Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014 Ran by Paweł (administrator) on PAWEL-KOMPUTER on 06-06-2014 18:34:49 Running from C:\Users\Paweł\Downloads\frst 06,05 Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\Run: [AQQ] => C:\Program Files\MyPortal\AQQ\AQQ.exe [13138944 2014-04-22] (AQQ Sp. z o.o.) HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: H - H:\Installer.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {39eab762-5761-11e2-ac75-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {39eab765-5761-11e2-ac75-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {3dcd686e-be24-11e2-8df1-50b7c3133987} - F:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {3dcd6880-be24-11e2-8df1-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {5844e8e8-bcbd-11e2-9111-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {5844e8f4-bcbd-11e2-9111-50b7c3133988} - F:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {64a06418-5b34-11e2-9ccb-50b7c3133988} - H:\Startme.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {688e97c1-ba67-11e3-9d36-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {6f5aceaf-54b5-11e2-b786-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {72dc46e8-8627-11e3-88a6-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {72dc46ec-8627-11e3-88a6-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {7ddcc0e1-4b9d-11e2-a495-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {7ddcc0e6-4b9d-11e2-a495-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {85db84f5-8147-11e3-aeee-50b7c3133987} - E:\AutoRun.exe /s HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {86ceceb9-b660-11e2-bc71-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {aec9b645-4e79-11e2-aab0-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {b18d2eb6-8667-11e3-b719-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {ea045609-c6f5-11e2-9ef8-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {f5e5b3ac-c0d9-11e2-b373-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {f5e5b3b1-c0d9-11e2-b373-50b7c3133987} - E:\AutoRun.exe ==================== Internet (Whitelisted) ==================== BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ALLYouTubeDownloader - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 Tcpip\..\Interfaces\{78FA480C-FCDC-4799-8735-C1467563CE1C}: [NameServer]8.8.4.4,8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Paweł\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Extension: Widget context - C:\Users\Paweł\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2013-12-14] FF Extension: No Name - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2012-12-22] FF Extension: ALLYouTubeDownloader - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\Extensions\YouTubetoALL@ALLPlayer.org.xpi [2012-12-22] FF Extension: Adblock Plus - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-15] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG) S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-18] () S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164184 2012-04-18] (Intel Corporation) S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-03-09] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-25] (Avira Operations GmbH & Co. KG) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2008-09-26] (Huawei Technologies Co., Ltd.) S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation) S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation) S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 18:31 - 2014-06-06 18:33 - 00000023 _____ () C:\Users\Paweł\Desktop\Nowy dokument tekstowy.txt 2014-06-06 18:25 - 2014-06-06 18:26 - 00000000 ____D () C:\AdwCleaner 2014-06-06 18:03 - 2014-06-06 18:03 - 00003124 _____ () C:\windows\System32\Tasks\{21DAD052-0E2E-4C72-A546-9A0DC055090D} 2014-06-06 17:37 - 2014-06-06 18:34 - 00000000 ____D () C:\Users\Paweł\Downloads\frst 06,05 2014-06-06 17:09 - 2014-06-06 17:09 - 00000000 ____D () C:\Users\Paweł\Downloads\FRST-OlderVersion 2014-06-06 17:06 - 2014-06-06 17:08 - 00008519 _____ () C:\Users\Paweł\Downloads\fixlist.txt 2014-06-05 22:14 - 2014-06-05 22:15 - 01333465 _____ () C:\Users\Paweł\Downloads\adwcleaner_3.212.exe 2014-06-02 18:22 - 2014-06-02 18:22 - 02158417 _____ () C:\Users\Paweł\Downloads\AQQ-Radio.aqq 2014-06-02 17:59 - 2014-06-02 17:59 - 00000000 ____D () C:\Users\Paweł\AppData\Local\MyPortal 2014-06-02 17:58 - 2014-06-02 17:58 - 00000679 _____ () C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\AQQ.lnk 2014-06-02 17:58 - 2014-06-02 17:58 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPortal 2014-06-02 17:58 - 2014-06-02 17:58 - 00000000 ____D () C:\Program Files\MyPortal 2014-06-02 17:56 - 2014-06-02 17:57 - 07693819 _____ () C:\Users\Paweł\Downloads\AQQ_AC_26050-x64.exe 2014-06-01 13:56 - 2014-06-01 13:57 - 00003280 _____ () C:\Users\Paweł\Downloads\gmer.txt 2014-06-01 13:37 - 2014-06-01 13:37 - 00110000 _____ () C:\Users\Paweł\Downloads\Extras.Txt 2014-06-01 13:36 - 2014-06-01 13:36 - 00115282 _____ () C:\Users\Paweł\Downloads\OTL.Txt 2014-06-01 13:24 - 2014-06-01 13:24 - 00054605 _____ () C:\Users\Paweł\Downloads\Shortcut.txt 2014-06-01 13:22 - 2014-06-01 13:24 - 00030420 _____ () C:\Users\Paweł\Downloads\FRST.txt 2014-06-01 13:19 - 2014-06-01 13:24 - 00039334 _____ () C:\Users\Paweł\Downloads\Addition.txt 2014-06-01 13:17 - 2014-06-06 18:34 - 00000000 ____D () C:\FRST 2014-06-01 13:16 - 2014-06-06 17:09 - 02072576 _____ (Farbar) C:\Users\Paweł\Downloads\FRST64.exe 2014-06-01 13:13 - 2014-06-01 13:13 - 00602112 _____ (OldTimer Tools) C:\Users\Paweł\Downloads\OTL.exe 2014-06-01 13:13 - 2014-06-01 13:13 - 00380416 _____ () C:\Users\Paweł\Downloads\i4se93t3.exe 2014-05-31 23:48 - 2014-05-31 23:47 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2014-05-31 23:47 - 2014-05-31 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-31 23:47 - 2014-05-31 23:47 - 00000000 ____D () C:\Program Files\Java 2014-05-31 23:45 - 2014-05-31 23:47 - 30984104 _____ (Oracle Corporation) C:\Users\Paweł\Downloads\jre-7u60-windows-x64.exe 2014-05-27 14:29 - 2014-05-27 13:12 - 366852096 _____ () C:\Users\Paweł\Desktop\Heroes.S01E12.PL.HDTvRip.Xvid.Godsend.avi 2014-05-16 21:43 - 2014-05-16 23:46 - 00315392 _____ () C:\Users\Paweł\Downloads\Wsparcie ogniowe Anakonda.ppt 2014-05-15 19:17 - 2014-05-15 19:17 - 00000000 ____D () C:\Users\Paweł\Desktop\The.Soloist.2009.DVDRIP.XviD-ZEKTORM ==================== One Month Modified Files and Folders ======= 2014-06-06 18:35 - 2012-12-21 20:38 - 00000000 ____D () C:\Users\Paweł\AppData\Local\Temp 2014-06-06 18:34 - 2014-06-06 17:37 - 00000000 ____D () C:\Users\Paweł\Downloads\frst 06,05 2014-06-06 18:34 - 2014-06-01 13:17 - 00000000 ____D () C:\FRST 2014-06-06 18:34 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-06 18:34 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-06 18:33 - 2014-06-06 18:31 - 00000023 _____ () C:\Users\Paweł\Desktop\Nowy dokument tekstowy.txt 2014-06-06 18:31 - 2012-05-28 22:41 - 00698590 _____ () C:\windows\system32\perfh015.dat 2014-06-06 18:31 - 2012-05-28 22:41 - 00135410 _____ () C:\windows\system32\perfc015.dat 2014-06-06 18:31 - 2009-07-14 07:13 - 01551444 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-06 18:27 - 2012-05-28 07:15 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-06-06 18:27 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-06 18:27 - 2009-07-14 06:51 - 00126331 _____ () C:\windows\setupact.log 2014-06-06 18:26 - 2014-06-06 18:25 - 00000000 ____D () C:\AdwCleaner 2014-06-06 18:26 - 2010-11-21 05:47 - 00504128 _____ () C:\windows\PFRO.log 2014-06-06 18:11 - 2012-12-21 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-06 18:03 - 2014-06-06 18:03 - 00003124 _____ () C:\windows\System32\Tasks\{21DAD052-0E2E-4C72-A546-9A0DC055090D} 2014-06-06 18:01 - 2012-12-22 11:24 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-06 17:53 - 2012-12-22 11:24 - 00003868 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-06-06 17:52 - 2012-12-22 11:24 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-06-06 17:52 - 2012-12-22 11:24 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-06 17:51 - 2012-12-21 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-06 17:44 - 2012-12-21 21:10 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-06 17:44 - 2012-12-21 21:10 - 00001381 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-06 17:09 - 2014-06-06 17:09 - 00000000 ____D () C:\Users\Paweł\Downloads\FRST-OlderVersion 2014-06-06 