Undziak

Members

View Profile See their activity

Posts
12
Joined
May 4, 2014
Last visited
May 31, 2014

Reputation

0 Neutral

Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

Yes, the problem disappeared, thank you very much for your help.
- May 18, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

I didn't notice any errors. ComboFix 14-05-16.01 - User 2014-05-17 12:12:40.4.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.4094.2825 [GMT 2:00]Uruchomiony z: c:\users\User\Desktop\ComboFix.exeUżyto następujących komend :: c:\users\User\Desktop\CFScript.txtAV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania..((((((((((((((((((((((((( Pliki utworzone od 2014-04-17 do 2014-05-17 )))))))))))))))))))))))))))))))..2014-05-17 10:20 . 2014-05-17 10:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-05-17 10:20 . 2014-05-17 10:20 -------- d-----w- c:\users\Default\AppData\Local\temp2014-05-15 19:02 . 2014-05-15 19:02 17938608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2014-05-14 09:04 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll2014-05-14 09:04 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll2014-05-14 09:03 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb2014-05-14 09:03 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-09 14:54 . 2014-05-09 14:54 -------- d-----w- c:\program files (x86)\ESET2014-05-09 14:45 . 2014-05-09 14:45 -------- d-----w- c:\windows\ERUNT2014-05-09 14:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-05-08 17:17 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll2014-05-08 17:17 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2014-05-07 18:12 . 2014-05-07 18:12 -------- d-----w- c:\users\User\AppData\Local\NVIDIA2014-05-07 18:04 . 2014-05-14 20:27 -------- d-s---w- c:\windows\system32\CompatTel2014-05-07 18:03 . 2014-05-07 18:03 -------- d-----w- c:\users\User\AppData\Local\CrashDumps2014-05-07 16:19 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll2014-05-07 16:19 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys2014-05-07 16:19 . 2014-05-07 16:19 -------- d-----w- c:\users\UpdatusUser.User-Komputer2014-05-07 16:19 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll2014-05-07 16:19 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll2014-05-07 16:19 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll2014-05-07 16:19 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll2014-05-07 16:18 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe2014-05-07 16:02 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll2014-05-07 16:02 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll2014-05-07 16:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2014-05-07 16:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2014-05-04 19:38 . 2014-05-08 20:35 -------- d-----w- C:\FRST2014-05-04 17:28 . 2014-05-04 17:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-05-04 17:28 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-04 17:28 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-04 17:28 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-04 17:25 . 2014-05-04 17:25 -------- d-----w- c:\program files (x86)\VS Revo Group2014-05-03 16:39 . 2014-05-10 18:34 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-03 16:39 . 2014-05-03 16:39 -------- d-----w- c:\programdata\Malwarebytes2014-05-03 16:33 . 2014-05-03 16:33 -------- d-----w- c:\program files (x86)\CrystalDiskInfo2014-05-03 13:00 . 2014-05-03 13:00 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS2014-05-03 11:37 . 2014-05-03 11:37 25640 ----a-w- c:\windows\etdrv.sys2014-05-03 11:31 . 2014-05-04 16:56 30528 ----a-w- c:\windows\GVTDrv64.sys2014-05-03 11:31 . 2014-05-04 16:55 25640 ----a-w- c:\windows\gdrv.sys2014-05-03 11:27 . 2014-05-03 11:27 -------- d-sh--w- c:\users\User\AppData\Local\EmieUserList2014-05-03 11:27 . 2014-05-03 11:27 -------- d-sh--w- c:\users\User\AppData\Local\EmieSiteList2014-05-03 11:26 . 2014-05-03 11:26 -------- d-----w- c:\program files (x86)\GIGABYTE2014-05-03 11:26 . 2014-05-03 11:26 -------- d-----w- c:\program files (x86)\AMD2014-05-03 11:26 . 2014-05-03 11:26 -------- d-----w- c:\users\User\AppData\Roaming\AdobeUM2014-05-03 11:04 . 2014-05-03 11:04 -------- d-----w- c:\program files\CPUID2014-05-03 10:55 . 2014-05-03 14:36 -------- d-----w- c:\program files (x86)\SpeedFan2014-04-20 12:54 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-04-18 13:01 . 