Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01 Ran by user (administrator) on KOSYNIEROW on 07-12-2014 17:23:11 Running from E:\Pobieranie Loaded Profile: user (Available profiles: user & Gość) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (Labtec Inc.) C:\WINDOWS\system32\LVCOMSX.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe () E:\Pobieranie\gmer\gmer.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-01-19] (Labtec Inc.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.) HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Agnitum <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) HKU\S-1-5-21-436374069-602162358-725345543-1003\...\Run: [GameXN GO] => "C:\Documents and Settings\All Users\Dane aplikacji\GameXN\GameXNGO.exe" /startup HKU\S-1-5-21-436374069-602162358-725345543-1003\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-436374069-602162358-725345543-1003\...\MountPoints2: {0e823c4c-c942-11e3-9853-001143a0bf5a} - F:\AutoRun.exe HKU\S-1-5-21-436374069-602162358-725345543-1003\...\MountPoints2: {30391f24-696e-11de-bbb5-bfffcb139e04} - F:\AutoRun.exe HKU\S-1-5-21-436374069-602162358-725345543-1003\...\MountPoints2: {427b2dfc-6988-11de-bbb6-e576eb75b673} - F:\AutoRun.exe HKU\S-1-5-21-436374069-602162358-725345543-1003\...\MountPoints2: {427b2dfd-6988-11de-bbb6-e576eb75b673} - F:\AutoRun.exe HKU\S-1-5-21-436374069-602162358-725345543-1003\...\MountPoints2: {5b7b0957-d58f-11dd-baaf-e117344cb63d} - F:\AutoRun.exe HKU\S-1-5-21-436374069-602162358-725345543-1003\...\MountPoints2: {bf46761a-ed4d-11e1-8181-efb75d0ab961} - F:\AutoRun.exe HKU\S-1-5-21-436374069-602162358-725345543-1003\...\MountPoints2: {cd4cab86-d590-11dd-bab0-bdc1d743a25e} - F:\AutoRun.exe HKU\S-1-5-21-436374069-602162358-725345543-1003\...\MountPoints2: {d9899bc3-fb4d-11dc-8cdc-806d6172696f} - E:\bootcd\wintools\autorun.exe HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-436374069-602162358-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKU\S-1-5-21-436374069-602162358-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-436374069-602162358-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-436374069-602162358-725345543-1003 -> DefaultScope {1B1B2210-0653-493E-A368-A428A9A0D92D} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&client=&rlz=1I7GGLL_pl SearchScopes: HKU\S-1-5-21-436374069-602162358-725345543-1003 -> {1B1B2210-0653-493E-A368-A428A9A0D92D} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&client=&rlz=1I7GGLL_pl SearchScopes: HKU\S-1-5-21-436374069-602162358-725345543-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={F0D664B6-39B9-479A-B597-4B7B62F8E53E}&mid=83b4ea7a936047d2a7e2d158054456a9-414d4818d856a5889f90ff84e1a594766956dc38&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-09 14:47:00&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKU\S-1-5-21-436374069-602162358-725345543-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275594779046 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/pi/components/SignActivX.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\ddwqc0ew.default FF SelectedSearchEngine: Allegro FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-436374069-602162358-725345543-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Extension: LastPass - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\ddwqc0ew.default\Extensions\support@lastpass.com [2014-12-07] FF Extension: Flashblock - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\ddwqc0ew.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011-09-05] FF Extension: Stealther - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\ddwqc0ew.default\Extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23} [2010-08-17] FF Extension: Adblock Plus - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\ddwqc0ew.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-07] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-12-23] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-03] Chrome: ======= CHR Profile: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28] CHR Extension: (Dysk Google) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28] CHR Extension: (YouTube) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-24] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-24] CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-12-07] CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01] CHR Extension: (Gmail) - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-12-23] (Sun Microsystems, Inc.) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [208896 2006-08-08] (Nero AG) [File not signed] R2 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-08-28] () [File not signed] S2 vToolbarUpdater18.1.10; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-11-09] (AVG Technologies) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed] S3 Jukebox3; C:\WINDOWS\System32\DRIVERS\ctpdusb.sys [17280 2006-01-19] (Creative Technology Ltd.) R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-04-01] (Labtec Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-07] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed] R3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [7072 2005-04-01] (Labtec Inc.) R3 PID_08A0; C:\WINDOWS\System32\DRIVERS\LV302AV.SYS [913280 2005-04-01] (Labtec Inc.) R1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [54368 2004-09-03] (Protection Technology) [File not signed] R0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [115680 2004-09-03] (Protection Technology) [File not signed] R0 prosync1; C:\WINDOWS\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology) [File not signed] S3 s3m; C:\WINDOWS\System32\DRIVERS\s3m.sys [166720 2001-08-17] (S3 Incorporated) R0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed] S0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [62208 2008-05-02] (Silicon Image, Inc.) [File not signed] S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-09-08] (Duplex Secure Ltd.) U5 Atmuni; C:\Windows\System32\Drivers\Atmuni.sys [352256 2001-08-17] (Microsoft Corporation) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 axliauob; \??\C:\DOCUME~1\user\USTAWI~1\Temp\axliauob.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 15:48 - 2014-12-07 15:48 - 00038492 _____ () C:\Documents and Settings\user\Pulpit\Extras.Txt 2014-12-07 15:39 - 2014-12-07 15:39 - 00116810 _____ () C:\Documents and Settings\user\Pulpit\OTL.Txt 2014-12-07 14:47 - 2014-12-07 17:23 - 00000000 ____D () C:\FRST 2014-12-07 11:38 - 2014-12-07 15:12 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-07 11:35 - 2014-12-07 11:35 - 00000791 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2014-12-07 11:35 - 2014-12-07 11:35 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-12-07 11:34 - 2014-12-07 11:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-12-07 11:34 - 2014-12-07 11:34 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-12-07 11:34 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-07 11:34 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-07 11:21 - 2014-12-07 11:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-07 11:21 - 2014-12-07 11:21 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Mozilla 2014-12-07 11:18 - 2014-12-07 11:23 - 00000000 ____D () C:\AdwCleaner 2014-12-07 11:18 - 2014-12-07 11:18 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-07 11:09 - 2014-12-07 11:09 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\AVG2015 2014-12-07 10:52 - 2014-12-07 10:52 - 00000746 _____ () C:\Documents and Settings\All Users\Pulpit\AVG 2015.lnk 2014-12-07 10:41 - 2014-12-07 10:56 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVG2015 2014-12-07 10:24 - 2014-12-07 14:04 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-12-07 10:24 - 2014-12-07 10:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$ 2014-12-07 10:24 - 2014-12-07 10:24 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell 2014-12-07 10:24 - 2014-12-07 10:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Windows PowerShell 1.0 2014-12-07 10:23 - 2014-12-07 10:23 - 00023032 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-12-07 08:20 - 2014-12-07 08:20 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Avg 2014-12-06 17:12 - 2014-12-06 17:22 - 00000115 _____ () C:\VO.log 2014-12-06 17:12 - 2014-12-06 17:12 - 00000000 _____ () C:\dxva.log 2014-12-06 17:11 - 2014-12-06 17:11 - 00000014 _____ () C:\WINDOWS\system32\sysxs6.sys 2014-12-06 17:11 - 2014-12-06 17:11 - 00000000 ____D () C:\Program Files\CloneDVD Studio 2014-12-06 17:11 - 2014-12-06 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CloneDVD Studio 2014-12-06 17:11 - 2014-12-06 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\CloneDVD Studio 2014-12-06 17:11 - 2012-08-28 16:12 - 00354816 _____ () C:\WINDOWS\system32\psisdecd.dll 2014-12-06 17:11 - 2012-08-28 16:12 - 00052224 _____ () C:\WINDOWS\system32\MSDvbNP.ax 2014-12-06 17:11 - 2012-08-28 16:12 - 00030208 _____ () C:\WINDOWS\system32\psisrndr.ax 2014-11-13 10:45 - 2014-12-07 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\IiddeNafom 2014-11-09 14:47 - 2014-12-07 08:11 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\AVG Web TuneUp 2014-11-09 14:47 - 2014-11-09 17:00 - 00127105 _____ () C:\WINDOWS\system32\debug.log 2014-11-09 14:47 - 2014-11-09 14:47 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\AVG Web TuneUp 2014-11-09 14:46 - 2014-11-09 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVG Web TuneUp 2014-11-09 14:46 - 2014-11-09 14:46 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys 2014-11-09 14:46 - 2014-11-09 14:46 - 00000000 ____D () C:\Program Files\AVG Web TuneUp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 17:24 - 2008-03-26 16:40 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Temp 2014-12-07 16:51 - 2010-02-06 12:15 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-07 16:04 - 2014-02-24 15:38 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2014-12-07 15:51 - 2010-02-06 12:15 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-07 15:50 - 2013-11-01 07:57 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\LastPass 2014-12-07 15:48 - 2008-03-26 16:40 - 00000000 ____D () C:\Documents and Settings\user\Pulpit 2014-12-07 14:06 - 2008-09-08 21:10 - 01469650 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-07 14:05 - 2014-03-30 16:35 - 00000220 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-12-07 14:05 - 2008-11-01 10:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-07 14:05 - 2008-09-09 20:52 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-07 14:05 - 2008-03-26 16:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-07 14:04 - 2014-02-24 15:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-12-07 14:04 - 2008-03-26 16:25 - 00032418 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-07 11:35 - 2008-03-26 17:01 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-12-07 11:35 - 2008-03-26 17:01 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-12-07 11:34 - 2008-03-26 17:01 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-12-07 11:30 - 2012-12-24 15:05 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\Media Player Classic 2014-12-07 11:23 - 2008-03-26 16:40 - 00000000 __RHD () C:\Documents and Settings\user\Dane aplikacji 2014-12-07 11:22 - 2008-09-21 20:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-07 11:11 - 2014-02-24 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVG2014 2014-12-07 11:11 - 2008-03-26 16:40 - 00000000 ___HD () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji 2014-12-07 11:09 - 2014-02-24 15:39 - 00000000 ____D () C:\Program Files\AVG 2014-12-07 11:06 - 2014-10-29 09:55 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Avg2015 2014-12-07 11:06 - 2014-02-24 15:40 - 00000000 ___HD () C:\$AVG 2014-12-07 11:05 - 2014-04-03 16:21 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\AVG 2014-12-07 10:49 - 2008-09-08 22:39 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-12-07 10:47 - 2008-03-26 16:25 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-12-06 17:05 - 2009-07-15 13:31 - 00000091 _____ () C:\WINDOWS\iPlayer.INI 2014-12-06 17:03 - 2008-09-26 19:56 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-12-06 16:52 - 2004-08-04 11:00 - 00002250 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-04 19:53 - 2008-09-08 23:05 - 00000056 _____ () C:\WINDOWS\Kulki.ini 2014-11-30 13:22 - 2014-09-20 18:29 - 00002267 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2014-11-19 21:05 - 2008-03-26 16:55 - 00000000 ____D () C:\WINDOWS\Help 2014-11-16 15:43 - 2009-02-07 10:04 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\Skype 2014-11-13 10:59 - 2013-07-24 20:37 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-11-13 10:52 - 2008-06-25 19:51 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-11-12 21:58 - 2008-03-26 17:02 - 01116558 ____C () C:\WINDOWS\system32\PerfStringBackup.INI 2014-11-12 21:58 - 2004-08-04 11:00 - 00499938 ____C () C:\WINDOWS\system32\perfh015.dat 2014-11-12 21:58 - 2004-08-04 11:00 - 00089244 ____C () C:\WINDOWS\system32\perfc015.dat 2014-11-09 14:33 - 2014-03-30 16:35 - 00000214 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job Some content of TEMP: ==================== C:\Documents and Settings\user\Ustawienia lokalne\Temp\Foxit Updater.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed