Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01 Ran by Korek (administrator) on KOREK-KOMPUTER on 23-06-2015 08:28:37 Running from C:\Users\Korek\Downloads Loaded Profiles: Korek (Available Profiles: Korek) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Users\Korek\AppData\Roaming\00000000-1434998750-0000-0000-406186C562FA\knse2DFB.tmpfs Failed to access process -> jnsb4DFC.tmp Failed to access process -> hnst6D3E.tmp Failed to access process -> RemoteEngine.exe Failed to access process -> snspF87D.tmp (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe () C:\ProgramData\Avg_Update_0215pit\AVG-Secure-Search-Update_0215pit.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Users\Korek\Downloads\t6zmvt0v.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM\...\Run: [NeroCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [ap] => C:\Program Files\Application Assistance\ap.exe [249856 2015-06-22] () HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3568612267-3032798025-2432032161-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-3568612267-3032798025-2432032161-1000\...\Run: [uTorrent] => C:\Users\Korek\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.) HKU\S-1-5-21-3568612267-3032798025-2432032161-1000\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3000704 2014-01-29] (ALLPlayer Group Ltd.) HKU\S-1-5-21-3568612267-3032798025-2432032161-1000\...\Run: [IPLA!] => C:\Program Files\ipla\ipla.exe [21360736 2014-12-12] (Redefine Sp z o.o.) HKU\S-1-5-21-3568612267-3032798025-2432032161-1000\...\Run: [ChomikBox] => C:\Program Files\ChomikBox\chomikbox.exe HKU\S-1-5-21-3568612267-3032798025-2432032161-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3568612267-3032798025-2432032161-1000\...\Run: [AVG-Secure-Search-Update_0215pit] => C:\Users\Korek\AppData\Roaming\Avg_Update_0215pit\AVG-Secure-Search-Update_0215pit.exe [2794520 2015-02-17] () HKU\S-1-5-21-3568612267-3032798025-2432032161-1000\...\MountPoints2: {e971d8c0-8e14-11e4-b049-806e6f6e6963} - E:\SPLASH.EXE Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2010-01-12] ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () Startup: C:\Users\Korek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-06-22] ShortcutTarget: crossbrowse.lnk -> C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91539763_hao_pg HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-3568612267-3032798025-2432032161-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91539763_hao_pg BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File BHO: Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-19] (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll No File BHO: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Korek\AppData\Local\PriceFountain\PriceFountainIE.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation) DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{9F961439-C909-45A1-BB2D-0EC1B37B1658}: [NameServer] 212.2.96.53,212.2.96.54 Tcpip\..\Interfaces\{B5BBEE0F-2046-4F89-BC22-CDCDDE33DB85}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Users\Korek\AppData\Roaming\Mozilla\Firefox\Profiles\5kphwxk6.default FF Homepage: hxxp://gotut.ru/?from=ic3ua FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3568612267-3032798025-2432032161-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-10-05] () FF user.js: detected! => C:\Users\Korek\AppData\Roaming\Mozilla\Firefox\Profiles\5kphwxk6.default\user.js [2015-05-13] FF Extension: Adblock Plus - C:\Users\Korek\AppData\Roaming\Mozilla\Firefox\Profiles\5kphwxk6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-17] Opera: ======= OPR Extension: (CinemaP-1.4) - C:\Users\Korek\AppData\Roaming\Opera Software\Opera Stable\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-08-11] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1526936 2015-06-05] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.) S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R2 hoviwuqo; C:\Users\Korek\AppData\Roaming\00000000-1434998750-0000-0000-406186C562FA\knse2DFB.tmpfs [X] R2 kysykiti; C:\Users\Korek\AppData\Local\00000000-1435006139-0000-0000-406186C562FA\snspF87D.tmp [X] R2 RemoteEngineService; C:\Program Files\VuuPC\remoteengine.exe [X] S2 VuuPCConnectivity; C:\Program Files\VuuPC\Connectivity.exe [X] R2 xoperoze; C:\Users\Korek\AppData\Roaming\00000000-1434998750-0000-0000-406186C562FA\jnsb4DFC.tmp [X] R2 zedepory; C:\Users\Korek\AppData\Roaming\00000000-1434998750-0000-0000-406186C562FA\hnst6D3E.tmp [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2014-11-19] () [File not signed] R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [57824 2015-04-14] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [227808 2015-05-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2014-11-19] () [File not signed] R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1174880 2012-02-14] (Ralink Technology Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-12-28] (Duplex Secure Ltd.) R3 TSSK; C:\Windows\System32\tssk.sys [67896 2015-06-22] (电脑管家) U3 ado7wit1; C:\Windows\system32\Drivers\ado7wit1.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) U3 aw14gowb; C:\Windows\system32\Drivers\aw14gowb.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [X] R1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMUdisk.sys [X] R4 TAOKernelDriver; System32\Drivers\TAOKernel.sys [X] R3 TS888; \??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TS888.sys [X] R4 TsFltMgr; system32\drivers\TsFltMgr.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U3 kwddykog; \??\C:\Users\Korek\AppData\Local\Temp\kwddykog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-23 08:28 - 2015-06-23 08:29 - 00013493 _____ C:\Users\Korek\Downloads\FRST.txt 2015-06-23 08:25 - 2015-06-23 08:28 - 00000000 ____D C:\FRST 2015-06-23 08:25 - 2015-06-23 08:25 - 01148928 _____ (Farbar) C:\Users\Korek\Downloads\FRST.exe 2015-06-23 08:19 - 2015-06-23 08:19 - 00380416 _____ C:\Users\Korek\Downloads\t6zmvt0v.exe 2015-06-23 08:04 - 2015-06-23 08:04 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys 2015-06-23 07:56 - 2015-06-23 07:56 - 00000534 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0215pit_RML.job 2015-06-22 23:21 - 2015-06-22 23:21 - 00000526 _____ C:\Windows\Tasks\AVG_SYS_TASK_0215pit.job 2015-06-22 23:21 - 2015-06-22 23:21 - 00000392 _____ C:\Windows\Tasks\AVG_SYS_TASK_0215pit_DELETE.job 2015-06-22 23:21 - 2015-06-22 23:21 - 00000000 ____D C:\Users\Korek\AppData\Roaming\Avg_Update_0215pit 2015-06-22 23:21 - 2015-06-22 23:21 - 00000000 ____D C:\ProgramData\Avg_Update_0215pit 2015-06-22 21:58 - 2015-06-23 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-22 21:57 - 2015-06-23 08:13 - 00000000 ____D C:\Users\Korek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-22 21:15 - 2015-06-22 21:15 - 00000000 ____D C:\Users\Korek\AppData\Roaming\AVG2015 2015-06-22 21:14 - 2015-06-22 21:14 - 00000925 _____ C:\Users\Public\Desktop\AVG 2015.lnk 2015-06-22 21:14 - 2015-06-22 21:14 - 00000000 ____D C:\Users\Korek\AppData\Roaming\TuneUp Software 2015-06-22 21:14 - 2015-06-22 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-06-22 21:14 - 2015-06-22 21:14 - 00000000 ____D C:\Program Files\Common Files\AV 2015-06-22 21:12 - 2015-06-22 21:32 - 00000000 ____D C:\ProgramData\AVG2015 2015-06-22 21:12 - 2015-06-22 21:12 - 00000000 ___HD C:\$AVG 2015-06-22 21:12 - 2015-06-22 21:12 - 00000000 ____D C:\ProgramData\TXQMPC 2015-06-22 21:11 - 2015-06-22 21:11 - 00000000 ____D C:\Program Files\AVG 2015-06-22 21:08 - 2015-06-23 08:21 - 00000000 ____D C:\ProgramData\MFAData 2015-06-22 21:08 - 2015-06-22 21:20 - 00000000 ____D C:\Users\Korek\AppData\Local\Avg2015 2015-06-22 21:08 - 2015-06-22 21:08 - 05017672 _____ (AVG Technologies) C:\Users\Korek\Downloads\avg_free_stb_all_2015_ltst_639.exe 2015-06-22 21:08 - 2015-06-22 21:08 - 00000000 ____D C:\Users\Korek\AppData\Local\MFAData 2015-06-22 21:00 - 2015-06-23 03:00 - 00001044 _____ C:\Windows\Tasks\Crossbrowse.job 2015-06-22 21:00 - 2015-06-22 21:35 - 00000000 ____D C:\Program Files\gmsd_pl_005010010 2015-06-22 21:00 - 2015-06-22 21:32 - 00000000 ____D C:\Users\Korek\AppData\Local\gmsd_pl_005010010 2015-06-22 20:57 - 2015-06-22 20:56 - 00067896 _____ (电脑管家) C:\Windows\system32\TSSK.sys 2015-06-22 20:56 - 2015-06-23 08:09 - 00000000 ____D C:\Users\Korek\AppData\Roaming\Tencent 2015-06-22 20:56 - 2015-06-22 21:57 - 00000000 ____D C:\Program Files\Common Files\Tencent 2015-06-22 20:56 - 2015-06-22 21:12 - 00000000 ____D C:\ProgramData\Tencent 2015-06-22 20:56 - 2015-06-22 20:56 - 00000000 ____D C:\Program Files\Tencent 2015-06-22 20:55 - 2015-06-22 20:55 - 00000000 ____D C:\Program Files\Application Assistance 2015-06-22 20:48 - 2015-06-22 20:48 - 00000000 ____D C:\Users\Korek\AppData\Roaming\ProductData 2015-06-22 20:47 - 2015-06-22 21:37 - 00000000 ____D C:\Program Files\VuuPC 2015-06-22 20:47 - 2015-06-22 20:47 - 00000000 ____D C:\Users\Korek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC 2015-06-22 20:47 - 2015-06-22 20:47 - 00000000 ____D C:\Users\Korek\AppData\Roaming\Apple Computer 2015-06-22 20:46 - 2015-06-23 07:59 - 00000000 ____D C:\Program Files\IObit 2015-06-22 20:46 - 2015-06-22 20:48 - 00000000 ____D C:\ProgramData\IObit 2015-06-22 20:46 - 2015-06-22 20:47 - 00000000 ____D C:\Users\Korek\AppData\Roaming\IObit 2015-06-22 20:46 - 2015-06-22 20:47 - 00000000 ____D C:\ProgramData\ProductData 2015-06-22 20:46 - 2015-06-22 20:46 - 00260876 _____ (VuuPC Limited) C:\Users\Korek\AppData\Local\nsjD296.tmp 2015-06-22 20:46 - 2015-06-22 20:46 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2015-06-22 20:46 - 2015-06-22 20:46 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2015-06-22 20:46 - 2015-06-22 20:46 - 00000000 ____D C:\Program Files\Common Files\IObit 2015-06-22 20:46 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-06-22 20:45 - 2015-06-22 22:46 - 00000000 ____D C:\Users\Korek\AppData\Roaming\00000000-1434998750-0000-0000-406186C562FA 2015-06-22 20:45 - 2015-06-22 20:45 - 00001883 ___RS C:\Users\Public\Desktop\Lеaguе оf Lеgends.lnk 2015-06-22 20:45 - 2015-06-22 20:45 - 00001840 ___RS C:\Users\Korek\Desktop\Wоrld of Tаnks.lnk 2015-06-22 20:45 - 2015-06-22 20:45 - 00001513 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхplоrer.lnk 2015-06-22 20:45 - 2015-06-22 20:45 - 00001451 ___RS C:\Users\Korek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Eхрlоrer.lnk 2015-06-22 20:45 - 2015-06-22 20:45 - 00001253 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firеfоx.lnk 2015-06-22 20:44 - 2015-06-22 20:45 - 00000000 ____D C:\Users\Korek\AppData\Roaming\Browsers 2015-06-22 20:44 - 2015-06-22 20:44 - 00000000 ____D C:\Users\Korek\AppData\Roaming\SPI 2015-06-18 22:42 - 2015-06-18 22:56 - 578250419 _____ C:\Users\Korek\Downloads\9.8.1 Gox Hack Pack for skills v0.15.rar 2015-06-18 22:14 - 2015-06-18 22:58 - 00000000 ____D C:\Users\Korek\Desktop\asd 2015-06-18 22:11 - 2015-06-18 22:11 - 00000000 ____D C:\Program Files\SkanerOnline 2015-06-18 21:52 - 2015-06-18 22:10 - 601186613 _____ C:\Users\Korek\Desktop\231 - сборка от Badboy.rar 2015-06-07 20:25 - 2015-06-07 20:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2015-06-04 17:20 - 2015-06-04 17:21 - 00000000 ____D C:\Users\Korek\Desktop\configs 2015-06-04 17:17 - 2015-06-04 17:17 - 08594370 _____ C:\Users\Korek\Downloads\xvm-6.1.2.zip 2015-06-03 09:59 - 2015-06-08 08:06 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-05-28 22:28 - 2011-09-16 03:12 - 733251584 _____ C:\Users\Korek\Desktop\Asterix i Obelix-misja kleopatra dubbing.pl.avi 2015-05-28 20:36 - 2015-05-28 20:37 - 22469529 _____ C:\Users\Korek\Downloads\LoretaiMods 0.9.5.ver.2.PL.exe 2015-05-26 14:17 - 2015-06-09 21:26 - 00000000 ____D C:\Users\Korek\Desktop\la ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-23 08:03 - 2013-12-14 19:32 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-23 08:00 - 2010-01-12 19:17 - 00109672 _____ C:\Users\Korek\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-23 07:46 - 2015-01-19 18:46 - 00000292 _____ C:\Windows\Tasks\Price Fountain.job 2015-06-22 21:34 - 2014-08-11 20:34 - 00000000 ____D C:\Program Files\CinemaP-1.4 2015-06-22 21:13 - 2010-01-12 07:18 - 01520650 _____ C:\Windows\WindowsUpdate.log 2015-06-22 20:57 - 2010-01-12 19:13 - 00000000 ____D C:\Users\Korek\AppData\Local\VirtualStore 2015-06-22 20:56 - 2013-12-23 15:34 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-06-22 20:52 - 2009-07-14 06:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-22 20:52 - 2009-07-14 06:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-22 20:45 - 2015-05-13 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-06-22 20:45 - 2015-05-01 12:03 - 00000000 ____D C:\Users\Korek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks 2015-06-22 20:45 - 2015-03-05 16:46 - 00000000 ____D C:\Users\Korek\Desktop\ELOPHANT 2015-06-22 20:45 - 2015-01-10 01:43 - 00000000 ____D C:\Users\Korek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Original War 2015-06-22 20:45 - 2013-12-14 23:56 - 00000000 ____D C:\Users\Korek\Desktop\PROGRAMY 2015-06-22 19:25 - 2014-10-02 23:38 - 00000000 ____D C:\Users\Korek\AppData\Local\SmartView2 2015-06-22 05:05 - 2009-07-14 06:39 - 01022377 _____ C:\Windows\setupact.log 2015-06-22 04:11 - 2015-01-19 19:46 - 00000085 _____ C:\Users\Korek\AppData\Roaming\WB.CFG 2015-06-19 10:06 - 2011-04-12 07:08 - 00739694 _____ C:\Windows\system32\perfh015.dat 2015-06-19 10:06 - 2011-04-12 07:08 - 00155268 _____ C:\Windows\system32\perfc015.dat 2015-06-19 10:06 - 2010-11-20 23:01 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-16 19:50 - 2014-07-12 20:00 - 00000000 ____D C:\Users\Korek\AppData\Roaming\Skype 2015-06-13 23:28 - 2014-11-24 22:40 - 00000000 ____D C:\Program Files\Tibia 2015-06-13 00:21 - 2013-12-29 23:10 - 00000000 ____D C:\Users\Korek\AppData\Roaming\uTorrent 2015-06-11 17:05 - 2013-12-14 19:32 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-11 17:05 - 2013-12-14 19:32 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-11 08:01 - 2014-01-03 19:48 - 00000000 ____D C:\Users\Korek\AppData\Roaming\ipla 2015-06-11 08:00 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-08 08:06 - 2014-08-15 18:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-08 08:06 - 2010-11-20 23:48 - 00029504 _____ C:\Windows\PFRO.log 2015-06-07 12:36 - 2015-01-05 16:51 - 00110080 ___SH C:\Users\Korek\Downloads\Thumbs.db 2015-06-04 17:00 - 2015-05-01 12:03 - 00000769 ____H C:\Users\Korek\Desktop\World of Tanks.lnk ==================== Files in the root of some directories ======= 2015-01-19 19:46 - 2015-06-22 04:11 - 0000085 _____ () C:\Users\Korek\AppData\Roaming\WB.CFG 2015-06-22 20:46 - 2015-06-22 20:46 - 0260876 _____ (VuuPC Limited) C:\Users\Korek\AppData\Local\nsjD296.tmp 2014-01-03 23:01 - 2014-01-03 23:01 - 0034018 _____ () C:\Users\Korek\AppData\Local\recently-used.xbel 2013-12-15 00:55 - 2014-04-26 21:07 - 0007607 _____ () C:\Users\Korek\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Korek\AppData\Local\Temp\CmdLineExt02.dll C:\Users\Korek\AppData\Local\Temp\FINALISE.exe C:\Users\Korek\AppData\Local\Temp\iobitdownloader_installcube.exe C:\Users\Korek\AppData\Local\Temp\ipl448D.tmp.exe C:\Users\Korek\AppData\Local\Temp\ipl4AF1.tmp.exe C:\Users\Korek\AppData\Local\Temp\jre-8u40-windows-au.exe C:\Users\Korek\AppData\Local\Temp\pps-qq-19.exe C:\Users\Korek\AppData\Local\Temp\qqpcmgr_v10.10.16434.218_72761_Silence.exe C:\Users\Korek\AppData\Local\Temp\SkypeSetup.exe C:\Users\Korek\AppData\Local\Temp\vuupc.exe C:\Users\Korek\AppData\Local\Temp\_is3E87.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-13 05:10 ==================== End of log ============================