2014-04-18 13:01 237336 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys...(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-15 19:03 . 2013-02-25 19:32 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-15 19:03 . 2011-06-09 13:45 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-14 09:01 . 2011-01-15 18:07 93223848 ----a-w- c:\windows\system32\MRT.exe2014-04-28 18:36 . 2012-11-08 15:43 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2014-03-31 14:20 . 2014-03-31 14:20 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys2014-03-31 14:06 . 2014-03-31 14:06 130840 ----a-w- c:\windows\system32\drivers\avgmfx64.sys2014-03-27 20:14 . 2014-03-27 20:14 192792 ----a-w- c:\windows\system32\drivers\avgidsha.sys2014-03-27 20:14 . 2014-03-27 20:14 153368 ----a-w- c:\windows\system32\drivers\avgdiska.sys2014-03-27 20:07 . 2014-03-27 20:07 236824 ----a-w- c:\windows\system32\drivers\avgldx64.sys2014-03-27 20:05 . 2014-03-27 20:05 324376 ----a-w- c:\windows\system32\drivers\avgloga.sys2014-03-27 20:03 . 2014-03-27 20:03 32536 ----a-w- c:\windows\system32\drivers\avgrkx64.sys2014-03-20 21:03 . 2014-03-20 21:03 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2014-03-20 21:03 . 2010-07-30 00:33 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll2014-03-20 21:03 . 2014-03-20 21:03 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll2014-03-20 21:03 . 2014-03-20 21:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll2014-03-20 21:02 . 2014-03-20 21:02 31474976 ----a-w- c:\windows\system32\nvoglv64.dll2014-03-20 21:02 . 2014-03-20 21:02 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll2014-03-20 21:02 . 2014-03-20 21:02 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2014-03-20 21:02 . 2014-03-20 21:02 892704 ----a-w- c:\windows\system32\NvIFR64.dll2014-03-20 21:02 . 2014-03-20 21:02 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll2014-03-20 21:02 . 2014-03-20 21:02 877856 ----a-w- c:\windows\system32\NvFBC64.dll2014-03-20 21:02 . 2014-03-20 21:02 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll2014-03-20 21:02 . 2014-03-20 21:02 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll2014-03-20 21:02 . 2014-03-20 21:02 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll2014-03-20 21:02 . 2014-03-20 21:02 3143456 ----a-w- c:\windows\system32\nvcuvid.dll2014-03-20 21:02 . 2014-03-20 21:02 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll2014-03-20 21:02 . 2010-07-30 00:33 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll2014-03-20 21:02 . 2014-03-20 21:02 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll2014-03-20 21:02 . 2014-03-20 21:02 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll2014-03-20 21:02 . 2014-03-20 21:02 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll2014-03-20 21:02 . 2014-03-20 21:02 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2014-03-20 21:02 . 2014-03-20 21:02 11636176 ----a-w- c:\windows\system32\nvcuda.dll2014-03-20 21:02 . 2014-03-20 21:02 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll2014-03-20 21:02 . 2014-03-20 21:02 25255256 ----a-w- c:\windows\system32\nvcompiler.dll2014-03-20 21:02 . 2010-07-30 00:33 3093280 ----a-w- c:\windows\system32\nvapi64.dll2014-03-20 21:02 . 2014-03-20 21:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll2014-03-04 13:06 . 2012-11-13 16:51 6714312 ----a-w- c:\windows\system32\nvcpl.dll2014-03-04 13:06 . 2012-11-13 16:51 3497816 ----a-w- c:\windows\system32\nvsvc64.dll2014-03-04 13:05 . 2012-11-13 16:51 922968 ----a-w- c:\windows\system32\nvvsvc.exe2014-03-04 13:05 . 2012-11-13 16:51 64968 ----a-w- c:\windows\system32\nvshext.dll2014-03-04 13:05 . 2012-11-13 16:51 2558808 ----a-w- c:\windows\system32\nvsvcr.dll2014-03-04 13:05 . 2012-11-13 16:51 386336 ----a-w- c:\windows\system32\nvmctray.dll2014-03-04 09:44 . 2014-04-09 08:47 362496 ----a-w- c:\windows\system32\wow64win.dll2014-03-04 09:44 . 2014-04-09 08:47 243712 ----a-w- c:\windows\system32\wow64.dll2014-03-04 09:44 . 2014-04-09 08:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll2014-03-04 09:44 . 2014-04-09 08:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll2014-03-04 09:44 . 2014-04-09 08:47 1163264 ----a-w- c:\windows\system32\kernel32.dll2014-03-04 09:17 . 2014-04-09 08:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2014-03-04 09:17 . 2014-04-09 08:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll2014-03-04 09:16 . 