16 09:58 - 00065532 _____ () C:\Users\icar\Desktop\sprzedaż działki.odt
2015-01-14 10:23 - 2015-01-14 10:24 - 00000197 _____ () C:\WINDOWS\system32\2015-01-14-09-23-07.042-AvastVBoxSVC.exe-3840.log
2015-01-14 08:40 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 08:40 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-13 21:22 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 21:22 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 21:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 21:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 21:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 21:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 21:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 21:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 21:20 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 21:20 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 21:20 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 21:20 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 21:20 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 21:20 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 21:20 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 21:20 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 21:20 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 21:20 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 21:20 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 21:20 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 21:20 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-12 21:44 - 2015-01-14 08:20 - 00000000 ____D () C:\Users\icar\Desktop\138CANON
2015-01-12 19:07 - 2015-01-12 19:08 - 00000197 _____ () C:\WINDOWS\system32\2015-01-12-18-07-02.010-AvastVBoxSVC.exe-4248.log
2015-01-12 09:57 - 2015-01-12 09:58 - 01845591 _____ () C:\Users\icar\Downloads\podatki R.Karczmar grudzień 2014.tif
2015-01-11 18:45 - 2015-01-11 19:04 - 00022925 _____ () C:\Users\icar\Desktop\siemkowice.odt
2015-01-11 18:05 - 2015-01-11 18:36 - 00038170 _____ () C:\Users\icar\Desktop\radny stowarzyszenia.odt
2015-01-11 17:51 - 2015-01-11 17:51 - 00000000 ____D () C:\Users\icar\Downloads\Radosław Karczmar
2015-01-11 17:47 - 2015-01-11 17:47 - 33259750 _____ () C:\Users\icar\Downloads\Radosław Karczmar.rar
2015-01-09 16:46 - 2015-01-09 17:39 - 00050977 _____ () C:\Users\icar\Desktop\konkurs.odt
2015-01-09 16:08 - 2015-01-09 16:32 - 00032769 _____ () C:\Users\icar\Desktop\nagroda.odt
2015-01-09 12:30 - 2015-01-09 12:30 - 00000197 _____ () C:\WINDOWS\system32\2015-01-09-11-30-16.035-AvastVBoxSVC.exe-4628.log
2015-01-09 11:49 - 2015-01-10 17:32 - 00063831 _____ () C:\Users\icar\Desktop\kurenda.odt
2015-01-09 10:36 - 2015-01-09 10:37 - 02059232 _____ () C:\Users\icar\Downloads\Zawiadomienie_o_kontroli.zip
2015-01-08 23:12 - 2015-01-08 23:12 - 00038400 _____ () C:\Users\icar\Downloads\show_pdfdoc.php
2015-01-08 21:21 - 2015-01-08 21:21 - 00020682 _____ () C:\Users\icar\Downloads\Mokri (1).odt
2015-01-08 13:02 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-01-08 13:02 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-01-08 12:59 - 2015-01-08 12:59 - 00000197 _____ () C:\WINDOWS\system32\2015-01-08-11-59-27.030-AvastVBoxSVC.exe-3496.log
2015-01-07 21:20 - 2015-01-13 21:59 - 00000000 ____D () C:\Users\icar\Desktop\back to school
2015-01-07 21:17 - 2015-01-07 21:17 - 00020682 _____ () C:\Users\icar\Downloads\Mokri.odt
2015-01-07 20:43 - 2015-01-07 21:10 - 00020682 _____ () C:\Users\icar\Desktop\Mokri.odt
2015-01-05 20:31 - 2015-01-08 12:32 - 00000000 ____D () C:\Users\icar\Desktop\osmlecz
2015-01-05 13:09 - 2015-01-05 13:10 - 00000022 _____ () C:\Users\icar\Desktop\asus Pątnów.txt
2015-01-04 21:12 - 2015-01-04 21:12 - 01263835 _____ () C:\Users\icar\Downloads\dokumenty.zip
2015-01-04 21:12 - 2015-01-04 21:12 - 00000000 ____D () C:\Users\icar\Downloads\dokumenty
2015-01-04 20:00 - 2015-01-04 21:04 - 00094818 _____ () C:\Users\icar\Desktop\schetynówka.odt
2015-01-01 18:20 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-01-01 18:20 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00172032 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_mdm.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00136192 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_bus.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00018944 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_mdfl.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00015872 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_whnt.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00015360 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_cmnt.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 15:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-25 14:56 - 2013-06-07 12:29 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-25 14:56 - 2013-06-05 19:35 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1084307622-131046002-2435356648-1002
2015-01-25 14:34 - 2013-07-05 07:34 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 14:25 - 2013-07-05 07:34 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 14:25 - 2013-06-05 21:25 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-25 14:23 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-25 14:22 - 2013-10-19 12:32 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-24 20:56 - 2013-06-07 12:29 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-24 20:56 - 2012-11-09 12:15 - 00000000 ____D () C:\ProgramData\Intel
2015-01-24 20:56 - 2012-11-09 12:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-24 20:56 - 2012-11-09 12:14 - 00000000 ____D () C:\Program Files\Intel
2015-01-24 20:53 - 2014-07-12 13:51 - 00000000 ____D () C:\Users\icar\AppData\Local\Deployment
2015-01-24 20:52 - 2014-07-12 13:52 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-23 21:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-23 21:17 - 2014-09-03 19:58 - 00001081 _____ () C:\Users\icar\Desktop\Free Download Manager.lnk
2015-01-23 11:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-22 14:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-21 20:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 22:32 - 2014-12-10 18:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-10 18:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 13:45 - 2013-10-19 12:39 - 00000000 ____D () C:\Users\icar
2015-01-16 08:52 - 2013-09-30 05:15 - 01828496 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-16 08:52 - 2013-09-30 05:00 - 00808198 _____ () C:\WINDOWS\system32\perfh015.dat
2015-01-16 08:52 - 2013-09-30 05:00 - 00164014 _____ () C:\WINDOWS\system32\perfc015.dat
2015-01-14 07:55 - 2013-07-22 08:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 07:51 - 2013-06-07 09:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-04 20:06 - 2014-10-13 12:20 - 00000000 ____D () C:\Program Files (x86)\Wasteland 2
2015-01-02 21:07 - 2013-08-15 19:40 - 00000000 ____D () C:\Users\icar\Documents\CyberLink
2015-01-01 18:48 - 2013-06-09 13:06 - 00000000 ____D () C:\Users\icar\AppData\Roaming\DAEMON Tools Lite
2015-01-01 18:48 - 2013-06-05 21:17 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Azureus
2015-01-01 18:46 - 2013-06-09 10:19 - 00000796 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-01 18:46 - 2013-06-09 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-01 18:46 - 2013-06-09 10:19 - 00000000 ____D () C:\Program Files\CCleaner
 
==================== Files in the root of some directories =======
 
2013-08-16 21:13 - 2013-08-15 09:13 - 0000044 ____H () C:\Program Files (x86)\1aa92753.tmp
2012-11-09 12:28 - 2012-11-09 12:28 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-09 12:24 - 2012-11-09 12:25 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-09 12:25 - 2012-11-09 12:26 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-09 12:23 - 2012-11-09 12:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-09 12:26 - 2012-11-09 12:27 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some content of TEMP:
====================
C:\Users\icar\AppData\Local\Temp\HitmanPro.exe
C:\Users\icar\AppData\Local\Temp\Quarantine.exe
C:\Users\icar\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 14:56
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 AM

Posted 25 January 2015 - 02:12 PM

Hello and Welcome to BleepingComputer ,

my Name is Machiavelli and I will assist you with your problem.   :exclame: The fixes are specific to your problem and should only be used for the issue on your machine!  :exclame:
 
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
You must reply to posts within days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is a important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.
 

:exclame: Below are a few tips :exclame:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Please post the Addition log into the thread. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 icar

icar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 25 January 2015 - 03:07 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by icar at 2015-01-25 15:11:36
Running from C:\Users\icar\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aktualizacje NVIDIA 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dell System Detect - 1  (HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell System Detect (HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.209 - ALPS ELECTRIC CO., LTD.)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
LibreOffice 4.2.7.2 (HKLM-x32\...\{A313C39F-79A7-408B-97EE-8F958407D694}) (Version: 4.2.7.2 - The Document Foundation)
Matroska Pack (HKLM-x32\...\Matroska Pack) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0110.129 - Mio Technology)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyFreeCodec (HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\MyFreeCodec) (Version:  - )
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Oprogramowanie Intel® PROSet/Wireless WiFi (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
Panel sterowania NVIDIA 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.27 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSFilter 2.41.7634 (f47b42b) Beta (64-bit) (HKLM\...\vsfilter64_is1) (Version: 2.41.7634 - MPC-HC Team)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
05-01-2015 13:18:56 Zaplanowany punkt kontrolny
12-01-2015 21:50:24 Zaplanowany punkt kontrolny
14-01-2015 07:49:16 Instalator modułów systemu Windows
15-01-2015 20:53:58 Installed SpyHunter
21-01-2015 20:31:54 Removed SpyHunter
24-01-2015 20:54:24 IIF_MSI
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1E1F1AD3-895B-4217-9F1A-9AF47085E7E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {54204666-5C01-425C-9640-B1374A6B9E58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {69985E81-CF2E-4327-BA75-DFAE9C6B6EB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-05] (Google Inc.)
Task: {82E51881-6815-4688-BAD8-412699FE6FBC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {A194427B-047F-4482-A6B1-D5F1E058DA4B} - System32\Tasks\Opera scheduled Autoupdate 1384378288 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {A421031E-83F4-4621-926B-C47405E7DD52} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B3146B59-D02A-49C7-B9E3-4664D9F13B01} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {BED430FB-5BC9-4510-A0FE-49B4E7672483} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-10] (AVAST Software)
Task: {D9A09EC9-885D-4C13-ABD7-336E53562F6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-05] (Google Inc.)
Task: {F84212FB-9FC1-4A2E-BEC4-124D84C17CD0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-17 20:05 - 2014-11-13 01:20 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-19 12:33 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-02 07:16 - 2007-02-09 10:41 - 00014848 _____ () C:\WINDOWS\System32\KOAZJA_L.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2012-11-09 12:26 - 2012-04-25 03:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-06-09 13:53 - 2005-04-22 05:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2014-12-10 18:34 - 2014-12-10 18:34 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-10 18:34 - 2014-12-10 18:34 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-17 21:02 - 2014-12-17 21:02 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
2015-01-24 20:57 - 2015-01-24 20:57 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012401\algo.dll
2014-12-10 18:34 - 2014-12-10 18:34 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-25 14:25 - 2015-01-25 14:25 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012500\algo.dll
2014-12-10 18:35 - 2014-12-10 18:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-17 21:02 - 2014-12-17 21:02 - 00156792 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\message_center_win8.dll
2014-12-17 21:02 - 2014-12-17 21:02 - 01358456 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libglesv2.dll
2014-12-17 21:02 - 2014-12-17 21:02 - 00219256 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libegl.dll
2013-11-27 19:55 - 2014-11-13 01:20 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-24 20:56 - 2013-09-03 22:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-17 21:02 - 2014-12-17 21:02 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll
2014-12-17 21:02 - 2014-12-17 21:02 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\StartupApproved\Run: => ""
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1084307622-131046002-2435356648-500 - Administrator - Disabled)
Gość (S-1-5-21-1084307622-131046002-2435356648-501 - Limited - Disabled)
icar (S-1-5-21-1084307622-131046002-2435356648-1002 - Administrator - Enabled) => C:\Users\icar
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/25/2015 02:25:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: ZeroConfigService.exe, wersja: 15.5.0.2, sygnatura czasowa: 0x50070789
Nazwa modułu powodującego błąd: MurocApi.dll, wersja: 15.5.0.1, sygnatura czasowa: 0x500706ce
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0000000000032331
Identyfikator procesu powodującego błąd: 0x994
Godzina uruchomienia aplikacji powodującej błąd: 0xZeroConfigService.exe0
Ścieżka aplikacji powodującej błąd: ZeroConfigService.exe1
Ścieżka modułu powodującego błąd: ZeroConfigService.exe2
Identyfikator raportu: ZeroConfigService.exe3
Pełna nazwa pakietu powodującego błąd: ZeroConfigService.exe4
Identyfikator aplikacji względem pakietu powodującego błąd: ZeroConfigService.exe5
 
Error: (01/24/2015 08:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: IAStorDataMgrSvc.exe, wersja: 12.8.0.1016, sygnatura czasowa: 0x51fb0c50
Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x04ab4211
Identyfikator procesu powodującego błąd: 0x1a84
Godzina uruchomienia aplikacji powodującej błąd: 0xIAStorDataMgrSvc.exe0
Ścieżka aplikacji powodującej błąd: IAStorDataMgrSvc.exe1
Ścieżka modułu powodującego błąd: IAStorDataMgrSvc.exe2
Identyfikator raportu: IAStorDataMgrSvc.exe3
Pełna nazwa pakietu powodującego błąd: IAStorDataMgrSvc.exe4
Identyfikator aplikacji względem pakietu powodującego błąd: IAStorDataMgrSvc.exe5
 
Error: (01/24/2015 08:57:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikacja: IAStorDataMgrSvc.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: System.NullReferenceException
Stos:
   w IAStorDataMgr.EventRelay.SetSystemState(PSI.PsiSystemDataModel)
   w IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   w System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   w System.Threading.ThreadPoolWorkQueue.Dispatch()
   w System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/24/2015 08:56:43 PM) (Source: LMS) (EventID: 2) (User: Kancelaria)
Description: Proces usługi nie mógł połączyć się z kontrolerem usługi.
 
Error: (01/23/2015 02:54:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2” w wierszu C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (01/23/2015 02:53:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2” w wierszu C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Składnik 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (01/23/2015 10:34:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program AcroRd32.exe w wersji 11.0.10.32 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania.
 
Identyfikator procesu: 73c
 
Godzina rozpoczęcia: 01d036efa0fbdc87
 
Godzina zakończenia: 7
 
Ścieżka aplikacji: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
 
Identyfikator raportu: fc3befc8-a2e2-11e4-bee0-84a6c8f2a48f
 
Pełna nazwa pakietu powodującego błąd: 
 
Identyfikator aplikacji względem pakietu powodującego błąd:
 
Error: (01/23/2015 09:32:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2” w wierszu C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (01/23/2015 09:32:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2” w wierszu C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Składnik 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (01/23/2015 09:30:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2” w wierszu C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Składnik 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
 
System errors:
=============
Error: (01/25/2015 02:57:48 PM) (Source: DCOM) (EventID: 10010) (User: Kancelaria)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (01/25/2015 02:57:18 PM) (Source: DCOM) (EventID: 10010) (User: Kancelaria)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (01/25/2015 02:56:56 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ZARZĄDZANIE NT)
Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM
 
Error: (01/25/2015 02:26:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Intel® PROSet/Wireless Zero Configuration Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (01/25/2015 02:25:18 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000a0 (0x000000000000000c, 0xffffffffc000000e, 0xffffe0016d6af620, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP012515-41890-01
 
Error: (01/25/2015 02:25:08 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT)
Description: 1053AvastVBoxSvcNiedostępny{F319F1B8-7587-4146-AF9C-0D6D77819BF1}
 
Error: (01/25/2015 02:25:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi AvastVBox COM Service z powodu następującego błędu: 
%%1053
 
Error: (01/25/2015 02:25:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą AvastVBox COM Service.
 
Error: (01/25/2015 02:22:45 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: ZARZĄDZANIE NT)
Description: 32212254731145392
 
Error: (01/25/2015 02:23:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 23:17:18 na ‎2015-‎01-‎24 było nieoczekiwane.
 
 
Microsoft Office Sessions:
=========================
Error: (01/25/2015 02:25:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe15.5.0.250070789MurocApi.dll15.5.0.1500706cec0000005000000000003233199401d038a229dbb936C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dlla9e83d7c-a495-11e4-bee3-84a6c8f2a48f
 
Error: (01/24/2015 08:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorDataMgrSvc.exe12.8.0.101651fb0c50unknown0.0.0.000000000c000000504ab42111a8401d0380fd1aff296C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeunknown2e06773e-a403-11e4-bee2-84a6c8f2a48f
 
Error: (01/24/2015 08:57:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikacja: IAStorDataMgrSvc.exe
Wersja architektury: v4.0.30319
Opis: proces został przerwany z powodu nieobsłużonego wyjątku.
Informacje o wyjątku: System.NullReferenceException
Stos:
   w IAStorDataMgr.EventRelay.SetSystemState(PSI.PsiSystemDataModel)
   w IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   w System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   w System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   w System.Threading.ThreadPoolWorkQueue.Dispatch()
   w System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (01/24/2015 08:56:43 PM) (Source: LMS) (EventID: 2) (User: Kancelaria)
Description: Proces usługi nie mógł połączyć się z kontrolerem usługi.
 
Error: (01/23/2015 02:54:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe
 
Error: (01/23/2015 02:53:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (01/23/2015 10:34:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AcroRd32.exe11.0.10.3273c01d036efa0fbdc877C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exefc3befc8-a2e2-11e4-bee0-84a6c8f2a48f
 
Error: (01/23/2015 09:32:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe
 
Error: (01/23/2015 09:32:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (01/23/2015 09:30:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-25 15:10:29.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-25 15:10:29.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-25 15:10:29.730
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-25 15:10:29.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-25 15:09:49.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-25 15:09:49.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-25 15:09:49.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-25 15:09:49.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-25 15:08:38.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-25 15:08:38.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 8049.09 MB
Available physical RAM: 5881.28 MB
Total Pagefile: 16241.09 MB
Available Pagefile: 13891.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:268.31 GB) (Free:157.93 GB) NTFS
Drive d: (JESZCZE DALEJ NIZ POLNOC) (CDROM) (Total:4.31 GB) (Free:0 GB) UDF
Drive f: (Nowy) (Fixed) (Total:182.68 GB) (Free:2.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 56CBA219)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 AM

Posted 25 January 2015 - 03:09 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 icar

icar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 26 January 2015 - 04:08 AM

# AdwCleaner v4.109 - Log utworzony 26/01/2015 o 09:03:43
# Aktualizacja 24/01/2015 przez Xplode
# Database : 2015-01-25.1 [Live]
# System operacyjny : Windows 8.1  (64 bits)
# Użytkownik : icar - KANCELARIA
# Ścieżka : C:\Users\icar\Downloads\AdwCleaner.exe
# Opcja : Usuń
 
