Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by Marek (administrator) on MAREK-KOMPUTER on 27-05-2014 18:20:15 Running from C:\Walka z malware\FRST Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Windows\RAVCpl64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (OldTimer Tools) C:\Walka z malware\OTL\OTL.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe () C:\Program Files (x86)\Opera\21.0.1432.67\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6477344 2008-09-09] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-09] (Realtek Semiconductor Corp.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2734072273-1759551379-3911497705-1001\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: CHR Extension: (Dokumenty Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20] CHR Extension: (Dysk Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20] CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20] CHR Extension: (Szukaj w Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20] CHR Extension: (Google Wallet) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20] CHR Extension: (Dolka.ru) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheobeikgpfdjfnlnhinkcogflmkcmlc [2014-03-24] CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-20] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-03-20] (Avira Operations GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-03-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-03-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-03-20] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-03-20] (Avira Operations GmbH & Co. KG) R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] () R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-21] (Razer, Inc.) R3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1829016 2008-10-15] () R3 vhidmini; C:\Windows\System32\DRIVERS\ITEhidCIR.sys [12544 2008-01-24] (ITE Tech. Inc. ) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-27 18:18 - 2014-05-27 18:20 - 00000000 ____D () C:\FRST 2014-05-27 17:53 - 2014-05-27 17:54 - 00000000 ____D () C:\Walka z malware 2014-05-27 17:16 - 2014-05-27 17:16 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\Marek\Desktop\SPTDinst-v186-x64.exe 2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\NVIDIA 2014-05-24 00:22 - 2014-05-24 00:25 - 32730740 _____ () C:\Users\Marek\Desktop\MSIAfterburnerSetup300.zip 2014-05-19 17:32 - 2014-05-19 17:32 - 00015827 _____ () C:\ComboFix.txt 2014-05-19 12:36 - 2014-05-26 20:01 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software 2014-05-19 12:36 - 2014-05-26 20:00 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\NCH Software 2014-05-19 12:36 - 2014-05-26 20:00 - 00000000 ____D () C:\ProgramData\NCH Software 2014-05-19 12:36 - 2014-05-19 12:36 - 00001150 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk 2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-05-19 12:35 - 2014-05-19 12:36 - 00000000 ____D () C:\Program Files (x86)\NCH Software 2014-05-19 12:35 - 2014-05-19 12:35 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk 2014-05-19 12:35 - 2014-05-19 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-05-16 02:51 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-16 02:51 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-16 02:51 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-16 02:51 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-16 02:51 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-16 02:51 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 12:50 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 12:50 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 12:50 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 12:50 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 12:49 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 12:49 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 12:49 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 12:49 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 12:49 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 12:49 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 12:49 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 12:49 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 12:49 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 12:49 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 12:49 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 12:49 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 12:49 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 12:49 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 12:49 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 12:49 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 12:49 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 12:49 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 12:49 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 12:49 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 12:49 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 12:49 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 12:49 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 12:49 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 12:49 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 12:49 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 12:49 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 12:49 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 12:49 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 12:49 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-09 21:41 - 2014-05-19 17:32 - 00000000 ____D () C:\Qoobox 2014-05-09 21:41 - 2014-05-09 21:51 - 00000000 ____D () C:\Windows\erdnt 2014-05-09 21:41 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-09 21:41 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-09 21:41 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-09 21:41 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-09 21:41 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-09 21:41 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-09 21:41 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-09 21:41 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-09 21:30 - 2014-05-19 17:18 - 05200426 ____R (Swearware) C:\Users\Marek\Desktop\ComboFix.exe 2014-05-09 21:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-07 23:59 - 2013-11-24 15:21 - 00039236 _____ () C:\Users\Marek\Desktop\wand.dat 2014-05-06 21:51 - 2014-05-16 13:43 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-04 19:35 - 2014-05-04 19:35 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Curiolab 2014-05-04 17:52 - 2014-05-17 17:26 - 00000000 ____D () C:\Program Files (x86)\Exterminate It! 2014-05-04 17:52 - 2014-05-04 17:52 - 00001085 _____ () C:\Users\Public\Desktop\Exterminate It!.lnk 2014-05-04 17:52 - 2014-05-04 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It! 2014-05-04 17:20 - 2014-05-04 17:20 - 00000000 ____D () C:\Program Files\ExterminateIt 2014-05-04 16:32 - 2014-05-04 16:38 - 00000000 ____D () C:\ProgramData\Max Secure 2014-05-04 16:07 - 2014-05-04 20:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-04 16:07 - 2014-05-04 16:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-04 16:06 - 2014-05-05 14:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-05-04 16:05 - 2014-05-04 17:52 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\GetRightToGo 2014-05-02 13:46 - 2014-05-02 13:46 - 00000658 _____ () C:\Users\Marek\Desktop\zdjęcia — skrót.lnk ==================== One Month Modified Files and Folders ======= 2014-05-27 18:20 - 2014-05-27 18:18 - 00000000 ____D () C:\FRST 2014-05-27 18:08 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-27 18:08 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-27 18:00 - 2014-03-20 13:09 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-27 18:00 - 2014-03-06 02:04 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-27 18:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-27 18:00 - 2009-07-14 06:51 - 00029949 _____ () C:\Windows\setupact.log 2014-05-27 17:56 - 2014-03-06 00:13 - 01230457 _____ () C:\Windows\WindowsUpdate.log 2014-05-27 17:55 - 2014-04-02 19:05 - 00000000 ____D () C:\Users\Marek\Desktop\dokumenty 2014-05-27 17:54 - 2014-05-27 17:53 - 00000000 ____D () C:\Walka z malware 2014-05-27 17:45 - 2014-04-17 12:45 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-27 17:28 - 2014-03-20 13:09 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-27 17:16 - 2014-05-27 17:16 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\Marek\Desktop\SPTDinst-v186-x64.exe 2014-05-27 00:38 - 2014-03-24 16:45 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Skype 2014-05-26 20:01 - 2014-05-19 12:36 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software 2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\NVIDIA 2014-05-26 20:00 - 2014-05-19 12:36 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\NCH Software 2014-05-26 20:00 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\NCH Software 2014-05-25 01:59 - 2014-03-20 22:25 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\AIMP3 2014-05-24 00:25 - 2014-05-24 00:22 - 32730740 _____ () C:\Users\Marek\Desktop\MSIAfterburnerSetup300.zip 2014-05-20 22:49 - 2014-03-20 13:10 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-20 17:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-20 11:37 - 2014-03-06 11:44 - 00231900 _____ () C:\Windows\PFRO.log 2014-05-19 17:32 - 2014-05-19 17:32 - 00015827 _____ () C:\ComboFix.txt 2014-05-19 17:32 - 2014-05-09 21:41 - 00000000 ____D () C:\Qoobox 2014-05-19 17:28 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-19 17:18 - 2014-05-09 21:30 - 05200426 ____R (Swearware) C:\Users\Marek\Desktop\ComboFix.exe 2014-05-19 12:36 - 2014-05-19 12:36 - 00001150 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk 2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-05-19 12:36 - 2014-05-19 12:35 - 00000000 ____D () C:\Program Files (x86)\NCH Software 2014-05-19 12:35 - 2014-05-19 12:35 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk 2014-05-19 12:35 - 2014-05-19 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-05-19 00:36 - 2014-03-06 10:20 - 00086552 _____ () C:\Users\Marek\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-17 17:26 - 2014-05-04 17:52 - 00000000 ____D () C:\Program Files (x86)\Exterminate It! 2014-05-16 13:54 - 2014-03-26 22:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-16 13:47 - 2014-03-06 00:18 - 00000000 ___RD () C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 13:47 - 2014-03-06 00:18 - 00000000 ___RD () C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 13:43 - 2014-05-06 21:51 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-16 02:49 - 2014-03-06 02:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-16 02:47 - 2014-03-06 02:20 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-15 15:24 - 2014-04-01 16:44 - 00000000 ____D () C:\Users\Marek\AppData\Local\CrashDumps 2014-05-14 17:40 - 2014-03-24 22:22 - 00000000 ____D () C:\Users\Marek\AppData\Local\Adobe 2014-05-14 17:39 - 2014-04-17 12:45 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 17:39 - 2014-03-24 22:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 17:39 - 2014-03-24 22:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 12:42 - 2014-03-24 16:45 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-09 21:52 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-05-09 21:51 - 2014-05-09 21:41 - 00000000 ____D () C:\Windows\erdnt 2014-05-09 13:22 - 2014-03-20 13:09 - 00004042 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 13:22 - 2014-03-20 13:09 - 00003790 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 08:14 - 2014-05-14 12:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 12:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 07:14 - 2014-05-16 02:51 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 07:14 - 2014-05-16 02:51 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 05:48 - 2014-05-16 02:51 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:48 - 2014-05-16 02:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-06 05:37 - 2014-05-16 02:51 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:26 - 2014-05-16 02:51 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-05 14:47 - 2014-05-04 16:06 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-05-04 20:46 - 2014-05-04 16:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-04 20:08 - 2009-07-14 06:45 - 00343672 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-04 19:35 - 2014-05-04 19:35 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\Curiolab 2014-05-04 17:52 - 2014-05-04 17:52 - 00001085 _____ () C:\Users\Public\Desktop\Exterminate It!.lnk 2014-05-04 17:52 - 2014-05-04 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It! 2014-05-04 17:52 - 2014-05-04 16:05 - 00000000 ____D () C:\Users\Marek\AppData\Roaming\GetRightToGo 2014-05-04 17:20 - 2014-05-04 17:20 - 00000000 ____D () C:\Program Files\ExterminateIt 2014-05-04 16:38 - 2014-05-04 16:32 - 00000000 ____D () C:\ProgramData\Max Secure 2014-05-04 16:07 - 2014-05-04 16:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-04 15:56 - 2014-03-20 16:10 - 00000000 ____D () C:\ProgramData\WarThunder 2014-05-02 13:46 - 2014-05-02 13:46 - 00000658 _____ () C:\Users\Marek\Desktop\zdjęcia — skrót.lnk 2014-05-02 13:45 - 2014-04-02 19:05 - 00000000 ____D () C:\Users\Marek\Desktop\głupoty Some content of TEMP: ==================== C:\Users\Marek\AppData\Local\Temp\avgnt.exe C:\Users\Marek\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-20 17:02 ==================== End Of Log ============================