2014-04-09 08:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe2014-03-04 09:16 . 2014-04-09 08:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll2014-03-04 08:09 . 2014-04-09 08:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe2014-03-04 08:09 . 2014-04-09 08:47 2048 ----a-w- c:\windows\SysWow64\user.exe..((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-06 5180432]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"iTunesHelper"="d:\gry\iTunes\iTunesHelper.exe" [2014-02-21 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [x]R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]S2 avgfws;Zapora AVG;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 WTService;WTService;c:\windows\System32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x]S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-16 19:17 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe.Zawartość folderu 'Zaplanowane zadania'.2014-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 19:03].2014-05-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000Core.job- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29 15:24].2014-05-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000UA.job- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29 15:24].2014-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 08:05].2014-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 08:05]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064].------- Skan uzupełniający -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.commStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localmSearchAssistant = hxxp://www.google.commCustomizeSearch = hxxp://www.google.comIE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000IE: ????3?? - c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htmIE: ????3?????? - c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htmIE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnkTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\.- - - - USUNIĘTO PUSTE WPISY - - - -.AddRemove-Browsers Protector - c:\program files (x86)\Browsers Protector\uninstall.exeAddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exeAddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE...--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a, 36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60, bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0, 7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1"{46897C77-E7A6-4C33-BFFB-E9C2E2718942}"=hex:51,66,7a,6c,4c,1d,38,12,19,7f,9a, 42,94,a9,5d,09,c0,ed,aa,82,e7,2f,cd,56"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0, 7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0}"=hex:51,66,7a,6c,4c,1d,38,12,8d,d0,63, b4,f2,b0,b7,02,f1,9c,da,94,eb,ed,97,a4"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85"{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}"=hex:51,66,7a,6c,4c,1d,38,12,a1,96,f9, b9,d4,be,8e,04,c2,2b,f3,4f,3c,fa,ad,2d"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:00,88,0f,8f,3c,26,cd,01.[HKEY_USERS\S-1-5-21-3424204967-3351298522-564494906-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]@="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm""contexts"=dword:00000022.[HKEY_USERS\S-1-5-21-3424204967-3351298522-564494906-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]@="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm""contexts"=dword:000000f3.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Czas ukończenia: 2014-05-17 12:22:34ComboFix-quarantined-files.txt 2014-05-17 10:22ComboFix2.txt 2014-05-11 20:24ComboFix3.txt 2014-05-10 18:10ComboFix4.txt 2014-05-02 17:20.Przed: 16 908 087 296 bajtów wolnychPo: 18 297 364 480 bajtów wolnych.- - End Of File - - D539405653DB0E598187128A419B38CDA36C5E4F47E84449FF07ED3517B43A31
- May 17, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

