Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adultcameras.info popup


  • This topic is locked This topic is locked
5 replies to this topic

#1 Acidburn6

Acidburn6

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 13 February 2015 - 10:58 AM

Hello

 

My laptop is infected with adultcameras.info popup virus. I had this popup couple weeks ago but it stopped after I refreshed AdblockPlus filter list, but now it started to show up again. I've seen there is similar problem here:

http://www.bleepingcomputer.com/forums/t/565180/need-help-my-pc-infected-with-adultcamerasinfo-popup/

so i've decided to solve it with your assistance.

 

EDIT:

AdwCleaner log:

# AdwCleaner v4.110 - Logfile created 13/02/2015 at 17:02:44
# Updated 05/02/2015 by Xplode
# Database : 2015-02-13.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Stacho - STACHO-KOMPUTER
# Running from : C:\Users\Stacho\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\Interenet Optimizer
Folder Deleted : C:\ProgramData\MiniApp
Folder Deleted : C:\ProgramData\AdTrustMedia
Folder Deleted : C:\ProgramData\671798280626a41a
Folder Deleted : C:\Program Files (x86)\AdTrustMedia
Folder Deleted : C:\Program Files\AdTrustMedia
Folder Deleted : C:\Users\Stacho\AppData\Roaming\baidu
Folder Deleted : C:\Users\Stacho\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Stacho\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Stacho\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Stacho\Documents\Optimizer Pro
Folder Deleted : C:\Users\Stacho\AppData\Roaming\Mozilla\Firefox\Profiles\5hnficma.default\Extensions\faststartff@gmail.com
Folder Deleted : C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Deleted : C:\Users\Stacho\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
File Deleted : C:\ProgramData\Duplicaterecord.js
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml

***** [ Scheduled tasks ] *****

Task Deleted : Dealply
Task Deleted : DealPlyUpdate
Task Deleted : pricemeterdownloader
Task Deleted : pricemetertask
Task Deleted : pricemeterwatcher

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Stacho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Stacho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Stacho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceMeterLiveUpdate.exe
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v35.0.1 (x86 pl)

[5hnficma.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1415486105&from=ild&uid=ST320LT012-9WS14C_S0V8L8AYXXXXS0V8L8AY");
[5hnficma.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "mystartsearch");

-\\ Google Chrome v39.0.2171.99

[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/%7BsearchTerms%7D
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts=1401264309&from=cor&uid=ST320LT012-9WS14C_S0V8L8AYXXXXS0V8L8AY&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.pl/s/%7BsearchTerms%7D
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://go.speedbit.com/search.aspx?s=D5Lb&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1401438975&from=sof&uid=ST320LT012-9WS14C_S0V8L8AYXXXXS0V8L8AY&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=109&itype=n&ver=13001&tm=410&src=ds&p={searchTerms}

-\\ Comodo Dragon v

[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/%7BsearchTerms%7D
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts=1401264309&from=cor&uid=ST320LT012-9WS14C_S0V8L8AYXXXXS0V8L8AY&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.pl/s/%7BsearchTerms%7D
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://go.speedbit.com/search.aspx?s=D5Lb&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1401438975&from=sof&uid=ST320LT012-9WS14C_S0V8L8AYXXXXS0V8L8AY&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=109&itype=n&ver=13001&tm=410&src=ds&p={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.default-search.net?sid=492&aid=109&itype=n&ver=13001&tm=410&src=hmp

-\\ Opera v0.0.0.0

[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/%7BsearchTerms%7D
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts=1401264309&from=cor&uid=ST320LT012-9WS14C_S0V8L8AYXXXXS0V8L8AY&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.pl/s/%7BsearchTerms%7D
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://go.speedbit.com/search.aspx?s=D5Lb&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1401438975&from=sof&uid=ST320LT012-9WS14C_S0V8L8AYXXXXS0V8L8AY&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=109&itype=n&ver=13001&tm=410&src=ds&p={searchTerms}

-\\ Chrome Canary v

[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/%7BsearchTerms%7D
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts=1401264309&from=cor&uid=ST320LT012-9WS14C_S0V8L8AYXXXXS0V8L8AY&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.pl/s/%7BsearchTerms%7D
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://go.speedbit.com/search.aspx?s=D5Lb&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1401438975&from=sof&uid=ST320LT012-9WS14C_S0V8L8AYXXXXS0V8L8AY&q={searchTerms}
[C:\Users\Stacho\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=109&itype=n&ver=13001&tm=410&src=ds&p={searchTerms}

