Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013 Ran by Rafał (administrator) on RAFAŁ-KOMPUTER on 05-09-2013 09:27:17 Running from C:\Users\Rafał\Desktop\1\fr Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (SafeNet Inc.) C:\Windows\system32\hasplms.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (SoftPerfect Research) G:\NetWorx\networx.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Rafał\AppData\Local\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-16] (Synaptics Incorporated) HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-16] (Synaptics) HKLM\...\Run: [NetWorx] - G:\NetWorx\networx.exe [4762000 2013-01-18] (SoftPerfect Research) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2012-09-06] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-09-06] (Lenovo (Beijing) Limited) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKCU\...\Policies\Explorer: [] HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG) AppInit_DLLs: C:\Windows\system32\nvinitx.dll, C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll c:\progra~2\nvidia~1\nvstre~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll ==================== Internet (Whitelisted) ==================== SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - G:\Dialux\DLXShellExtension.dll (DIAL GmbH, Germany) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - G:\MS Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - No File Handler-x32: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - G:\Dialux\DLXToolBox.dll (DIAL GmbH, Germany) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4E85B80A-B587-4850-B69A-BD9C73EA3B67}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Rafał\AppData\Roaming\Mozilla\Firefox\Profiles\fr8y7xq9.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - G:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - G:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Rafał\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Rafał\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF StartMenuInternet: FIREFOX.EXE - G:\Firefox\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.delta-search.com/?affID=1215612&babsrc=HP_ss&mntrId=508B00FFE90F417B CHR RestoreOnStartup: "hxxp://www.google.pl/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Rafa\u0142\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Rafa\u0142\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Rafa\u0142\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rafa\u0142\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Rafa\u0142\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U7) - G:\Java\bin\plugin2\npjp2.dll No File CHR Plugin: (Microsoft Office 2010) - G:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - G:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Extension: (YouTube Center) - C:\Users\RAFA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj\1.34.0_0 CHR Extension: (AdBlock) - C:\Users\RAFA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0 CHR Extension: (Clearly) - C:\Users\RAFA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\9.3374.689.453_0 CHR Extension: (Speed Dial 2) - C:\Users\RAFA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.7.0_0 CHR Extension: (League of Legends Events) - C:\Users\RAFA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfnfkjennojjkajjmghdgkibohcnefdk\0.50.4_0 CHR Extension: (Image Properties Context Menu) - C:\Users\RAFA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.6_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.) S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1839888 2013-01-15] (DIAL GmbH) R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () R2 hasplms; C:\Windows\system32\hasplms.exe [4883400 2011-10-18] (SafeNet Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation) R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [24064 2012-12-14] () R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-03-12] () R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-07] (Avira Operations GmbH & Co. KG) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-30] (DT Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [17136 2011-09-05] () S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [17136 2011-09-05] () R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.) R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project) S3 ATP; system32\DRIVERS\cmdatp.sys [x] S3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-05 09:07 - 2013-09-05 09:07 - 00000000 _____ C:\Users\Rafał\defogger_reenable 2013-09-05 09:04 - 2013-09-05 09:07 - 00000000 ____D C:\Users\Rafał\Desktop\1 2013-09-04 23:50 - 2013-09-05 00:29 - 301321656 _____ (Lenovo Group Limited ) C:\Users\Rafał\Desktop\0pbl08ww.exe 2013-09-03 17:50 - 2013-09-03 17:50 - 00338800 _____ C:\Users\Rafał\Desktop\YouTubeCenter.crx 2013-09-03 17:22 - 2013-09-03 17:24 - 00000000 ____D C:\Windows\system32\MRT 2013-09-03 17:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-09-03 17:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-09-03 17:18 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-09-03 17:18 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-09-03 17:18 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-09-03 17:18 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-09-03 17:18 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-09-03 17:18 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-09-03 