There it is. Is it now okay? ComboFix 14-05-10.01 - User 2014-05-11 22:14:26.3.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.4094.2546 [GMT 2:00] Uruchomiony z: c:\users\User\Desktop\ComboFix.exe Użyto następujących komend :: c:\users\User\Desktop\CFScript.txt AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\User\AppData\Roaming\FlashGetBHO c:\users\User\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll c:\users\User\AppData\Roaming\FlashGetBHO\FlashGetHook.dll c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm . . ((((((((((((((((((((((((( Pliki utworzone od 2014-04-11 do 2014-05-11 ))))))))))))))))))))))))))))))) . . 2014-05-11 20:22 . 2014-05-11 20:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-05-11 20:22 . 2014-05-11 20:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-09 14:54 . 2014-05-09 14:54 -------- d-----w- c:\program files (x86)\ESET 2014-05-09 14:45 . 2014-05-09 14:45 -------- d-----w- c:\windows\ERUNT 2014-05-09 14:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-05-08 17:17 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-05-08 17:17 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll 2014-05-07 18:12 . 2014-05-07 18:12 -------- d-----w- c:\users\User\AppData\Local\NVIDIA 2014-05-07 18:04 . 2014-05-07 18:04 -------- d-s---w- c:\windows\system32\CompatTel 2014-05-07 18:03 . 2014-05-07 18:03 -------- d-----w- c:\users\User\AppData\Local\CrashDumps 2014-05-07 16:19 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-05-07 16:19 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2014-05-07 16:19 . 2014-05-07 16:19 -------- d-----w- c:\users\UpdatusUser.User-Komputer 2014-05-07 16:19 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll 2014-05-07 16:19 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll 2014-05-07 16:19 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll 2014-05-07 16:19 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll 2014-05-07 16:18 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-05-07 16:02 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-05-07 16:02 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-05-07 16:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2014-05-07 16:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-05-07 15:55 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll 2014-05-07 15:55 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-05-04 19:38 . 2014-05-08 20:35 -------- d-----w- C:\FRST 2014-05-04 17:28 . 2014-05-04 17:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-05-04 17:28 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-04 17:28 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-04 17:28 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-04 17:25 . 2014-05-04 17:25 -------- d-----w- c:\program files (x86)\VS Revo Group 2014-05-03 16:39 . 2014-05-10 18:34 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-03 16:39 . 2014-05-03 16:39 -------- d-----w- c:\programdata\Malwarebytes 2014-05-03 16:33 . 2014-05-03 16:33 -------- d-----w- c:\program files (x86)\CrystalDiskInfo 2014-05-03 13:47 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll 2014-05-03 13:47 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-03 13:47 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-05-03 13:00 . 2014-05-03 13:00 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS 2014-05-03 11:37 . 2014-05-03 11:37 25640 ----a-w- c:\windows\etdrv.sys 2014-05-03 11:31 . 2014-05-04 16:56 30528 ----a-w- c:\windows\GVTDrv64.sys 2014-05-03 11:31 . 2014-05-04 16:55 25640 ----a-w- c:\windows\gdrv.sys 2014-05-03 11:27 . 2014-05-03 11:27 -------- d-sh--w- c:\users\User\AppData\Local\EmieUserList 2014-05-03 11:27 . 2014-05-03 11:27 -------- d-sh--w- c:\users\User\AppData\Local\EmieSiteList 2014-05-03 11:26 . 2014-05-03 11:26 -------- d-----w- c:\program files (x86)\GIGABYTE 2014-05-03 11:26 . 2014-05-03 11:26 -------- d-----w- c:\program files (x86)\AMD 2014-05-03 11:26 . 2014-05-03 11:26 -------- d-----w- c:\users\User\AppData\Roaming\AdobeUM 2014-05-03 11:04 . 2014-05-03 11:04 -------- d-----w- c:\program files\CPUID 2014-05-03 10:55 . 2014-05-03 14:36 -------- d-----w- c:\program files (x86)\SpeedFan 2014-04-20 12:54 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-18 13:01 . 2014-04-18 13:01 237336 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-28 20:02 . 2013-02-25 19:32 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-28 20:02 . 2011-06-09 13:45 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-04-28 18:36 . 2012-11-08 15:43 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2014-04-09 10:18 . 2011-01-15 18:07 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-31 14:20 . 2014-03-31 14:20 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2014-03-31 14:06 . 2014-03-31 14:06 130840 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2014-03-27 20:14 . 2014-03-27 20:14 192792 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2014-03-27 20:14 . 