Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015 Ran by Wujo (administrator) on WUJO-KOMPUTER on 06-01-2015 17:02:43 Running from F:\Zawirusowania konkretne Loaded Profiles: (Available profiles: Wujo) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 10 (Default browser: Launcher) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software) HKU\S-1-5-18\...\Run: [KuhnUmmi] => regsvr32.exe "C:\ProgramData\KuhnUmmi\ZuhjIgtog.yep" HKU\S-1-5-18\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 -> {2F3F70DB-19ED-4AE2-829E-ED7ABDD6D638} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={71AE8812-1669-4581-B398-F540214F14E5} SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://search.certified-toolbar.com?si=44393&st=bs&tid=3820&ver=4.9&ts=1369248523355.000003&tguid=44393-3820-1369248523355-DA54B3E4B3DA9B82F6E7C5AAB0157A9E&q={searchTerms} SearchScopes: HKLM-x32 -> {F2F5CBE5-319A-4C34-926D-CEBA8A09E870} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW BHO: webSAive -> {2E3EFEDB-1DF5-5E5B-C5D7-630462260742} -> C:\Program Files (x86)\webSAive\nUkS3p.x64.dll No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name -> {19a395c9-823b-4700-b817-396fc84ffb16} -> No File BHO-x32: webSAive -> {2E3EFEDB-1DF5-5E5B-C5D7-630462260742} -> C:\Program Files (x86)\webSAive\nUkS3p.dll No File BHO-x32: YouTube To ALLPlayer -> {61DB16C5-B733-43F4-872E-B20DC9E72740} -> C:\Program Files (x86)\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HomeTab -> {ca2fbf11-ffbb-49f8-b2fa-345f226e3a74} -> C:\Program Files (x86)\HomeTab\IE\HomeTab.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM-x32 - HomeTab - {ca2fbf11-ffbb-49f8-b2fa-345f226e3a74} - C:\Program Files (x86)\HomeTab\IE\HomeTab.dll No File Toolbar: HKLM-x32 - No Name - {19a395c9-823b-4700-b817-396fc84ffb16} - No File Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4FF464A0-FFEC-4C85-BF1C-388FF7A1B39A}: [NameServer] 156.154.70.25,156.154.71.25 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (StartSearch ) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-20] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-03] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files (x86)\StartSearch plugin\startsplg.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05] CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-05] (AVAST Software) S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated) S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.) S2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] S2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [769920 2013-01-14] (Enigma Software Group USA, LLC.) S4 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer) S4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\ \...\???\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-05] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] () S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2013-03-15] () S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] () S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-03-15] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] U2 wuaserv; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-06 17:00 - 2015-01-06 17:02 - 00000000 ____D () C:\FRST 2015-01-06 15:16 - 2015-01-06 15:16 - 00000000 ____D () C:\Windows\pss 2015-01-06 15:06 - 2015-01-06 12:51 - 00008192 _____ () C:\shldr.mbr 2015-01-06 12:51 - 2015-01-06 12:51 - 00001785 _____ () C:\Users\Wujo\Desktop\SpyHunter4.exe — skrót.lnk 2015-01-06 12:50 - 2015-01-06 16:33 - 00395589 _____ () C:\spyhunter.fix 2015-01-06 12:50 - 2012-11-02 15:23 - 00285747 _____ () C:\shldr 2015-01-06 12:49 - 2015-01-06 12:51 - 00000000 ____D () C:\sh4ldr 2015-01-06 12:49 - 2015-01-06 12:49 - 00003344 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2015-01-06 12:49 - 2015-01-06 12:49 - 00000000 ____D () C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP 2015-01-06 12:49 - 2015-01-06 12:49 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-01-06 12:49 - 