***** [ Usługi ] *****
 
 
***** [ Pliki / Foldery ] *****
 
 
***** [ Zadania ] *****
 
 
***** [ Skróty ] *****
 
 
***** [ Rejestr ] *****
 
 
***** [ Przeglądarki internetowe ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.91
 
 
-\\ Opera v26.0.1656.60
 
 
*************************
 
AdwCleaner[R0].txt - [1944 octets] - [16/01/2015 09:03:50]
AdwCleaner[R1].txt - [2004 octets] - [16/01/2015 09:06:06]
AdwCleaner[R2].txt - [943 octets] - [23/01/2015 13:29:31]
AdwCleaner[R3].txt - [1002 octets] - [23/01/2015 13:40:16]
AdwCleaner[R4].txt - [1117 octets] - [26/01/2015 08:57:21]
AdwCleaner[S0].txt - [1977 octets] - [16/01/2015 09:07:32]
AdwCleaner[S1].txt - [1060 octets] - [23/01/2015 13:42:43]
AdwCleaner[S2].txt - [1036 octets] - [26/01/2015 09:03:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1096 octets] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-01-26
Scan Time: 09:20:38
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.26.04
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: icar
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363536
Time Elapsed: 22 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by icar on 2015-01-26 at  9:52:29,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-01-26 at  9:57:42,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by icar (administrator) on KANCELARIA on 26-01-2015 09:58:52
Running from C:\Users\icar\Downloads
Loaded Profiles: icar (Available profiles: icar)
Platform: Windows 8.1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Farbar) C:\Users\icar\Downloads\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-12-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [DellSystemDetect] => C:\Users\icar\AppData\Local\Apps\2.0\L64XY1GN.EKL\2WHETOBD.24E\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-24] (Dell)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1084307622-131046002-2435356648-1002 -> {73C68E13-826B-41AA-B913-A13797172EA8} URL = 
SearchScopes: HKU\S-1-5-21-1084307622-131046002-2435356648-1002 -> {F1C109EB-3DFA-4141-A2CD-5968B90E8865} URL = http://www.google.com/search?hl=pl&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 194.204.159.1 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-17]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-01-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-10]
StartMenuInternet: Opera - C:\Program Files (x86)\Opera\Opera.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-10] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-10] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-16] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-10] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-05] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-16] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-21] (DT Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 ssm_bus; C:\Windows\System32\drivers\ssm_bus.sys [136192 2014-10-13] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [18944 2014-10-13] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\system32\DRIVERS\ssm_mdm.sys [172032 2014-10-13] (MCCI Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-10] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 TDKLIB; \??\C:\Users\icar\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 09:57 - 2015-01-26 09:57 - 00000613 _____ () C:\Users\icar\Desktop\JRT.txt
2015-01-26 09:51 - 2015-01-26 09:51 - 01707939 _____ (Thisisu) C:\Users\icar\Downloads\JRT (1).exe
2015-01-26 09:51 - 2015-01-26 09:51 - 00001048 _____ () C:\Users\icar\Desktop\malwarebytes.txt
2015-01-26 09:16 - 2015-01-26 09:20 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 09:16 - 2015-01-26 09:16 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 09:16 - 2015-01-26 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 09:16 - 2015-01-26 09:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 09:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-26 09:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-26 09:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-26 09:10 - 2015-01-26 09:10 - 00001176 _____ () C:\Users\icar\Desktop\AdwCleaner[S2].txt
2015-01-26 09:07 - 2015-01-26 09:07 - 00000197 _____ () C:\WINDOWS\system32\2015-01-26-08-07-25.005-AvastVBoxSVC.exe-2032.log
2015-01-26 08:58 - 2015-01-26 09:39 - 00037452 _____ () C:\Users\icar\Desktop\Eko-Biała.odt
2015-01-26 08:57 - 2015-01-26 08:57 - 02194432 _____ () C:\Users\icar\Downloads\AdwCleaner.exe
2015-01-25 15:12 - 2015-01-25 15:12 - 00036114 _____ () C:\Users\icar\Desktop\Addition.txt
2015-01-25 15:09 - 2015-01-25 15:12 - 00041574 _____ () C:\Users\icar\Desktop\FRST.txt
2015-01-25 14:28 - 2015-01-25 14:28 - 02129920 _____ (Farbar) C:\Users\icar\Downloads\FRST64 (2).exe
2015-01-25 14:25 - 2015-01-25 14:27 - 00000197 _____ () C:\WINDOWS\system32\2015-01-25-13-25-55.014-AvastVBoxSVC.exe-4936.log
2015-01-25 14:23 - 2015-01-25 14:25 - 00307536 _____ () C:\WINDOWS\Minidump\012515-41890-01.dmp
2015-01-25 14:23 - 2015-01-25 14:23 - 709879417 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-25 14:23 - 2015-01-25 14:23 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-24 21:33 - 2015-01-25 15:12 - 00036114 _____ () C:\Users\icar\Downloads\Addition.txt
2015-01-24 21:32 - 2015-01-26 09:58 - 00020922 _____ () C:\Users\icar\Downloads\FRST.txt
2015-01-24 21:32 - 2015-01-26 09:58 - 00000000 ____D () C:\FRST
2015-01-24 21:32 - 2015-01-24 21:32 - 02129920 _____ (Farbar) C:\Users\icar\Downloads\FRST64.exe
2015-01-24 21:32 - 2015-01-24 21:32 - 02129920 _____ (Farbar) C:\Users\icar\Downloads\FRST64 (1).exe
2015-01-24 20:56 - 2015-01-24 20:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-01-24 20:56 - 2013-09-03 22:53 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-01-24 20:56 - 2013-09-03 22:53 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2015-01-24 20:51 - 2015-01-24 20:51 - 00417064 _____ () C:\Users\icar\Downloads\DellSystemDetect.exe
2015-01-23 22:01 - 2015-01-23 22:03 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-21-01-18.020-AvastVBoxSVC.exe-3440.log
2015-01-23 21:24 - 2015-01-23 21:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\icar\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-23 21:18 - 2015-01-23 21:27 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Free Download Manager
2015-01-23 21:17 - 2015-01-23 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-01-23 21:17 - 2015-01-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2015-01-23 21:14 - 2015-01-23 21:14 - 08059224 _____ (FreeDownloadManager.ORG ) C:\Users\icar\Downloads\fdminst.exe
2015-01-23 21:09 - 2015-01-23 21:09 - 04176437 _____ () C:\Users\icar\Downloads\tdsskiller (1).zip
2015-01-23 21:08 - 2015-01-23 21:08 - 04176437 _____ () C:\Users\icar\Downloads\tdsskiller.zip
2015-01-23 13:45 - 2015-01-23 13:45 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-12-45-32.007-AvastVBoxSVC.exe-4340.log
2015-01-23 13:43 - 2015-01-26 09:04 - 00003240 _____ () C:\WINDOWS\PFRO.log
2015-01-23 13:29 - 2015-01-23 13:29 - 02186752 _____ () C:\Users\icar\Downloads\adwcleaner_4.108.exe
2015-01-23 11:23 - 2015-01-23 11:28 - 00012052 _____ () C:\Users\icar\Desktop\biala.odt
2015-01-22 10:10 - 2015-01-22 10:10 - 00000130 _____ () C:\Users\icar\Desktop\1.txt
2015-01-22 08:39 - 2015-01-22 08:39 - 02347384 _____ (ESET) C:\Users\icar\Downloads\esetsmartinstaller_plk.exe
2015-01-22 08:39 - 2015-01-22 08:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-21 22:37 - 2015-01-26 09:05 - 00002558 _____ () C:\WINDOWS\setupact.log
2015-01-21 22:37 - 2015-01-21 22:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-21 21:22 - 2015-01-21 21:35 - 00047874 _____ () C:\Users\icar\Desktop\wołczyn pogrzeb.odt
2015-01-21 21:20 - 2015-01-26 09:18 - 00498717 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-21 20:34 - 2015-01-21 20:34 - 00000665 _____ () C:\INSTALL.LOG
2015-01-21 20:34 - 2015-01-21 20:34 - 00000000 ____D () C:\WINDOWS\027B5748C40941FE949B7B81A8304EF4.TMP
2015-01-20 13:52 - 2015-01-22 10:11 - 00025344 _____ () C:\Users\icar\Desktop\cofnięcie pozew pątnów.odt
2015-01-20 13:15 - 2015-01-20 13:15 - 00017327 _____ () C:\Users\icar\Downloads\uchwała o uchyleniu uchwału o przydomowych oczyszczalniach ścieków Gmina Sokolniki.odt
2015-01-20 13:13 - 2015-01-20 13:14 - 00058058 _____ () C:\Users\icar\Desktop\utstalenie stawek opłat Gmina Sokolniki - uchwała 19.01.2015 r.odt
2015-01-20 13:11 - 2015-01-20 13:11 - 00021541 _____ () C:\Users\icar\Downloads\utstalenie stawek opłat Gmina Sokolniki - uchwała 19.01.2015 r.odt
2015-01-20 12:39 - 2015-01-20 12:39 - 00016004 _____ () C:\Users\icar\Downloads\AKtPismo do Burmistrza 20 stycznia 2015 roku.odt
2015-01-20 10:47 - 2015-01-20 10:47 - 00012479 _____ () C:\Users\icar\Downloads\uchwała w sparwie studium.odt
2015-01-19 19:19 - 2015-01-19 19:19 - 09211481 _____ () C:\Users\icar\Downloads\Szczyt.zip
2015-01-16 11:53 - 2015-01-16 11:54 - 05609736 _____ (Swearware) C:\Users\icar\Downloads\ComboFix (2).exe
2015-01-16 11:53 - 2015-01-16 11:54 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-10-53-54.014-AvastVBoxSVC.exe-3992.log
2015-01-16 11:32 - 2015-01-16 11:32 - 05609736 _____ (Swearware) C:\Users\icar\Downloads\ComboFix (1).exe
2015-01-16 11:11 - 2015-01-16 13:36 - 00062683 _____ () C:\Users\icar\Desktop\dodatek mieszkaniowy.odt
2015-01-16 11:04 - 2015-01-16 11:05 - 05609736 _____ (Swearware) C:\Users\icar\Downloads\ComboFix.exe
2015-01-16 10:28 - 2015-01-22 13:32 - 00000000 ____D () C:\EEK
2015-01-16 10:28 - 2015-01-16 10:28 - 00000757 _____ () C:\Users\icar\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-16 10:20 - 2015-01-16 10:26 - 166547056 _____ () C:\Users\icar\Downloads\EmsisoftEmergencyKit.exe
2015-01-16 10:06 - 2015-01-16 10:06 - 00000247 _____ () C:\WINDOWS\system32\2015-01-16-09-06-35.057-aswFe.exe-6432.log
2015-01-16 09:57 - 2015-01-16 10:06 - 00000247 _____ () C:\WINDOWS\system32\2015-01-16-08-57-22.094-aswFe.exe-4416.log
2015-01-16 09:57 - 2015-01-16 09:57 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-08-57-17.096-AvastVBoxSVC.exe-6152.log