2014-03-27 20:14 153368 ----a-w- c:\windows\system32\drivers\avgdiska.sys 2014-03-27 20:07 . 2014-03-27 20:07 236824 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2014-03-27 20:05 . 2014-03-27 20:05 324376 ----a-w- c:\windows\system32\drivers\avgloga.sys 2014-03-27 20:03 . 2014-03-27 20:03 32536 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2014-03-20 21:03 . 2014-03-20 21:03 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-03-20 21:03 . 2010-07-30 00:33 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-03-20 21:03 . 2014-03-20 21:03 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll 2014-03-20 21:03 . 2014-03-20 21:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll 2014-03-20 21:02 . 2014-03-20 21:02 31474976 ----a-w- c:\windows\system32\nvoglv64.dll 2014-03-20 21:02 . 2014-03-20 21:02 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2014-03-20 21:02 . 2014-03-20 21:02 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2014-03-20 21:02 . 2014-03-20 21:02 892704 ----a-w- c:\windows\system32\NvIFR64.dll 2014-03-20 21:02 . 2014-03-20 21:02 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll 2014-03-20 21:02 . 2014-03-20 21:02 877856 ----a-w- c:\windows\system32\NvFBC64.dll 2014-03-20 21:02 . 2014-03-20 21:02 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll 2014-03-20 21:02 . 2014-03-20 21:02 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll 2014-03-20 21:02 . 2014-03-20 21:02 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll 2014-03-20 21:02 . 2014-03-20 21:02 3143456 ----a-w- c:\windows\system32\nvcuvid.dll 2014-03-20 21:02 . 2014-03-20 21:02 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll 2014-03-20 21:02 . 2010-07-30 00:33 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-03-20 21:02 . 2014-03-20 21:02 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll 2014-03-20 21:02 . 2014-03-20 21:02 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2014-03-20 21:02 . 2014-03-20 21:02 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll 2014-03-20 21:02 . 2014-03-20 21:02 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2014-03-20 21:02 . 2014-03-20 21:02 11636176 ----a-w- c:\windows\system32\nvcuda.dll 2014-03-20 21:02 . 2014-03-20 21:02 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2014-03-20 21:02 . 2014-03-20 21:02 25255256 ----a-w- c:\windows\system32\nvcompiler.dll 2014-03-20 21:02 . 2010-07-30 00:33 3093280 ----a-w- c:\windows\system32\nvapi64.dll 2014-03-20 21:02 . 2014-03-20 21:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-03-04 13:06 . 2012-11-13 16:51 6714312 ----a-w- c:\windows\system32\nvcpl.dll 2014-03-04 13:06 . 2012-11-13 16:51 3497816 ----a-w- c:\windows\system32\nvsvc64.dll 2014-03-04 13:05 . 2012-11-13 16:51 922968 ----a-w- c:\windows\system32\nvvsvc.exe 2014-03-04 13:05 . 2012-11-13 16:51 64968 ----a-w- c:\windows\system32\nvshext.dll 2014-03-04 13:05 . 2012-11-13 16:51 2558808 ----a-w- c:\windows\system32\nvsvcr.dll 2014-03-04 13:05 . 2012-11-13 16:51 386336 ----a-w- c:\windows\system32\nvmctray.dll 2014-03-04 09:44 . 2014-04-09 08:47 362496 ----a-w- c:\windows\system32\wow64win.dll 2014-03-04 09:44 . 2014-04-09 08:47 243712 ----a-w- c:\windows\system32\wow64.dll 2014-03-04 09:44 . 2014-04-09 08:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2014-03-04 09:44 . 2014-04-09 08:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2014-03-04 09:44 . 2014-04-09 08:47 1163264 ----a-w- c:\windows\system32\kernel32.dll 2014-03-04 09:17 . 2014-04-09 08:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2014-03-04 09:17 . 2014-04-09 08:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-03-04 09:16 . 2014-04-09 08:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2014-03-04 09:16 . 2014-04-09 08:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2014-03-04 08:09 . 2014-04-09 08:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2014-03-04 08:09 . 2014-04-09 08:47 2048 ----a-w- c:\windows\SysWow64\user.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-06 5180432] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "iTunesHelper"="d:\gry\iTunes\iTunesHelper.exe" [2014-02-21 152392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 avgfws;Zapora AVG;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 WTService;WTService;c:\windows\System32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-01 18:11 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 20:02] . 