*************************

AdwCleaner[R0].txt - [4970 bytes] - [23/07/2014 22:32:17]
AdwCleaner[R1].txt - [8218 bytes] - [20/12/2014 08:30:54]
AdwCleaner[R2].txt - [7686 bytes] - [13/02/2015 16:59:17]
AdwCleaner[S0].txt - [4689 bytes] - [23/07/2014 22:33:38]
AdwCleaner[S1].txt - [10935 bytes] - [13/02/2015 17:02:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10995  bytes] ##########


Edited by Acidburn6, 13 February 2015 - 11:13 AM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 13 February 2015 - 01:15 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Acidburn6

Acidburn6
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 13 February 2015 - 03:32 PM

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Stacho (administrator) on STACHO-KOMPUTER on 13-02-2015 21:22:36
Running from C:\Users\Stacho\Downloads
Loaded Profiles: Stacho (Available profiles: Stacho)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\ATRis_Technik\sed.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\ATRis_Technik\pgsql\bin\postgres.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [SedServer] => C:\Program Files (x86)\ATRis_Technik\Sed.exe [120587776 2012-11-23] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4292622445-1780666126-4128423364-1000\...\Run: [uTorrent] => C:\Users\Stacho\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-01-27] (BitTorrent Inc.)
HKU\S-1-5-21-4292622445-1780666126-4128423364-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4292622445-1780666126-4128423364-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4292622445-1780666126-4128423364-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.onet.pl
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.onet.pl
HKU\S-1-5-21-4292622445-1780666126-4128423364-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=156
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000 -> {B29ECEDE-F605-4EDC-AA52-24690DCC577C} URL = http://www.google.com/search?hl=pl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000 -> {szukaj.gazeta.pl} URL = http://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Tcpip\Parameters: [DhcpNameServer] 195.238.181.164 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Stacho\AppData\Roaming\Mozilla\Firefox\Profiles\5hnficma.default
FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=156
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Extension: Avira Browser Safety - C:\Users\Stacho\AppData\Roaming\Mozilla\Firefox\Profiles\5hnficma.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Adblock Plus - C:\Users\Stacho\AppData\Roaming\Mozilla\Firefox\Profiles\5hnficma.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-16]

Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.onet.pl/
CHR StartupUrls: Profile 1 -> "hxxp://www.onet.pl/"
CHR DefaultSearchKeyword: Profile 1 -> google_
CHR DefaultSearchURL: Profile 1 -> http://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Profile 1 -> 
CHR Profile: C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-29]
CHR Extension: (Watch Live TV For Free) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agofcdpbochfbcflcenilhlpeniobili [2015-01-29]
CHR Extension: (Google Docs) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-29]
CHR Extension: (Google Drive) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-29]
CHR Extension: (Earth View from Google Maps) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2015-01-29]
CHR Extension: (YouTube) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-29]
CHR Extension: (Television) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccmmgijadofegbfojekdglknbeeminej [2015-01-29]
CHR Extension: (Google Search) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-29]
CHR Extension: (World tv) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2015-01-29]
CHR Extension: (AdBlock) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-29]
CHR Extension: (International Internet TV ) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpfaflofhdeeaikcajgalgbpgejbmihk [2015-01-29]
CHR Extension: (Live TV Free - TV 360) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nananoifaaimehnlhoolpggpgkbefdom [2015-01-29]
CHR Extension: (Google Wallet) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-29]
CHR Extension: (Tv Online) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2015-01-29]
CHR Extension: (Gmail) - C:\Users\Stacho\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-16]

