Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 03
Ran by Aleksandra (administrator) on SZEF on 27-04-2014 18:50:58
Running from D:\Downloads\FRST
Windows Vista (TM) Ultimate Service Pack 2 (X64) OS Language: Polish
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-10-31] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962208 2008-12-26] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-12-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [OnekeyDM] => C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe [471552 2008-12-23] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [180304 2014-04-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-628482503-715703045-1814460480-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-628482503-715703045-1814460480-1000\...\MountPoints2: {b37c8a2e-75f4-11e3-8432-00242ce8b8a4} - J:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=147
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=147
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Aleksandra\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62

FireFox:
========
FF ProfilePath: C:\Users\Aleksandra\AppData\Roaming\Mozilla\Firefox\Profiles\me74y3ru.default-1398600517953
FF Homepage: hxxp://www.onet.pl/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npVividasPlayer.dll ( )
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Aleksandra\AppData\Roaming\IDM\idmmzcc3
FF Extension: IDM CC - C:\Users\Aleksandra\AppData\Roaming\IDM\idmmzcc3 [2013-04-24]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Aleksandra\AppData\Roaming\IDM\idmmzcc3
FF Extension: IDM CC - C:\Users\Aleksandra\AppData\Roaming\IDM\idmmzcc3 [2013-04-24]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-14] (Avira Operations GmbH & Co. KG)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [122448 2014-04-15] (Avira Operations GmbH & Co. KG)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R1 appliand; C:\Windows\System32\DRIVERS\appliand.sys [30304 2013-02-06] (Applian Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-27] (Duplex Secure Ltd.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-27 18:34 - 2014-04-27 18:34 - 00274064 _____ () C:\Windows\Minidump\Mini042714-01.dmp
2014-04-27 18:33 - 2014-04-27 18:33 - 979876839 _____ () C:\Windows\MEMORY.DMP
2014-04-27 14:08 - 2014-04-27 14:08 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Stare dane programu Firefox
2014-04-27 08:17 - 2014-04-27 18:50 - 00000000 ____D () C:\FRST
2014-04-27 06:20 - 2014-04-27 14:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 06:19 - 2014-04-27 06:19 - 00000980 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-27 06:19 - 2014-04-27 06:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-27 06:19 - 2014-04-27 06:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 06:19 - 2014-04-27 06:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-27 06:19 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-27 06:19 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-27 06:19 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-27 05:52 - 2014-04-27 11:19 - 00008610 _____ () C:\Windows\PFRO.log
2014-04-26 19:17 - 2014-04-26 19:17 - 00000000 ____D () C:\Users\Aleksandra\AppData\Local\VS Revo Group
2014-04-26 19:16 - 2014-04-26 19:16 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-26 19:16 - 2014-04-26 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-04-26 19:16 - 2014-04-26 19:16 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-26 19:16 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-04-26 19:11 - 2014-04-26 19:11 - 00002496 _____ () C:\Users\Aleksandra\Documents\cc_20140426_191109.reg
2014-04-26 07:30 - 2014-04-26 07:56 - 00000000 ____D () C:\Program Files\Sokoban
2014-04-26 07:30 - 2014-04-26 07:30 - 00808815 _____ () C:\Users\Aleksandra\Desktop\Sokoban.exe
2014-04-26 07:30 - 2014-04-26 07:30 - 00000783 _____ () C:\Users\Aleksandra\Desktop\Sokoban.lnk
2014-04-26 07:30 - 2014-04-26 07:30 - 00000000 ____D () C:\Users\Aleksandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sokoban
2014-04-23 05:58 - 2014-04-23 05:57 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-23 05:57 - 2014-04-23 05:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 05:57 - 2014-04-23 05:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 05:57 - 2014-04-23 05:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-23 05:57 - 2014-04-23 05:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 05:55 - 2014-04-23 05:55 - 00921512 _____ (Oracle Corporation) C:\Users\Aleksandra\Downloads\jxpiinstall.exe
2014-04-23 05:54 - 2014-04-23 05:55 - 00004976 _____ () C:\Users\Aleksandra\Documents\cc_20140423_055451.reg
2014-04-23 05:23 - 2014-04-23 05:24 - 00004100 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 22:18 - 2014-04-21 22:18 - 02240512 _____ () C:\Users\Aleksandra\Desktop\Banner.psd
2014-04-21 19:14 - 2014-04-21 19:14 - 00044790 _____ () C:\Users\Aleksandra\Desktop\poznaj vitafon.psd
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ____D () C:\Users\Aleksandra\AppData\Roaming\Unity
2014-04-21 12:59 - 2014-04-26 19:19 - 00000000 ____D () C:\Users\Aleksandra\AppData\Local\Unity
2014-04-21 12:59 - 2014-04-21 12:59 - 01070496 _____ (Unity Technologies ApS) C:\Users\Aleksandra\Downloads\UnityWebPlayer.exe
2014-04-19 16:43 - 2014-04-19 16:43 - 03996062 _____ () C:\Users\Aleksandra\Desktop\Alternative.zip
2014-04-19 16:43 - 2014-04-19 16:43 - 02475617 _____ () C:\Users\Aleksandra\Desktop\peruka z opisem.zip
2014-04-19 16:43 - 2014-04-19 16:43 - 01504987 _____ () C:\Users\Aleksandra\Desktop\Flower.zip
2014-04-19 12:32 - 2014-04-19 18:14 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Flower
2014-04-19 09:38 - 2014-04-20 13:59 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Alternative
2014-04-18 16:47 - 2014-04-20 08:46 - 06486669 _____ () C:\Users\Aleksandra\Desktop\peruka z opisem.psd
2014-04-17 05:48 - 2014-04-17 05:48 - 00001079 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-16 17:42 - 2014-04-17 00:21 - 00000819 _____ () C:\Users\Aleksandra\Desktop\Nowy dokument tekstowy.txt
2014-04-14 18:02 - 2014-04-14 18:02 - 00000132 _____ () C:\Users\Aleksandra\AppData\Roaming\Preferencje formatu GIF CS6 firmy Adobe
2014-04-13 20:15 - 2014-04-21 21:18 - 00000132 _____ () C:\Users\Aleksandra\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
2014-04-13 20:15 - 2014-04-19 07:47 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Peruki www
2014-04-13 18:28 - 2014-04-13 18:28 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-13 18:27 - 2014-04-13 18:27 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-04-13 18:26 - 2014-04-13 18:27 - 00000000 ____D () C:\Program Files\Adobe
2014-04-13 18:26 - 2014-04-13 18:26 - 00001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-04-13 18:23 - 2014-04-13 18:23 - 00001389 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-04-13 18:23 - 2014-04-13 18:23 - 00001227 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-04-13 18:21 - 2014-04-13 18:21 - 00354208 _____ () C:\Users\Aleksandra\AppData\Local\dd_vcredistMSI0BE5.txt
2014-04-13 18:21 - 2014-04-13 18:21 - 00011560 _____ () C:\Users\Aleksandra\AppData\Local\dd_vcredistUI0BE5.txt
2014-04-13 18:20 - 2014-04-13 18:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-13 18:20 - 2014-04-13 18:20 - 00366252 _____ () C:\Users\Aleksandra\AppData\Local\dd_vcredistMSI0B6C.txt
2014-04-13 18:20 - 2014-04-13 18:20 - 00011592 _____ () C:\Users\Aleksandra\AppData\Local\dd_vcredistUI0B6C.txt
2014-04-13 10:19 - 2014-04-13 10:19 - 00000000 ____D () C:\Users\Aleksandra\Documents\RRR2
2014-04-13 10:18 - 2014-04-13 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-04-13 10:17 - 2014-04-13 10:17 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-04-13 06:56 - 2014-04-13 06:56 - 00809318 _____ () C:\Users\Aleksandra\Downloads\blue_business_2.tar.gz
2014-04-12 19:46 - 2014-04-14 17:56 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Nowy folder
2014-04-12 15:56 - 2014-04-13 05:50 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Peruki
2014-04-12 07:05 - 2014-04-12 07:06 - 00045230 _____ () C:\Users\Aleksandra\Documents\cc_20140412_070543.reg
2014-04-11 09:30 - 2014-03-08 06:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 09:30 - 2014-03-08 06:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 09:30 - 2014-03-08 05:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 09:30 - 2014-03-08 05:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 09:30 - 2014-03-08 05:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 09:30 - 2014-03-08 05:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 09:30 - 2014-03-08 05:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-11 09:30 - 2014-03-08 05:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 09:30 - 2014-03-08 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-11 09:30 - 2014-03-08 05:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 09:30 - 2014-03-08 05:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-11 09:30 - 2014-03-08 05:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 09:30 - 2014-03-08 05:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 09:30 - 2014-03-08 05:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-11 09:30 - 2014-03-08 05:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 09:30 - 2014-03-08 05:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 09:30 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 09:30 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-11 09:30 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-11 09:30 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-11 09:30 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-11 09:30 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-11 09:30 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-11 09:30 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-11 09:30 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-11 09:30 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-11 09:30 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-11 09:30 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-11 09:30 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-11 09:30 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 09:30 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-11 09:30 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-10 15:21 - 2014-02-06 06:21 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 15:21 - 2014-02-06 03:57 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-05 17:34 - 2014-04-09 14:59 - 00098577 _____ () C:\Users\Aleksandra\Desktop\badania.pptx
2014-04-05 17:34 - 2014-04-09 14:56 - 00544768 _____ () C:\Users\Aleksandra\Desktop\zielony.ppt
2014-03-29 12:42 - 2014-04-27 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-27 18:50 - 2014-04-27 08:17 - 00000000 ____D () C:\FRST
2014-04-27 18:39 - 2006-11-02 17:26 - 01470056 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 18:34 - 2014-04-27 18:34 - 00274064 _____ () C:\Windows\Minidump\Mini042714-01.dmp
2014-04-27 18:34 - 2013-08-08 18:28 - 00000000 ____D () C:\Windows\Minidump
2014-04-27 18:34 - 2013-04-23 09:27 - 00137474 _____ () C:\ProgramData\nvModes.001
2014-04-27 18:34 - 2006-11-02 17:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 18:34 - 2006-11-02 17:21 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 18:34 - 2006-11-02 17:21 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 18:33 - 2014-04-27 18:33 - 979876839 _____ () C:\Windows\MEMORY.DMP
2014-04-27 18:22 - 2013-04-23 08:44 - 00005340 _____ () C:\Windows\bthservsdp.dat
2014-04-27 18:22 - 2006-11-02 17:40 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-27 18:20 - 2013-04-23 10:48 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 18:17 - 2014-03-29 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-27 15:34 - 2013-06-29 08:34 - 00000000 ____D () C:\Users\Aleksandra\Documents\Pliki programu Outlook
2014-04-27 14:08 - 2014-04-27 14:08 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Stare dane programu Firefox
2014-04-27 14:05 - 2014-04-27 06:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 14:02 - 2013-04-23 09:26 - 00137474 _____ () C:\ProgramData\nvModes.dat
2014-04-27 13:59 - 2013-04-23 19:19 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-04-27 13:43 - 2013-04-24 18:05 - 00000000 ____D () C:\Users\Aleksandra\AppData\Roaming\DMCache
2014-04-27 11:19 - 2014-04-27 05:52 - 00008610 _____ () C:\Windows\PFRO.log
2014-04-27 07:01 - 2013-04-23 08:52 - 00000000 ____D () C:\Users\Aleksandra\AppData\Local\VirtualStore
2014-04-27 06:49 - 2006-11-02 17:06 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-27 06:19 - 2014-04-27 06:19 - 00000980 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-27 06:19 - 2014-04-27 06:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-27 06:19 - 2014-04-27 06:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 06:19 - 2014-04-27 06:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-26 19:19 - 2014-04-21 12:59 - 00000000 ____D () C:\Users\Aleksandra\AppData\Local\Unity
2014-04-26 19:17 - 2014-04-26 19:17 - 00000000 ____D () C:\Users\Aleksandra\AppData\Local\VS Revo Group
2014-04-26 19:16 - 2014-04-26 19:16 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-26 19:16 - 2014-04-26 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-04-26 19:16 - 2014-04-26 19:16 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-26 19:11 - 2014-04-26 19:11 - 00002496 _____ () C:\Users\Aleksandra\Documents\cc_20140426_191109.reg
2014-04-26 18:55 - 2014-02-23 08:57 - 00000000 ____D () C:\AdwCleaner
2014-04-26 07:56 - 2014-04-26 07:30 - 00000000 ____D () C:\Program Files\Sokoban
2014-04-26 07:30 - 2014-04-26 07:30 - 00808815 _____ () C:\Users\Aleksandra\Desktop\Sokoban.exe
2014-04-26 07:30 - 2014-04-26 07:30 - 00000783 _____ () C:\Users\Aleksandra\Desktop\Sokoban.lnk
2014-04-26 07:30 - 2014-04-26 07:30 - 00000000 ____D () C:\Users\Aleksandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sokoban
2014-04-26 05:44 - 2013-04-24 18:08 - 00000000 ____D () C:\Users\Aleksandra\Downloads\Video
2014-04-25 13:49 - 2006-12-05 09:17 - 00748008 _____ () C:\Windows\system32\perfh015.dat
2014-04-25 13:49 - 2006-12-05 09:17 - 00168672 _____ () C:\Windows\system32\perfc015.dat
2014-04-25 13:49 - 2006-11-02 14:46 - 01710520 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-23 05:58 - 2013-11-04 07:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 05:57 - 2014-04-23 05:58 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-23 05:57 - 2014-04-23 05:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 05:57 - 2014-04-23 05:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 05:57 - 2014-04-23 05:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-23 05:57 - 2014-04-23 05:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 05:57 - 2013-05-12 06:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-23 05:55 - 2014-04-23 05:55 - 00921512 _____ (Oracle Corporation) C:\Users\Aleksandra\Downloads\jxpiinstall.exe
2014-04-23 05:55 - 2014-04-23 05:54 - 00004976 _____ () C:\Users\Aleksandra\Documents\cc_20140423_055451.reg
2014-04-23 05:24 - 2014-04-23 05:23 - 00004100 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 22:18 - 2014-04-21 22:18 - 02240512 _____ () C:\Users\Aleksandra\Desktop\Banner.psd
2014-04-21 21:18 - 2014-04-13 20:15 - 00000132 _____ () C:\Users\Aleksandra\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
2014-04-21 19:14 - 2014-04-21 19:14 - 00044790 _____ () C:\Users\Aleksandra\Desktop\poznaj vitafon.psd
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ____D () C:\Users\Aleksandra\AppData\Roaming\Unity
2014-04-21 12:59 - 2014-04-21 12:59 - 01070496 _____ (Unity Technologies ApS) C:\Users\Aleksandra\Downloads\UnityWebPlayer.exe
2014-04-20 13:59 - 2014-04-19 09:38 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Alternative
2014-04-20 08:46 - 2014-04-18 16:47 - 06486669 _____ () C:\Users\Aleksandra\Desktop\peruka z opisem.psd
2014-04-19 18:14 - 2014-04-19 12:32 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Flower
2014-04-19 16:43 - 2014-04-19 16:43 - 03996062 _____ () C:\Users\Aleksandra\Desktop\Alternative.zip
2014-04-19 16:43 - 2014-04-19 16:43 - 02475617 _____ () C:\Users\Aleksandra\Desktop\peruka z opisem.zip
2014-04-19 16:43 - 2014-04-19 16:43 - 01504987 _____ () C:\Users\Aleksandra\Desktop\Flower.zip
2014-04-19 07:47 - 2014-04-13 20:15 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Peruki www
2014-04-19 05:38 - 2013-09-25 09:13 - 00000680 _____ () C:\Users\Aleksandra\AppData\Local\d3d9caps.dat
2014-04-18 19:00 - 2013-04-24 07:22 - 00002611 _____ () C:\Users\Aleksandra\Desktop\Word.lnk