2014-05-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000Core.job - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29 15:24] . 2014-05-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000UA.job - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29 15:24] . 2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 08:05] . 2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 08:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: ????3?? - c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Browsers Protector - c:\program files (x86)\Browsers Protector\uninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a, 36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03 "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60, bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8 "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0, 7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1 "{46897C77-E7A6-4C33-BFFB-E9C2E2718942}"=hex:51,66,7a,6c,4c,1d,38,12,19,7f,9a, 42,94,a9,5d,09,c0,ed,aa,82,e7,2f,cd,56 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0, 7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0}"=hex:51,66,7a,6c,4c,1d,38,12,8d,d0,63, b4,f2,b0,b7,02,f1,9c,da,94,eb,ed,97,a4 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}"=hex:51,66,7a,6c,4c,1d,38,12,a1,96,f9, b9,d4,be,8e,04,c2,2b,f3,4f,3c,fa,ad,2d "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:00,88,0f,8f,3c,26,cd,01 . [HKEY_USERS\S-1-5-21-3424204967-3351298522-564494906-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź] @="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-3424204967-3351298522-564494906-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc] @="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2014-05-11 22:24:51 ComboFix-quarantined-files.txt 2014-05-11 20:24 ComboFix2.txt 2014-05-10 18:10 ComboFix3.txt 2014-05-02 17:20 . Przed: 18 235 084 800 bajtów wolnych Po: 17 927 671 808 bajtów wolnych . - - End Of File - - A78CC8A9AF098A1CBCCB8DC0BA651CCD A36C5E4F47E84449FF07ED3517B43A31
- May 11, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

There weren't any errors. When it comes to FlashGet, I installed this program, but it was a long time ago, I don't know from where these entries came from. RKreport0_D_05112014_180108.txt
- May 11, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

It seems that it is clean. RKreport0_S_05102014_202319.txt mbam-log-2014-05-10 (19-11-21).xml SystemLook.txt
- May 10, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

ComboFix 14-05-10.01 - User 2014-05-10 19:58:30.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.4094.2407 [GMT 2:00] Uruchomiony z: c:\users\User\Desktop\ComboFix.exe AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\PFRO.log . . ((((((((((((((((((((((((( Pliki utworzone od 2014-04-10 do 2014-05-10 ))))))))))))))))))))))))))))))) . . 2014-05-10 18:07 . 2014-05-10 18:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-05-10 18:07 . 2014-05-10 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-09 14:54 . 2014-05-09 14:54 -------- d-----w- c:\program files (x86)\ESET 2014-05-09 14:45 . 2014-05-09 14:45 -------- d-----w- c:\windows\ERUNT 2014-05-09 14:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-05-08 17:17 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-05-08 17:17 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll 2014-05-07 18:12 . 2014-05-07 18:12 -------- d-----w- c:\users\User\AppData\Local\NVIDIA 2014-05-07 18:04 . 2014-05-07 18:04 -------- d-s---w- c:\windows\system32\CompatTel 2014-05-07 18:03 . 2014-05-07 18:03 -------- d-----w- c:\users\User\AppData\Local\CrashDumps 2014-05-07 16:19 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-05-07 16:19 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2014-05-07 16:19 . 2014-05-07 16:19 -------- d-----w- c:\users\UpdatusUser.User-Komputer 2014-05-07 16:19 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll 2014-05-07 16:19 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll 2014-05-07 16:19 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll 2014-05-07 16:19 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll 2014-05-07 16:18 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-05-07 16:02 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-05-07 16:02 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-05-07 16:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2014-05-07 16:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-05-07 15:55 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll 2014-05-07 15:55 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-05-04 19:38 . 