Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013 Ran by axis (administrator) on AXIS-KOMPUTER on 24-12-2013 15:19:08 Running from C:\Users\axis\Pictures\fix Windows 8 Pro (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [BtPreLoad] - "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe" HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-24] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [ALLUpdate] - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2995712 2013-01-23] (ALLPlayer Group Ltd.) HKCU\...\Run: [Facebook Update] - C:\Users\axis\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-28] (Facebook Inc.) HKCU\...\Run: [Google Update] - C:\Users\axis\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-15] (Google Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?affID=119293&tt=gc_190513_215&babsrc=HP_ss&mntrId=EC71166D57B8FAAE SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119293&tt=gc_190513_215&babsrc=SP_ss&mntrId=EC71166D57B8FAAE BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\axis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\axis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\axis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\axis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\axis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\axis\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: hxxp://www.google.com/webhp?source=search_app CHR RestoreOnStartup: "hxxp://www.google.com/webhp?source=search_app" CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.110.22) - C:\WINDOWS\SysWOW64\npDeployJava1.dll No File CHR Extension: (Google Docs) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0 CHR Extension: (Google Search) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (AdBlock) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0 CHR Extension: (avast! Online Security) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0 CHR Extension: (Torntv 2) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0 CHR Extension: (Google Wallet) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR Extension: (Space Planet) - C:\Users\axis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.1_0 CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-24] (AVAST Software) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2013-12-24] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2013-12-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-16] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1034464 2013-12-24] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422216 2013-12-24] (AVAST Software) R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [82744 2013-12-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-24] () S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [x] S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-24 15:18 - 2013-12-24 15:18 - 00000000 ____D C:\FRST 2013-12-24 12:34 - 2013-12-24 12:34 - 00082744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2013-12-23 21:35 - 2013-12-23 21:35 - 00000000 ____D C:\Users\axis\AppData\Roaming\AVAST Software 2013-12-23 21:32 - 2013-12-23 21:32 - 00453144 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-22 00:23 - 2013-12-22 00:23 - 00091738 _____ C:\Users\axis\Downloads\message.wav 2013-12-17 16:57 - 2013-12-23 11:44 - 00000000 ____D C:\Users\axis\Desktop\pij mleko będziesz miękki 2013-12-17 16:42 - 2013-12-17 16:42 - 00004746 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log 2013-12-17 16:42 - 2013-12-17 16:42 - 00000000 ____D C:\ProgramData\Oracle 2013-12-17 16:42 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-12-17 16:42 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-12-17 16:42 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-12-17 16:42 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-12-17 16:40 - 2013-12-17 16:40 - 00915368 _____ (Oracle Corporation) C:\Users\axis\Downloads\chromeinstall-7u45.exe 2013-12-16 22:26 - 2013-11-19 11:21 - 00267936 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2013-12-16 19:36 - 2013-12-24 12:34 - 00001970 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-12-12 11:37 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-12-12 11:37 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-12-12 11:37 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-12-12 11:37 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-12-12 11:37 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-12-12 11:37 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-12-12 11:37 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-12-12 11:37 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-12-12 11:37 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-12-12 11:37 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-12-12 11:37 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-12-12 11:37 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-12-12 11:37 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-12-12 11:37 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-12-12 11:37 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2013-12-12 11:37 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2013-12-12 11:37 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2013-12-12 11:37 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2013-12-12 11:37 