2014-04-17 05:49 - 2014-02-23 10:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-17 05:48 - 2014-04-17 05:48 - 00001079 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-17 05:48 - 2014-02-23 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-17 05:48 - 2014-02-23 10:24 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-17 00:21 - 2014-04-16 17:42 - 00000819 _____ () C:\Users\Aleksandra\Desktop\Nowy dokument tekstowy.txt
2014-04-17 00:13 - 2014-03-05 21:09 - 00000000 ____D () C:\Users\Aleksandra\AppData\Roaming\Skype
2014-04-14 21:09 - 2013-05-02 16:43 - 00000000 ____D () C:\Users\Aleksandra\AppData\Local\Adobe
2014-04-14 18:02 - 2014-04-14 18:02 - 00000132 _____ () C:\Users\Aleksandra\AppData\Roaming\Preferencje formatu GIF CS6 firmy Adobe
2014-04-14 17:56 - 2014-04-12 19:46 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Nowy folder
2014-04-14 05:37 - 2006-11-02 17:21 - 05072568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-13 20:09 - 2013-04-23 10:48 - 00000000 ____D () C:\Users\Aleksandra\AppData\Roaming\Adobe
2014-04-13 20:09 - 2013-04-23 08:52 - 00132840 _____ () C:\Users\Aleksandra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-13 18:28 - 2014-04-13 18:28 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-13 18:28 - 2013-04-23 13:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-13 18:27 - 2014-04-13 18:27 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-04-13 18:27 - 2014-04-13 18:26 - 00000000 ____D () C:\Program Files\Adobe
2014-04-13 18:27 - 2014-04-13 18:20 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-13 18:26 - 2014-04-13 18:26 - 00001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-04-13 18:26 - 2013-04-24 18:31 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-13 18:23 - 2014-04-13 18:23 - 00001389 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-04-13 18:23 - 2014-04-13 18:23 - 00001227 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-04-13 18:21 - 2014-04-13 18:21 - 00354208 _____ () C:\Users\Aleksandra\AppData\Local\dd_vcredistMSI0BE5.txt
2014-04-13 18:21 - 2014-04-13 18:21 - 00011560 _____ () C:\Users\Aleksandra\AppData\Local\dd_vcredistUI0BE5.txt
2014-04-13 18:20 - 2014-04-13 18:20 - 00366252 _____ () C:\Users\Aleksandra\AppData\Local\dd_vcredistMSI0B6C.txt
2014-04-13 18:20 - 2014-04-13 18:20 - 00011592 _____ () C:\Users\Aleksandra\AppData\Local\dd_vcredistUI0B6C.txt
2014-04-13 10:19 - 2014-04-13 10:19 - 00000000 ____D () C:\Users\Aleksandra\Documents\RRR2
2014-04-13 10:18 - 2014-04-13 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-04-13 10:17 - 2014-04-13 10:17 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-04-13 10:17 - 2013-05-05 16:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-13 06:56 - 2014-04-13 06:56 - 00809318 _____ () C:\Users\Aleksandra\Downloads\blue_business_2.tar.gz
2014-04-13 05:50 - 2014-04-12 15:56 - 00000000 ____D () C:\Users\Aleksandra\Desktop\Peruki
2014-04-12 07:06 - 2014-04-12 07:05 - 00045230 _____ () C:\Users\Aleksandra\Documents\cc_20140412_070543.reg
2014-04-12 06:53 - 2013-04-23 19:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 09:33 - 2013-04-24 07:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 09:27 - 2013-07-24 21:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 09:22 - 2006-11-02 14:35 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-09 14:59 - 2014-04-05 17:34 - 00098577 _____ () C:\Users\Aleksandra\Desktop\badania.pptx
2014-04-09 14:56 - 2014-04-05 17:34 - 00544768 _____ () C:\Users\Aleksandra\Desktop\zielony.ppt
2014-04-09 10:29 - 2013-04-23 10:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-09 10:29 - 2013-04-23 10:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-09 10:29 - 2013-04-23 10:48 - 00003784 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-03 09:51 - 2014-04-27 06:19 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-27 06:19 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-27 06:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 20:30 - 2013-04-24 18:08 - 00000000 ____D () C:\Users\Aleksandra\Downloads\Compressed
2014-03-29 23:07 - 2013-04-23 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Aleksandra\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-27 18:42

==================== End Of Log ============================