2014-05-08 20:35 -------- d-----w- C:\FRST 2014-05-04 17:28 . 2014-05-04 17:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-05-04 17:28 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-04 17:28 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-04 17:28 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-04 17:25 . 2014-05-04 17:25 -------- d-----w- c:\program files (x86)\VS Revo Group 2014-05-03 16:39 . 2014-05-10 17:11 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-03 16:39 . 2014-05-03 16:39 -------- d-----w- c:\programdata\Malwarebytes 2014-05-03 16:33 . 2014-05-03 16:33 -------- d-----w- c:\program files (x86)\CrystalDiskInfo 2014-05-03 13:47 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll 2014-05-03 13:47 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-03 13:47 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-05-03 13:00 . 2014-05-03 13:00 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS 2014-05-03 11:37 . 2014-05-03 11:37 25640 ----a-w- c:\windows\etdrv.sys 2014-05-03 11:31 . 2014-05-04 16:56 30528 ----a-w- c:\windows\GVTDrv64.sys 2014-05-03 11:31 . 2014-05-04 16:55 25640 ----a-w- c:\windows\gdrv.sys 2014-05-03 11:27 . 2014-05-03 11:27 -------- d-sh--w- c:\users\User\AppData\Local\EmieUserList 2014-05-03 11:27 . 2014-05-03 11:27 -------- d-sh--w- c:\users\User\AppData\Local\EmieSiteList 2014-05-03 11:26 . 2014-05-03 11:26 -------- d-----w- c:\program files (x86)\GIGABYTE 2014-05-03 11:26 . 2014-05-03 11:26 -------- d-----w- c:\program files (x86)\AMD 2014-05-03 11:26 . 2014-05-03 11:26 -------- d-----w- c:\users\User\AppData\Roaming\AdobeUM 2014-05-03 11:04 . 2014-05-03 11:04 -------- d-----w- c:\program files\CPUID 2014-05-03 10:55 . 2014-05-03 14:36 -------- d-----w- c:\program files (x86)\SpeedFan 2014-04-20 12:54 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-18 13:01 . 2014-04-18 13:01 237336 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-28 20:02 . 2013-02-25 19:32 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-28 20:02 . 2011-06-09 13:45 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-04-28 18:36 . 2012-11-08 15:43 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2014-04-09 10:18 . 2011-01-15 18:07 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-31 14:20 . 2014-03-31 14:20 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2014-03-31 14:06 . 2014-03-31 14:06 130840 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2014-03-27 20:14 . 2014-03-27 20:14 192792 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2014-03-27 20:14 . 2014-03-27 20:14 153368 ----a-w- c:\windows\system32\drivers\avgdiska.sys 2014-03-27 20:07 . 2014-03-27 20:07 236824 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2014-03-27 20:05 . 2014-03-27 20:05 324376 ----a-w- c:\windows\system32\drivers\avgloga.sys 2014-03-27 20:03 . 2014-03-27 20:03 32536 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2014-03-20 21:03 . 2014-03-20 21:03 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-03-20 21:03 . 2010-07-30 00:33 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-03-20 21:03 . 2014-03-20 21:03 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll 2014-03-20 21:03 . 2014-03-20 21:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll 2014-03-20 21:02 . 2014-03-20 21:02 31474976 ----a-w- c:\windows\system32\nvoglv64.dll 2014-03-20 21:02 . 2014-03-20 21:02 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2014-03-20 21:02 . 2014-03-20 21:02 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2014-03-20 21:02 . 2014-03-20 21:02 892704 ----a-w- c:\windows\system32\NvIFR64.dll 2014-03-20 21:02 . 2014-03-20 21:02 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll 2014-03-20 21:02 . 2014-03-20 21:02 877856 ----a-w- c:\windows\system32\NvFBC64.dll 2014-03-20 21:02 . 2014-03-20 21:02 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll 2014-03-20 21:02 . 2014-03-20 21:02 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll 2014-03-20 21:02 . 2014-03-20 21:02 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll 2014-03-20 21:02 . 2014-03-20 21:02 3143456 ----a-w- c:\windows\system32\nvcuvid.dll 2014-03-20 21:02 . 