Opera: 
=======
OPR StartupUrls: "hxxp://onet.pl/", "hxxp://www.gazeta.pl/0,0.html?p=156"
OPR Extension: (Tłumacz) - C:\Users\Stacho\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2014-05-20]
OPR Extension: (Adblock Plus) - C:\Users\Stacho\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-05-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-16] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-16] (Avast Software)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WorkshopDbService; C:\Program Files (x86)\ATRis_Technik\pgsql\bin\pg_ctl.exe [99840 2012-06-01] (PostgreSQL Global Development Group) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-16] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-19] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-16] ()
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2011-10-30] (CrystalIdea Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-11] (Disc Soft Ltd)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-19] ()
R3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [79488 2006-10-03] (RICOH Company, Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-16] (Avast Software)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 21:22 - 2015-02-13 21:23 - 00015894 _____ () C:\Users\Stacho\Downloads\FRST.txt
2015-02-13 21:22 - 2015-02-13 21:22 - 00000000 ___DC () C:\FRST
2015-02-13 17:06 - 2015-02-13 17:06 - 00000197 _____ () C:\Windows\system32\2015-02-13-16-06-29.016-AvastVBoxSVC.exe-2304.log
2015-02-13 16:38 - 2015-02-13 16:38 - 02134016 _____ (Farbar) C:\Users\Stacho\Downloads\FRST64.exe
2015-02-13 16:35 - 2015-02-13 16:35 - 02112512 _____ () C:\Users\Stacho\Downloads\AdwCleaner.exe
2015-02-13 16:30 - 2015-02-13 16:30 - 00448512 _____ (OldTimer Tools) C:\Users\Stacho\Downloads\TFC.exe
2015-02-13 07:21 - 2015-02-13 07:21 - 00000197 _____ () C:\Windows\system32\2015-02-13-06-21-39.071-AvastVBoxSVC.exe-2568.log
2015-02-13 07:18 - 2015-02-13 07:18 - 00000318 _____ () C:\Windows\PFRO.log
2015-02-13 07:04 - 2015-02-13 07:04 - 37517944 _____ (Vivaldi Technologies AS) C:\Users\Stacho\Downloads\Vivaldi_TP2_1.0.94.2 (1).exe
2015-02-13 07:03 - 2015-02-13 07:12 - 00000000 ____D () C:\Users\Stacho\AppData\Local\Vivaldi
2015-02-13 07:02 - 2015-02-13 07:02 - 37517944 _____ (Vivaldi Technologies AS) C:\Users\Stacho\Downloads\Vivaldi_TP2_1.0.94.2.exe
2015-02-12 14:59 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 14:59 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 14:59 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 14:59 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 23:28 - 2015-02-11 23:28 - 00000197 _____ () C:\Windows\system32\2015-02-11-22-28-20.035-AvastVBoxSVC.exe-2580.log
2015-02-11 23:25 - 2015-02-13 17:04 - 00000168 _____ () C:\Windows\setupact.log
2015-02-11 23:25 - 2015-02-11 23:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-11 23:24 - 2015-02-13 17:03 - 00000486 _____ () C:\Windows\errord.log
2015-02-11 23:23 - 2015-02-13 17:04 - 00000404 _____ () C:\Windows\error.log
2015-02-11 18:30 - 2015-02-11 22:08 - 00000000 ____D () C:\Users\Stacho\Downloads\sam naprawiam
2015-02-11 15:26 - 2015-02-11 17:57 - 00107917 _____ () C:\Users\Stacho\wirdia.svg
2015-02-11 15:14 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 15:14 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 15:14 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 15:14 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 15:14 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 15:14 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 15:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 15:14 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 15:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 15:14 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 15:14 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 15:14 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 15:14 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 15:14 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 15:14 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 15:14 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 15:14 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 15:14 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 15:14 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 15:14 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 15:14 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 15:14 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 15:14 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 15:14 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 15:14 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 15:14 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 15:13 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 15:13 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 15:13 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 15:13 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 15:13 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 15:13 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 15:13 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 15:13 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 15:13 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 15:13 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 15:13 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 15:13 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 15:13 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 15:13 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 15:13 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 15:13 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 15:13 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 15:13 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 15:13 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 15:13 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 15:13 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 15:13 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 15:13 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 15:13 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 15:13 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 15:13 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 15:13 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 15:13 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 15:13 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 15:13 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 15:13 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 15:13 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 15:13 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 15:13 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 15:13 