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2013-12-12 11:37 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2013-12-12 11:37 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2013-12-12 11:37 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2013-12-12 11:37 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2013-12-12 11:37 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2013-12-12 11:37 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2013-12-12 11:37 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2013-12-12 11:37 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2013-12-12 11:37 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2013-12-12 11:37 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2013-12-12 11:37 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-12-12 11:37 - 2013-10-03 23:09 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml 2013-12-12 11:37 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2013-12-12 11:37 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2013-12-12 11:37 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2013-12-12 11:37 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-12-12 11:37 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2013-12-12 11:37 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2013-12-12 11:37 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2013-12-12 11:37 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2013-12-12 11:36 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2013-12-12 11:36 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-12-12 11:36 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-12-12 11:36 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-12-12 11:36 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-12-12 11:36 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe 2013-12-12 11:36 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll 2013-12-12 11:36 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll 2013-12-12 11:36 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx 2013-12-12 11:36 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe 2013-12-12 11:36 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll 2013-12-12 11:36 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll 2013-12-12 11:36 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2013-12-09 13:23 - 2013-12-09 13:23 - 00000000 ____D C:\Users\axis\Desktop\mg 2013-12-09 12:44 - 2013-12-09 12:44 - 12598585 _____ C:\Users\axis\Desktop\Zeland Vadim - Transerfing Rzeczywistości (tom 1-8).zip 2013-12-08 22:18 - 2013-12-08 22:18 - 00000199 _____ C:\Users\axis\Documents\krakow.txt 2013-12-02 20:47 - 2013-12-17 16:52 - 00000000 ____D C:\Users\axis\AppData\Roaming\vlc 2013-12-02 20:46 - 2013-12-02 20:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-12-02 20:42 - 2013-12-02 20:43 - 24489269 _____ C:\Users\axis\Downloads\vlc-2.1.1-win32.exe 2013-12-01 19:31 - 2013-12-01 19:32 - 00000000 ____D C:\Users\axis\Downloads\877 2013-12-01 19:21 - 2013-12-01 19:21 - 16488094 _____ C:\Users\axis\Downloads\877.rar 2013-12-01 18:12 - 2013-12-01 19:33 - 00000000 ____D C:\Users\axis\Desktop\Łucznik 2013-12-01 17:38 - 2013-12-01 17:40 - 17334272 _____ C:\Users\axis\Downloads\Avon breaks and performance nov 2013.xls ==================== One Month Modified Files and Folders ======= 2013-12-24 15:18 - 2013-12-24 15:18 - 00000000 ____D C:\FRST 2013-12-24 15:10 - 2013-02-28 22:37 - 00001082 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-741369985-1679458414-1453751500-1000UA.job 2013-12-24 15:09 - 2013-02-28 22:37 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-741369985-1679458414-1453751500-1000Core.job 2013-12-24 15:08 - 2013-01-30 23:17 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-24 14:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru 2013-12-24 13:32 - 2013-02-28 22:27 - 00000952 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-741369985-1679458414-1453751500-1000UA.job 2013-12-24 13:18 - 2013-01-31 14:24 - 00000000 ____D C:\Users\axis\AppData\Roaming\Skype 2013-12-24 12:41 - 2013-01-30 23:25 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-741369985-1679458414-1453751500-1000 2013-12-24 12:36 - 2013-01-30 23:17 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-24 12:36 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-24 12:35 - 2013-01-30 22:55 - 01673025 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-24 12:35 - 2013-01-30 22:45 - 00120174 _____ C:\WINDOWS\PFRO.log 2013-12-24 12:34 - 2013-12-24 12:34 - 00082744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2013-12-24 12:34 - 2013-12-16 19:36 - 00001970 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-12-24 12:34 - 2013-03-03 21:50 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-12-24 12:34 - 2013-01-30 23:17 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-12-24 12:34 - 2013-01-30 23:17 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-12-24 12:34 - 2013-01-30 23:17 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-12-24 12:34 - 2013-01-30 23:17 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-12-24 12:34 - 2013-01-30 23:17 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2013-12-24 12:34 - 2013-01-30 23:14 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-12-24 12:33 - 2012-07-26 10:51 - 00794946 _____ C:\WINDOWS\system32\perfh015.dat 2013-12-24 12:33 - 2012-07-26 10:51 - 00159530 _____ C:\WINDOWS\system32\perfc015.dat 2013-12-24 12:33 - 2012-07-26 08:28 - 01793398 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-23 23:54 - 2013-08-12 12:29 - 00000000 ____D C:\Users\axis\Downloads\programy 2013-12-23 22:32 - 2013-02-28 22:27 - 00000930 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-741369985-1679458414-1453751500-1000Core.job 2013-12-23 21:44 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2013-12-23 21:35 - 2013-12-23 21:35 - 00000000 ____D C:\Users\axis\AppData\Roaming\AVAST Software 2013-12-23 21:32 - 2013-12-23 21:32 - 00453144 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-23 11:44 - 2013-12-17 16:57 - 00000000 ____D C:\Users\axis\Desktop\pij mleko będziesz miękki 2013-12-22 22:52 - 2013-01-31 20:26 - 00000000 ____D C:\Users\axis\AppData\Roaming\.purple 2013-12-22 00:23 - 2013-12-22 00:23 - 00091738 _____ C:\Users\axis\Downloads\message.wav 2013-12-19 19:43 - 2013-01-31 14:24 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-19 19:43 - 2013-01-31 14:24 - 00000000 ____D C:\ProgramData\Skype 2013-12-19 17:33 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-12-17 16:52 - 2013-12-02 20:47 - 00000000 ____D C:\Users\axis\AppData\Roaming\vlc 2013-12-17 16:42 - 2013-12-17 16:42 - 00004746 _____ C:\WINDOWS\SysWOW64\jupdate-1.7.0_45-b18.log 2013-12-17 16:42 - 2013-12-17 16:42 - 00000000 ____D C:\ProgramData\Oracle 2013-12-17 16:42 - 2013-07-10 14:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-12-17 16:40 - 2013-12-17 16:40 - 00915368 _____ (Oracle Corporation) C:\Users\axis\Downloads\chromeinstall-7u45.exe 2013-12-17 14:08 - 2013-01-30 23:17 - 00000000 ____D C:\Users\axis\AppData\Local\Google 2013-12-16 19:35 - 2013-03-03 21:50 - 00065776 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-12-16 19:35 - 2013-01-30 23:17 - 00092544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2013-12-16 19:31 - 2013-01-30 23:13 - 00000000 ____D C:\ProgramData\AVAST Software 2013-12-16 19:30 - 2013-01-30 23:17 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt 2013-12-15 20:15 - 2013-07-23 10:29 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-15 20:13 - 2013-01-31 23:26 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-12-15 16:13 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2013-12-10 12:11 - 2013-02-18 16:17 - 00000000 ____D C:\Users\axis\AppData\Roaming\Azureus 2013-12-10 11:38 - 2013-02-18 16:17 - 00000000 ____D C:\Program Files\Vuze 2013-12-10 10:41 - 2013-01-29 00:25 - 00000000 ____D C:\Users\axis\AppData\Local\Packages 2013-12-09 22:03 - 2013-01-30 23:17 - 00004044 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-09 22:03 - 2013-01-30 23:17 - 00003808 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-09 13:23 - 2013-12-09 13:23 - 00000000 ____D C:\Users\axis\Desktop\mg 2013-12-09 12:44 - 2013-12-09 12:44 - 12598585 _____ C:\Users\axis\Desktop\Zeland Vadim - Transerfing Rzeczywistości (tom 1-8).zip 2013-12-08 22:18 - 2013-12-08 22:18 - 00000199 _____ C:\Users\axis\Documents\krakow.txt 2013-12-06 15:05 - 2013-02-28 22:37 - 00004026 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-741369985-1679458414-1453751500-1000UA 2013-12-06 15:05 - 2013-02-28 22:37 - 00003646 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-741369985-1679458414-1453751500-1000Core 2013-12-04 01:53 - 2013-11-13 21:56 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-12-04 01:53 - 2013-11-13 21:56 - 00078304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-02 20:46 - 2013-12-02 20:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-12-02 20:43 - 2013-12-02 20:42 - 24489269 _____ C:\Users\axis\Downloads\vlc-2.1.1-win32.exe 2013-12-01 19:33 - 2013-12-01 18:12 - 00000000 ____D C:\Users\axis\Desktop\Łucznik 2013-12-01 19:32 - 2013-12-01 19:31 - 00000000 ____D C:\Users\axis\Downloads\877 2013-12-01 19:21 - 2013-12-01 19:21 - 16488094 _____ C:\Users\axis\Downloads\877.rar 2013-12-01 17:40 - 2013-12-01 17:38 - 17334272 _____ C:\Users\axis\Downloads\Avon breaks and performance nov 2013.xls 2013-11-26 12:44 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache 2013-11-25 10:26 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore 2013-11-25 10:26 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions Some content of TEMP: ==================== C:\Users\axis\AppData\Local\Temp\GenericUninstall.exe C:\Users\axis\AppData\Local\Temp\htmlayout.dll C:\Users\axis\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\axis\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\axis\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\axis\AppData\Local\Temp\mgsqlite3.dll C:\Users\axis\AppData\Local\Temp\mSejfSetup.exe C:\Users\axis\AppData\Local\Temp\nitro_reader3_64.exe C:\Users\axis\AppData\Local\Temp\nitro_reader3_x64.exe C:\Users\axis\AppData\Local\Temp\setup.exe C:\Users\axis\AppData\Local\Temp\SkypeSetup.exe C:\Users\axis\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\axis\AppData\Local\Temp\toolbar459468890.exe C:\Users\axis\AppData\Local\Temp\toolbar459515281.exe C:\Users\axis\AppData\Local\Temp\uninst1.exe C:\Users\axis\AppData\Local\Temp\uninstall227468.exe C:\Users\axis\AppData\Local\Temp\uninstall227593.exe C:\Users\axis\AppData\Local\Temp\uninstaller.exe C:\Users\axis\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-19 17:53 ==================== End Of Log ============================