17:18 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-09-03 17:18 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-09-03 17:18 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-09-03 17:18 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-09-03 17:18 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-09-03 17:18 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-09-03 17:18 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-09-03 17:18 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-14 12:31 - 2013-08-14 12:31 - 00000110 _____ C:\Windows\wininit.ini 2013-08-14 12:14 - 2013-08-14 13:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-14 12:14 - 2013-08-14 13:30 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2013-08-11 20:53 - 2013-08-11 20:53 - 00002562 _____ C:\Windows\diagwrn.xml 2013-08-11 20:53 - 2013-08-11 20:53 - 00001908 _____ C:\Windows\diagerr.xml 2013-08-11 12:48 - 2013-08-11 12:48 - 00001940 _____ C:\Users\Rafał\Desktop\DYSK_SMART.txt 2013-08-09 00:03 - 2013-08-09 00:03 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-09 00:03 - 2013-08-09 00:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-09 00:03 - 2013-08-09 00:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-09 00:03 - 2013-08-09 00:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-09 00:03 - 2013-08-09 00:03 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-06 11:30 - 2013-08-06 11:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ==================== One Month Modified Files and Folders ======= 2013-09-05 09:16 - 2009-07-14 06:45 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-05 09:16 - 2009-07-14 06:45 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-05 09:15 - 2011-04-12 15:21 - 00737980 _____ C:\Windows\system32\perfh015.dat 2013-09-05 09:15 - 2011-04-12 15:21 - 00154636 _____ C:\Windows\system32\perfc015.dat 2013-09-05 09:15 - 2009-07-14 07:13 - 01662556 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-05 09:12 - 2012-09-06 18:10 - 01715864 _____ C:\Windows\WindowsUpdate.log 2013-09-05 09:08 - 2013-07-08 11:27 - 00007018 _____ C:\Windows\setupact.log 2013-09-05 09:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-05 09:07 - 2013-09-05 09:07 - 00000000 _____ C:\Users\Rafał\defogger_reenable 2013-09-05 09:07 - 2013-09-05 09:04 - 00000000 ____D C:\Users\Rafał\Desktop\1 2013-09-05 09:07 - 2012-09-06 18:15 - 00000000 ____D C:\Users\Rafał 2013-09-05 00:29 - 2013-09-04 23:50 - 301321656 _____ (Lenovo Group Limited ) C:\Users\Rafał\Desktop\0pbl08ww.exe 2013-09-05 00:04 - 2012-09-06 23:00 - 00000000 ____D C:\Users\Rafał\AppData\Roaming\Skype 2013-09-05 00:03 - 2012-09-07 09:23 - 00000000 ____D C:\Users\Rafał\AppData\Roaming\foobar2000 2013-09-05 00:01 - 2012-09-07 21:33 - 00000000 ____D C:\Users\RAFA~1\AppData\Local\Last.fm 2013-09-04 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-09-04 15:03 - 2013-06-07 13:20 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-04 15:03 - 2013-06-07 13:19 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-04 15:03 - 2013-06-07 13:19 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-04 13:34 - 2012-09-07 22:28 - 00000000 ____D C:\Users\RAFA~1\AppData\Local\PMB Files 2013-09-03 20:40 - 2012-11-20 00:22 - 00000000 ___RD C:\Users\Rafał\Desktop\qwerty 2013-09-03 20:16 - 2012-09-07 22:28 - 00000000 ____D C:\ProgramData\PMB Files 2013-09-03 17:50 - 2013-09-03 17:50 - 00338800 _____ C:\Users\Rafał\Desktop\YouTubeCenter.crx 2013-09-03 17:24 - 2013-09-03 17:22 - 00000000 ____D C:\Windows\system32\MRT 2013-09-03 17:22 - 2012-09-06 20:46 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-03 17:02 - 2012-09-07 10:16 - 00000000 ____D C:\Users\RAFA~1\AppData\Local\Windows Live 2013-08-14 13:30 - 2013-08-14 12:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-14 13:30 - 2013-08-14 12:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2013-08-14 12:32 - 2013-07-18 09:54 - 00002944 _____ C:\Windows\PFRO.log 2013-08-14 12:31 - 2013-08-14 12:31 - 00000110 _____ C:\Windows\wininit.ini 2013-08-11 20:53 - 2013-08-11 20:53 - 00002562 _____ C:\Windows\diagwrn.xml 2013-08-11 20:53 - 2013-08-11 20:53 - 00001908 _____ C:\Windows\diagerr.xml 2013-08-11 20:53 - 2013-07-08 11:27 - 00000000 _____ C:\Windows\setuperr.log 2013-08-11 12:48 - 2013-08-11 12:48 - 00001940 _____ C:\Users\Rafał\Desktop\DYSK_SMART.txt 2013-08-09 15:09 - 2012-10-12 20:56 - 00000000 ____D C:\Users\Rafał\AppData\Roaming\uTorrent 2013-08-09 00:03 - 2013-08-09 00:03 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-09 00:03 - 2013-08-09 00:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-09 00:03 - 2013-08-09 00:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-09 00:03 - 2013-08-09 00:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-09 00:03 - 2013-08-09 00:03 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-09 00:03 - 2012-09-25 20:04 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-09 00:03 - 2012-09-25 20:04 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-08 23:55 - 2012-09-06 23:19 - 00000000 ____D C:\Users\RAFA~1\AppData\Local\Adobe 2013-08-08 23:55 - 2012-09-06 23:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-08 23:55 - 2012-09-06 23:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-06 11:30 - 2013-08-06 11:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-02 16:13 ==================== End Of Log ============================