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 15:13 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 15:13 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 15:13 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 15:13 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 15:13 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 15:12 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 15:12 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 15:12 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 15:12 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 15:12 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 15:12 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 15:12 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 15:12 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 15:12 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 15:12 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 15:12 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 15:12 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 15:12 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 15:12 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 15:12 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 15:12 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 15:12 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 15:12 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 15:12 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 15:12 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 15:12 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 15:12 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 15:12 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 15:12 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 15:12 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 15:12 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 15:12 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 15:12 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 15:12 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 15:11 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 15:11 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 15:11 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 15:11 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 15:11 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 15:11 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 15:11 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 15:11 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 15:11 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 15:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 23:28 - 2015-02-10 23:28 - 00000197 _____ () C:\Windows\system32\2015-02-10-22-28-38.014-AvastVBoxSVC.exe-2756.log
2015-02-10 23:16 - 2015-02-10 23:16 - 00002123 _____ () C:\Users\Stacho\Desktop\ATRIS_Vivid 2012-2.lnk
2015-02-10 23:11 - 2015-02-13 17:04 - 00205643 _____ () C:\Users\Stacho\workshopdata.log
2015-02-10 23:10 - 2015-02-10 23:10 - 00000053 _____ () C:\Windows\Crypkey.ini
2015-02-10 23:10 - 2015-02-10 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATRis_Technik
2015-02-10 23:10 - 2010-03-19 00:11 - 00030272 _____ () C:\Windows\system32\Ckldrv.sys
2015-02-10 23:10 - 2010-03-18 21:25 - 00126976 _____ (CrypKey (Canada) Ltd.) C:\Windows\system32\Crypserv.exe
2015-02-10 23:10 - 2010-01-20 17:28 - 00165888 ____R (Kenonic Controls) C:\Windows\Ckconfig.exe
2015-02-10 23:10 - 2010-01-20 17:28 - 00011776 _____ () C:\Windows\Ckrfresh.exe
2015-02-10 22:56 - 2015-02-10 23:15 - 00000000 ____D () C:\Program Files (x86)\ATRis_Technik
2015-02-10 22:56 - 2015-02-10 23:10 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2015-02-10 22:56 - 2015-02-10 23:10 - 00000000 ____D () C:\ProgramData\WorkshopData
2015-02-10 22:56 - 2015-02-10 22:56 - 00000000 ___HD () C:\Users\Stacho\InstallAnywhere
2015-02-10 22:55 - 2015-02-10 22:55 - 00000345 _____ () C:\Windows\ODBC.INI
2015-02-10 22:55 - 2015-02-10 22:55 - 00000295 _____ () C:\Windows\Atris_St.INI
2015-02-10 22:55 - 2015-02-10 22:55 - 00000200 _____ () C:\Windows\ODBCINST.INI
2015-02-10 22:55 - 2002-04-30 09:25 - 00041232 ____R (Microsoft Corporation) C:\Windows\SysWOW64\ODBCCP32.CPL
2015-02-10 22:55 - 1998-06-01 14:37 - 00163840 ____R (Microsoft Corporation) C:\Windows\SysWOW64\MSJINT35.DLL
2015-02-10 22:55 - 1998-05-18 03:06 - 00368912 ____R (Microsoft Corporation) C:\Windows\SysWOW64\VBAR332.DLL
2015-02-10 22:55 - 1998-04-24 01:00 - 00024848 ____R (Microsoft Corporation) C:\Windows\SysWOW64\MSJTER35.DLL
2015-02-10 22:54 - 2002-02-19 14:24 - 00004656 ____R (Microsoft Corporation) C:\Windows\SysWOW64\DS16GT.DLL
2015-02-10 22:54 - 1999-09-28 22:42 - 01050896 ____R (Microsoft Corporation) C:\Windows\SysWOW64\MSJET35.DLL
2015-02-10 22:54 - 1999-09-09 23:06 - 00168720 ____R (Microsoft Corporation) C:\Windows\SysWOW64\MSLTUS35.DLL
2015-02-10 22:54 - 1998-05-13 19:49 - 00072704 ____R (Microsoft Corporation) C:\Windows\SysWOW64\ODBCTL32.DLL
2015-02-10 18:28 - 2015-02-10 18:28 - 00723182 _____ () C:\Users\Stacho\Downloads\Pulpit.rar
2015-02-10 17:49 - 2015-02-10 18:49 - 00000000 ____D () C:\Users\Stacho\Downloads\ATRIS Technik (Vivid) (2013.1)
2015-02-10 17:48 - 2015-02-10 17:49 - 00134203 _____ () C:\Users\Stacho\Downloads\ATRIS Technik (2013.1) [ENG].torrent
2015-02-07 18:46 - 2015-02-07 18:48 - 00000000 ____D () C:\Users\Stacho\Desktop\Zdjęcia
2015-02-04 19:59 - 2015-02-04 19:59 - 00000247 _____ () C:\Windows\system32\2015-02-04-18-59-57.047-aswFe.exe-3040.log
2015-02-04 19:50 - 2015-02-04 19:59 - 00000247 _____ () C:\Windows\system32\2015-02-04-18-50-28.077-aswFe.exe-3252.log
2015-02-04 19:50 - 2015-02-04 19:50 - 00000197 _____ () C:\Windows\system32\2015-02-04-18-50-22.060-AvastVBoxSVC.exe-556.log
2015-02-02 15:41 - 2015-02-02 15:41 - 00000197 _____ () C:\Windows\system32\2015-02-02-14-41-05.097-AvastVBoxSVC.exe-3068.log
2015-02-02 15:24 - 2015-02-02 15:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 17:59 - 2015-01-23 18:00 - 05317104 _____ (Piriform Ltd) C:\Users\Stacho\Downloads\ccsetup501.exe
2015-01-20 17:45 - 2015-01-20 17:45 - 00000000 ____D () C:\Users\Stacho\AppData\Local\GHISLER
2015-01-20 17:26 - 2015-01-20 17:49 - 00000000 ____D () C:\Users\Stacho\Desktop\Renault
2015-01-20 17:23 - 2015-01-29 22:45 - 00000000 ____D () C:\Users\Stacho\AppData\Roaming\Foxit Software
2015-01-20 17:23 - 2015-01-20 17:23 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-01-20 17:22 - 2015-01-20 17:22 - 00001355 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2015-01-20 17:22 - 2015-01-20 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-01-20 17:22 - 2015-01-20 17:22 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-01-20 17:21 - 2015-01-20 17:21 - 35984520 _____ (Foxit Software Inc. ) C:\Users\Stacho\Downloads\FoxitReader706.1126_enu_Setup.exe