2015-01-16 09:55 - 2015-01-16 09:55 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-01-16 09:19 - 2015-01-16 09:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-16 09:18 - 2015-01-16 09:18 - 11225840 _____ (SurfRight B.V.) C:\Users\icar\Downloads\HitmanPro_x64.exe
2015-01-16 09:10 - 2015-01-16 09:11 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\icar\Downloads\tdsskiller (1).exe
2015-01-16 09:03 - 2015-01-26 09:03 - 00000000 ____D () C:\AdwCleaner
2015-01-16 08:58 - 2015-01-23 22:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-16 08:57 - 2015-01-16 08:57 - 01707939 _____ (Thisisu) C:\Users\icar\Downloads\JRT.exe
2015-01-16 08:56 - 2015-01-16 08:56 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\icar\Downloads\tdsskiller.exe
2015-01-15 22:59 - 2015-01-15 23:00 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-21-59-22.053-AvastVBoxSVC.exe-4516.log
2015-01-15 21:53 - 2015-01-15 21:53 - 00024052 _____ () C:\Users\icar\Downloads\Zażalenie II.odt
2015-01-15 21:27 - 2015-01-15 21:28 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-27-42.010-AvastVBoxSVC.exe-3644.log
2015-01-15 21:23 - 2015-01-15 21:23 - 00093550 _____ () C:\spyhunter.fix
2015-01-15 21:23 - 2015-01-15 21:19 - 00008192 _____ () C:\shldr.mbr
2015-01-15 21:23 - 2012-11-02 16:23 - 00285747 _____ () C:\shldr
2015-01-15 21:19 - 2015-01-15 21:19 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-01-15 21:03 - 2015-01-15 21:03 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-03-16.061-AvastVBoxSVC.exe-2888.log
2015-01-15 20:53 - 2015-01-15 22:46 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Microsoft FxCop
2015-01-15 20:53 - 2015-01-15 20:53 - 46175312 ___RH () C:\Users\icar\Desktop\spyhunterS4.exe
2015-01-15 20:52 - 2015-01-15 20:52 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-52-17.047-AvastVBoxSVC.exe-1996.log
2015-01-15 20:44 - 2015-01-15 20:44 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-44-17.055-AvastVBoxSVC.exe-3960.log
2015-01-15 11:23 - 2015-01-15 11:23 - 00000000 _____ () C:\autoexec.bat
2015-01-15 11:14 - 2015-01-15 11:14 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\icar\Downloads\SpyHunter-Installer.exe
2015-01-15 11:02 - 2015-01-15 11:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-10-02-04.063-AvastVBoxSVC.exe-3844.log
2015-01-15 10:27 - 2015-01-15 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 09:49 - 2015-01-15 09:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\icar\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 13:47 - 2015-01-16 09:58 - 00065532 _____ () C:\Users\icar\Desktop\sprzedaż działki.odt
2015-01-14 10:23 - 2015-01-14 10:24 - 00000197 _____ () C:\WINDOWS\system32\2015-01-14-09-23-07.042-AvastVBoxSVC.exe-3840.log
2015-01-14 08:40 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 08:40 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-13 21:22 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 21:22 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 21:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 21:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 21:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 21:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 21:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 21:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 21:20 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 21:20 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 21:20 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 21:20 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 21:20 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 21:20 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 21:20 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 21:20 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 21:20 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 21:20 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 21:20 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 21:20 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 21:20 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-12 21:44 - 2015-01-14 08:20 - 00000000 ____D () C:\Users\icar\Desktop\138CANON
2015-01-12 19:07 - 2015-01-12 19:08 - 00000197 _____ () C:\WINDOWS\system32\2015-01-12-18-07-02.010-AvastVBoxSVC.exe-4248.log
2015-01-12 09:57 - 2015-01-12 09:58 - 01845591 _____ () C:\Users\icar\Downloads\podatki R.Karczmar grudzień 2014.tif
2015-01-11 18:45 - 2015-01-11 19:04 - 00022925 _____ () C:\Users\icar\Desktop\siemkowice.odt
2015-01-11 18:05 - 2015-01-11 18:36 - 00038170 _____ () C:\Users\icar\Desktop\radny stowarzyszenia.odt
2015-01-11 17:51 - 2015-01-11 17:51 - 00000000 ____D () C:\Users\icar\Downloads\Radosław Karczmar
2015-01-11 17:47 - 2015-01-11 17:47 - 33259750 _____ () C:\Users\icar\Downloads\Radosław Karczmar.rar
2015-01-09 16:46 - 2015-01-09 17:39 - 00050977 _____ () C:\Users\icar\Desktop\konkurs.odt
2015-01-09 16:08 - 2015-01-09 16:32 - 00032769 _____ () C:\Users\icar\Desktop\nagroda.odt
2015-01-09 12:30 - 2015-01-09 12:30 - 00000197 _____ () C:\WINDOWS\system32\2015-01-09-11-30-16.035-AvastVBoxSVC.exe-4628.log
2015-01-09 11:49 - 2015-01-10 17:32 - 00063831 _____ () C:\Users\icar\Desktop\kurenda.odt
2015-01-09 10:36 - 2015-01-09 10:37 - 02059232 _____ () C:\Users\icar\Downloads\Zawiadomienie_o_kontroli.zip
2015-01-08 23:12 - 2015-01-08 23:12 - 00038400 _____ () C:\Users\icar\Downloads\show_pdfdoc.php
2015-01-08 21:21 - 2015-01-08 21:21 - 00020682 _____ () C:\Users\icar\Downloads\Mokri (1).odt
2015-01-08 13:02 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-01-08 13:02 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-01-08 12:59 - 2015-01-08 12:59 - 00000197 _____ () C:\WINDOWS\system32\2015-01-08-11-59-27.030-AvastVBoxSVC.exe-3496.log
2015-01-07 21:20 - 2015-01-13 21:59 - 00000000 ____D () C:\Users\icar\Desktop\back to school
2015-01-07 21:17 - 2015-01-07 21:17 - 00020682 _____ () C:\Users\icar\Downloads\Mokri.odt
2015-01-07 20:43 - 2015-01-07 21:10 - 00020682 _____ () C:\Users\icar\Desktop\Mokri.odt
2015-01-05 20:31 - 2015-01-08 12:32 - 00000000 ____D () C:\Users\icar\Desktop\osmlecz
2015-01-05 13:09 - 2015-01-05 13:10 - 00000022 _____ () C:\Users\icar\Desktop\asus Pątnów.txt
2015-01-04 21:12 - 2015-01-04 21:12 - 01263835 _____ () C:\Users\icar\Downloads\dokumenty.zip
2015-01-04 21:12 - 2015-01-04 21:12 - 00000000 ____D () C:\Users\icar\Downloads\dokumenty
2015-01-04 20:00 - 2015-01-04 21:04 - 00094818 _____ () C:\Users\icar\Desktop\schetynówka.odt
2015-01-01 18:20 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-01-01 18:20 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00172032 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_mdm.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00136192 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_bus.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00018944 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_mdfl.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00015872 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_whnt.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00015360 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_cmnt.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 09:56 - 2013-06-07 12:29 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-26 09:45 - 2013-06-05 19:35 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1084307622-131046002-2435356648-1002
2015-01-26 09:43 - 2013-09-30 05:15 - 01828496 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-26 09:43 - 2013-09-30 05:00 - 00808198 _____ () C:\WINDOWS\system32\perfh015.dat
2015-01-26 09:43 - 2013-09-30 05:00 - 00164014 _____ () C:\WINDOWS\system32\perfc015.dat
2015-01-26 09:34 - 2013-07-05 07:34 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 09:05 - 2013-07-05 07:34 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 09:04 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-26 09:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-25 14:25 - 2013-06-05 21:25 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-25 14:22 - 2013-10-19 12:32 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-24 20:56 - 2013-06-07 12:29 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-24 20:56 - 2012-11-09 12:15 - 00000000 ____D () C:\ProgramData\Intel
2015-01-24 20:56 - 2012-11-09 12:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-24 20:56 - 2012-11-09 12:14 - 00000000 ____D () C:\Program Files\Intel
2015-01-24 20:53 - 2014-07-12 13:51 - 00000000 ____D () C:\Users\icar\AppData\Local\Deployment
2015-01-24 20:52 - 2014-07-12 13:52 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-23 21:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-23 21:17 - 2014-09-03 19:58 - 00001081 _____ () C:\Users\icar\Desktop\Free Download Manager.lnk
2015-01-23 11:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-22 14:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-21 20:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 22:32 - 2014-12-10 18:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-10 18:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 13:45 - 2013-10-19 12:39 - 00000000 ____D () C:\Users\icar
2015-01-14 07:55 - 2013-07-22 08:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 07:51 - 2013-06-07 09:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-04 20:06 - 2014-10-13 12:20 - 00000000 ____D () C:\Program Files (x86)\Wasteland 2
2015-01-02 21:07 - 2013-08-15 19:40 - 00000000 ____D () C:\Users\icar\Documents\CyberLink
2015-01-01 18:48 - 2013-06-09 13:06 - 00000000 ____D () C:\Users\icar\AppData\Roaming\DAEMON Tools Lite
2015-01-01 18:48 - 2013-06-05 21:17 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Azureus
2015-01-01 18:46 - 2013-06-09 10:19 - 00000796 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-01 18:46 - 2013-06-09 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-01 18:46 - 2013-06-09 10:19 - 00000000 ____D () C:\Program Files\CCleaner
 
