Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Ania (administrator) on MA-KOMPUTER on 20-02-2014 14:45:37
Running from C:\Users\Ania\Desktop\skanowanie antywirusowe
Windows 7 Professional (X64) OS Language: Polish
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) D:\programy\avgrsa.exe
(AVG Technologies CZ, s.r.o.) D:\programy\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) D:\programy\avgidsagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\system32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AudCtrl] - RunDll32 AudCtrl.dll,RCMonitor
HKLM\...\RunOnce: [đW‹=\] - C:\Windows\system32\MsiExec.exe /@ "đW‹=\
VVV+ĂVŃř@PSVV‰Eô˙×‰Eř;Ćt8Pč…ő˙˙Y‰Eü;Ćt*VV˙uřP˙uôSVV˙×…Ŕu˙uüčËá˙˙Y‰uüS˙X
‹Eüë	S˙X
3Ŕ_^[ÉĂĚĚĚĚĚ‹˙V¸¨ľ¨W‹ř;Ćs‹…Ŕt˙ĐÇ;ţrń_^ĂĚĚĚĚĚ‹˙V¸°ľ°W‹ř;Ćs‹…Ŕt˙ĐÇ;ţrń_^ĂĚĚĚĚĚj
h


j
˙d
3É…Ŕ•ÁŁ8¶‹ÁĂĚĚĚĚĚ˙58¶˙h
%8¶
ĂĚĚĚĚĚĚĚĚĚĚhĐ.d˙5


‹D$‰l$Ťl$+ŕSVWˇ` 1Eü3ĹP‰eč˙uř‹EüÇEüţ˙˙˙‰EřŤEđdŁ


Ă‹Mđd‰


Y__^[‹ĺ]QĂĚĚĚĚĚĚĚ‹˙U‹ěěS‹]V‹s35` W‹ĆE˙
ÇEô


Ť{řţt‹NĎ38čřŘ˙˙‹N‹FĎ38ččŘ˙˙‹Eö@f…

‹MŤUč‰Sü‹[‰Eč‰Měűţt_ŤI
Ť[‹L†ŤD†‰Eđ‹
‰Eř…Ét‹×čtR

ĆE˙…Ŕx@G‹Eř‹ŘřţuÎ€}˙
t$‹řţt‹NĎ38čuŘ˙˙‹N‹VĎ3:čeŘ˙˙‹Eô_^[‹ĺ]ĂÇEô


ëÉ‹M9csmŕu)=ô6

t hô6
čÓO

Ä…Ŕt‹UjR˙ô6
Ä‹M‹UčR

‹E9Xth` W‹Ó‹ČčR

‹E‹Mř‰H‹řţt‹NĎ38čß×˙˙‹N‹VĎ3:čĎ×˙˙‹Eđ‹H‹×čŞQ

şţ˙˙˙9S„O˙˙˙h` W‹ËčÁQ

é˙˙˙ĚĚĚĚĚ‹˙U‹ěVčćî˙˙‹đ…ö„2

‹N\‹U‹ÁW9tŔŤą


;ÇrďÁ


;Ás9t3Ŕ…Ŕt‹P…Ňu3Ŕéő


úu`
3Ŕ@éä


ú„Ř


‹MS‹^`‰N`‹Hů…¶


j$Y‹~\d9
Áů


|í‹
‹~d=Ž

Ŕu	ÇFd


ë~=

Ŕu	ÇFd


ën=‘

Ŕu	ÇFd„


ë^=“

Ŕu	ÇFd…


ëN=Ť

Ŕu	ÇFd‚


ë>=Ź

Ŕu	ÇFd†


ë.=’

Ŕu	ÇFdŠ


ë=µ
Ŕu	ÇFdŤ


ë=´
ŔuÇFdŽ


˙vdj˙ŇY‰~dë`
Q˙ŇY‰^`[Č˙_^]ĂĚĚĚĚĚ‹˙U‹ě¸csmŕ9Eu˙uPč™ţ˙˙YY]Ă3Ŕ]ĂĚĚĚĚĚ‹˙U‹ěěˇ` eř
eü
SWżNć@»»

˙˙;Çt…Ăt	÷ĐŁd ëeVŤEřP˙
‹uü3uř˙t
3đ˙ü
3đ˙p
3đŤEđP˙l
‹Eô3Eđ3đ;÷uľOć@»ë…óu‹ĆG

Áŕđ‰5` ÷Ö‰5d ^_[ÉĂĚĚĚĚĚ‹˙U‹ěě(

ŁH·‰D·‰@·‰<·‰58·‰=4·fŚ`·fŚT·fŚ0·fŚ,·fŚ%(·fŚ-$·śŹX·‹E
ŁL·‹EŁP·ŤEŁ\·‹…ŕü˙˙Ç¶

ˇP·ŁL¶Ç@¶	
ŔÇD¶


ˇ` ‰…Řü˙˙ˇd ‰…Üü˙˙˙
Ł¶jčňN

Yj
˙„
h
˙€
=¶
ujčÎN

Yh	
Ŕ˙|
P˙x
ÉĂĚĚĚĚĚ‹˙U‹ěQV‹uVč†Z

‰E‹FY¨‚uč

Ç
	

N Č˙é/

¨@tčń

Ç
"


ëăS3Ű¨t‰^¨„‡


‹Nŕţ‰‰F‹FŕďČ‰F‰^‰]ü©

u,č@X

Ŕ ;đtč4X

Ŕ@;đu˙učĘW

Y…ŔuVčqW

Y÷F

W„€


‹F‹>ŤH‰‹N+řI‰N;ű~WP˙učhV

Ä‰EüëMČ ‰FČ˙ëy‹Mů˙tůţt‹Áŕ‹ŃÁúÁŕ•@Úë¸  ö@ tjSSQč,N

#ÂÄř˙t%‹FŠMë3˙GWŤEP˙učůU

Ä‰Eü9}üt	N Č˙ë‹E%˙


_[^ÉĂĚĚĚĚĚ‹˙U‹ěět

ˇ` 3Ĺ‰Eü‹ESV‹u3ŰW‹}˙uŤŤ¨ű˙˙‰…Üű˙˙‰˝äű˙˙‰ťĽű˙˙‰ťřű˙˙‰ťĐű˙˙‰ťôű˙˙‰ťŘű˙˙‰ť¸ű˙˙‰ťÔű˙˙čÓ˙˙9ťÜű˙˙u*čO

