Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013
Ran by Pracownia (administrator) on PRACOWNIA1 on 20-12-2013 06:44:18
Running from E:\Users\Pracownia\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Lectra) C:\Program Files (x86)\Lectra\Modaservice\modaserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Seagull Drivers] - ssdal_nc.exe startup
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Pracownia\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin [243360 2012-01-29] (Adobe Systems, Inc.)
MountPoints2: {8f8081c5-1f1a-11e1-9030-806e6f6e6963} - D:\RunCD.exe
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-19] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1382526881&from=cor&uid=ST500DM002-1BD142_Z2AFANG6XXXXZ2AFANG6
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1382526881&from=cor&uid=ST500DM002-1BD142_Z2AFANG6XXXXZ2AFANG6
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.triline.pl
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.triline.pl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1382526881&from=cor&uid=ST500DM002-1BD142_Z2AFANG6XXXXZ2AFANG6
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1382526881&from=cor&uid=ST500DM002-1BD142_Z2AFANG6XXXXZ2AFANG6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1382526881&from=cor&uid=ST500DM002-1BD142_Z2AFANG6XXXXZ2AFANG6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1382526881&from=cor&uid=ST500DM002-1BD142_Z2AFANG6XXXXZ2AFANG6
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=110000&tt=090212_ctrl&babsrc=SP_ss&mntrId=de83569500000000000000ffceae56cf
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=110000&tt=090212_ctrl&babsrc=SP_ss&mntrId=de83569500000000000000ffceae56cf
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pracownia\AppData\Roaming\Mozilla\Firefox\Profiles\y1pre0d9.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

Chrome: 
=======
CHR HomePage: hxxp://www.google.pl/
CHR RestoreOnStartup: "hxxp://www.google.pl/", "https://www.centrum24.pl/centrum24-web/login", "hxxp://www.mystardenim.com/", "hxxp://brucespringsteen.net/", "hxxp://www.polskieradio.pl/9,Trojka", "hxxp://www.polskieradio.pl/Player?id=-3"
CHR DefaultSearchKeyword: google.pl
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR StartMenuInternet: Google Chrome - C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Modaservice; C:\Program Files (x86)\Lectra\Modaservice\modaserv.exe [353528 2008-03-05] (Lectra)
R2 MSSQL$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S4 SQLAgent$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 HWiNFO32; C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [30592 2012-05-10] (REALiX(tm))
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-20 06:44 - 2013-12-20 06:44 - 00000000 ____D C:\FRST
2013-12-19 08:08 - 2013-12-20 06:21 - 00000000 ____D C:\Users\Pracownia\AppData\Roaming\newnext.me
2013-12-19 08:08 - 2013-12-20 06:21 - 00000000 ____D C:\Users\Pracownia\AppData\Local\genienext
2013-12-12 11:41 - 2009-12-07 15:41 - 00023552 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPM64S.dll
2013-12-12 11:41 - 2009-12-07 15:41 - 00020480 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPM64U.dll
2013-12-12 06:42 - 2013-12-12 06:42 - 00000000 ____D C:\usr
2013-12-07 13:12 - 2013-12-07 13:12 - 00000000 ____D C:\ProgramData\Seagull
2013-12-06 08:33 - 2013-12-06 08:41 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-05 16:38 - 2013-12-06 08:30 - 00001211 _____ C:\spam.log
2013-12-05 16:07 - 2013-12-06 08:30 - 00001697 _____ C:\nospam.log
2013-12-05 14:41 - 2013-12-20 06:41 - 00000000 ____D C:\Users\Pracownia\AppData\Local\Mobogenie
2013-12-05 14:41 - 2013-12-20 06:21 - 00000000 ____D C:\Users\Pracownia\AppData\Local\cache
2013-12-05 14:41 - 2013-12-18 17:00 - 00002446 _____ C:\Users\Pracownia\daemonprocess.txt
2013-12-05 14:41 - 2013-12-05 14:41 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-05 14:41 - 2013-12-05 14:41 - 00000000 ____D C:\Users\wangzhisong
2013-12-05 14:40 - 2013-12-20 06:36 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-05 14:40 - 2013-12-05 14:40 - 00000000 ____D C:\Users\Pracownia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-05 14:40 - 2013-12-05 14:40 - 00000000 ____D C:\ProgramData\Auslogics
2013-12-05 14:40 - 2013-12-05 14:40 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-11-22 09:42 - 2013-11-22 09:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-11-22 09:42 - 2013-11-22 09:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