2015-01-20 17:10 - 2015-01-20 17:12 - 00000000 ___DC () C:\totalcmd
2015-01-20 17:10 - 2015-01-20 17:12 - 00000000 ____D () C:\Users\Stacho\AppData\Roaming\GHISLER
2015-01-20 17:10 - 2015-01-20 17:10 - 00000646 _____ () C:\Users\Stacho\Desktop\Total Commander 64 bit.lnk
2015-01-20 17:10 - 2015-01-20 17:10 - 00000000 ____D () C:\Users\Stacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-01-20 17:09 - 2015-01-20 17:09 - 04329488 _____ (Ghisler Software GmbH) C:\Users\Stacho\Downloads\tcmd801x64.exe
2015-01-17 19:20 - 2015-01-17 19:20 - 00000197 _____ () C:\Windows\system32\2015-01-17-18-20-48.045-AvastVBoxSVC.exe-2228.log
2015-01-17 00:11 - 2015-01-17 00:11 - 00000247 _____ () C:\Windows\system32\2015-01-16-23-11-38.091-aswFe.exe-2624.log
2015-01-17 00:02 - 2015-01-17 00:11 - 00000247 _____ () C:\Windows\system32\2015-01-16-23-02-12.022-aswFe.exe-572.log
2015-01-17 00:02 - 2015-01-17 00:02 - 00000197 _____ () C:\Windows\system32\2015-01-16-23-02-06.012-AvastVBoxSVC.exe-2020.log
2015-01-16 23:53 - 2015-01-16 23:53 - 00000197 _____ () C:\Windows\system32\2015-01-16-22-53-56.040-AvastVBoxSVC.exe-3768.log
2015-01-16 21:42 - 2015-01-16 21:42 - 00000247 _____ () C:\Windows\system32\2015-01-16-20-42-01.061-aswFe.exe-3092.log
2015-01-16 21:35 - 2015-01-16 21:41 - 00000247 _____ () C:\Windows\system32\2015-01-16-20-35-34.068-aswFe.exe-1792.log
2015-01-16 21:35 - 2015-01-16 21:35 - 00000197 _____ () C:\Windows\system32\2015-01-16-20-35-28.067-AvastVBoxSVC.exe-2976.log
2015-01-16 21:21 - 2015-01-16 21:21 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-16 21:21 - 2015-01-16 21:21 - 00000000 ____D () C:\Users\Stacho\AppData\Roaming\AVAST Software
2015-01-16 21:21 - 2015-01-16 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-16 21:20 - 2015-01-28 12:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-16 21:20 - 2015-01-16 21:20 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-16 21:20 - 2015-01-16 21:19 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-16 21:20 - 2015-01-16 21:19 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-16 21:20 - 2015-01-16 21:19 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-16 21:20 - 2015-01-16 21:19 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-16 21:20 - 2015-01-16 21:19 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-16 21:20 - 2015-01-16 21:19 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-16 21:19 - 2015-01-16 21:20 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-16 21:19 - 2015-01-16 21:19 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-16 21:19 - 2015-01-16 21:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-16 21:18 - 2015-01-16 21:18 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-16 00:10 - 2015-01-16 00:10 - 00000000 __SHD () C:\Users\Stacho\AppData\Local\EmieBrowserModeList
2015-01-14 06:29 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:29 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:29 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:29 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 06:29 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 20:58 - 2014-10-08 13:19 - 01605893 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 19:47 - 2014-04-10 11:48 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1C88057-24E1-4777-9F96-AAED0F0CA866}
2015-02-13 17:15 - 2014-07-24 03:53 - 00000000 ____D () C:\Users\Stacho\AppData\Roaming\uTorrent
2015-02-13 17:11 - 2009-07-14 05:45 - 00036560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 17:11 - 2009-07-14 05:45 - 00036560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 17:05 - 2009-07-14 03:34 - 00000600 _____ () C:\Windows\win.ini
2015-02-13 17:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 17:02 - 2014-07-31 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-13 17:02 - 2014-07-23 22:32 - 00000000 ____D () C:\AdwCleaner
2015-02-13 17:02 - 2014-05-28 09:40 - 00000000 ____D () C:\Windows\system32\log
2015-02-11 23:25 - 2014-09-28 08:34 - 00413264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 23:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 23:17 - 2014-07-23 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 23:14 - 2014-04-10 13:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:05 - 2014-04-10 13:51 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 15:26 - 2014-04-10 11:15 - 00000000 ____D () C:\Users\Stacho
2015-02-10 23:53 - 2014-08-11 22:37 - 00000000 ____D () C:\Users\Stacho\AppData\Roaming\DAEMON Tools Lite
2015-02-10 23:52 - 2014-06-21 14:24 - 00000000 ____D () C:\Users\Stacho\AppData\Local\CrashDumps
2015-02-10 23:25 - 2014-10-24 04:14 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 23:25 - 2014-08-22 22:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-09 23:20 - 2014-06-29 16:41 - 00001550 _____ () C:\Users\Stacho\pcmscan.cfg
2015-02-08 09:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-02 15:46 - 2014-09-14 10:52 - 00000000 ____D () C:\3D Live Pool
2015-02-02 15:39 - 2014-04-11 05:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 15:39 - 2014-04-11 05:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 15:39 - 2014-04-11 05:02 - 00003870 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-27 22:24 - 2014-12-04 14:24 - 00000814 _____ () C:\Users\Stacho\Desktop\µTorrent.lnk
2015-01-27 22:24 - 2014-12-04 14:24 - 00000794 _____ () C:\Users\Stacho\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-23 18:00 - 2014-10-24 05:35 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-23 18:00 - 2014-10-24 05:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-18 17:32 - 2014-07-31 14:06 - 00002265 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-17 09:04 - 2014-08-22 14:49 - 00000000 ____D () C:\Users\Stacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-17 09:04 - 2014-08-22 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-17 09:04 - 2014-04-11 07:03 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-16 21:18 - 2014-04-10 12:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-16 21:10 - 2014-07-13 14:48 - 00000996 _____ () C:\Users\Stacho\Desktop\Uninstall Tool.lnk
2015-01-16 17:00 - 2014-04-10 13:13 - 00000000 ____D () C:\Users\Stacho\AppData\Roaming\vlc
2015-01-15 23:45 - 2014-04-10 11:35 - 01643124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 23:45 - 2011-02-04 18:38 - 00740672 _____ () C:\Windows\system32\perfh015.dat
2015-01-15 23:45 - 2011-02-04 18:38 - 00156214 _____ () C:\Windows\system32\perfc015.dat
2015-01-15 23:45 - 2009-07-14 06:13 - 01643124 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 16:16 - 2014-08-22 22:16 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 16:16 - 2014-08-22 22:16 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