Ç



čč

8ť´ű˙˙t
‹…°ű˙˙`pýČ˙éů


;ótŇ·3É‰ťčű˙˙‰ťěű˙˙‰ťÄű˙˙‰•ŕű˙˙f;Ó„¶


j[ó˝čű˙˙
‰µŔű˙˙Śž


ŤBŕfřXw·Âľ€0"
ŕë3Ŕľ„ÁP"
jÁřY‰…¤ű˙˙;Á‡%


˙$…@3ŔŤôű˙˙˙‰… ű˙˙‰…¸ű˙˙‰…Đű˙˙‰…Řű˙˙‰…řű˙˙‰…Ôű˙˙éě	

·Âč tJčt6čt%+Ătč…Í	

Ťřű˙˙éÁ	

Ťřű˙˙éµ	

Ťřű˙˙é©	

Ťřű˙˙€


éš	

	ťřű˙˙éŹ	

fú*u,Ç‰˝äű˙˙‹ü‰˝Đű˙˙…˙‰o	

Ťřű˙˙÷ťĐű˙˙é]	

‹…Đű˙˙kŔ
·ĘŤDĐ‰…Đű˙˙éB	

Ąôű˙˙
é6	

fú*u&Ç‰˝äű˙˙‹ü‰˝ôű˙˙…˙‰	

Ťôű˙˙˙é
	

‹…ôű˙˙kŔ
·ĘŤDĐ‰…ôű˙˙éď

·ÂřItWřhtFřltřw…Ô

Ťřű˙˙


éĹ

f>luóŤřű˙˙


‰µŔű˙˙é¨

Ťřű˙˙éś

Ťřű˙˙ é

·ř6uf~4uĆŤřű˙˙
€

‰µŔű˙˙éi

ř3uf~2uĆĄřű˙˙˙˙˙‰µŔű˙˙éE

řd„<

ři„3

řo„*

řu„!

řx„

řX„

Ą¤ű˙˙
‹…Üű˙˙RŤµčű˙˙Ç…Ôű˙˙


č 

éć

·ÂřdŹ/

„Ŕ

řSŹ

t~čAt+ĂtY+Ăt+Ă…ă

Â Ç… ű˙˙


‰•ŕű˙˙Ťřű˙˙@˝ôű˙˙
Ť˝üű˙˙¸


‰˝đű˙˙‰…ěű˙˙Ť’

Ç…ôű˙˙


éó

÷…řű˙˙0

…Č


Ťřű˙˙ éĽ


÷…řű˙˙0

uŤřű˙˙ ‹ťôű˙˙ű˙u»˙˙˙Çö…řű˙˙ ‰˝äű˙˙‹ü‰˝đű˙˙„ű

…˙uˇ ­‰…đű˙˙Ąěű˙˙
‹µđű˙˙…ŰŽ

Š„Ŕ„


ŤŤ¨ű˙˙¶ŔQPčĎW

YY…ŔtFF˙…ěű˙˙9ťěű˙˙|Đéß

čX„ţ

+Ă„”


+Á„öţ˙˙+Ă…ľ

·Ç3öFö…řű˙˙ ‰µÔű˙˙‰˝äű˙˙‰…śű˙˙tB…Čű˙˙Ť…¨ű˙˙P‹…¨ű˙˙Ć…Éű˙˙
˙°¬


Ť…Čű˙˙PŤ…üű˙˙PčV

Ä…Ŕy‰µ¸ű˙˙ëf‰…üű˙˙Ť…üű˙˙‰…đű˙˙‰µěű˙˙é:

‹Ç‰˝äű˙˙…Ŕt:‹H…Ét3÷…řű˙˙


ż
‰Ťđű˙˙t™+ÂÇ…Ôű˙˙


éő

ĄÔű˙˙
éë

ˇ ­‰…đű˙˙Pč


YéÔ

řpŹ

„é

řeŚÂ

řgŽéý˙˙řitqřnt(řo…¦

ö…řű˙˙€Ç…ŕű˙˙


taŤřű˙˙


ëU‹7Ç‰˝äű˙˙č÷T

…Ŕ„h

ö…řű˙˙ tf‹…čű˙˙f‰ë‹…čű˙˙‰Ç…¸ű˙˙


éů

Ťřű˙˙@Ç…ŕű˙˙


‹Ťřű˙˙÷Á
€

„°

‹‹WÇéÜ

ufúguhÇ…ôű˙˙


ë\9…ôű˙˙~‰…ôű˙˙»Ł


9ťôű˙˙~;‹µôű˙˙Ć]

Vč›ç˙˙‹•ŕű˙˙Y‰…Äű˙˙…Ŕt‰…đű˙˙‰µěű˙˙‹řë‰ťôű˙˙ë‹•ŕű˙˙‹…äű˙˙‹Ŕ‹5

‰…äű˙˙‹@ü‰…ű˙˙Ť…¨ű˙˙P˙µ ű˙˙ľÂ˙µôű˙˙‰Ť”ű˙˙P˙µěű˙˙Ť…”ű˙˙WP˙5Ş˙Ö˙Đ‹ťřű˙˙Äă€


t˝ôű˙˙
uŤ…¨ű˙˙PW˙5śŞ˙Ö˙ĐYYf˝ŕű˙˙gu…ŰuŤ…¨ű˙˙PW˙5Ş˙Ö˙ĐYY€?-uŤřű˙˙


G‰˝đű˙˙Wéýý˙˙Ç…ôű˙˙


‰ŤĽű˙˙ë$čs„`ü˙˙+Ă„ţ˙˙č…¶

Ç…Ľű˙˙'