==================== Files in the root of some directories =======
 
2013-08-16 21:13 - 2013-08-15 09:13 - 0000044 ____H () C:\Program Files (x86)\1aa92753.tmp
2012-11-09 12:28 - 2012-11-09 12:28 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-09 12:24 - 2012-11-09 12:25 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-09 12:25 - 2012-11-09 12:26 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-09 12:23 - 2012-11-09 12:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-09 12:26 - 2012-11-09 12:27 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some content of TEMP:
====================
C:\Users\icar\AppData\Local\Temp\HitmanPro.exe
C:\Users\icar\AppData\Local\Temp\Quarantine.exe
C:\Users\icar\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 09:46
 
==================== End Of Log ============================
 
Done:) Problem still exists though.

 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 AM

Posted 26 January 2015 - 10:49 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1084307622-131046002-2435356648-1002 -> {73C68E13-826B-41AA-B913-A13797172EA8} URL = 
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 icar

icar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 27 January 2015 - 02:43 AM

Hi:)
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by icar (administrator) on KANCELARIA on 26-01-2015 18:32:00
Running from C:\Users\icar\Desktop
Loaded Profiles: icar (Available profiles: icar)
Platform: Windows 8.1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\icar\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-12-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [DellSystemDetect] => C:\Users\icar\AppData\Local\Apps\2.0\L64XY1GN.EKL\2WHETOBD.24E\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-24] (Dell)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1084307622-131046002-2435356648-1002 -> {F1C109EB-3DFA-4141-A2CD-5968B90E8865} URL = http://www.google.com/search?hl=pl&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 31.41.143.2 80.48.52.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-17]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-01-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-10]
StartMenuInternet: Opera - C:\Program Files (x86)\Opera\Opera.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-10] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-10] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-16] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-10] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-05] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-16] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-21] (DT Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 ssm_bus; C:\Windows\System32\drivers\ssm_bus.sys [136192 2014-10-13] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [18944 2014-10-13] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\system32\DRIVERS\ssm_mdm.sys [172032 2014-10-13] (MCCI Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-10] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 TDKLIB; \??\C:\Users\icar\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 18:31 - 2015-01-26 18:31 - 01707939 _____ (Thisisu) C:\Users\icar\Downloads\JRT (4).exe
2015-01-26 18:29 - 2015-01-26 18:29 - 00000197 _____ () C:\WINDOWS\system32\2015-01-26-17-29-43.021-AvastVBoxSVC.exe-3384.log
2015-01-26 18:24 - 2015-01-24 21:32 - 02129920 _____ (Farbar) C:\Users\icar\Desktop\FRST64.exe
2015-01-26 18:21 - 2015-01-26 18:22 - 01707939 _____ (Thisisu) C:\Users\icar\Downloads\JRT (3).exe
2015-01-26 15:37 - 2015-01-26 15:38 - 01217536 _____ () C:\Users\icar\Downloads\prawawewnetrznego.ppt
2015-01-26 13:02 - 2015-01-26 13:02 - 01707939 _____ (Thisisu) C:\Users\icar\Downloads\JRT (2).exe
2015-01-26 10:06 - 2015-01-26 10:06 - 00000193 _____ () C:\WINDOWS\WORDPAD.INI
2015-01-26 09:57 - 2015-01-26 09:57 - 00000613 _____ () C:\Users\icar\Desktop\JRT.txt
2015-01-26 09:51 - 2015-01-26 09:51 - 01707939 _____ (Thisisu) C:\Users\icar\Downloads\JRT (1).exe
2015-01-26 09:51 - 2015-01-26 09:51 - 00001048 _____ () C:\Users\icar\Desktop\malwarebytes.txt
2015-01-26 09:16 - 2015-01-26 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 09:16 - 2015-01-26 09:16 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 09:16 - 2015-01-26 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 09:16 - 2015-01-26 09:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 09:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-26 09:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-26 09:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-26 09:10 - 2015-01-26 09:10 - 00001176 _____ () C:\Users\icar\Desktop\AdwCleaner[S2].txt
2015-01-26 09:07 - 2015-01-26 09:07 - 00000197 _____ () C:\WINDOWS\system32\2015-01-26-08-07-25.005-AvastVBoxSVC.exe-2032.log
2015-01-26 08:58 - 2015-01-26 09:39 - 00037452 _____ () C:\Users\icar\Desktop\Eko-Biała.odt
2015-01-26 08:57 - 2015-01-26 08:57 - 02194432 _____ () C:\Users\icar\Downloads\AdwCleaner.exe
2015-01-25 15:09 - 2015-01-26 18:33 - 00020921 _____ () C:\Users\icar\Desktop\FRST.txt
2015-01-25 14:28 - 2015-01-25 14:28 - 02129920 _____ (Farbar) C:\Users\icar\Downloads\FRST64 (2).exe
2015-01-25 14:25 - 2015-01-25 14:27 - 00000197 _____ () C:\WINDOWS\system32\2015-01-25-13-25-55.014-AvastVBoxSVC.exe-4936.log
2015-01-25 14:23 - 2015-01-25 14:25 - 00307536 _____ () C:\WINDOWS\Minidump\012515-41890-01.dmp
2015-01-25 14:23 - 2015-01-25 14:23 - 709879417 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-25 14:23 - 2015-01-25 14:23 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-24 21:33 - 2015-01-25 15:12 - 00036114 _____ () C:\Users\icar\Downloads\Addition.txt
2015-01-24 21:32 - 2015-01-26 18:32 - 00000000 ____D () C:\FRST
2015-01-24 21:32 - 2015-01-26 09:59 - 00043719 _____ () C:\Users\icar\Downloads\FRST.txt
2015-01-24 21:32 - 2015-01-24 21:32 - 02129920 _____ (Farbar) C:\Users\icar\Downloads\FRST64.exe
2015-01-24 21:32 - 2015-01-24 21:32 - 02129920 _____ (Farbar) C:\Users\icar\Downloads\FRST64 (1).exe
2015-01-24 20:56 - 2015-01-24 20:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-01-24 20:56 - 2013-09-03 22:53 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-01-24 20:56 - 2013-09-03 22:53 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2015-01-24 20:51 - 2015-01-24 20:51 - 00417064 _____ () C:\Users\icar\Downloads\DellSystemDetect.exe
2015-01-23 22:01 - 2015-01-23 22:03 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-21-01-18.020-AvastVBoxSVC.exe-3440.log
2015-01-23 21:24 - 2015-01-23 21:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\icar\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-23 21:18 - 2015-01-23 21:27 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Free Download Manager
2015-01-23 21:17 - 2015-01-23 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-01-23 21:17 - 2015-01-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2015-01-23 21:14 - 2015-01-23 21:14 - 08059224 _____ (FreeDownloadManager.ORG ) C:\Users\icar\Downloads\fdminst.exe
2015-01-23 21:09 - 2015-01-23 21:09 - 04176437 _____ () C:\Users\icar\Downloads\tdsskiller (1).zip
2015-01-23 21:08 - 2015-01-23 21:08 - 04176437 _____ () C:\Users\icar\Downloads\tdsskiller.zip
2015-01-23 13:45 - 2015-01-23 13:45 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-12-45-32.007-AvastVBoxSVC.exe-4340.log
2015-01-23 13:43 - 2015-01-26 18:26 - 00004120 _____ () C:\WINDOWS\PFRO.log
2015-01-23 13:29 - 2015-01-23 13:29 - 02186752 _____ () C:\Users\icar\Downloads\adwcleaner_4.108.exe
2015-01-23 11:23 - 2015-01-23 11:28 - 00012052 _____ () C:\Users\icar\Desktop\biala.odt
2015-01-22 10:10 - 2015-01-22 10:10 - 00000130 _____ () C:\Users\icar\Desktop\1.txt
2015-01-22 08:39 - 2015-01-22 08:39 - 02347384 _____ (ESET) C:\Users\icar\Downloads\esetsmartinstaller_plk.exe
2015-01-22 08:39 - 2015-01-22 08:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-21 22:37 - 2015-01-26 18:27 - 00002789 _____ () C:\WINDOWS\setupact.log
2015-01-21 22:37 - 2015-01-21 22:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-21 21:22 - 2015-01-21 21:35 - 00047874 _____ () C:\Users\icar\Desktop\wołczyn pogrzeb.odt
2015-01-21 21:20 - 2015-01-26 18:28 - 00659568 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-21 20:34 - 2015-01-21 20:34 - 00000665 _____ () C:\INSTALL.LOG
2015-01-21 20:34 - 2015-01-21 20:34 - 00000000 ____D () C:\WINDOWS\027B5748C40941FE949B7B81A8304EF4.TMP
2015-01-20 13:52 - 2015-01-22 10:11 - 00025344 _____ () C:\Users\icar\Desktop\cofnięcie pozew pątnów.odt
2015-01-20 13:15 - 2015-01-20 13:15 - 00017327 _____ () C:\Users\icar\Downloads\uchwała o uchyleniu uchwału o przydomowych oczyszczalniach ścieków Gmina Sokolniki.odt
2015-01-20 13:13 - 2015-01-20 13:14 - 00058058 _____ () C:\Users\icar\Desktop\utstalenie stawek opłat Gmina Sokolniki - uchwała 19.01.2015 r.odt
2015-01-20 13:11 - 2015-01-20 13:11 - 00021541 _____ () C:\Users\icar\Downloads\utstalenie stawek opłat Gmina Sokolniki - uchwała 19.01.2015 r.odt
2015-01-20 12:39 - 2015-01-20 12:39 - 00016004 _____ () C:\Users\icar\Downloads\AKtPismo do Burmistrza 20 stycznia 2015 roku.odt
2015-01-20 10:47 - 2015-01-20 10:47 - 00012479 _____ () C:\Users\icar\Downloads\uchwała w sparwie studium.odt
2015-01-19 19:19 - 2015-01-19 19:19 - 09211481 _____ () C:\Users\icar\Downloads\Szczyt.zip
2015-01-16 11:53 - 2015-01-16 11:54 - 05609736 _____ (Swearware) C:\Users\icar\Downloads\ComboFix (2).exe
2015-01-16 11:53 - 2015-01-16 11:54 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-10-53-54.014-AvastVBoxSVC.exe-3992.log
2015-01-16 11:32 - 2015-01-16 11:32 - 05609736 _____ (Swearware) C:\Users\icar\Downloads\ComboFix (1).exe
2015-01-16 11:11 - 2015-01-16 13:36 - 00062683 _____ () C:\Users\icar\Desktop\dodatek mieszkaniowy.odt
2015-01-16 11:04 - 2015-01-16 11:05 - 05609736 _____ (Swearware) C:\Users\icar\Downloads\ComboFix.exe
2015-01-16 10:28 - 2015-01-22 13:32 - 00000000 ____D () C:\EEK
2015-01-16 10:28 - 2015-01-16 10:28 - 00000757 _____ () C:\Users\icar\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-16 10:20 - 2015-01-16 10:26 - 166547056 _____ () C:\Users\icar\Downloads\EmsisoftEmergencyKit.exe
2015-01-16 10:06 - 2015-01-16 10:06 - 00000247 _____ () C:\WINDOWS\system32\2015-01-16-09-06-35.057-aswFe.exe-6432.log
2015-01-16 09:57 - 2015-01-16 10:06 - 00000247 _____ () C:\WINDOWS\system32\2015-01-16-08-57-22.094-aswFe.exe-4416.log
2015-01-16 09:57 - 2015-01-16 09:57 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-08-57-17.096-AvastVBoxSVC.exe-6152.log
2015-01-16 09:55 - 2015-01-16 09:55 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-01-16 09:19 - 2015-01-16 09:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-16 09:18 - 2015-01-16 09:18 - 11225840 _____ (SurfRight B.V.) C:\Users\icar\Downloads\HitmanPro_x64.exe
2015-01-16 09:10 - 2015-01-16 09:11 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\icar\Downloads\tdsskiller (1).exe
2015-01-16 09:03 - 2015-01-26 09:03 - 00000000 ____D () C:\AdwCleaner