2015-01-06 12:49 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2015-01-06 00:29 - 2015-01-06 00:29 - 00000000 ____D () C:\Windows\system32\%LocalAppData% 2015-01-06 00:26 - 2015-01-06 00:26 - 00291632 _____ () C:\Windows\Minidump\010615-72072-01.dmp 2015-01-05 01:25 - 2015-01-05 01:25 - 00000000 ___HD () C:\$AVG 2015-01-05 00:31 - 2015-01-05 00:31 - 00000000 _____ () C:\autoexec.bat 2015-01-05 00:15 - 2015-01-05 00:15 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-01-05 00:15 - 2015-01-05 00:15 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-05 00:15 - 2015-01-05 00:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-05 00:15 - 2015-01-05 00:15 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-05 00:00 - 2015-01-05 00:00 - 00001897 _____ () C:\Users\Wujo\Desktop\ShadowExplorer.lnk 2015-01-05 00:00 - 2015-01-05 00:00 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\www.shadowexplorer.com 2015-01-05 00:00 - 2015-01-05 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2015-01-05 00:00 - 2015-01-05 00:00 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer 2015-01-04 21:49 - 2015-01-04 21:49 - 00000049 _____ () C:\Users\Wujo\Desktop\antymalware.txt 2015-01-04 21:12 - 2015-01-06 00:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-04 21:10 - 2015-01-04 21:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-01-04 21:08 - 2015-01-04 21:12 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-04 21:08 - 2015-01-04 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-04 21:07 - 2015-01-04 21:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-04 21:07 - 2015-01-04 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-04 21:07 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-04 21:07 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-04 21:07 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-04 20:34 - 2015-01-04 20:34 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-04 18:04 - 2015-01-04 18:04 - 00291752 _____ () C:\Windows\Minidump\010415-41168-01.dmp 2015-01-04 18:00 - 2015-01-04 18:00 - 00000000 __SHD () C:\found.000 2015-01-04 14:05 - 2015-01-04 14:08 - 00000000 ____D () C:\Users\Wujo\Desktop\do odzyskania 2015-01-04 12:30 - 2015-01-04 12:30 - 00291752 _____ () C:\Windows\Minidump\010415-554162-01.dmp 2015-01-03 17:37 - 2015-01-03 17:37 - 00291752 _____ () C:\Windows\Minidump\010315-67267-01.dmp 2015-01-03 17:27 - 2015-01-03 17:27 - 00291752 _____ () C:\Windows\Minidump\010315-71089-01.dmp 2015-01-03 17:12 - 2015-01-06 12:53 - 538053552 _____ () C:\Windows\MEMORY.DMP 2015-01-03 17:12 - 2015-01-03 17:12 - 00291752 _____ () C:\Windows\Minidump\010315-1122224-01.dmp 2015-01-03 16:33 - 2015-01-03 16:33 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\AVAST Software 2015-01-03 16:32 - 2015-01-05 00:17 - 00001962 _____ () C:\Users\Public\Desktop\Avast Premier.lnk 2015-01-03 16:32 - 2015-01-03 17:33 - 00002066 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk 2015-01-03 16:32 - 2015-01-03 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-03 16:30 - 2015-01-05 00:16 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-03 16:23 - 2015-01-03 16:23 - 00096640 _____ () C:\Users\Wujo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-03 16:22 - 2015-01-06 16:11 - 00002020 _____ () C:\Windows\setupact.log 2015-01-03 16:22 - 2015-01-03 16:22 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-03 16:21 - 2015-01-06 00:33 - 00230898 _____ () C:\Windows\PFRO.log 2015-01-03 16:08 - 2015-01-03 16:19 - 191729711 _____ (Avast! Premier 2015 - 10.0.2206) C:\Users\Wujo\Downloads\Avast! Premier 2015 10.0.2206 + Crack [BRSHARES].exe 2015-01-03 15:56 - 2015-01-03 15:56 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2015-01-03 15:55 - 2015-01-03 15:55 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-03 15:40 - 2015-01-03 16:28 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-03 15:23 - 2015-01-03 15:38 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Wise Disk Cleaner 