ö…řű˙˙€Ç…ŕű˙˙


„cţ˙˙j0Xf‰…Ěű˙˙‹…Ľű˙˙ŔQf‰…Îű˙˙‰ťŘű˙˙é>ţ˙˙÷Á


…Dţ˙˙ÇöÁ t‰˝äű˙˙öÁ@tżGüë·Gü™ë‹GüöÁ@t™ë3Ň‰˝äű˙˙öÁ@t…Ň|…Ŕs÷ŘŇ
÷ÚŤřű˙˙


÷…řű˙˙


‹Ú‹řu3Ű˝ôű˙˙
}Ç…ôű˙˙


ëĄřű˙˙÷¸


9…ôű˙˙~‰…ôű˙˙‹ÇĂu!…Řű˙˙Ťµűý˙˙‹…ôű˙˙˙Ťôű˙˙…Ŕ‹ÇĂt-‹…ŕű˙˙™RPSWč8

Á0‰ťű˙˙‹ř‹Úů9~ŤĽű˙˙Në˝Ť…űý˙˙+ĆF÷…řű˙˙


‰…ěű˙˙‰µđű˙˙tZ…Ŕt‹Î€90tO˙Ťđű˙˙‹Ťđű˙˙Ć0@ë7…˙uˇ$­‰…đű˙˙‹…đű˙˙Ç…Ôű˙˙


ë
Kf8
tŔ…Űuň+…đű˙˙Ńř‰…ěű˙˙˝¸ű˙˙
…©

‹…řű˙˙¨@t+©


tj-ë¨tj+ë¨tj Xf‰…Ěű˙˙Ç…Řű˙˙


‹ťĐű˙˙+ťěű˙˙+ťŘű˙˙ö…řű˙˙‰ťű˙˙u(‹ű…Ű~"‹…Üű˙˙j Ťµčű˙˙Oč€

˝čű˙˙˙Yt…˙Ţ˙µŘű˙˙‹˝Üű˙˙Ť…čű˙˙ŤŤĚű˙˙č ,

ö…řű˙˙Yt1ö…řű˙˙u(‹ű…Ű~"‹…Üű˙˙j0Ťµčű˙˙Oč(

˝čű˙˙˙Yt…˙Ţ˝Ôű˙˙
up˝ěű˙˙
~g‹˝đű˙˙‹ťěű˙˙Ť…¨ű˙˙P‹…¨ű˙˙˙°¬


Ť…śű˙˙WPKčyP

Ä‰…ŕű˙˙…Ŕ~$˙µśű˙˙‹…Üű˙˙Ťµčű˙˙č·

˝ŕű˙˙Y…Ű°ë'Ťčű˙˙˙ë˙µěű˙˙‹˝Üű˙˙‹Ťđű˙˙Ť…čű˙˙čĎ+

Y˝čű˙˙
|3ö…řű˙˙t*‹˝ű˙˙ë‹…Üű˙˙j Ťµčű˙˙OčU

˝čű˙˙˙Yt…˙Ţ˝Äű˙˙
t˙µÄű˙˙čgĎ˙˙ĄÄű˙˙
Y‹µŔű˙˙·‰…ŕű˙˙f…Ŕt/‹Ť¤ű˙˙‹˝äű˙˙‹Đéfő˙˙ča

Ç



čú

€˝´ű˙˙
éő˙˙€˝´ű˙˙
t
‹…°ű˙˙`pý‹…čű˙˙‹Mü_^3Í[čvÇ˙˙ÉĂŤI
8666“6ŕ6ě637;8ĚĚĚĚĚ‹˙U‹ě‹EŁdą]ĂĚĚĚĚĚ‹˙U‹ěě(

ˇ` 3Ĺ‰EüS‹]Wű˙tSčIA

YĄŕü˙˙
jLŤ…äü˙˙j
PčzP

Ť…ŕü˙˙‰…Řü˙˙Ť…0ý˙˙Ä‰…Üü˙˙‰…ŕý˙˙‰ŤÜý˙˙‰•Řý˙˙‰ťÔý˙˙‰µĐý˙˙‰˝Ěý˙˙fŚ•řý˙˙fŚŤěý˙˙fŚťČý˙˙fŚ…Äý˙˙fŚĄŔý˙˙fŚ­Ľý˙˙śŹ…đý˙˙‹EŤM‰Ťôý˙˙Ç…0ý˙˙

‰…čý˙˙‹Iü‰Ťäý˙˙‹M‰Ťŕü˙˙‹M‰Ťäü˙˙‰…ěü˙˙˙
j
‹ř˙„
Ť…Řü˙˙P˙€
…Ŕu…˙uű˙tSčT@

Y‹Mü_3Í[čĆ˙˙ÉĂĚĚĚĚĚ‹˙Vjľ
ŔVjčŔţ˙˙ÄV˙|
P˙x
^ĂĚĚĚĚĚ‹˙U‹ě˙5dą˙

…Ŕt]˙ŕ˙u˙u˙u˙u˙učŞ˙˙˙ĚĚĚĚĚĚ3ŔPPPPPčÂ˙˙˙ÄĂĚĚĚĚĚ‹˙U‹ě‹E3É;Íh tAů-rńŤHíůwjX]Ă‹Íl ]ĂD˙˙˙jY;ČŔ#ÁŔ]ĂĚĚĚĚĚčˇÜ˙˙…Ŕu¸ĐˇĂŔĂĚĚĚĚĚč‰Ü˙˙…Ŕu¸ÔˇĂŔĂĚĚĚĚĚ‹˙U‹ěVčÝ˙˙˙‹MQ‰čs˙˙˙Y‹đč˛˙˙˙‰0^]ĂĚĚĚĚĚ-¤