2015-01-16 08:58 - 2015-01-23 22:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-16 08:57 - 2015-01-16 08:57 - 01707939 _____ (Thisisu) C:\Users\icar\Downloads\JRT.exe
2015-01-16 08:56 - 2015-01-16 08:56 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\icar\Downloads\tdsskiller.exe
2015-01-15 22:59 - 2015-01-15 23:00 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-21-59-22.053-AvastVBoxSVC.exe-4516.log
2015-01-15 21:53 - 2015-01-15 21:53 - 00024052 _____ () C:\Users\icar\Downloads\Zażalenie II.odt
2015-01-15 21:27 - 2015-01-15 21:28 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-27-42.010-AvastVBoxSVC.exe-3644.log
2015-01-15 21:23 - 2015-01-15 21:23 - 00093550 _____ () C:\spyhunter.fix
2015-01-15 21:23 - 2015-01-15 21:19 - 00008192 _____ () C:\shldr.mbr
2015-01-15 21:23 - 2012-11-02 16:23 - 00285747 _____ () C:\shldr
2015-01-15 21:19 - 2015-01-15 21:19 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-01-15 21:03 - 2015-01-15 21:03 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-03-16.061-AvastVBoxSVC.exe-2888.log
2015-01-15 20:53 - 2015-01-15 22:46 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Microsoft FxCop
2015-01-15 20:53 - 2015-01-15 20:53 - 46175312 ___RH () C:\Users\icar\Desktop\spyhunterS4.exe
2015-01-15 20:52 - 2015-01-15 20:52 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-52-17.047-AvastVBoxSVC.exe-1996.log
2015-01-15 20:44 - 2015-01-15 20:44 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-44-17.055-AvastVBoxSVC.exe-3960.log
2015-01-15 11:23 - 2015-01-15 11:23 - 00000000 _____ () C:\autoexec.bat
2015-01-15 11:14 - 2015-01-15 11:14 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\icar\Downloads\SpyHunter-Installer.exe
2015-01-15 11:02 - 2015-01-15 11:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-10-02-04.063-AvastVBoxSVC.exe-3844.log
2015-01-15 10:27 - 2015-01-15 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 09:49 - 2015-01-15 09:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\icar\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 13:47 - 2015-01-16 09:58 - 00065532 _____ () C:\Users\icar\Desktop\sprzedaż działki.odt
2015-01-14 10:23 - 2015-01-14 10:24 - 00000197 _____ () C:\WINDOWS\system32\2015-01-14-09-23-07.042-AvastVBoxSVC.exe-3840.log
2015-01-14 08:40 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 08:40 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-13 21:22 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 21:22 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 21:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 21:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 21:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 21:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 21:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 21:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 21:20 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 21:20 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 21:20 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 21:20 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 21:20 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 21:20 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 21:20 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 21:20 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 21:20 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 21:20 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 21:20 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 21:20 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 21:20 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-12 21:44 - 2015-01-14 08:20 - 00000000 ____D () C:\Users\icar\Desktop\138CANON
2015-01-12 19:07 - 2015-01-12 19:08 - 00000197 _____ () C:\WINDOWS\system32\2015-01-12-18-07-02.010-AvastVBoxSVC.exe-4248.log
2015-01-12 09:57 - 2015-01-12 09:58 - 01845591 _____ () C:\Users\icar\Downloads\podatki R.Karczmar grudzień 2014.tif
2015-01-11 18:45 - 2015-01-11 19:04 - 00022925 _____ () C:\Users\icar\Desktop\siemkowice.odt
2015-01-11 18:05 - 2015-01-11 18:36 - 00038170 _____ () C:\Users\icar\Desktop\radny stowarzyszenia.odt
2015-01-11 17:51 - 2015-01-11 17:51 - 00000000 ____D () C:\Users\icar\Downloads\Radosław Karczmar
2015-01-11 17:47 - 2015-01-11 17:47 - 33259750 _____ () C:\Users\icar\Downloads\Radosław Karczmar.rar
2015-01-09 16:46 - 2015-01-09 17:39 - 00050977 _____ () C:\Users\icar\Desktop\konkurs.odt
2015-01-09 16:08 - 2015-01-09 16:32 - 00032769 _____ () C:\Users\icar\Desktop\nagroda.odt
2015-01-09 12:30 - 2015-01-09 12:30 - 00000197 _____ () C:\WINDOWS\system32\2015-01-09-11-30-16.035-AvastVBoxSVC.exe-4628.log
2015-01-09 11:49 - 2015-01-10 17:32 - 00063831 _____ () C:\Users\icar\Desktop\kurenda.odt
2015-01-09 10:36 - 2015-01-09 10:37 - 02059232 _____ () C:\Users\icar\Downloads\Zawiadomienie_o_kontroli.zip
2015-01-08 23:12 - 2015-01-08 23:12 - 00038400 _____ () C:\Users\icar\Downloads\show_pdfdoc.php
2015-01-08 21:21 - 2015-01-08 21:21 - 00020682 _____ () C:\Users\icar\Downloads\Mokri (1).odt
2015-01-08 13:02 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-01-08 13:02 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-01-08 12:59 - 2015-01-08 12:59 - 00000197 _____ () C:\WINDOWS\system32\2015-01-08-11-59-27.030-AvastVBoxSVC.exe-3496.log
2015-01-07 21:20 - 2015-01-13 21:59 - 00000000 ____D () C:\Users\icar\Desktop\back to school
2015-01-07 21:17 - 2015-01-07 21:17 - 00020682 _____ () C:\Users\icar\Downloads\Mokri.odt
2015-01-07 20:43 - 2015-01-07 21:10 - 00020682 _____ () C:\Users\icar\Desktop\Mokri.odt
2015-01-05 20:31 - 2015-01-08 12:32 - 00000000 ____D () C:\Users\icar\Desktop\osmlecz
2015-01-05 13:09 - 2015-01-05 13:10 - 00000022 _____ () C:\Users\icar\Desktop\asus Pątnów.txt
2015-01-04 21:12 - 2015-01-04 21:12 - 01263835 _____ () C:\Users\icar\Downloads\dokumenty.zip
2015-01-04 21:12 - 2015-01-04 21:12 - 00000000 ____D () C:\Users\icar\Downloads\dokumenty
2015-01-04 20:00 - 2015-01-04 21:04 - 00094818 _____ () C:\Users\icar\Desktop\schetynówka.odt
2015-01-01 18:20 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-01-01 18:20 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00172032 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_mdm.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00136192 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_bus.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00018944 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_mdfl.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00015872 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_whnt.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00015360 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_cmnt.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 18:27 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-26 18:27 - 2013-07-05 07:34 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-26 15:56 - 2013-06-07 12:29 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-26 15:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-26 15:34 - 2013-07-05 07:34 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 14:12 - 2013-06-05 19:35 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1084307622-131046002-2435356648-1002
2015-01-26 14:08 - 2013-09-30 05:15 - 01828496 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-26 14:08 - 2013-09-30 05:00 - 00808198 _____ () C:\WINDOWS\system32\perfh015.dat
2015-01-26 14:08 - 2013-09-30 05:00 - 00164014 _____ () C:\WINDOWS\system32\perfc015.dat
2015-01-25 14:25 - 2013-06-05 21:25 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-25 14:22 - 2013-10-19 12:32 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-24 20:56 - 2013-06-07 12:29 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-24 20:56 - 2012-11-09 12:15 - 00000000 ____D () C:\ProgramData\Intel
2015-01-24 20:56 - 2012-11-09 12:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-24 20:56 - 2012-11-09 12:14 - 00000000 ____D () C:\Program Files\Intel
2015-01-24 20:53 - 2014-07-12 13:51 - 00000000 ____D () C:\Users\icar\AppData\Local\Deployment
2015-01-24 20:52 - 2014-07-12 13:52 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-23 21:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-23 21:17 - 2014-09-03 19:58 - 00001081 _____ () C:\Users\icar\Desktop\Free Download Manager.lnk
2015-01-23 11:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-21 20:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 22:32 - 2014-12-10 18:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-10 18:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 13:45 - 2013-10-19 12:39 - 00000000 ____D () C:\Users\icar
2015-01-14 07:55 - 2013-07-22 08:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 07:51 - 2013-06-07 09:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-04 20:06 - 2014-10-13 12:20 - 00000000 ____D () C:\Program Files (x86)\Wasteland 2
2015-01-02 21:07 - 2013-08-15 19:40 - 00000000 ____D () C:\Users\icar\Documents\CyberLink
2015-01-01 18:48 - 2013-06-09 13:06 - 00000000 ____D () C:\Users\icar\AppData\Roaming\DAEMON Tools Lite
2015-01-01 18:48 - 2013-06-05 21:17 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Azureus
2015-01-01 18:46 - 2013-06-09 10:19 - 00000796 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-01 18:46 - 2013-06-09 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-01 18:46 - 2013-06-09 10:19 - 00000000 ____D () C:\Program Files\CCleaner
 
==================== Files in the root of some directories =======
 
2013-08-16 21:13 - 2013-08-15 09:13 - 0000044 ____H () C:\Program Files (x86)\1aa92753.tmp
2012-11-09 12:28 - 2012-11-09 12:28 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-09 12:24 - 2012-11-09 12:25 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-09 12:25 - 2012-11-09 12:26 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-09 12:23 - 2012-11-09 12:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-09 12:26 - 2012-11-09 12:27 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 09:46
 
==================== End Of Log ============================
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by icar at 2015-01-26 18:25:33 Run:1
Running from C:\Users\icar\Desktop
Loaded Profiles: icar (Available profiles: icar)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1084307622-131046002-2435356648-1002 -> {73C68E13-826B-41AA-B913-A13797172EA8} URL = 
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
EmptyTemp:
*****************
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1084307622-131046002-2435356648-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73C68E13-826B-41AA-B913-A13797172EA8}" => Key deleted successfully.
HKCR\CLSID\{73C68E13-826B-41AA-B913-A13797172EA8} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
EmptyTemp: => Removed 367.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:25:48 ====
 
Eset scan found nothing but sadly problem still exists. 