==================== Files in the root of some directories =======

2014-08-10 11:55 - 2014-08-10 11:55 - 15327232 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-04-11 11:15 - 2014-04-11 23:41 - 0000088 _____ () C:\Users\Stacho\AppData\Roaming\WB.CFG
2014-04-10 22:19 - 2014-04-10 22:19 - 0000000 _____ () C:\Users\Stacho\AppData\Local\AtStart.txt
2014-04-10 22:19 - 2014-04-10 22:19 - 0000000 _____ () C:\Users\Stacho\AppData\Local\DSwitch.txt
2014-04-10 22:19 - 2014-04-10 22:19 - 0000000 _____ () C:\Users\Stacho\AppData\Local\QSwitch.txt
2014-11-05 16:23 - 2014-11-05 16:23 - 0260616 _____ () C:\ProgramData\1415200890.bdinstall.bin
2014-09-08 14:07 - 2014-09-07 08:54 - 1424232 _____ (Baidu, Inc.) C:\ProgramData\BavPro_Setup_Mini_GL1.exe
2014-08-17 09:01 - 2014-08-17 10:13 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Files to move or delete:
====================
C:\ProgramData\BavPro_Setup_Mini_GL1.exe


Some content of TEMP:
====================
C:\Users\Stacho\AppData\Local\Temp\dateinj01.dll
C:\Users\Stacho\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 14:12