17:09 - 2014-06-01 13:16 - 02072576 _____ (Farbar) C:\Users\Paweł\Downloads\FRST64.exe 2014-06-06 17:08 - 2014-06-06 17:06 - 00008519 _____ () C:\Users\Paweł\Downloads\fixlist.txt 2014-06-06 16:44 - 2013-07-08 21:32 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2666340739-2498256653-3035462964-1000UA.job 2014-06-06 16:44 - 2012-05-28 07:15 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-06-06 00:54 - 2013-10-02 18:54 - 00000183 _____ () C:\Users\Paweł\AppData\Roaming\WB.CFG 2014-06-05 22:20 - 2013-02-18 20:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-06-05 22:15 - 2014-06-05 22:14 - 01333465 _____ () C:\Users\Paweł\Downloads\adwcleaner_3.212.exe 2014-06-05 22:12 - 2013-07-08 21:32 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2666340739-2498256653-3035462964-1000Core.job 2014-06-02 18:23 - 2013-08-02 14:17 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\GG 2014-06-02 18:22 - 2014-06-02 18:22 - 02158417 _____ () C:\Users\Paweł\Downloads\AQQ-Radio.aqq 2014-06-02 17:59 - 2014-06-02 17:59 - 00000000 ____D () C:\Users\Paweł\AppData\Local\MyPortal 2014-06-02 17:58 - 2014-06-02 17:58 - 00000679 _____ () C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\AQQ.lnk 2014-06-02 17:58 - 2014-06-02 17:58 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPortal 2014-06-02 17:58 - 2014-06-02 17:58 - 00000000 ____D () C:\Program Files\MyPortal 2014-06-02 17:57 - 2014-06-02 17:56 - 07693819 _____ () C:\Users\Paweł\Downloads\AQQ_AC_26050-x64.exe 2014-06-01 14:05 - 2013-02-28 12:40 - 00000000 ____D () C:\windows\Minidump 2014-06-01 14:04 - 2012-12-21 19:29 - 00321350 ____N () C:\windows\Minidump\060114-47159-01.dmp 2014-06-01 13:57 - 2014-06-01 13:56 - 00003280 _____ () C:\Users\Paweł\Downloads\gmer.txt 2014-06-01 13:37 - 2014-06-01 13:37 - 00110000 _____ () C:\Users\Paweł\Downloads\Extras.Txt 2014-06-01 13:36 - 2014-06-01 13:36 - 00115282 _____ () C:\Users\Paweł\Downloads\OTL.Txt 2014-06-01 13:24 - 2014-06-01 13:24 - 00054605 _____ () C:\Users\Paweł\Downloads\Shortcut.txt 2014-06-01 13:24 - 2014-06-01 13:22 - 00030420 _____ () C:\Users\Paweł\Downloads\FRST.txt 2014-06-01 13:24 - 2014-06-01 13:19 - 00039334 _____ () C:\Users\Paweł\Downloads\Addition.txt 2014-06-01 13:13 - 2014-06-01 13:13 - 00602112 _____ (OldTimer Tools) C:\Users\Paweł\Downloads\OTL.exe 2014-06-01 13:13 - 2014-06-01 13:13 - 00380416 _____ () C:\Users\Paweł\Downloads\i4se93t3.exe 2014-06-01 12:27 - 2012-05-28 23:05 - 01125608 _____ () C:\windows\WindowsUpdate.log 2014-05-31 23:47 - 2014-05-31 23:48 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2014-05-31 23:47 - 2014-05-31 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-31 23:47 - 2014-05-31 23:47 - 00000000 ____D () C:\Program Files\Java 2014-05-31 23:47 - 2014-05-31 23:45 - 30984104 _____ (Oracle Corporation) C:\Users\Paweł\Downloads\jre-7u60-windows-x64.exe 2014-05-27 14:20 - 2013-04-04 00:18 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-27 14:20 - 2013-04-04 00:18 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-27 13:12 - 2014-05-27 14:29 - 366852096 _____ () C:\Users\Paweł\Desktop\Heroes.S01E12.PL.HDTvRip.Xvid.Godsend.avi 2014-05-21 18:07 - 2014-03-09 10:52 - 00000000 ____D () C:\Users\Paweł\Desktop\AON przejazdy 2014-05-16 23:46 - 2014-05-16 21:43 - 00315392 _____ () C:\Users\Paweł\Downloads\Wsparcie ogniowe Anakonda.ppt 2014-05-15 19:17 - 2014-05-15 19:17 - 00000000 ____D () C:\Users\Paweł\Desktop\The.Soloist.2009.DVDRIP.XviD-ZEKTORM Some content of TEMP: ==================== C:\Users\Paweł\AppData\Local\Temp\avgnt.exe C:\Users\Paweł\AppData\Local\Temp\htmlayout.dll C:\Users\Paweł\AppData\Local\Temp\Quarantine.exe C:\Users\Paweł\AppData\Local\Temp\t.dll C:\Users\Paweł\AppData\Local\Temp\uninstall-updater817185.exe C:\Users\Paweł\AppData\Local\Temp\uninstall832427.exe C:\Users\Paweł\AppData\Local\Temp\uninstall832458.exe C:\Users\Paweł\AppData\Local\Temp\uninstall832474.exe C:\Users\Paweł\AppData\Local\Temp\uninstall924269.exe C:\Users\Paweł\AppData\Local\Temp\uninstall929124.exe C:\Users\Paweł\AppData\Local\Temp\uninstall929140.exe C:\Users\Paweł\AppData\Local\Temp\uninstall929187.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-30 16:13 ==================== End Of Log ============================