 



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 AM

Posted 27 January 2015 - 11:42 AM

This just happens in Opera?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 icar

icar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 28 January 2015 - 02:21 AM

I barely use any other browser but so far i don`t have this problem while using explorer.



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 AM

Posted 28 January 2015 - 10:35 AM

Can you reset/reinstall Opera and see if it solves the problem?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 icar

icar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 29 January 2015 - 03:20 AM

I have uninstalled opera, deleted folder, installed again. Problem still exists.



#12 icar

icar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 29 January 2015 - 05:02 AM

just checked, problem exists in internet explorer too.



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 AM

Posted 29 January 2015 - 10:22 AM

Then we need a fresh FRST Scan. :)
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 icar

icar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 29 January 2015 - 03:42 PM

If it does matters now i have similiar problem in my smartphone. One of the nsfw sections of 4chan seems to be a source of infection:)

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by icar (administrator) on KANCELARIA on 29-01-2015 21:38:05
Running from C:\Users\icar\Desktop
Loaded Profiles: icar (Available profiles: icar)
Platform: Windows 8.1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
() C:\Program Files (x86)\Opera\27.0.1689.54\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-12-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\...\Run: [DellSystemDetect] => C:\Users\icar\AppData\Local\Apps\2.0\L64XY1GN.EKL\2WHETOBD.24E\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-24] (Dell)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1084307622-131046002-2435356648-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/
SearchScopes: HKU\S-1-5-21-1084307622-131046002-2435356648-1002 -> {F1C109EB-3DFA-4141-A2CD-5968B90E8865} URL = http://www.google.com/search?hl=pl&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 31.41.143.2 80.48.52.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-17]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-01-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\icar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-10] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-10] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-16] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-10] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-05] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-16] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-21] (DT Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 ssm_bus; C:\Windows\System32\drivers\ssm_bus.sys [136192 2014-10-13] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [18944 2014-10-13] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\system32\DRIVERS\ssm_mdm.sys [172032 2014-10-13] (MCCI Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-10] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 TDKLIB; \??\C:\Users\icar\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 21:38 - 2015-01-29 21:38 - 00019662 _____ () C:\Users\icar\Desktop\FRST.txt
2015-01-29 21:37 - 2015-01-29 21:37 - 00000000 ____D () C:\Users\icar\Desktop\FRST-OlderVersion
2015-01-28 22:15 - 2015-01-28 22:15 - 00000000 ____D () C:\Users\icar\Downloads\xvm-5.5.1.3
2015-01-28 22:14 - 2015-01-28 22:14 - 09206988 _____ () C:\Users\icar\Downloads\xvm-5.5.1.3.zip
2015-01-28 20:36 - 2015-01-28 21:09 - 00000000 ____D () C:\Users\icar\Desktop\uchwaly___uzasadnienia_-_do_ostatniej_korekty
2015-01-28 20:28 - 2015-01-28 20:28 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-01-28 20:28 - 2015-01-28 20:28 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-01-28 20:25 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 18566296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 16009120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-01-28 20:25 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-01-28 20:25 - 2015-01-10 09:07 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-01-28 20:23 - 2015-01-28 20:22 - 00175761 _____ () C:\Users\icar\Desktop\uchwaly___uzasadnienia_-_do_ostatniej_korekty.zip
2015-01-28 20:22 - 2015-01-28 20:22 - 00175761 _____ () C:\Users\icar\Downloads\uchwaly___uzasadnienia_-_do_ostatniej_korekty.zip
2015-01-28 18:47 - 2015-01-29 20:36 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-28 18:47 - 2015-01-28 18:47 - 00003864 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1422467275
2015-01-28 18:47 - 2015-01-28 18:47 - 00001149 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-01-28 18:47 - 2015-01-28 18:47 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-28 08:55 - 2015-01-29 12:21 - 00051942 _____ () C:\Users\icar\Desktop\Karolina Kubera .odt
2015-01-26 18:33 - 2015-01-26 18:34 - 00031585 _____ () C:\Users\icar\Desktop\Addition.txt
2015-01-26 18:29 - 2015-01-26 18:29 - 00000197 _____ () C:\WINDOWS\system32\2015-01-26-17-29-43.021-AvastVBoxSVC.exe-3384.log
2015-01-26 18:24 - 2015-01-29 21:37 - 02130432 _____ (Farbar) C:\Users\icar\Desktop\FRST64.exe
2015-01-26 10:06 - 2015-01-26 10:06 - 00000193 _____ () C:\WINDOWS\WORDPAD.INI
2015-01-26 09:57 - 2015-01-26 09:57 - 00000613 _____ () C:\Users\icar\Desktop\JRT.txt
2015-01-26 09:51 - 2015-01-26 09:51 - 00001048 _____ () C:\Users\icar\Desktop\malwarebytes.txt
2015-01-26 09:16 - 2015-01-26 18:56 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 09:16 - 2015-01-26 09:16 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 09:16 - 2015-01-26 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 09:16 - 2015-01-26 09:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 09:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-26 09:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-26 09:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-26 09:10 - 2015-01-26 09:10 - 00001176 _____ () C:\Users\icar\Desktop\AdwCleaner[S2].txt
2015-01-26 09:07 - 2015-01-26 09:07 - 00000197 _____ () C:\WINDOWS\system32\2015-01-26-08-07-25.005-AvastVBoxSVC.exe-2032.log
2015-01-26 08:58 - 2015-01-28 08:46 - 00038110 _____ () C:\Users\icar\Desktop\Eko-Biała.odt
2015-01-25 14:25 - 2015-01-25 14:27 - 00000197 _____ () C:\WINDOWS\system32\2015-01-25-13-25-55.014-AvastVBoxSVC.exe-4936.log
2015-01-25 14:23 - 2015-01-25 14:25 - 00307536 _____ () C:\WINDOWS\Minidump\012515-41890-01.dmp
2015-01-25 14:23 - 2015-01-25 14:23 - 709879417 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-25 14:23 - 2015-01-25 14:23 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-24 21:32 - 2015-01-29 21:38 - 00000000 ____D () C:\FRST
2015-01-24 20:56 - 2015-01-24 20:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-01-24 20:56 - 2013-09-03 22:53 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-01-24 20:56 - 2013-09-03 22:53 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2015-01-23 22:01 - 2015-01-23 22:03 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-21-01-18.020-AvastVBoxSVC.exe-3440.log
2015-01-23 21:18 - 2015-01-29 10:21 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Free Download Manager
2015-01-23 21:17 - 2015-01-23 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2015-01-23 21:17 - 2015-01-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2015-01-23 13:45 - 2015-01-23 13:45 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-12-45-32.007-AvastVBoxSVC.exe-4340.log
2015-01-23 13:43 - 2015-01-26 18:26 - 00004120 _____ () C:\WINDOWS\PFRO.log
2015-01-23 11:23 - 2015-01-23 11:28 - 00012052 _____ () C:\Users\icar\Desktop\biala.odt
2015-01-22 10:10 - 2015-01-22 10:10 - 00000130 _____ () C:\Users\icar\Desktop\1.txt
2015-01-22 08:39 - 2015-01-22 08:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-21 22:37 - 2015-01-29 11:27 - 00003290 _____ () C:\WINDOWS\setupact.log
2015-01-21 22:37 - 2015-01-21 22:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-21 21:22 - 2015-01-21 21:35 - 00047874 _____ () C:\Users\icar\Desktop\wołczyn pogrzeb.odt
2015-01-21 21:20 - 2015-01-29 20:57 - 01026000 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-21 20:34 - 2015-01-21 20:34 - 00000665 _____ () C:\INSTALL.LOG
2015-01-21 20:34 - 2015-01-21 20:34 - 00000000 ____D () C:\WINDOWS\027B5748C40941FE949B7B81A8304EF4.TMP
2015-01-20 13:52 - 2015-01-22 10:11 - 00025344 _____ () C:\Users\icar\Desktop\cofnięcie pozew pątnów.odt
2015-01-20 13:13 - 2015-01-20 13:14 - 00058058 _____ () C:\Users\icar\Desktop\utstalenie stawek opłat Gmina Sokolniki - uchwała 19.01.2015 r.odt
2015-01-16 11:53 - 2015-01-16 11:54 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-10-53-54.014-AvastVBoxSVC.exe-3992.log
2015-01-16 11:11 - 2015-01-16 13:36 - 00062683 _____ () C:\Users\icar\Desktop\dodatek mieszkaniowy.odt
2015-01-16 10:28 - 2015-01-22 13:32 - 00000000 ____D () C:\EEK
2015-01-16 10:28 - 2015-01-16 10:28 - 00000757 _____ () C:\Users\icar\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-16 10:06 - 2015-01-16 10:06 - 00000247 _____ () C:\WINDOWS\system32\2015-01-16-09-06-35.057-aswFe.exe-6432.log
2015-01-16 09:57 - 2015-01-16 10:06 - 00000247 _____ () C:\WINDOWS\system32\2015-01-16-08-57-22.094-aswFe.exe-4416.log
2015-01-16 09:57 - 2015-01-16 09:57 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-08-57-17.096-AvastVBoxSVC.exe-6152.log
2015-01-16 09:55 - 2015-01-16 09:55 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-01-16 09:19 - 2015-01-16 09:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-16 09:03 - 2015-01-26 09:03 - 00000000 ____D () C:\AdwCleaner
2015-01-16 08:58 - 2015-01-23 22:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-15 22:59 - 2015-01-15 23:00 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-21-59-22.053-AvastVBoxSVC.exe-4516.log
2015-01-15 21:27 - 2015-01-15 21:28 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-27-42.010-AvastVBoxSVC.exe-3644.log
2015-01-15 21:23 - 2015-01-15 21:23 - 00093550 _____ () C:\spyhunter.fix
2015-01-15 21:23 - 2015-01-15 21:19 - 00008192 _____ () C:\shldr.mbr
2015-01-15 21:23 - 2012-11-02 16:23 - 00285747 _____ () C:\shldr
2015-01-15 21:19 - 2015-01-15 21:19 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-01-15 21:03 - 2015-01-15 21:03 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-03-16.061-AvastVBoxSVC.exe-2888.log