==================== End Of Log ============================

Additional.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by Stacho at 2015-02-13 21:24:23
Running from C:\Users\Stacho\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4292622445-1780666126-4128423364-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version:  - Microsoft)
ATRis_Technik (HKLM-x32\...\ATRis_Technik) (Version: 12.0.0.1 - Vivid Automotive Data & Media bv)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-4292622445-1780666126-4128423364-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.6.36.116 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version:  - )
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 pl)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
PCMSCAN (HKLM-x32\...\{979B748C-6095-4A5A-BC7B-C15E720529D6}) (Version: 2.4.12 - Palmer Performance Engineering)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
YoWindow (HKLM-x32\...\yowindow) (Version: 3 - RepkaSoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stacho\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stacho\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stacho\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stacho\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stacho\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stacho\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stacho\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stacho\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4292622445-1780666126-4128423364-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stacho\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-10-2014 16:11:40 Installed Java 7 Update 71
22-10-2014 03:56:41 Windows Update
24-10-2014 13:49:31 avast! antivirus system restore point
28-10-2014 07:19:18 Windows Update
01-11-2014 08:53:15 Windows Update
05-11-2014 04:58:20 Windows Update
05-11-2014 15:59:12 Zainstalowany program DirectX
05-11-2014 16:27:05 avast! antivirus system restore point
08-11-2014 08:40:55 Windows Update
12-11-2014 15:38:33 Windows Update
18-11-2014 14:32:47 Windows Update
19-11-2014 23:00:13 Windows Update
25-11-2014 16:25:59 Windows Update
01-12-2014 14:49:14 avast! antivirus system restore point
04-12-2014 06:57:17 avast! antivirus system restore point
04-12-2014 07:09:21 avast! antivirus system restore point
06-12-2014 23:33:28 Removed Skype™ 6.22
10-12-2014 16:38:17 Windows Update
12-12-2014 23:00:20 Windows Update
15-12-2014 14:54:14 Installed WSC Real 09.
15-12-2014 15:23:59 Removed WSC Real 09.
16-12-2014 22:54:47 Windows Update
18-12-2014 23:00:13 Windows Update
24-12-2014 08:21:26 Windows Update
31-12-2014 09:00:24 Windows Update
06-01-2015 08:44:55 Windows Update
10-01-2015 09:32:37 Windows Update
15-01-2015 06:22:19 Instalator modułów systemu Windows
15-01-2015 06:35:35 Windows Update
15-01-2015 23:00:11 Windows Update
16-01-2015 21:18:10 avast! antivirus system restore point
20-01-2015 15:42:21 Windows Update
28-01-2015 06:26:48 Windows Update
31-01-2015 08:26:49 Windows Update
04-02-2015 03:52:55 Windows Update
10-02-2015 15:07:22 Windows Update
11-02-2015 23:01:07 Windows Update
13-02-2015 03:15:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D8969C9-0D7A-44C1-9EA5-F0EA3B021407} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Task: {400DAD0A-8A02-45AB-809F-4A9EC2C8012C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {40FF1859-2274-4D16-B32F-FAADD2F9BEFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {4102E4E3-ACB9-4FFA-B007-0DCF374B6EBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-02] (Adobe Systems Incorporated)
Task: {5C5442A3-9142-42F5-BFB3-F17407C004A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {B02E4DC9-73E5-463F-B470-948FE258D145} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-16] (AVAST Software)
Task: {F6B06A47-1444-43D3-AA06-278FC58C6EA6} - System32\Tasks\{21C4E712-5575-4BB2-A280-F956EE2AB5EF} => pcalua.exe -a C:\Users\Stacho\Downloads\Adaware_Installer.exe -d C:\Users\Stacho\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-09 10:18 - 2012-11-09 10:18 - 00034304 _____ () C:\Windows\System32\xrxs1l6.dll
2015-01-16 21:19 - 2015-01-16 21:19 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-16 21:19 - 2015-01-16 21:19 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-12 23:25 - 2014-12-12 23:25 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll
2015-02-10 23:09 - 2012-11-23 17:14 - 120587776 _____ () C:\Program Files (x86)\ATRis_Technik\sed.exe
2015-02-13 16:18 - 2015-02-13 16:18 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021300\algo.dll
2015-01-16 21:19 - 2015-01-16 21:19 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-13 21:07 - 2015-02-13 21:07 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021301\algo.dll
2015-02-10 23:07 - 2012-06-01 02:59 - 00168448 _____ () C:\Program Files (x86)\ATRis_Technik\pgsql\bin\LIBPQ.dll
2015-02-10 23:07 - 2012-06-01 02:59 - 00987136 _____ () C:\Program Files (x86)\ATRis_Technik\pgsql\bin\libxml2.dll
2015-02-10 23:07 - 2012-06-01 02:59 - 00066560 _____ () C:\Program Files (x86)\ATRis_Technik\pgsql\bin\zlib1.dll
2015-01-16 21:19 - 2015-01-16 21:19 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 12947968 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XKRN76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 00771584 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XSCR76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 02003456 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XMNG76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 01238528 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XSND76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 00494080 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XJCE76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 03162112 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XMIS76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 08420352 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XXML76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 04968960 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XXXL76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 00610816 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XSSE76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 01563136 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XSEC76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 00544256 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XPKC76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 00655360 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XSQL76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 02305024 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XSWN76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 12645888 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XAWT76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 00256512 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XRMI76033.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 05638144 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\XCRB76033.dll
2015-02-10 23:09 - 2011-09-16 01:27 - 00020480 _____ () C:\Program Files (x86)\ATRis_Technik\rt\bin\jetvm\jvm.dll
2015-02-10 23:09 - 2011-09-16 01:27 - 00069632 _____ () C:\Program Files (x86)\ATRis_Technik\rt\bin\java.dll
2015-02-10 23:09 - 2012-06-16 01:00 - 00126976 _____ () C:\Program Files (x86)\ATRis_Technik\rt\bin\zip.dll
2015-02-10 23:09 - 2011-09-16 01:26 - 00176128 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\baseline760.dll
2015-02-10 23:09 - 2012-06-28 14:04 - 03672064 _____ () C:\Program Files (x86)\ATRis_Technik\rt\jetrt\xjitb_j76033.dll
2015-01-18 17:32 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-18 17:32 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-18 17:32 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-18 17:32 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system.ini:c1_encryption_d
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_e
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_e2
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_d
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_e
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_e2
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4292622445-1780666126-4128423364-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stacho\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.238.181.164 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4292622445-1780666126-4128423364-500 - Administrator - Disabled)
Gość (S-1-5-21-4292622445-1780666126-4128423364-501 - Limited - Disabled)
Stacho (S-1-5-21-4292622445-1780666126-4128423364-1000 - Administrator - Enabled) => C:\Users\Stacho