t"čtčtHt3ŔĂ¸

Ă¸

Ă¸

Ă¸

ĂĚĚĚĚĚ‹˙VW‹đh

3˙ŤFWPč.N

3Ŕ·Č‹Á‰~‰~‰~ÁáÁŤ~«««ąŘˇÄŤF+Îż

Š@Ou÷Ť†

ľ


Š@Nu÷_^ĂĚĚĚĚĚ‹˙U‹ěě

ˇ` 3Ĺ‰EüSWŤ…čú˙˙P˙v˙Ś
ż


…Ŕ„ü


3Ŕ„üţ˙˙@;ÇrôŠ…îú˙˙Ć…üţ˙˙ „Ŕt0Ťťďú˙˙¶Č¶;Čw+Á@PŤ”üţ˙˙j RčfM

ÄŠCĂ„ŔuÖj
˙vŤ…üú˙˙˙vPWŤ…üţ˙˙Pjj
č
Q

3ŰS˙vŤ…üý˙˙WPWŤ…üţ˙˙PW˙vSč©O

ÄDS˙vŤ…üü˙˙WPWŤ…üţ˙˙Ph


˙vSč„O

Ä$3Ŕ·ŚEüú˙˙öÁt€LŠŚüý˙˙ëöÁt€L ŠŚüü˙˙Ś

ëś

@;ÇrżëRŤ†

Ç…äú˙˙ź˙˙˙3É)…äú˙˙‹•äú˙˙Ť„

ĐŤZ űw
€LŤQ ëúw€L ŤQŕëĆ

A;ĎrĆ‹Mü_3Í[čĎÂ˙˙ÉĂĚĚĚĚĚjh(jč+é˙˙č‰Ú˙˙‹řˇř¦…Gptl
t‹wh…öuj čÎá˙˙Y‹ĆčCé˙˙Ăjč˝3

Yeü
‹wh‰uä;5
¦t6…ötV˙4
…ŔuţŘˇtVč×É˙˙Yˇ
¦‰Gh‹5
¦‰uäV˙(
ÇEüţ˙˙˙č


ëŽ‹uäjčy2

YĂĚĚĚĚĚ‹˙U‹ěěS3ŰSŤMđčhÂ˙˙‰hąţţuÇhą


˙”
8]ütE‹Mřapýë<ţýuÇhą


˙
ëŰţüu‹Eđ‹@Çhą


ëÄ8]üt‹Eř`pý‹Ć[ÉĂĚĚĚĚĚ‹˙U‹ěě ˇ` 3Ĺ‰EüS‹]V‹uWč_˙˙˙‹ř3ö‰};ţu‹Ăč¦ü˙˙3Ŕéˇ

‰uä3Ŕ9¸¦„‘


˙EäŔ0=đ


rç˙čý

„t

˙éý

„h

·ÇP˙
…Ŕ„V

ŤEčPW˙Ś
…Ŕ„7

h

ŤCVPčzJ

3ŇBÄ‰{‰s9Uč†ü


€}î
„Ó


ŤuďŠ„É„Ć


¶F˙¶Éé©


h

ŤCVPč3J

‹MäÄkÉ0‰uŕŤ±¦‰uäë+ŠF„Ŕt)¶>¶Ŕë‹EŕŠ€¦D;¶FG;řvę‹}Ć€>
uĐ‹uä˙EŕĆ}ŕ‰uäré‹Ç‰{ÇC


čPű˙˙j‰CŤCŤ‰¦Zf‹1f‰0ÁŔJuń‹óčČű˙˙é´ţ˙˙€L@;ÁvöĆ€~˙
…0˙˙˙ŤCąţ


€@Iuů‹Cčřú˙˙‰C‰Së‰s3Ŕ·Č‹ÁÁáÁŤ{«««ë§95hą…Tţ˙˙Č˙‹Mü_^3Í[č·ż˙˙ÉĂĚĚĚĚĚjhHjčć˙˙Mŕ˙čm×˙˙‹ř‰}ÜčÉü˙˙‹_h‹učgý˙˙‰E;C„W

h 

čÚ˙˙Y‹Ř…Ű„F

ą


‹wh‹űóĄ#
S˙učŻý˙˙YY‰Eŕ…Ŕ…ü


‹uÜ˙vh˙4
…Ŕu‹Fh=ŘˇtPč Ć˙˙Y‰^hS‹=(
˙×öFp…ę


öř¦…Ý


jč+0

Yeü
‹CŁxą‹CŁ|ą‹CŁ€ą3Ŕ‰Eäř}f‹LCf‰Elą@ëč3Ŕ‰Eä=

}ŠLřŁ@ëé3Ŕ‰Eä=


}ŠŚ


Ą@ëć˙5
¦˙4
…Ŕuˇ
¦=ŘˇtPčçĹ˙˙Y‰
¦S˙×ÇEüţ˙˙˙č


ë0jč›.

YĂë%ř˙u űŘˇtSč±Ĺ˙˙YčŮř˙˙Ç



ëeŕ
‹EŕčËä˙˙ĂĚĚĚĚĚ=LŰ
ujýčQţ˙˙YÇLŰ


3ŔĂĚĚĚĚĚ‹˙U‹ěSV‹5(
W‹}W˙Ö‹‡°


…ŔtP˙Ö‹‡¸


…ŔtP˙Ö‹‡´


…ŔtP˙Ö‹‡Ŕ


…ŔtP˙ÖŤ_PÇE


{řü¦t	‹…ŔtP˙Ö{ü
t
‹C…ŔtP˙ÖĂ˙MuÖ‹‡Ô


´


P˙Ö_^[]ĂĚĚĚĚĚ‹˙U‹ěW‹}…˙„


SV‹54
W˙Ö‹‡°


…ŔtP˙Ö‹‡¸


…ŔtP˙Ö‹‡´


…ŔtP˙Ö‹‡Ŕ


…ŔtP˙ÖŤ_PÇE


{řü¦t	‹…ŔtP˙Ö{ü
t
‹C…ŔtP˙ÖĂ˙MuÖ‹‡Ô


´


P˙Ö^[‹Ç_]ĂĚĚĚĚĚ‹˙U‹ěSV‹u‹†Ľ


3ŰW;Ăto=8­th‹†°


;Ăt^9uZ‹†¸


;Ăt9uPčüĂ˙˙˙¶Ľ


čćM

YY‹†´


;Ăt9uPčŰĂ˙˙˙¶Ľ


čWM

YY˙¶°


čĂĂ˙˙˙¶Ľ


č¸Ă˙˙YY‹†Ŕ


;ĂtD9u@‹†Ä


-ţ


Pč—Ă˙˙‹†Ě


ż€


+ÇPč„Ă˙˙‹†Đ


+ÇPčvĂ˙˙˙¶Ŕ


čkĂ˙˙Ä‹†Ô


=
§t9´


uPčXI

˙¶Ô


čBĂ˙˙YYŤ~PÇE


řü¦t‹;Ăt9uPčĂ˙˙Y9_üt‹G;Ăt9uPčĂ˙˙YÇ˙MuÇVč÷Â˙˙Y_^[]ĂĚĚĚĚĚ‹˙U‹ěW‹}…˙t;‹E…Ŕt4V‹0;÷t(W‰8č[ý˙˙Y…ötVčäý˙˙>
Yuţh¨tVčnţ˙˙Y‹Ç^ë3Ŕ_]ĂĚĚĚĚĚjhhjč}á˙˙čŰŇ˙˙‹đˇř¦…Fpt"~l
tčÄŇ˙˙‹pl…öuj čÚ˙˙Y‹Ćčá˙˙Ăjč
,