2015-01-15 20:53 - 2015-01-15 22:46 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Microsoft FxCop
2015-01-15 20:53 - 2015-01-15 20:53 - 46175312 ___RH () C:\Users\icar\Desktop\spyhunterS4.exe
2015-01-15 20:52 - 2015-01-15 20:52 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-52-17.047-AvastVBoxSVC.exe-1996.log
2015-01-15 20:44 - 2015-01-15 20:44 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-44-17.055-AvastVBoxSVC.exe-3960.log
2015-01-15 11:23 - 2015-01-15 11:23 - 00000000 _____ () C:\autoexec.bat
2015-01-15 11:02 - 2015-01-15 11:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-10-02-04.063-AvastVBoxSVC.exe-3844.log
2015-01-15 10:27 - 2015-01-15 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 13:47 - 2015-01-16 09:58 - 00065532 _____ () C:\Users\icar\Desktop\sprzedaż działki.odt
2015-01-14 10:23 - 2015-01-14 10:24 - 00000197 _____ () C:\WINDOWS\system32\2015-01-14-09-23-07.042-AvastVBoxSVC.exe-3840.log
2015-01-14 08:40 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-14 08:40 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-13 21:22 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 21:22 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 21:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 21:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 21:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 21:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 21:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 21:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 21:20 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 21:20 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 21:20 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 21:20 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 21:20 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 21:20 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 21:20 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 21:20 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 21:20 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 21:20 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 21:20 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 21:20 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 21:20 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 21:20 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 21:20 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-12 21:44 - 2015-01-14 08:20 - 00000000 ____D () C:\Users\icar\Desktop\138CANON
2015-01-12 19:07 - 2015-01-12 19:08 - 00000197 _____ () C:\WINDOWS\system32\2015-01-12-18-07-02.010-AvastVBoxSVC.exe-4248.log
2015-01-11 18:45 - 2015-01-11 19:04 - 00022925 _____ () C:\Users\icar\Desktop\siemkowice.odt
2015-01-11 18:05 - 2015-01-11 18:36 - 00038170 _____ () C:\Users\icar\Desktop\radny stowarzyszenia.odt
2015-01-09 16:46 - 2015-01-09 17:39 - 00050977 _____ () C:\Users\icar\Desktop\konkurs.odt
2015-01-09 16:08 - 2015-01-09 16:32 - 00032769 _____ () C:\Users\icar\Desktop\nagroda.odt
2015-01-09 12:30 - 2015-01-09 12:30 - 00000197 _____ () C:\WINDOWS\system32\2015-01-09-11-30-16.035-AvastVBoxSVC.exe-4628.log
2015-01-09 11:49 - 2015-01-10 17:32 - 00063831 _____ () C:\Users\icar\Desktop\kurenda.odt
2015-01-08 13:02 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-01-08 13:02 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-01-08 12:59 - 2015-01-08 12:59 - 00000197 _____ () C:\WINDOWS\system32\2015-01-08-11-59-27.030-AvastVBoxSVC.exe-3496.log
2015-01-07 21:20 - 2015-01-27 14:53 - 00000000 ____D () C:\Users\icar\Desktop\back to school
2015-01-07 20:43 - 2015-01-07 21:10 - 00020682 _____ () C:\Users\icar\Desktop\Mokri.odt
2015-01-05 20:31 - 2015-01-08 12:32 - 00000000 ____D () C:\Users\icar\Desktop\osmlecz
2015-01-05 13:09 - 2015-01-05 13:10 - 00000022 _____ () C:\Users\icar\Desktop\asus Pątnów.txt
2015-01-04 20:00 - 2015-01-04 21:04 - 00094818 _____ () C:\Users\icar\Desktop\schetynówka.odt
2015-01-01 18:20 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-01-01 18:20 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00172032 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_mdm.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00136192 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_bus.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00018944 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_mdfl.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00015872 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_whnt.sys
2015-01-01 18:19 - 2014-10-13 06:57 - 00015360 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssm_cmnt.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 21:34 - 2013-07-05 07:34 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 21:30 - 2013-09-30 05:15 - 01828496 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-29 21:30 - 2013-09-30 05:00 - 00808198 _____ () C:\WINDOWS\system32\perfh015.dat
2015-01-29 21:30 - 2013-09-30 05:00 - 00164014 _____ () C:\WINDOWS\system32\perfc015.dat
2015-01-29 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-29 20:56 - 2013-06-07 12:29 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-29 20:33 - 2013-07-05 07:34 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 21:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-28 21:41 - 2013-06-05 19:35 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1084307622-131046002-2435356648-1002
2015-01-28 20:28 - 2013-10-19 12:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-28 18:48 - 2013-11-13 22:31 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Opera Software
2015-01-28 18:48 - 2013-11-13 22:31 - 00000000 ____D () C:\Users\icar\AppData\Local\Opera Software
2015-01-26 18:27 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-26 15:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-25 14:25 - 2013-06-05 21:25 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-25 14:22 - 2013-10-19 12:32 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-24 21:20 - 2014-12-10 18:30 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-12-10 18:30 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 20:56 - 2013-06-07 12:29 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-24 20:56 - 2012-11-09 12:15 - 00000000 ____D () C:\ProgramData\Intel
2015-01-24 20:56 - 2012-11-09 12:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-24 20:56 - 2012-11-09 12:14 - 00000000 ____D () C:\Program Files\Intel
2015-01-24 20:53 - 2014-07-12 13:51 - 00000000 ____D () C:\Users\icar\AppData\Local\Deployment
2015-01-24 20:52 - 2014-07-12 13:52 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-23 21:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-23 21:17 - 2014-09-03 19:58 - 00001081 _____ () C:\Users\icar\Desktop\Free Download Manager.lnk
2015-01-21 20:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-16 13:45 - 2013-10-19 12:39 - 00000000 ____D () C:\Users\icar
2015-01-16 07:41 - 2014-06-02 19:14 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-06-02 19:14 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2013-10-28 21:01 - 01514528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-01-16 07:41 - 2013-10-28 21:01 - 01278920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-01-14 07:55 - 2013-07-22 08:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 07:51 - 2013-06-07 09:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-10 09:07 - 2014-11-18 20:28 - 02902456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-01-10 09:07 - 2014-01-23 19:04 - 14115944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-01-10 09:07 - 2013-10-17 20:05 - 03298816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-01-10 09:07 - 2013-10-17 20:05 - 00994712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-01-10 09:07 - 2013-10-17 20:05 - 00877488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-01-10 09:07 - 2013-10-17 20:05 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-01-10 09:07 - 2013-10-17 20:05 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-01-10 09:07 - 2013-10-17 20:05 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-01-10 00:30 - 2013-10-19 12:33 - 06860432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-01-10 00:30 - 2013-10-19 12:33 - 03517256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-01-10 00:29 - 2013-10-19 12:33 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-01-10 00:29 - 2013-10-19 12:33 - 01097872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-01-10 00:29 - 2013-10-19 12:33 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-01-10 00:29 - 2013-10-19 12:33 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-01-10 00:29 - 2013-10-19 12:33 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-01-10 00:29 - 2013-10-19 12:33 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-01-09 20:47 - 2013-10-19 12:33 - 04173527 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-01-04 20:06 - 2014-10-13 12:20 - 00000000 ____D () C:\Program Files (x86)\Wasteland 2
2015-01-02 21:07 - 2013-08-15 19:40 - 00000000 ____D () C:\Users\icar\Documents\CyberLink
2015-01-01 18:48 - 2013-06-09 13:06 - 00000000 ____D () C:\Users\icar\AppData\Roaming\DAEMON Tools Lite
2015-01-01 18:48 - 2013-06-05 21:17 - 00000000 ____D () C:\Users\icar\AppData\Roaming\Azureus
2015-01-01 18:46 - 2013-06-09 10:19 - 00000796 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-01 18:46 - 2013-06-09 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-01 18:46 - 2013-06-09 10:19 - 00000000 ____D () C:\Program Files\CCleaner
 
==================== Files in the root of some directories =======
 
2013-08-16 21:13 - 2013-08-15 09:13 - 0000044 ____H () C:\Program Files (x86)\1aa92753.tmp
2012-11-09 12:28 - 2012-11-09 12:28 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-09 12:24 - 2012-11-09 12:25 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-09 12:25 - 2012-11-09 12:26 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-09 12:23 - 2012-11-09 12:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-09 12:26 - 2012-11-09 12:27 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 20:13
 
==================== End Of Log ============================


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 AM

Posted 30 January 2015 - 02:34 AM

What do you mean with nsfw sections? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users