==================== One Month Modified Files and Folders =======

2013-12-20 06:44 - 2013-12-20 06:44 - 00000000 ____D C:\FRST
2013-12-20 06:41 - 2013-12-05 14:41 - 00000000 ____D C:\Users\Pracownia\AppData\Local\Mobogenie
2013-12-20 06:41 - 2012-01-29 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 06:37 - 2013-04-11 13:36 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 06:36 - 2013-12-05 14:40 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-20 06:28 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 06:28 - 2009-07-14 05:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-20 06:27 - 2010-11-21 13:53 - 00192208 _____ C:\Windows\system32\perfc015.dat
2013-12-20 06:27 - 2010-11-21 13:53 - 00027930 _____ C:\Windows\system32\perfh015.dat
2013-12-20 06:27 - 2009-07-14 06:13 - 01107610 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 06:24 - 2013-11-18 11:17 - 00000000 ____D C:\ProgramData\MFAData
2013-12-20 06:24 - 2011-12-05 09:27 - 01204228 _____ C:\Windows\WindowsUpdate.log
2013-12-20 06:21 - 2013-12-19 08:08 - 00000000 ____D C:\Users\Pracownia\AppData\Roaming\newnext.me
2013-12-20 06:21 - 2013-12-19 08:08 - 00000000 ____D C:\Users\Pracownia\AppData\Local\genienext
2013-12-20 06:21 - 2013-12-05 14:41 - 00000000 ____D C:\Users\Pracownia\AppData\Local\cache
2013-12-20 06:21 - 2013-04-11 13:36 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 06:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 06:20 - 2009-07-14 05:51 - 00076028 _____ C:\Windows\setupact.log
2013-12-18 17:00 - 2013-12-05 14:41 - 00002446 _____ C:\Users\Pracownia\daemonprocess.txt
2013-12-14 09:37 - 2010-11-21 04:47 - 00160638 _____ C:\Windows\PFRO.log
2013-12-13 06:48 - 2009-07-14 05:45 - 00533984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 11:48 - 2012-01-28 11:34 - 00142424 _____ C:\Users\Pracownia\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-12 11:37 - 2012-01-29 16:53 - 00000000 ____D C:\Users\Pracownia\AppData\Roaming\Macromedia
2013-12-12 06:42 - 2013-12-12 06:42 - 00000000 ____D C:\usr
2013-12-11 02:39 - 2013-04-11 13:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-10 09:52 - 2012-02-08 13:19 - 00000000 ____D C:\Program Files\Kyocera
2013-12-07 13:12 - 2013-12-07 13:12 - 00000000 ____D C:\ProgramData\Seagull
2013-12-06 12:31 - 2013-04-11 13:36 - 00004050 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 12:31 - 2013-04-11 13:36 - 00003798 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 08:43 - 2011-12-05 09:45 - 00000000 ____D C:\ProgramData\G DATA
2013-12-06 08:43 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-06 08:41 - 2013-12-06 08:33 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-06 08:33 - 2012-01-29 13:46 - 00000000 ____D C:\Users\Pracownia\AppData\Roaming\Skype
2013-12-06 08:33 - 2012-01-29 13:46 - 00000000 ____D C:\ProgramData\Skype
2013-12-06 08:30 - 2013-12-05 16:38 - 00001211 _____ C:\spam.log
2013-12-06 08:30 - 2013-12-05 16:07 - 00001697 _____ C:\nospam.log
2013-12-05 14:41 - 2013-12-05 14:41 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-05 14:41 - 2013-12-05 14:41 - 00000000 ____D C:\Users\wangzhisong
2013-12-05 14:41 - 2012-01-19 11:34 - 00000000 ____D C:\Users\Pracownia
2013-12-05 14:40 - 2013-12-05 14:40 - 00000000 ____D C:\Users\Pracownia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-05 14:40 - 2013-12-05 14:40 - 00000000 ____D C:\ProgramData\Auslogics
2013-12-05 14:40 - 2013-12-05 14:40 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-11-22 09:42 - 2013-11-22 09:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-11-22 09:42 - 2013-11-22 09:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-11-22 09:42 - 2013-11-18 11:20 - 00001001 _____ C:\Users\Public\Desktop\AVG 2014.lnk

Some content of TEMP:
====================
C:\Users\Pracownia\AppData\Local\Temp\AskSLib.dll
C:\Users\Pracownia\AppData\Local\Temp\ICReinstall_FileZilla.exe
C:\Users\Pracownia\AppData\Local\Temp\ICReinstall_Setup.exe
C:\Users\Pracownia\AppData\Local\Temp\MSN4E21.exe
C:\Users\Pracownia\AppData\Local\Temp\NEventMessages.dll
C:\Users\Pracownia\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Pracownia\AppData\Local\Temp\ose00000.exe
C:\Users\Pracownia\AppData\Local\Temp\ptrmjj5e.dll
C:\Users\Pracownia\AppData\Local\Temp\ujrihkq5.dll
C:\Users\Pracownia\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Pracownia\AppData\Local\Temp\ztcd2nwt.dll
C:\Users\Pracownia\AppData\Local\Temp\_is435C.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 00:00

==================== End Of Log ============================