Yeü
˙5@©ĆlVčT˙˙˙YY‰EäÇEüţ˙˙˙č


ëľjčů*

Y‹uäĂĚĚĚĚĚ‹˙U‹ě¸˙˙

ěf9E„‡


SV˙uŤMěčŐş˙˙‹uě‹N3Ű;Ëu‹EŤHżfůwfŔ ·ŔëK¸


jf9Es˙učîL

Y…Ŕ·EYt,‹ŽĚ


¶ë ŤUüRjŤURPQč“L

Ä…Ŕ·Et·Eü8]řt‹Môapý^[ÉĂĚĚĚĚĚ‹˙U‹ě‹UVW…Ňt‹}…˙uč‹ô˙˙j^‰0č%ô˙˙‹Ćë3‹E…Ŕuëâ‹ň+đŠ@„ÉtOuó…˙uĆ
čUô˙˙j"Y‰‹ńëĆ3Ŕ_^]ĂĚĚĚĚĚĚĚ‹L$÷Á


t$ŠÁ„ŔtN÷Á


uď


Ť¤$


Ť¤$


‹ş˙ţţ~Đđ˙3ÂÁ©
tč‹Aü„Ŕt2„ät$©

˙
t©


˙tëÍŤA˙‹L$+ÁĂŤAţ‹L$+ÁĂŤAý‹L$+ÁĂŤAü‹L$+ÁĂĚĚĚĚĚW‹Ćŕ…Ŕ…Á


‹ŃáÁęteëŤ›


fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpŤ¶€


Ťż€


JuŁ…ÉtI‹ŃÁę…ŇtŤ›


fofŤvŤJuďát$‹ÁÁét‹‰ŤvŤIuó‹Čát	ŠFGIu÷X^_]Ăş


+Đ+ĘQ‹Â‹Čát	ŠFGIu÷Áčt‹‰ŤvŤHuóYé˙˙˙ĚĚĚĚĚj
˙ś
Ł(Ú3ŔĂĚĚĚĚĚ‹˙U‹ěQQ‹EW‹}…Ŕt‰8…˙učuň˙˙Ç



čň˙˙3Ŕé

}
t}|Ý}$×eü
SVj[·7SVÇč9J

YY…Ŕuífţ-uMëfţ+u·7Ç}
u-VčwN

Y…Ŕt	ÇE


ë>·řxt
řXt‰]ë,ÇE


}uVčDN

Y…Ŕu·řxtřXu·wÇČ˙3Ň÷u‰Uř‹ŘVčN

Yř˙u)jAXf;ĆwfţZv	ŤFźfřw1ŤFźfř·Ćwč ŔÉ;EsM9]ür*u;Eřv#M}
u%‹Eď¨u&}
t‹}eü
ëa‹MüŻMČ‰Mü·7Çé|˙˙˙ľ˙˙˙¨u¨u=ŕt	}ü


€w	…Ŕu+9uüv&čń˙˙öEÇ
"


tMü˙ëöEj
X•ŔĆ‰Eü‹E^[…Ŕt‰8öEt÷]ü‹Eü_ÉĂĚĚĚĚĚ‹˙U‹ěj
˙u˙u˙uč$ţ˙˙Ä]ĂĚĚĚĚĚ‹˙U‹ě3Ŕ‹M;Ĺx 
t
@řrî3Ŕ]Ă‹Ĺ| 
]ĂĚĚĚĚĚ‹˙U‹ěěü

ˇ` 3Ĺ‰EüSV‹uWVč´˙˙˙‹ř3ŰY‰˝ţ˙˙;ű„l

jč!P

Yř„

jčP

Y…Ŕu=Đ´„î


ţü


„6

h´!
h

żąWč(Á˙˙Ä…Ŕ…¸


h

ľşąVSfŁÂ»˙¤
»ű

…Ŕuh„!
SVčđŔ˙˙Ä…Ŕt3ŔPPPPPč˙î˙˙VčlO

@Yř<v*Vč_O

ŤEDą‹Č+ÎjŃůh|!
+ŮSPčšÁ˙˙Ä…Ŕu˝ht!
ľ

VWč#Ä˙˙Ä…ŔuĄ˙µţ˙˙VWčÄ˙˙Ä…Ŕu‘h 
h(!
WčŽM

Äë^SSSSSéy˙˙˙jô˙@
‹đ;ótFţ˙tA3ŔŠGŚţ˙˙f9Gt@=ô

rčSŤ…ţ˙˙PŤ…ţ˙˙P]űč˛ú˙˙YPŤ…ţ˙˙PV˙ 
‹Mü_^3Í[č&´˙˙ÉĂĚĚĚĚĚjčˇN

Yřtjč”N

Y…Ŕu=Đ´uhü


č ţ˙˙h˙


čţ˙˙YYĂĚĚĚĚĚ‹˙U‹ě‹EŁ°ż]ĂĚĚĚĚĚ‹˙U‹ě˙5°ż˙

…Ŕt˙u˙ĐY…Ŕt3Ŕ@]Ă3Ŕ]ĂĚĚĚĚĚ‹˙U‹ě}
uč>î˙˙Ç



č×í˙˙Č˙]Ă˙uj
˙58¶˙¨
]ĂĚĚĚĚĚjhjčËŮ˙˙jč‹$

Yeü
‹u‹N…Ét/ˇĽżş¸ż‰Eä…Ŕt9u,‹H‰JPčĄş˙˙Y˙včśş˙˙Yf
ÇEüţ˙˙˙č


čşŮ˙˙Ă‹ĐëĹjčM#

YĂĚĚĚĚĚĚĚ‹T$‹L$÷Â


u<‹:u.
Ŕt&:au%
ätÁč:Au
Ŕt:auÁÂ
äuŇ‹˙3ŔĂŔŃŕŔĂ÷Â


tŠÂ:uçÁ
ŔtÜ÷Â


t¤f‹Â:uÎ
ŔtĆ:auĹ
ät˝ÁëĚĚĚĚĚ‹˙U‹ěě ‹EVWjYľč!
Ť}ŕóĄ‰Eř‹E_‰Eü^…Ŕtö
tÇEô
@™ŤEôP˙uđ˙uä˙uŕ˙¬
ÉÂ
ĚĚĚĚĚĚĚV‹D$Ŕu(‹L$‹D$3Ň÷ń‹Ř‹D$÷ń‹đ‹Ă÷d$‹Č‹Ć÷d$ŃëG‹Č‹\$‹T$‹D$ŃéŃŰŃęŃŘÉuô÷ó‹đ÷d$‹Č‹D$÷ćŃr;T$wr;D$v	N+D$T$3Ű+D$T$÷Ú÷ŘÚ
‹Ę‹Ó‹Ů‹Č‹Ć^Â
ĚĚĚĚĚĚĚĚĚĚĚSV‹D$Ŕu‹L$‹D$3Ň÷ń‹Ř‹D$÷ń‹ÓëA‹Č‹\$‹T$‹D$ŃéŃŰŃęŃŘÉuô÷ó‹đ÷d$‹Č‹D$÷ćŃr;T$wr;D$vN3Ň‹Ć^[Â
ĚĚĚĚĚ‹˙U‹ěVf‹uW‹}·Gřp„"

fţp„

řst	řSt3Ňë3ŇBfţst
fţSt3Éë3ÉA…Ň…É


…É…ŕ


ji_jdZf;Ât]f;Çt6řot1řut,řxt'řXt"f;ňtf;÷tfţotfţutfţxtfţXulf;Âtf;Çtřotřutřxt	řXt3Éë3ÉAf;ňt!f;÷tfţotfţutfţxt
fţXt3Ŕë3Ŕ@;ČuH‹E‹@‹Č3M÷Á


u53E¨ u.‹M‹	3Ŕ;M”Ŕë-;Ńu‹G‹MÁčÁé÷Đ÷Ń3Á¨u3Ŕ@ë3Ŕë
3Éf;Ć”Á‹Á_^]ĂĚĚĚĚĚ‹˙U‹ěö@@tx
tP˙učÝ5

YYą˙˙

f;Áu˙]Ă˙]ĂĚĚĚĚĚ‹˙U‹ěěĚ


ˇ` 3Ĺ‰Eü‹ESV‹uW‹}˙u3ŰŤŤő˙˙‰˝lő˙˙‰…´ő˙˙‰ťXő˙˙‰ť¸ő˙˙‰ťtő˙˙‰ťPő˙˙‰ťhő˙˙č‚Ż˙˙Ť¬ő˙˙˙‰ťpő˙˙;űu*č˝é˙˙Ç



čVé˙˙8ťśő˙˙t
‹…ő˙˙`pýČ˙éŘ

;ótŇ‰ť„ő˙˙‰µ<ő˙˙‰ť¨ő˙˙˝¨ő˙˙u9ť¬ő˙˙„”

·Ťxő˙˙˙Ť ő˙˙˙Ť¬ő˙˙˙‰ťŚő˙˙‰ťdő˙˙‰ťTő˙˙‰ť|ő˙˙‰ť°ő˙˙‰µ€ő˙˙‰•ő˙˙f;Ó„-

ë‹•ő˙˙j_÷˝„ő˙˙
‰µ€ő˙˙Ś€

ŤBŕfřXw·Â¶€@2
ŕë3Ŕ‹Ťdő˙˙kŔ	¶ś`2
Áë‰ťdő˙˙ű…ß


f>%„Î


˝¬ő˙˙˙uZj
Ť…pő˙˙PVčŘ÷˙˙Ä…Ŕ~7‹…pő˙˙f8$u+˝¨ő˙˙
uh@

Ť…Ľů˙˙j
PčE7

ÄÇ…¬ő˙˙


ëĄ¬ő˙˙
‹•ő˙˙˝¬ő˙˙ubj
Ť…pő˙˙PVču÷˙˙‹Ťpő˙˙ÄH˝¨ő˙˙
ŤQ‰… ő˙˙‰•€ő˙˙u)…Ŕ°

f9$…¦

řdŤť

;…xő˙˙~‰…xő˙˙‹ň‹•ő˙˙˙$ťkű„w

ű‡:

ëĺ˝¨ő˙˙
u˝¬ő˙˙„"

˝¨ő˙˙…

˝¬ő˙˙˙…

é

3ŔŤ°ő˙˙˙‰…Hő˙˙‰…Pő˙˙‰…|ő˙˙‰…tő˙˙‰…¸ő˙˙‰…hő˙˙éŃ

·Âč tJčt6čt%+Çtč…˛

Ť¸ő˙˙é¦

Ť¸ő˙˙éš

Ť¸ő˙˙éŽ

Ť¸ő˙˙€


é

	˝¸ő˙˙ét

fú*…Â


˝¬ő˙˙
u…´ő˙˙‹…´ő˙˙‹@üé„


j
Ť…pő˙˙PVčö˙˙‹Ťpő˙˙ÄH˝¨ő˙˙
ŤQ‰•€ő˙˙uN…ŔM

f9$…C

˝ ő˙˙dŤ6

;…xő˙˙~‰…xő˙˙ŔŤŚĹĽů˙˙9
„Ú


˙µ¸ő˙˙j*jéö

Ŕ‹„ĹŔů˙˙‹
‰…|ő˙˙…ŔŤş

Ť¸ő˙˙÷ť|ő˙˙é¨

‹…|ő˙˙kŔ
·ĘŤDĐ‰…|ő˙˙éŤ

Ą°ő˙˙
é

fú*…’


˝¬ő˙˙
u…´ő˙˙‹…´ő˙˙‹@üë:j
Ť…pő˙˙PVčő˙˙‹Ťpő˙˙ÄH˝¨ő˙˙
ŤQ‰•€ő˙˙„˙˙˙Ŕ‹„ĹŔů˙˙‹
‰…°ő˙˙…ŔŤ