2015-01-03 15:23 - 2015-01-03 15:25 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Wise Registry Cleaner 2015-01-03 15:23 - 2015-01-03 15:23 - 00001239 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2015-01-03 15:23 - 2015-01-03 15:23 - 00001216 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk 2015-01-03 15:23 - 2015-01-03 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2015-01-03 15:23 - 2015-01-03 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner 2015-01-03 15:23 - 2015-01-03 15:23 - 00000000 ____D () C:\Program Files (x86)\Wise 2015-01-03 15:15 - 2015-01-03 15:15 - 00000844 _____ () C:\Users\Wujo\Desktop\BitTorrent.lnk 2015-01-03 15:14 - 2015-01-03 16:20 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\BitTorrent 2015-01-03 15:14 - 2015-01-03 15:14 - 00000000 ____D () C:\ProgramData\APN 2015-01-03 15:13 - 2015-01-03 15:13 - 01691224 _____ (BitTorrent Inc.) C:\Users\Wujo\Downloads\BitTorrent.exe 2015-01-03 08:18 - 2015-01-03 08:18 - 00004651 _____ () C:\how_decrypt.html 2015-01-03 08:18 - 2015-01-03 08:18 - 00000000 ____D () C:\ProgramData\efywb 2015-01-02 12:38 - 2015-01-03 17:29 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Onbilo 2015-01-01 14:56 - 2014-12-09 08:31 - 00049936 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_12_F012_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-11-15 09:27 - 00049408 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_11_F011_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-11-03 16:33 - 00013600 _____ () C:\Users\Wujo\Downloads\J-Wi Jadłospis.DOC.itqjnld 2015-01-01 14:56 - 2014-10-13 10:15 - 00052368 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_10_F010_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-08-31 08:14 - 00054112 _____ () C:\Users\Wujo\Downloads\obsada nr 3 27.08.2014 roda.XLS.itqjnld 2015-01-01 14:56 - 2014-08-31 08:14 - 00054112 _____ () C:\Users\Wujo\Downloads\obsada nr 3 27.08.2014 roda (1).XLS.itqjnld 2015-01-01 14:56 - 2014-08-11 13:56 - 00051824 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_08_F008_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-07-29 07:43 - 00045152 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_07_F007_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-05-19 12:14 - 00048704 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_05_F005_Z.PDF.itqjnld 2015-01-01 14:56 - 2014-03-17 14:58 - 00072576 _____ () C:\Users\Wujo\Downloads\tmp1A0.PDF.itqjnld 2015-01-01 14:56 - 2014-02-10 19:04 - 00050960 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_02_F002_Z.PDF.itqjnld 2015-01-01 14:56 - 2013-10-15 10:38 - 00049632 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_13_10_F010_Y.PDF.itqjnld 2015-01-01 14:56 - 2013-06-01 08:55 - 00044352 _____ () C:\Users\Wujo\Downloads\statement_0245_20130527.PDF.itqjnld 2015-01-01 14:41 - 2015-01-01 14:41 - 00002828 _____ () C:\Windows\System32\Tasks\nvbinif 2014-12-31 08:44 - 2014-12-31 08:44 - 00000000 ____D () C:\Windows\system32\log 2014-12-31 08:29 - 2014-12-31 08:29 - 00000288 _____ () C:\Users\Wujo\AppData\Roaming\41710310.reg 2014-12-25 23:17 - 2015-01-03 17:29 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Fosyryg 2014-12-20 15:38 - 2014-12-20 15:39 - 13087456 _____ (Microsoft Corporation) C:\Users\Wujo\Downloads\Silverlight_x64.exe 2014-12-17 08:46 - 2014-12-17 08:46 - 00244328 _____ () C:\Users\Wujo\Downloads\Firefox Setup Stub 34.0.5.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-06 16:54 - 2011-03-20 20:46 - 01210851 _____ () C:\Windows\WindowsUpdate.log 2015-01-06 16:24 - 2013-04-11 18:29 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-06 16:20 - 2009-07-14 05:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-06 16:20 - 2009-07-14 05:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-06 16:11 - 2014-08-30 07:49 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-06 16:11 - 2014-02-04 07:44 - 00000426 ____H () C:\Windows\Tasks\WS.Enabler-S-71009536.job 2015-01-06 16:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-06 15:09 - 2014-08-30 07:49 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-06 12:44 - 2014-02-11 18:54 - 00000266 __RSH () C:\ProgramData\ntuser.pol 2015-01-06 00:26 - 2011-06-23 12:39 - 00000000 ____D () C:\Windows\Minidump 2015-01-05 21:59 - 2013-03-04 10:48 - 00000000 ____D () C:\Users\Wujo\Downloads\Pierdoły 2015-01-05 20:05 - 2012-01-03 20:19 - 00000000 ____D () C:\filmy 2015-01-05 01:36 - 2014-02-11 18:53 - 00000000 ____D () C:\ProgramData\aimakkjhlbdhcjccaplhjfglamjaecbm 2015-01-05 00:00 - 2011-03-21 05:37 - 00707756 _____ () C:\Windows\system32\perfh015.dat 2015-01-05 00:00 - 2011-03-21 05:37 - 00140738 _____ () C:\Windows\system32\perfc015.dat 2015-01-05 00:00 - 2009-07-14 06:13 - 01578268 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-04 21:48 - 2014-02-04 07:44 - 00000000 ____D () C:\ProgramData\SetApp 2015-01-04 17:48 - 2009-08-16 06:54 - 00000000 ____D () C:\ProgramData\Norton 2015-01-04 17:41 - 2013-10-08 14:57 - 00000000 ____D () C:\ProgramData\Origin 2015-01-04 14:10 - 2012-01-15 10:57 - 00000000 ____D () C:\muza1 2015-01-04 12:36 - 2013-10-08 14:56 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-01-04 10:36 - 2013-09-06 13:02 - 00000000 ___HD () C:\Users\Wujo\SSYPV 2015-01-03 19:27 - 2014-12-01 16:52 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-03 19:25 - 2014-11-20 18:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-03 16:22 - 2009-07-14 05:45 - 02326752 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-03 15:30 - 2011-07-12 18:46 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\DAEMON Tools Lite 2015-01-03 15:26 - 2012-01-27 17:30 - 00000000 ____D () C:\Users\Wujo\Desktop\programy 2015-01-03 15:26 - 2011-12-02 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2015-01-03 15:26 - 2011-11-22 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt 2015-01-03 15:26 - 2011-11-21 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid 2015-01-03 15:26 - 2011-08-30 08:54 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-03 15:26 - 2011-08-30 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-03 15:26 - 2009-08-22 06:58 - 00000000 __RHD () C:\MSOCache 2015-01-03 15:26 - 2009-07-27 21:41 - 00000000 ____D () C:\Windows\Panther 2015-01-03 15:02 - 2014-08-30 07:48 - 00000000 ____D () C:\Users\Wujo\AppData\Local\Deployment 2015-01-03 08:18 - 2014-05-22 20:23 - 00040592 _____ () C:\Program1.RPT 2015-01-02 11:47 - 2013-04-29 14:53 - 00000000 ____D () C:\Users\Wujo\AppData\Local\Symantec 2015-01-02 11:40 - 2013-03-10 19:19 - 00000000 ___SD () C:\Users\Wujo\GG dysk 2015-01-02 11:37 - 2009-08-22 07:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works 2015-01-01 14:46 - 2012-08-05 08:46 - 00000000 ____D () C:\eWyciągi BZWBK 2015-01-01 14:45 - 2012-05-18 23:02 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\PhotoScape 2015-01-01 14:44 - 2013-12-04 14:13 - 00000000 ____D () C:\ProgramData\Video Strip Poker Supreme 2015-01-01 14:44 - 2013-02-23 20:50 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\ipla 2015-01-01 14:44 - 2011-03-20 20:54 - 00000000 ____D () C:\Users\Wujo\AppData\Local\VirtualStore 2015-01-01 14:43 - 2013-11-08 14:26 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-01 14:43 - 2011-12-01 18:48 - 00000000 ____D () C:\ProgramData\Arcade Lab 2015-01-01 14:43 - 2011-11-21 17:13 - 00000000 ____D () C:\Program Files (x86)\Xvid 2015-01-01 14:43 - 2011-07-12 18:49 - 00000000 ____D () C:\Program Files (x86)\WinRAR 2015-01-01 14:43 - 2011-03-21 11:48 - 00000000 ____D () C:\Program Files (x86)\Winamp 2015-01-01 14:42 - 2011-12-17 16:33 - 00000000 ____D () C:\Program Files (x86)\Metin2 2015-01-01 14:42 - 2011-12-14 18:36 - 00000000 ____D () C:\Program Files (x86)\Gadu-Gadu 10 2015-01-01 14:42 - 2011-11-22 21:59 - 00000000 ____D () C:\Program Files (x86)\Dziobas Rar Player 2015-01-01 14:42 - 2011-08-30 08:53 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-01 14:42 - 2011-03-21 11:54 - 00000000 ____D () C:\Program Files (x86)\NAPI-PROJEKT 2015-01-01 14:42 - 2011-03-20 21:00 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-01-01 14:42 - 2009-08-22 07:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant 2015-01-01 14:42 - 2009-08-16 07:29 - 00000000 ___HD () C:\oem 2015-01-01 14:41 - 2009-08-16 06:52 - 00000000 ____D () C:\ProgramData\Adobe 2014-12-31 09:19 - 2013-01-31 11:52 - 00010800 _____ () C:\Users\Wujo\Downloads\Extras.TXT.itqjnld 2014-12-27 15:00 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-23 14:25 - 2012-05-05 15:15 - 17340080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-12-21 08:42 - 2012-05-03 13:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-21 08:42 - 2012-05-03 13:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-12-20 19:09 - 2011-05-12 16:24 - 00000049 _____ () C:\Windows\NeroDigital.ini 2014-12-20 19:08 - 2013-04-11 18:29 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-20 19:08 - 2012-04-26 16:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-20 19:08 - 2011-06-22 11:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-20 19:08 - 2011-03-21 09:33 - 00000000 ____D () C:\Users\Wujo\AppData\Local\Adobe 2014-12-20 15:40 - 2012-05-03 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-19 14:12 - 2012-04-20 15:51 - 00000000 ____D () C:\Users\Wujo\AppData\Local\PokerStars.EU 2014-12-19 14:12 - 2012-04-20 15:51 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU 2014-12-16 14:23 - 2011-12-02 20:00 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Winamp 2014-12-09 08:32 - 2014-06-19 15:32 - 00273104 _____ () C:\Users\Wujo\Downloads\ZWR_Faktura_zbiorowa_761-494-4823-7996_14_12_F012_AK (1).PDF.itqjnld 2014-12-09 08:30 - 2014-06-19 15:32 - 00273104 _____ () C:\Users\Wujo\Downloads\ZWR_Faktura_zbiorowa_761-494-4823-7996_14_12_F012_AK.PDF.itqjnld ZeroAccess: C:\Users\Wujo\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install Some content of TEMP: ==================== C:\Users\Wujo\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Wujo\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Wujo\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Wujo\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Wujo\AppData\Local\Temp\ggsetup1362939402.exe C:\Users\Wujo\AppData\Local\Temp\htmlayout.dll C:\Users\Wujo\AppData\Local\Temp\installstats.exe C:\Users\Wujo\AppData\Local\Temp\ipl5DD3.tmp.exe C:\Users\Wujo\AppData\Local\Temp\iplDB9F.tmp.exe C:\Users\Wujo\AppData\Local\Temp\iv_uninstall.exe C:\Users\Wujo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Wujo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Wujo\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Wujo\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\Wujo\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Wujo\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe C:\Users\Wujo\AppData\Local\Temp\oi_{BEBE0F23-231A-455A-81D3-A64B66EF11B7}.exe C:\Users\Wujo\AppData\Local\Temp\sqlite3.dll C:\Users\Wujo\AppData\Local\Temp\sqlite3.exe C:\Users\Wujo\AppData\Local\Temp\t.dll C:\Users\Wujo\AppData\Local\Temp\tmp143.exe C:\Users\Wujo\AppData\Local\Temp\tmp24.exe C:\Users\Wujo\AppData\Local\Temp\tmp240.exe C:\Users\Wujo\AppData\Local\Temp\tmp322.exe C:\Users\Wujo\AppData\Local\Temp\tmp360.exe C:\Users\Wujo\AppData\Local\Temp\tmp46.exe C:\Users\Wujo\AppData\Local\Temp\tmp54.exe C:\Users\Wujo\AppData\Local\Temp\tmp68.exe C:\Users\Wujo\AppData\Local\Temp\toolbar10430055.exe C:\Users\Wujo\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Wujo\AppData\Local\Temp\UNINSTALL.exe C:\Users\Wujo\AppData\Local\Temp\uninstall10549006.exe C:\Users\Wujo\AppData\Local\Temp\uttA7E2.tmp.exe C:\Users\Wujo\AppData\Local\Temp\uttD09.tmp.exe C:\Users\Wujo\AppData\Local\Temp\_is232D.exe C:\Users\Wujo\AppData\Local\Temp\_is77BE.exe C:\Users\Wujo\AppData\Local\Temp\_isCBA7.exe C:\Users\Wujo\AppData\Local\Temp\_unps.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2015-01-06 04:43 ==================== End Of Log ============================