Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015 Ran by DawidDamian (administrator) on DAMIANDAWID on 04-02-2015 15:18:14 Running from C:\Users\DawidDamian\Desktop\fr11 Loaded Profiles: DawidDamian (Available profiles: DawidDamian & UpdatusUser & Gość & DefaultAppPool) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (COMODO) C:\Program Files\COMODO\EasyVPN\crdphService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (COMODO) C:\Program Files\COMODO\EasyVPN\crdphService.exe (Lavasoft Limited ) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\COMODO\EasyVPN\Vpnservice.exe (ABBYY (BIT Software)) C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (FileZilla Project) C:\xampp\FileZillaFTP\FileZilla Server.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation) C:\Windows\System32\snmp.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Lavasoft Limited) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe () C:\Windows\tsnp325.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [] => [X] HKLM\...\Run: [tsnp325] => C:\Windows\tsnp325.exe [270336 2007-04-21] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...\Run: [RayV] => C:\Program Files\RayV\RayV\RayV.exe /background HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...\Run: [Comodo EasyVPN] => C:\Program Files\COMODO\EasyVPN\EasyVPN.exe [5288240 2010-12-27] (COMODO) HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...\MountPoints2: G - G:\setup.exe HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...\MountPoints2: H - H:\dvdcheck.exe HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...\MountPoints2: I - I:\setup.exe HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...\MountPoints2: {013673ab-4c16-11e0-9d2b-f430efba23e5} - G:\LaunchU3.exe -a HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...\MountPoints2: {4f5a0fc5-f014-11de-be10-806e6f6e6963} - E:\setup.exe HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...\MountPoints2: {a26ab081-f001-11de-814f-00241d59c812} - F:\Autorun.exe HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? BootExecute: autocheck autochk * lsdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [S-1-5-21-1172356088-3149085315-1547821400-1000] => Internet Explorer proxy is enabled. HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome URLSearchHook: HKLM - (No Name) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - No File URLSearchHook: HKLM - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File URLSearchHook: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File URLSearchHook: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 - (No Name) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - No File URLSearchHook: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> DefaultScope {8C9FA5F8-038E-489A-8996-65D8BA3253D4} URL = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7SUNC_plPL360 SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {09A8CE11-7438-4796-BC32-9D312D07FAB2} URL = http://www.allegro.pl/search.php?sg=0&string={searchTerms} SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=UT2V5&o=15158&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=UG&apn_dtid=&apn_uid=6F31CF47-C72D-4B79-A4FA-667B88AF9C3B&apn_sauid=C8E786EA-FC02-41F5-A048-E0F62201D0C5 SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=74f1ce7f00000000000002004c4f4f50&tlver=1.4.19.19&affID=17160 SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {8C9FA5F8-038E-489A-8996-65D8BA3253D4} URL = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7SUNC_plPL360 SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} URL = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {CA9C2542-E774-4502-AD7C-26F4DA93A323} URL = http://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {D2B4AD48-40FB-4F9F-AA52-FD10A0966B23} URL = http://pl.wikipedia.org/w/index.php?title=Specjalna:Szukaj&search={searchTerms} SearchScopes: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> {E78409DE-64C2-4383-BDDE-4DCE991419E1} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox BHO: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll No File BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - No File Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll No File Toolbar: HKLM - &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - D:\NetWorx\deskband.dll (SoftPerfect Research) Toolbar: HKLM - No Name - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No File Toolbar: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File Toolbar: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-1172356088-3149085315-1547821400-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No File DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F9F6A5CD-76C1-4BE7-8F49-5D4183F9FAC5} https://www.otineo.com/resources/com.otineo.survey.ui.personal.softphone.SoftphonePanel/OtineoSoftphone.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 89.161.65.246 89.161.65.247 Tcpip\..\Interfaces\{792A8DE6-5361-4B7D-B63C-A7E3F5265A42}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\DawidDamian\AppData\Roaming\Mozilla\Firefox\Profiles\n88ulxhy.default FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q= FF Homepage: hxxp://pl.msn.com/?pc=WLEM FF NetworkProxy: "no_proxies_on", "" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @rayv.com/rayvplugin -> C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll No File FF Plugin: @real.com/nppl3260;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll No File FF Plugin: @real.com/nprjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll No File FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.17 -> C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.17 -> C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npImagine.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF SearchPlugin: C:\Users\DawidDamian\AppData\Roaming\Mozilla\Firefox\Profiles\n88ulxhy.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml FF Extension: Add N Edit Cookies - C:\Users\DawidDamian\AppData\Roaming\Mozilla\Firefox\Profiles\n88ulxhy.default\Extensions\{038dc421-b19e-4711-a218-1fd10de9163b} [2011-06-12] FF Extension: Test Pilot - C:\Users\DawidDamian\AppData\Roaming\Mozilla\Firefox\Profiles\n88ulxhy.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-07-27] FF Extension: DownThemAll! - C:\Users\DawidDamian\AppData\Roaming\Mozilla\Firefox\Profiles\n88ulxhy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-09-25] FF Extension: Greasemonkey - C:\Users\DawidDamian\AppData\Roaming\Mozilla\Firefox\Profiles\n88ulxhy.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-27] FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2015-01-27] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-22] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKU\S-1-5-21-1172356088-3149085315-1547821400-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-12] CHR Extension: (Dokumenty Google) - C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-12] CHR Extension: (Dysk Google) - C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-12] CHR Extension: (YouTube) - C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-12] CHR Extension: (Szukaj w Google) - C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-12] CHR Extension: (Arkusze Google) - C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-12] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-12-12] CHR Extension: (Google Wallet) - C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12] CHR Extension: (Gmail) - C:\Users\DawidDamian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-12] CHR HKLM\...\Chrome\Extension: [clbfjfbnelcflpgpklppgplejolacbej] - C:\Program Files\BrowserCompanion\blabbers-ch.crx [Not Found] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY (BIT Software)) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 CrdphService; C:\Program Files\COMODO\EasyVPN\crdphService.exe [495920 2010-11-23] (COMODO) R2 EasyVpnAdpt; C:\Program Files\COMODO\EasyVPN\Vpnservice.exe [119088 2010-12-14] () S2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-03-02] () R2 FileZilla Server; C:\xampp\FileZillaFTP\FileZilla server.exe [1029776 2009-12-20] (FileZilla Project) S3 Futuremark SystemInfo Service; C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [128928 2010-11-11] (Futuremark Corporation) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1845096 2015-01-20] (LogMeIn Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 iprip; C:\Windows\System32\iprip.dll [29696 2009-07-14] (Microsoft Corporation) R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-22] (Lavasoft Limited ) [File not signed] R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-01-14] (LogMeIn, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2009-07-14] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-10] (Microsoft Corporation) S4 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X] S4 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25728 2009-02-05] (Google Inc) S3 ATP; C:\Windows\System32\DRIVERS\cmdatp.sys [17816 2010-12-13] (Comodo, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2009-11-25] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH) S3 cpuz134; C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG) R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-04] (Windows (R) 2000 DDK provider) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed] R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.) R3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-02-04] () R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB) R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.) R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.) R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.) R1 mbmiodrvr; C:\Windows\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com) [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 MpKsl51e35281; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B3F04D8-103E-420D-98B4-8DE3E9C6707C}\MpKsl51e35281.sys [39464 2015-02-04] (Microsoft Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [141824 2010-11-20] (Microsoft Corporation) S3 msloop; C:\Windows\System32\DRIVERS\loop.sys [5632 2009-07-14] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () R1 networx; C:\Windows\System32\drivers\networx.sys [51640 2011-04-15] (NetFilterSDK.com) S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [108160 2011-11-09] (TCL Communicate Incorporated) S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2009-11-09] (PowerISO Computing, Inc.) [File not signed] R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-12-23] () [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-06-16] (AnchorFree Inc) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex) U3 apbhalyc; C:\Windows\system32\Drivers\apbhalyc.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) S1 avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [X] S3 cpuvis; \??\C:\Program Files\My applications\cpuvis.sys [X] S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X] S3 RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 15:11 - 2015-02-04 15:18 - 00000000 ___DC () C:\Users\DawidDamian\Desktop\fr11 2015-01-29 23:37 - 2015-01-29 23:37 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-01-29 23:37 - 2015-01-29 23:37 - 00000000 ___DC () C:\Program Files\LogMeIn Hamachi 2015-01-27 23:17 - 2015-01-27 23:17 - 00000000 ___DC () C:\Program Files\Mozilla Firefox 2015-01-24 23:45 - 2015-01-24 23:45 - 00001117 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-24 23:45 - 2015-01-24 23:45 - 00001105 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-23 00:36 - 2015-01-23 00:37 - 00243664 ____C () C:\Users\Gość\Downloads\Firefox Setup Stub 35.0.exe 2015-01-13 23:44 - 2015-01-14 23:54 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\tlntsess.exe 2015-01-13 23:43 - 2015-01-14 23:41 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-13 23:43 - 2015-01-14 23:41 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-13 23:43 - 2015-01-14 23:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-13 23:43 - 2015-01-14 23:40 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-13 23:43 - 2015-01-14 23:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-13 23:43 - 2015-01-14 23:40 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 15:18 - 2014-12-26 01:08 - 00000000 ___DC () C:\FRST 2015-02-04 15:17 - 2009-07-14 05:34 - 00023584 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-04 15:17 - 2009-07-14 05:34 - 00023584 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-04 15:13 - 2011-09-18 10:47 - 01476213 ____C () C:\Windows\WindowsUpdate.log 2015-02-04 15:11 - 2011-06-09 12:48 - 00000720 ____C () C:\Windows\system32\VpnService.log 2015-02-04 15:11 - 2010-08-03 23:09 - 00000000 ___DC () C:\Users\DawidDamian\AppData\Local\LogMeIn Hamachi 2015-02-04 15:10 - 2010-07-05 16:00 - 00001042 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-04 15:10 - 2010-05-18 12:10 - 00017488 ____C (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys 2015-02-04 15:10 - 2010-04-24 16:56 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-02-04 15:10 - 2009-12-23 23:59 - 00000064 ____C () C:\service.log 2015-02-04 15:10 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-04 15:09 - 2014-09-25 07:57 - 00025602 ____C () C:\Windows\setupact.log 2015-02-04 15:09 - 2010-09-06 08:24 - 00645192 ____C () C:\aaw7boot.log 2015-02-04 15:09 - 2009-12-24 00:08 - 00000000 ___DC () C:\ProgramData\NVIDIA 2015-02-04 00:58 - 2010-07-05 16:00 - 00001046 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-04 00:24 - 2010-08-30 16:49 - 00000000 ___DC () C:\Program Files\Microsoft SQL Server 2015-02-04 00:01 - 2014-12-12 21:55 - 00002135 ____C () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-03 23:10 - 2012-03-02 11:45 - 00000000 ___DC () C:\Program Files\Opera 2015-02-03 23:04 - 2011-04-23 22:34 - 00000064 ____C () C:\Windows\system32\rp_stats.dat 2015-02-03 23:04 - 2011-04-23 22:34 - 00000044 ____C () C:\Windows\system32\rp_rules.dat 2015-02-03 23:02 - 2010-07-29 09:27 - 00000000 ___DC () C:\Users\Gość\AppData\Roaming\Skype 2015-02-03 23:01 - 2010-08-04 09:37 - 00000000 ___DC () C:\Users\Gość\AppData\Local\LogMeIn Hamachi 2015-02-03 19:41 - 2013-12-07 14:09 - 00000000 __SDC () C:\wrestle 2015-01-28 10:08 - 2012-06-16 20:54 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service 2015-01-25 10:29 - 2014-10-13 16:41 - 00003592 ____C () C:\Windows\PFRO.log 2015-01-14 23:53 - 2013-08-14 23:07 - 00000000 ___DC () C:\Windows\system32\MRT 2015-01-14 23:42 - 2009-12-28 11:24 - 110348472 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 11:32 - 2010-03-29 20:30 - 00026176 ___HC (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-01-10 21:26 - 2012-09-18 09:22 - 00001690 ____C () C:\Users\Gość\Desktop\flash player.txt 2015-01-08 10:23 - 2009-12-23 23:52 - 02017148 ____C () C:\Windows\system32\PerfStringBackup.INI 2015-01-08 10:23 - 2009-07-14 09:07 - 00868310 ____C () C:\Windows\system32\perfh015.dat 2015-01-08 10:23 - 2009-07-14 09:07 - 00206446 ____C () C:\Windows\system32\perfc015.dat ==================== Files in the root of some directories ======= 2010-11-24 23:15 - 2010-12-16 15:27 - 0000600 ____C () C:\Users\DawidDamian\AppData\Roaming\PUTTY.RND 2010-01-10 17:53 - 2010-08-07 19:17 - 0000600 ____C () C:\Users\DawidDamian\AppData\Roaming\winscp.rnd 2010-11-24 22:32 - 2010-12-16 15:27 - 0000600 ____C () C:\Users\DawidDamian\AppData\Local\PUTTY.RND 2010-12-24 17:30 - 2011-01-06 21:40 - 0000041 __SHC () C:\ProgramData\.zreglib 2009-12-26 19:20 - 2009-12-26 19:20 - 0000056 ___HC () C:\ProgramData\ezsidmv.dat 2009-12-27 20:10 - 2012-11-30 21:01 - 0018317 ____C () C:\ProgramData\hpzinstall.log 2010-02-13 17:54 - 2010-04-18 12:09 - 0000000 ____C () C:\ProgramData\LauncherAccess.dt Files to move or delete: ==================== C:\Users\DawidDamian\m2.exe C:\Users\DawidDamian\SafeDeviceDLL_1.196.dll C:\Users\DawidDamian\SkypeSetup.exe Some content of TEMP: ==================== C:\Users\DawidDamian\AppData\Local\Temp\InstallAX.exe C:\Users\DawidDamian\AppData\Local\Temp\setup.exe C:\Users\DawidDamian\AppData\Local\Temp\uninst1.exe C:\Users\DawidDamian\AppData\Local\Temp\wmfdist.exe C:\Users\Gość\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-28 12:00 ==================== End Of Log ============================