Ť°ő˙˙˙é

Ç


j*Yf‰ŚĹÄů˙˙‹Ť¸ő˙˙‰ŚĹČů˙˙éĺ

‹…°ő˙˙kŔ
·ĘŤDĐ‰…°ő˙˙éĘ

·ÂřItWřhtFřltřw…Ż

Ť¸ő˙˙


é 

f>lu÷Ť¸ő˙˙


‰µ€ő˙˙é

Ť¸ő˙˙éw

Ť¸ő˙˙ ék

·ř6uf~4uĆŤ¸ő˙˙
€

‰µ€ő˙˙éD

ř3uf~2uĆĄ¸ő˙˙˙˙˙‰µ€ő˙˙é 

řdtAřit<řot7řut2řxt-řXt(Ądő˙˙
‹…lő˙˙RŤµ„ő˙˙Ç…hő˙˙


čú˙˙éŮ

Ť¸ő˙˙


éË

·ÂřdŹ•

„

řSŹâ


„–


čAt+Çtx+Çt+Ç…Ŕ	

Â Ç…Hő˙˙


‰•ő˙˙Ť¸ő˙˙@˝¬ő˙˙…ľ

˝¨ő˙˙
…±

˝ ő˙˙c‡

‹… ő˙˙ŔŤŚĹĽů˙˙9
…V

Ç


f‰”ĹÄů˙˙é2ţ˙˙÷…¸ő˙˙0

uqŤ¸ő˙˙ ëh÷…¸ő˙˙0

uŤ¸ő˙˙ ‹ť°ő˙˙ű˙u»˙˙˙3ö9µ¬ő˙˙…%

…´ő˙˙‹…´ő˙˙‹@üé]

čX„§

+Ç„ř


č„2˙˙˙+Ç…×

˝¬ő˙˙
Ç…hő˙˙


u…´ő˙˙‹…´ő˙˙·@üëJ˝ ő˙˙c‡­

‹… ő˙˙Ŕ˝¨ő˙˙
u"ŤŚĹĽů˙˙9
uÇ


é˝

˙µ¸ő˙˙é

‹„ĹŔů˙˙·
ö…¸ő˙˙ ‰…Lő˙˙tF…\ő˙˙Ť…ő˙˙P‹…ő˙˙Ć…]ő˙˙
˙°¬


Ť…\ő˙˙PŤ…Ľő˙˙PčĐ/

Ä…ŔyÇ…Pő˙˙


ëf‰…Ľő˙˙Ť…Ľő˙˙‰…¤ő˙˙Ç…Śő˙˙


éđ

˝¬ő˙˙
u…´ő˙˙‹…´ő˙˙‹@üë+˝ ő˙˙c‡Ń

‹… ő˙˙Ŕ˝¨ő˙˙
„ř


‹„ĹŔů˙˙‹
…Ŕt:‹H…Ét3÷…¸ő˙˙


ż
‰Ť¤ő˙˙t™+ÂÇ…hő˙˙


ép

Ąhő˙˙
éf

ˇ ­‰…¤ő˙˙Pč‹í˙˙YéO

řpŹ

„ó

řeŚ=

řgŽ‡ý˙˙ři„Ď


řnt2řo…

‹ť¸ő˙˙Ç…ő˙˙


„Ű‰Ŕ


Ë


‰ť¸ő˙˙éŻ


˝¬ő˙˙
u…´ő˙˙‹…´ő˙˙‹püëD˝ ő˙˙c‡Ő


‹… ő˙˙Ŕ˝¨ő˙˙
uŤŚĹĽů˙˙9
„ę

˙µ¸ő˙˙RWé<

‹„ĹŔů˙˙‹0č .

…Ŕ„‘


ö…¸ő˙˙ tf‹…„ő˙˙f‰ë‹…„ő˙˙‰Ç…Pő˙˙


é\

Ť¸ő˙˙@Ç…ő˙˙


‹ť¸ő˙˙3ö÷Ă
€

„’

9µ¬ő˙˙…N

‹Ť´ő˙˙Á‰Ť´ő˙˙‹Ař‹Qüé

˙µ¸ő˙˙RjQčżô˙˙Ä…Ŕ…Ě

čaŕ˙˙Ç



čúß˙˙€˝śő˙˙
éžö˙˙˝°ő˙˙
Ť˝Ľő˙˙¸


‰˝¤ő˙˙‰…Śő˙˙}Ç…°ő˙˙


ëhufúgu`Ç…°ő" [127488 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Runonce: [GrpConv] - grpconv -o [X]
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2014-01-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {2d6359a0-6480-11e0-b953-001fd05c6213} - H:\AutoRun.exe
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {3a1de4cb-5be9-11e0-ae98-001fd05c6213} - H:\AutoRun.exe
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {3a1de4fc-5be9-11e0-ae98-001fd05c6213} - H:\AutoRun.exe
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {47026064-cf9b-11e1-91c5-001fd05c6213} - H:\setup.exe -a
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {a660fcaf-00b7-11e0-848d-001fd05c6213} - H:\LaunchU3.exe -a
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {a9a7b367-b9d4-11e0-b779-001fd05c6213} - K:\start.exe
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {b59e5d01-e9ac-11e0-a072-001fd05c6213} - H:\AutoRun.exe
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {b59e5d0e-e9ac-11e0-a072-001fd05c6213} - H:\AutoRun.exe
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {df4e97ac-fe99-11e0-be14-001fd05c6213} - J:\ICM_ML.exe
HKU\S-1-5-21-4178929525-3400120167-3252471758-1002\...\MountPoints2: {e446db28-5be8-11e0-bd20-001fd05c6213} - H:\AutoRun.exe
Startup: C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_60589510.lnk
ShortcutTarget: _uninst_60589510.lnk -> C:\Users\Ania\AppData\Local\Temp\_uninst_60589510.bat ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQWAuXjW9&i=26
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\c4q3k26y.default
FF user.js: detected! => C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\c4q3k26y.default\user.js
FF NewTab: hxxp://mystart.incredibar.com/mb201?a=6PQWAuXjW9&i=26
FF SearchEngineOrder.1: v9
FF Homepage: hxxp://www.google.pl/
FF Keyword.URL: hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6PQWAuXjW9&&i=26&search=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @4game.com/plugin - C:\Program Files (x86)\4game\npplugin4game.dll (Innova Co S.a r.l.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\c4q3k26y.default\searchplugins\MyStart Search.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-01-22]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx []
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx []

==================== Services (Whitelisted) =================

S2 4game-service; C:\Program Files (x86)\4game\4game-service.exe [1133056 2013-05-23] (Innova Co S.a r.l.)
R2 AVGIDSAgent; D:\programy\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; D:\programy\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S2 PfModNT; C:\Windows\SysWOW64\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 ts_arnusb; C:\Windows\System32\DRIVERS\ts_arnusbx.sys [1983688 2013-07-23] (TamoSoft)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 12:40 - 2014-02-20 12:40 - 00000000 ____D () C:\FRST
2014-02-20 12:12 - 2014-02-20 14:45 - 00000000 ____D () C:\Users\Ania\Desktop\skanowanie antywirusowe
2014-02-20 07:34 - 2014-02-20 07:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-20 07:23 - 2014-02-20 07:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-02-20 07:22 - 2014-02-20 07:22 - 00000000 ____D () C:\Users\Ania\Desktop\Ręczna Zmiana języka KIS 2013 en na PL i odwrotnie
2014-02-19 23:20 - 2014-02-19 23:20 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Malwarebytes
2014-02-19 23:17 - 2014-02-20 12:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 23:17 - 2014-02-19 23:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 20:01 - 2014-02-19 20:01 - 00000395 _____ () C:\Windows\pwnativedev.bak
2014-02-19 20:00 - 2014-02-19 20:06 - 00000981 _____ () C:\Windows\PWCMDLST.BAK
2014-02-19 19:26 - 2012-06-18 13:34 - 02966720 _____ () C:\Windows\system32\pwNative.exe
2014-02-19 19:26 - 2012-06-18 13:34 - 00019032 ____N () C:\Windows\system32\pwdrvio.sys
2014-02-19 19:26 - 2012-06-18 13:34 - 00012384 ____N () C:\Windows\system32\pwdspio.sys
2014-02-19 18:33 - 2014-02-20 06:59 - 00006838 _____ () C:\Windows\PFRO.log
2014-02-19 17:11 - 2014-02-19 17:11 - 00000000 __SHD () C:\found.000
2014-02-19 16:16 - 2014-02-19 16:16 - 00280080 _____ () C:\Windows\Minidump\021914-56253-01.dmp
2014-02-19 16:16 - 2014-02-19 16:16 - 00000000 ____D () C:\Windows\Minidump
2014-02-03 03:17 - 2014-02-09 22:17 - 00000320 _____ () C:\Windows\DirectX.log
2014-02-02 21:25 - 2014-02-20 10:02 - 00006323 _____ () C:\Windows\setupact.log
2014-02-02 21:25 - 2014-02-02 21:25 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2014-02-20 14:45 - 2014-02-20 12:12 - 00000000 ____D () C:\Users\Ania\Desktop\skanowanie antywirusowe
2014-02-20 14:42 - 2010-06-11 21:30 - 01324347 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 12:40 - 2014-02-20 12:40 - 00000000 ____D () C:\FRST
2014-02-20 12:25 - 2014-02-19 23:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-20 12:22 - 2013-01-22 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-20 10:10 - 2009-07-14 05:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 10:10 - 2009-07-14 05:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 10:02 - 2014-02-02 21:25 - 00006323 _____ () C:\Windows\setupact.log
2014-02-20 10:02 - 2010-06-11 22:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-20 10:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 07:34 - 2014-02-20 07:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-20 07:34 - 2010-06-13 09:12 - 00000000 ___RD () C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-20 07:32 - 2014-02-20 07:23 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-02-20 07:22 - 2014-02-20 07:22 - 00000000 ____D () C:\Users\Ania\Desktop\Ręczna Zmiana języka KIS 2013 en na PL i odwrotnie
2014-02-20 07:20 - 2011-02-10 19:58 - 00002093 _____ () C:\Windows\epplauncher.mif
2014-02-20 06:59 - 2014-02-19 18:33 - 00006838 _____ () C:\Windows\PFRO.log
2014-02-19 23:32 - 2014-01-12 22:01 - 00000000 ____D () C:\Users\Ania\AppData\Local\genienext
2014-02-19 23:20 - 2014-02-19 23:20 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Malwarebytes
2014-02-19 23:17 - 2014-02-19 23:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 22:58 - 2013-01-29 01:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-19 21:36 - 2010-06-28 17:42 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\uTorrent
2014-02-19 20:40 - 2009-07-14 06:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-19 20:21 - 2011-02-10 19:57 - 00000000 ____D () C:\Windows\TempE6A7AAB7-A069-20B6-47C6-6495D9F48018-Signatures
2014-02-19 20:06 - 2014-02-19 20:00 - 00000981 _____ () C:\Windows\PWCMDLST.BAK
2014-02-19 20:01 - 2014-02-19 20:01 - 00000395 _____ () C:\Windows\pwnativedev.bak
2014-02-19 19:01 - 2010-07-27 13:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-19 18:33 - 2010-07-27 13:09 - 00000000 ____D () C:\Program Files\Google
2014-02-19 18:16 - 2012-02-04 19:15 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-19 18:14 - 2010-07-27 13:12 - 00000000 ____D () C:\Users\Ania\AppData\Local\Google
2014-02-19 18:14 - 2010-07-27 13:08 - 00000000 ____D () C:\ProgramData\Google
2014-02-19 17:11 - 2014-02-19 17:11 - 00000000 __SHD () C:\found.000
2014-02-19 16:16 - 2014-02-19 16:16 - 00280080 _____ () C:\Windows\Minidump\021914-56253-01.dmp
2014-02-19 16:16 - 2014-02-19 16:16 - 00000000 ____D () C:\Windows\Minidump
2014-02-19 16:16 - 2010-06-13 09:11 - 00000000 ____D () C:\Users\Ania
2014-02-09 22:17 - 2014-02-03 03:17 - 00000320 _____ () C:\Windows\DirectX.log
2014-02-02 21:25 - 2014-02-02 21:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-29 01:22 - 2013-11-18 11:10 - 00000000 ____D () C:\Program Files (x86)\4game

Files to move or delete:
====================
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe
C:\Users\Ania\utorrent.exe


Some content of TEMP:
====================
C:\Users\Ania\AppData\Local\Temp\Quarantine.exe
C:\Users\Ania\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit