Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02 Ran by Wujo (administrator) on WUJO-KOMPUTER on 14-01-2015 13:44:09 Running from F:\Zawirusowania konkretne Loaded Profile: Wujo (Available profiles: Wujo) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-13] (AVAST Software) HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Wujo\AppData\Local\Google\Desktop\Install\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\Policies\Explorer\Run: [Wistron] => C:\Users\Wujo\AppData\Roaming\CAD8B9\CAD8B9.exe HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\MountPoints2: {13487492-a71f-11e2-a9af-001d6073c963} - F:\Startme.exe HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\MountPoints2: {22f2c42e-ca5c-11e0-90ef-0016d3635b4f} - E:\LaunchU3.exe -a HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\MountPoints2: {2acf0410-0f39-11e4-b1f0-00262d626027} - F:\AutoRun.exe HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\MountPoints2: {66f81e90-4f0c-11e1-9b0b-001d6073c963} - E:\Setup.exe HKU\S-1-5-21-3326234350-4050991087-374296464-1000\...\MountPoints2: {e6dad10e-a58b-11e0-a5fe-0016d3635b4f} - F:\MicroLauncher.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-3326234350-4050991087-374296464-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0415&m=easynote_tj65&r=27360311i3c6l0390z1h5f48l1u56o StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 -> {2F3F70DB-19ED-4AE2-829E-ED7ABDD6D638} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={71AE8812-1669-4581-B398-F540214F14E5} SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://search.certified-toolbar.com?si=44393&st=bs&tid=3820&ver=4.9&ts=1369248523355.000003&tguid=44393-3820-1369248523355-DA54B3E4B3DA9B82F6E7C5AAB0157A9E&q={searchTerms} SearchScopes: HKLM-x32 -> {F2F5CBE5-319A-4C34-926D-CEBA8A09E870} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {1DD5C10A-E446-4FEC-8511-6F13CDC8C221} URL = http://startsear.ch/?aff=1&src=sp&cf=52e8ba86-3711-11e1-bd44-001d6073c963&q={searchTerms} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {2F3F70DB-19ED-4AE2-829E-ED7ABDD6D638} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={71AE8812-1669-4581-B398-F540214F14E5} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {76893B59-8604-4843-9B97-7ECDADBE8CA8} URL = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {D55E9BF4-1D7D-4C25-B1FD-C51D19102329} URL = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=40e7c0cae985426988648692520b0dbe SearchScopes: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> {F2F5CBE5-319A-4C34-926D-CEBA8A09E870} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_plPL423 BHO: webSAive -> {2E3EFEDB-1DF5-5E5B-C5D7-630462260742} -> C:\Program Files (x86)\webSAive\nUkS3p.x64.dll No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name -> {19a395c9-823b-4700-b817-396fc84ffb16} -> No File BHO-x32: webSAive -> {2E3EFEDB-1DF5-5E5B-C5D7-630462260742} -> C:\Program Files (x86)\webSAive\nUkS3p.dll No File BHO-x32: YouTube To ALLPlayer -> {61DB16C5-B733-43F4-872E-B20DC9E72740} -> C:\Program Files (x86)\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HomeTab -> {ca2fbf11-ffbb-49f8-b2fa-345f226e3a74} -> C:\Program Files (x86)\HomeTab\IE\HomeTab.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKLM-x32 - HomeTab - {ca2fbf11-ffbb-49f8-b2fa-345f226e3a74} - C:\Program Files (x86)\HomeTab\IE\HomeTab.dll No File Toolbar: HKLM-x32 - No Name - {19a395c9-823b-4700-b817-396fc84ffb16} - No File Toolbar: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3326234350-4050991087-374296464-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4FF464A0-FFEC-4C85-BF1C-388FF7A1B39A}: [NameServer] 156.154.70.25,156.154.71.25 FireFox: ======== FF ProfilePath: C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (StartSearch ) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\searchplugins\search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: No Name - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\aiuaoe@yapcdgdwxw.edu [2014-02-04] FF Extension: Browse2saVe - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\ierj@pgls-.org [2013-03-10] FF Extension: AdBlocknWatchu - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\iou9.ia@oaizeieeiy.net [2014-02-11] FF Extension: Iplex to ALLPlayer - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\IplextoALL@ALLPlayer.org [2011-11-22] FF Extension: webSAive - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\kbvsws@uuiyuou.org [2014-02-04] FF Extension: No Name - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\PrivDog@AdTrustMedia.com [2014-06-19] FF Extension: ExxsTriaSaviungs - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\uixxt@omsaack.edu [2014-02-27] FF Extension: SearchNewTab - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\z18ckt9@ogweio.co.uk [2013-09-03] FF Extension: savensshaeRe - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\zy2lvl1_l@jzhxdvb-f.net [2013-09-03] FF Extension: No Name - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\509244afe76ac@509244afe76e5.com.xpi [2012-11-01] FF Extension: No Name - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2011-10-16] FF Extension: No Name - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi [2012-05-20] FF Extension: No Name - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\YouTubetoALL@ALLPlayer.org.xpi [2012-10-31] FF Extension: No Name - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\{cde38172-4160-4091-bf76-de675198d659}.xpi [2012-07-23] FF Extension: No Name - C:\Users\Wujo\AppData\Roaming\Mozilla\Firefox\Profiles\qpqp3jr3.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-07-26] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-20] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-03] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Wujo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Extension Developer) - C:\Users\Wujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbohohgejljnmeniodpkfijkinkpkpd [2014-12-31] CHR Extension: (Avast Online Security) - C:\Users\Wujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-03] CHR Extension: (Google Wallet) - C:\Users\Wujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23] CHR HKLM-x32\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files (x86)\StartSearch plugin\startsplg.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05] CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-05] (AVAST Software) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated) S4 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.) S4 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] S4 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\ \...\???\{ac61f76f-e3bf-090c-101a-0e87fecfa713}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-05] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2015-01-08] () S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2015-01-08] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] U2 wuaserv; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 13:33 - 2015-01-14 13:33 - 00000000 ____D () C:\TDSSKiller_Quarantine 2015-01-13 17:59 - 2015-01-05 00:15 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-13 17:31 - 2015-01-13 17:32 - 04978536 _____ (AVAST Software) C:\Users\Wujo\Downloads\avast_premier_antivirus_setup_online.exe 2015-01-13 14:36 - 2015-01-13 14:36 - 00000665 _____ () C:\INSTALL.LOG 2015-01-13 12:51 - 2015-01-13 12:51 - 00001313 _____ () C:\Users\Wujo\Desktop\Advanced Uninstaller PRO 2003.lnk 2015-01-13 12:51 - 2015-01-13 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 2003 version 5 2015-01-13 12:51 - 2015-01-13 12:51 - 00000000 ____D () C:\Program Files (x86)\Innovative Technologies 2015-01-08 19:58 - 2015-01-08 19:58 - 00000000 _____ () C:\Users\Wujo\Desktop\ggg.log 2015-01-08 19:35 - 2015-01-08 19:35 - 00000000 _____ () C:\Users\Wujo\Desktop\cccc.log 2015-01-08 09:46 - 2015-01-08 09:46 - 00000000 ____D () C:\Users\Wujo\AppData\Local\IDTool 2015-01-08 09:38 - 2015-01-08 09:46 - 00000000 ____D () C:\bb375dd6bb4cad2432b4c8df 2015-01-06 17:00 - 2015-01-14 13:44 - 00000000 ____D () C:\FRST 2015-01-06 15:16 - 2015-01-08 21:04 - 00000000 ____D () C:\Windows\pss 2015-01-06 15:06 - 2015-01-06 12:51 - 00008192 _____ () C:\shldr.mbr 2015-01-06 12:51 - 2015-01-06 12:51 - 00001785 _____ () C:\Users\Wujo\Desktop\SpyHunter4.exe — skrót.lnk 2015-01-06 12:50 - 2015-01-08 08:18 - 00396848 _____ () C:\spyhunter.fix 2015-01-06 12:50 - 2012-11-02 15:23 - 00285747 _____ () C:\shldr 2015-01-06 12:49 - 2015-01-13 14:36 - 00000000 ____D () C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP 2015-01-06 12:49 - 2015-01-06 12:49 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2015-01-06 00:29 - 2015-01-06 00:29 - 00000000 ____D () C:\Windows\system32\%LocalAppData% 2015-01-06 00:26 - 2015-01-06 00:26 - 00291632 _____ () C:\Windows\Minidump\010615-72072-01.dmp 2015-01-05 01:25 - 2015-01-05 01:25 - 00000000 ___HD () C:\$AVG 2015-01-05 00:31 - 2015-01-05 00:31 - 00000000 _____ () C:\autoexec.bat 2015-01-05 00:15 - 2015-01-05 00:15 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-01-05 00:15 - 2015-01-05 00:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-05 00:15 - 2015-01-05 00:15 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-05 00:00 - 2015-01-05 00:00 - 00001897 _____ () C:\Users\Wujo\Desktop\ShadowExplorer.lnk 2015-01-05 00:00 - 2015-01-05 00:00 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\www.shadowexplorer.com 2015-01-05 00:00 - 2015-01-05 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2015-01-05 00:00 - 2015-01-05 00:00 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer 2015-01-04 21:49 - 2015-01-04 21:49 - 00000049 _____ () C:\Users\Wujo\Desktop\antymalware.txt 2015-01-04 21:12 - 2015-01-13 21:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-04 21:10 - 2015-01-04 21:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-01-04 21:08 - 2015-01-04 21:12 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-04 21:08 - 2015-01-04 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-04 21:07 - 2015-01-04 21:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-04 21:07 - 2015-01-04 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-04 21:07 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-04 21:07 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-04 21:07 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-04 20:34 - 2015-01-04 20:34 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-04 18:04 - 2015-01-04 18:04 - 00291752 _____ () C:\Windows\Minidump\010415-41168-01.dmp 2015-01-04 18:00 - 2015-01-04 18:00 - 00000000 __SHD () C:\found.000 2015-01-04 14:05 - 2015-01-04 14:08 - 00000000 ____D () C:\Users\Wujo\Desktop\do odzyskania 2015-01-04 12:30 - 2015-01-04 12:30 - 00291752 _____ () C:\Windows\Minidump\010415-554162-01.dmp 2015-01-03 17:37 - 2015-01-03 17:37 - 00291752 _____ () C:\Windows\Minidump\010315-67267-01.dmp 2015-01-03 17:27 - 2015-01-03 17:27 - 00291752 _____ () C:\Windows\Minidump\010315-71089-01.dmp 2015-01-03 17:12 - 2015-01-06 12:53 - 538053552 _____ () C:\Windows\MEMORY.DMP 2015-01-03 17:12 - 2015-01-03 17:12 - 00291752 _____ () C:\Windows\Minidump\010315-1122224-01.dmp 2015-01-03 16:33 - 2015-01-03 16:33 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\AVAST Software 2015-01-03 16:32 - 2015-01-13 18:00 - 00002022 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk 2015-01-03 16:32 - 2015-01-13 18:00 - 00001962 _____ () C:\Users\Public\Desktop\Avast Premier.lnk 2015-01-03 16:32 - 2015-01-03 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-03 16:30 - 2015-01-13 17:59 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-03 16:30 - 2015-01-13 17:59 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-03 16:30 - 2015-01-05 00:15 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-03 16:30 - 2015-01-05 00:15 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2015-01-03 16:23 - 2015-01-03 16:23 - 00096640 _____ () C:\Users\Wujo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-03 16:22 - 2015-01-14 13:36 - 00003590 _____ () C:\Windows\setupact.log 2015-01-03 16:22 - 2015-01-03 16:22 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-03 16:21 - 2015-01-13 19:20 - 00234602 _____ () C:\Windows\PFRO.log 2015-01-03 16:08 - 2015-01-03 16:19 - 191729711 _____ (Avast! Premier 2015 - 10.0.2206) C:\Users\Wujo\Downloads\Avast! Premier 2015 10.0.2206 + Crack [BRSHARES].exe 2015-01-03 15:56 - 2015-01-03 15:56 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2015-01-03 15:55 - 2015-01-03 15:55 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-03 15:40 - 2015-01-03 16:28 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-03 15:23 - 2015-01-03 15:38 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Wise Disk Cleaner 2015-01-03 15:23 - 2015-01-03 15:25 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Wise Registry Cleaner 2015-01-03 15:23 - 2015-01-03 15:23 - 00001239 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2015-01-03 15:23 - 2015-01-03 15:23 - 00001216 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk 2015-01-03 15:23 - 2015-01-03 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2015-01-03 15:23 - 2015-01-03 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner 2015-01-03 15:23 - 2015-01-03 15:23 - 00000000 ____D () C:\Program Files (x86)\Wise 2015-01-03 15:15 - 2015-01-03 15:15 - 00000844 _____ () C:\Users\Wujo\Desktop\BitTorrent.lnk 2015-01-03 15:14 - 2015-01-03 16:20 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\BitTorrent 2015-01-03 15:14 - 2015-01-03 15:14 - 00000000 ____D () C:\ProgramData\APN 2015-01-03 15:13 - 2015-01-03 15:13 - 01691224 _____ (BitTorrent Inc.) C:\Users\Wujo\Downloads\BitTorrent.exe 2015-01-03 08:18 - 2015-01-03 08:18 - 00004651 _____ () C:\how_decrypt.html 2015-01-03 08:18 - 2015-01-03 08:18 - 00000000 ____D () C:\ProgramData\efywb 2015-01-02 12:38 - 2015-01-03 17:29 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Onbilo 2015-01-02 11:58 - 2015-01-02 11:58 - 03148854 _____ () C:\Users\Wujo\Documents\Decrypt All Files itqjnld.bmp 2015-01-02 11:58 - 2015-01-02 11:58 - 00001240 _____ () C:\Users\Wujo\Documents\Decrypt All Files itqjnld.txt 2015-01-01 14:56 - 2014-12-09 08:31 - 00049936 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_12_F012_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-11-15 09:27 - 00049408 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_11_F011_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-11-03 16:33 - 00013600 _____ () C:\Users\Wujo\Downloads\J-Wi Jadłospis.DOC.itqjnld 2015-01-01 14:56 - 2014-10-13 10:15 - 00052368 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_10_F010_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-08-31 08:14 - 00054112 _____ () C:\Users\Wujo\Downloads\obsada nr 3 27.08.2014 roda.XLS.itqjnld 2015-01-01 14:56 - 2014-08-31 08:14 - 00054112 _____ () C:\Users\Wujo\Downloads\obsada nr 3 27.08.2014 roda (1).XLS.itqjnld 2015-01-01 14:56 - 2014-08-11 13:56 - 00051824 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_08_F008_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-07-29 07:43 - 00045152 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_07_F007_AA.PDF.itqjnld 2015-01-01 14:56 - 2014-05-23 16:46 - 00018096 _____ () C:\Users\Wujo\Documents\g1 kody.DOC.itqjnld 2015-01-01 14:56 - 2014-05-19 12:14 - 00048704 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_05_F005_Z.PDF.itqjnld 2015-01-01 14:56 - 2014-03-17 14:58 - 00072576 _____ () C:\Users\Wujo\Downloads\tmp1A0.PDF.itqjnld 2015-01-01 14:56 - 2014-02-10 19:04 - 00050960 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_14_02_F002_Z.PDF.itqjnld 2015-01-01 14:56 - 2013-10-15 10:38 - 00049632 _____ () C:\Users\Wujo\Downloads\ZWR_Specyfikacja_faktury_zbiorowej_761-494-4823-7996_13_10_F010_Y.PDF.itqjnld 2015-01-01 14:56 - 2013-06-01 08:55 - 00044352 _____ () C:\Users\Wujo\Downloads\statement_0245_20130527.PDF.itqjnld 2015-01-01 14:56 - 2013-05-03 16:01 - 00005440 _____ () C:\Users\Wujo\Documents\DATA.DOC.itqjnld 2015-01-01 14:56 - 2013-05-03 15:01 - 00073648 _____ () C:\Users\Wujo\Documents\Dokument1.PDF.itqjnld 2015-01-01 14:41 - 2015-01-01 14:41 - 00002828 _____ () C:\Windows\System32\Tasks\nvbinif 2014-12-31 08:44 - 2014-12-31 08:44 - 00000000 ____D () C:\Windows\system32\log 2014-12-31 08:29 - 2014-12-31 08:29 - 00000288 _____ () C:\Users\Wujo\AppData\Roaming\41710310.reg 2014-12-25 23:17 - 2015-01-03 17:29 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Fosyryg 2014-12-20 15:38 - 2014-12-20 15:39 - 13087456 _____ (Microsoft Corporation) C:\Users\Wujo\Downloads\Silverlight_x64.exe 2014-12-17 08:46 - 2014-12-17 08:46 - 00244328 _____ () C:\Users\Wujo\Downloads\Firefox Setup Stub 34.0.5.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 13:43 - 2009-07-14 05:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-14 13:43 - 2009-07-14 05:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-14 13:36 - 2014-08-30 07:49 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-14 13:36 - 2014-02-04 07:44 - 00000426 ____H () C:\Windows\Tasks\WS.Enabler-S-71009536.job 2015-01-14 13:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-14 13:30 - 2014-08-30 07:49 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-14 13:30 - 2013-04-11 18:29 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-08 23:08 - 2013-03-15 13:30 - 00088480 _____ () C:\Windows\system32\Drivers\atksgt.sys 2015-01-08 23:08 - 2013-03-15 13:30 - 00046400 _____ () C:\Windows\system32\Drivers\lirsgt.sys 2015-01-08 20:59 - 2014-02-11 18:54 - 00000266 __RSH () C:\ProgramData\ntuser.pol 2015-01-08 09:45 - 2011-03-20 20:46 - 01214920 _____ () C:\Windows\WindowsUpdate.log 2015-01-08 09:43 - 2011-03-21 05:37 - 00749542 _____ () C:\Windows\system32\perfh015.dat 2015-01-08 09:43 - 2011-03-21 05:37 - 00160988 _____ () C:\Windows\system32\perfc015.dat 2015-01-08 09:43 - 2009-07-14 06:13 - 01709972 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-08 09:42 - 2011-03-21 09:24 - 01635538 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-06 18:30 - 2013-01-09 01:08 - 00019456 ___SH () C:\Users\Wujo\Documents\Thumbs.db 2015-01-06 00:26 - 2011-06-23 12:39 - 00000000 ____D () C:\Windows\Minidump 2015-01-05 21:59 - 2013-03-04 10:48 - 00000000 ____D () C:\Users\Wujo\Downloads\Pierdoły 2015-01-05 20:47 - 2011-03-20 20:54 - 00000000 ____D () C:\Users\Wujo 2015-01-05 20:05 - 2012-01-03 20:19 - 00000000 ____D () C:\filmy 2015-01-04 17:48 - 2009-08-16 06:54 - 00000000 ____D () C:\ProgramData\Norton 2015-01-04 14:10 - 2012-01-15 10:57 - 00000000 ____D () C:\muza1 2015-01-04 12:36 - 2013-10-08 14:56 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-01-04 10:36 - 2013-09-06 13:02 - 00000000 ___HD () C:\Users\Wujo\SSYPV 2015-01-03 19:27 - 2014-12-01 16:52 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-03 19:25 - 2014-11-20 18:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-03 16:22 - 2009-07-14 05:45 - 02326752 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-03 15:30 - 2011-07-12 18:46 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\DAEMON Tools Lite 2015-01-03 15:26 - 2012-01-27 17:30 - 00000000 ____D () C:\Users\Wujo\Desktop\programy 2015-01-03 15:26 - 2011-12-02 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2015-01-03 15:26 - 2011-11-22 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt 2015-01-03 15:26 - 2011-11-21 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid 2015-01-03 15:26 - 2011-08-30 08:54 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-03 15:26 - 2011-08-30 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-03 15:26 - 2009-08-22 06:58 - 00000000 __RHD () C:\MSOCache 2015-01-03 15:26 - 2009-07-27 21:41 - 00000000 ____D () C:\Windows\Panther 2015-01-03 15:02 - 2014-08-30 07:48 - 00000000 ____D () C:\Users\Wujo\AppData\Local\Deployment 2015-01-03 08:18 - 2014-05-22 20:23 - 00040592 _____ () C:\Program1.RPT 2015-01-02 11:47 - 2013-04-29 14:53 - 00000000 ____D () C:\Users\Wujo\AppData\Local\Symantec 2015-01-02 11:40 - 2013-03-10 19:19 - 00000000 ___SD () C:\Users\Wujo\GG dysk 2015-01-02 11:37 - 2009-08-22 07:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works 2015-01-01 14:46 - 2014-02-12 16:01 - 00000000 ____D () C:\Users\Wujo\Documents\Madej&Nowak 2015-01-01 14:46 - 2012-08-05 08:46 - 00000000 ____D () C:\eWyciągi BZWBK 2015-01-01 14:45 - 2012-05-18 23:02 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\PhotoScape 2015-01-01 14:44 - 2013-12-04 14:13 - 00000000 ____D () C:\ProgramData\Video Strip Poker Supreme 2015-01-01 14:44 - 2013-02-23 20:50 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\ipla 2015-01-01 14:44 - 2011-03-20 20:54 - 00000000 ____D () C:\Users\Wujo\AppData\Local\VirtualStore 2015-01-01 14:43 - 2013-11-08 14:26 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-01 14:43 - 2011-12-01 18:48 - 00000000 ____D () C:\ProgramData\Arcade Lab 2015-01-01 14:43 - 2011-11-21 17:13 - 00000000 ____D () C:\Program Files (x86)\Xvid 2015-01-01 14:43 - 2011-07-12 18:49 - 00000000 ____D () C:\Program Files (x86)\WinRAR 2015-01-01 14:43 - 2011-03-21 11:48 - 00000000 ____D () C:\Program Files (x86)\Winamp 2015-01-01 14:42 - 2011-12-17 16:33 - 00000000 ____D () C:\Program Files (x86)\Metin2 2015-01-01 14:42 - 2011-12-14 18:36 - 00000000 ____D () C:\Program Files (x86)\Gadu-Gadu 10 2015-01-01 14:42 - 2011-11-22 21:59 - 00000000 ____D () C:\Program Files (x86)\Dziobas Rar Player 2015-01-01 14:42 - 2011-08-30 08:53 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-01 14:42 - 2011-03-21 11:54 - 00000000 ____D () C:\Program Files (x86)\NAPI-PROJEKT 2015-01-01 14:42 - 2011-03-20 21:00 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-01-01 14:42 - 2009-08-22 07:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant 2015-01-01 14:42 - 2009-08-16 07:29 - 00000000 ___HD () C:\oem 2015-01-01 14:41 - 2009-08-16 06:52 - 00000000 ____D () C:\ProgramData\Adobe 2014-12-31 09:19 - 2013-01-31 11:52 - 00010800 _____ () C:\Users\Wujo\Downloads\Extras.TXT.itqjnld 2014-12-27 15:00 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-23 14:25 - 2012-05-05 15:15 - 17340080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-12-21 08:42 - 2012-05-03 13:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-21 08:42 - 2012-05-03 13:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-12-20 19:09 - 2011-05-12 16:24 - 00000049 _____ () C:\Windows\NeroDigital.ini 2014-12-20 19:08 - 2013-04-11 18:29 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-20 19:08 - 2012-04-26 16:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-20 19:08 - 2011-06-22 11:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-20 19:08 - 2011-03-21 09:33 - 00000000 ____D () C:\Users\Wujo\AppData\Local\Adobe 2014-12-20 15:40 - 2012-05-03 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-19 14:12 - 2012-04-20 15:51 - 00000000 ____D () C:\Users\Wujo\AppData\Local\PokerStars.EU 2014-12-19 14:12 - 2012-04-20 15:51 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU 2014-12-16 14:23 - 2011-12-02 20:00 - 00000000 ____D () C:\Users\Wujo\AppData\Roaming\Winamp ZeroAccess: C:\Users\Wujo\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install Some content of TEMP: ==================== C:\Users\Wujo\AppData\Local\Temp\ARS.exe C:\Users\Wujo\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\Wujo\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Wujo\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Wujo\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Wujo\AppData\Local\Temp\ggsetup1362939402.exe C:\Users\Wujo\AppData\Local\Temp\htmlayout.dll C:\Users\Wujo\AppData\Local\Temp\installstats.exe C:\Users\Wujo\AppData\Local\Temp\ipl5DD3.tmp.exe C:\Users\Wujo\AppData\Local\Temp\iplDB9F.tmp.exe C:\Users\Wujo\AppData\Local\Temp\iv_uninstall.exe C:\Users\Wujo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Wujo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Wujo\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Wujo\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Wujo\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe C:\Users\Wujo\AppData\Local\Temp\oi_{BEBE0F23-231A-455A-81D3-A64B66EF11B7}.exe C:\Users\Wujo\AppData\Local\Temp\sqlite3.dll C:\Users\Wujo\AppData\Local\Temp\t.dll C:\Users\Wujo\AppData\Local\Temp\tmp143.exe C:\Users\Wujo\AppData\Local\Temp\tmp24.exe C:\Users\Wujo\AppData\Local\Temp\tmp240.exe C:\Users\Wujo\AppData\Local\Temp\tmp322.exe C:\Users\Wujo\AppData\Local\Temp\tmp360.exe C:\Users\Wujo\AppData\Local\Temp\tmp46.exe C:\Users\Wujo\AppData\Local\Temp\tmp54.exe C:\Users\Wujo\AppData\Local\Temp\tmp68.exe C:\Users\Wujo\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Wujo\AppData\Local\Temp\UNINSTALL.exe C:\Users\Wujo\AppData\Local\Temp\uninstall10549006.exe C:\Users\Wujo\AppData\Local\Temp\uttA7E2.tmp.exe C:\Users\Wujo\AppData\Local\Temp\uttD09.tmp.exe C:\Users\Wujo\AppData\Local\Temp\_is232D.exe C:\Users\Wujo\AppData\Local\Temp\_is77BE.exe C:\Users\Wujo\AppData\Local\Temp\_isCBA7.exe C:\Users\Wujo\AppData\Local\Temp\_unps.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2015-01-14 02:48 ==================== End Of Log ============================