==================== Faulty Device Manager Devices =============

Name: Bnbase
Description: Bnbase
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Bnbase
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Karta tunelowania Teredo firmy Microsoft
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2015 05:04:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 07:19:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 11:26:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 11:27:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: Setup.exe_InstallShield (R), wersja: 10.0.0.159, sygnatura czasowa: 0x4083592c
Nazwa modułu powodującego błąd: iuser.dll, wersja: 10.0.0.159, sygnatura czasowa: 0x408357fe
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00010e45
Identyfikator procesu powodującego błąd: 0xf80
Godzina uruchomienia aplikacji powodującej błąd: 0xSetup.exe_InstallShield (R)0
Ścieżka aplikacji powodującej błąd: Setup.exe_InstallShield (R)1
Ścieżka modułu powodującego błąd: Setup.exe_InstallShield (R)2
Identyfikator raportu: Setup.exe_InstallShield (R)3

Error: (02/10/2015 11:26:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 10:38:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: Setup.EXE_InstallShield (R), wersja: 10.0.0.159, sygnatura czasowa: 0x4083592c
Nazwa modułu powodującego błąd: iuser.dll, wersja: 10.0.0.159, sygnatura czasowa: 0x408357fe
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00010e45
Identyfikator procesu powodującego błąd: 0xcbc
Godzina uruchomienia aplikacji powodującej błąd: 0xSetup.EXE_InstallShield (R)0
Ścieżka aplikacji powodującej błąd: Setup.EXE_InstallShield (R)1
Ścieżka modułu powodującego błąd: Setup.EXE_InstallShield (R)2
Identyfikator raportu: Setup.EXE_InstallShield (R)3

Error: (02/07/2015 06:49:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/07/2015 06:49:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2” w wierszu C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/02/2015 03:39:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2015 03:21:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: 3D Live Pool.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x3f1a9f3a
Nazwa modułu powodującego błąd: 3D Live Pool.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x3f1a9f3a
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00061976
Identyfikator procesu powodującego błąd: 0xc18
Godzina uruchomienia aplikacji powodującej błąd: 0x3D Live Pool.exe0
Ścieżka aplikacji powodującej błąd: 3D Live Pool.exe1
Ścieżka modułu powodującego błąd: 3D Live Pool.exe2
Identyfikator raportu: 3D Live Pool.exe3


System errors:
=============
Error: (02/13/2015 05:51:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (02/13/2015 05:51:22 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (02/13/2015 05:04:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: 
Bnbase

Error: (02/13/2015 05:04:04 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (02/13/2015 05:04:04 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/13/2015 05:04:02 PM) (Source: atikmdag) (EventID: 10247) (User: )
Description: I2c return failed

Error: (02/13/2015 05:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Windows Search z powodu następującego błędu: 
%%3

Error: (02/13/2015 05:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Usługa udostępniania w sieci programu Windows Media Player z powodu następującego błędu: 
%%3

Error: (02/13/2015 05:02:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (02/13/2015 05:02:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4095.3 MB
Available physical RAM: 2419.45 MB
Total Pagefile: 8188.8 MB
Available Pagefile: 6215.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:133.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 430696EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 13 February 2015 - 03:48 PM

Hi,
please do the following:
 
Change the router DNS entries ; change router password

http://http://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Then check, if the configuration passes the test:
http://www.cert.orange.pl/modemscan/


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 16 February 2015 - 04:38 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 19 February 2015 - 01:51 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users