2014-03-20 21:02 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll 2014-03-20 21:02 . 2010-07-30 00:33 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-03-20 21:02 . 2014-03-20 21:02 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll 2014-03-20 21:02 . 2014-03-20 21:02 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2014-03-20 21:02 . 2014-03-20 21:02 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll 2014-03-20 21:02 . 2014-03-20 21:02 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2014-03-20 21:02 . 2014-03-20 21:02 11636176 ----a-w- c:\windows\system32\nvcuda.dll 2014-03-20 21:02 . 2014-03-20 21:02 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2014-03-20 21:02 . 2014-03-20 21:02 25255256 ----a-w- c:\windows\system32\nvcompiler.dll 2014-03-20 21:02 . 2010-07-30 00:33 3093280 ----a-w- c:\windows\system32\nvapi64.dll 2014-03-20 21:02 . 2014-03-20 21:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-03-04 13:06 . 2012-11-13 16:51 6714312 ----a-w- c:\windows\system32\nvcpl.dll 2014-03-04 13:06 . 2012-11-13 16:51 3497816 ----a-w- c:\windows\system32\nvsvc64.dll 2014-03-04 13:05 . 2012-11-13 16:51 922968 ----a-w- c:\windows\system32\nvvsvc.exe 2014-03-04 13:05 . 2012-11-13 16:51 64968 ----a-w- c:\windows\system32\nvshext.dll 2014-03-04 13:05 . 2012-11-13 16:51 2558808 ----a-w- c:\windows\system32\nvsvcr.dll 2014-03-04 13:05 . 2012-11-13 16:51 386336 ----a-w- c:\windows\system32\nvmctray.dll 2014-03-04 09:44 . 2014-04-09 08:47 362496 ----a-w- c:\windows\system32\wow64win.dll 2014-03-04 09:44 . 2014-04-09 08:47 243712 ----a-w- c:\windows\system32\wow64.dll 2014-03-04 09:44 . 2014-04-09 08:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2014-03-04 09:44 . 2014-04-09 08:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2014-03-04 09:44 . 2014-04-09 08:47 1163264 ----a-w- c:\windows\system32\kernel32.dll 2014-03-04 09:17 . 2014-04-09 08:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2014-03-04 09:17 . 2014-04-09 08:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-03-04 09:16 . 2014-04-09 08:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2014-03-04 09:16 . 2014-04-09 08:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2014-03-04 08:09 . 2014-04-09 08:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2014-03-04 08:09 . 2014-04-09 08:47 2048 ----a-w- c:\windows\SysWow64\user.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-06 5180432] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "iTunesHelper"="d:\gry\iTunes\iTunesHelper.exe" [2014-02-21 152392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S2 avgfws;Zapora AVG;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 WTService;WTService;c:\windows\System32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-01 18:11 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 20:02] . 2014-05-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000Core.job - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29 15:24] . 2014-05-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000UA.job - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29 15:24] . 2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 08:05] . 2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 08:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1] @="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2] @="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3] @="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4] @="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" [HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}] 2013-01-17 14:43 2023936 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: ????3?? - c:\users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Browsers Protector - c:\program files (x86)\Browsers Protector\uninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a, 36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03 "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60, bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8 "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0, 7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1 "{46897C77-E7A6-4C33-BFFB-E9C2E2718942}"=hex:51,66,7a,6c,4c,1d,38,12,19,7f,9a, 42,94,a9,5d,09,c0,ed,aa,82,e7,2f,cd,56 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0, 7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0}"=hex:51,66,7a,6c,4c,1d,38,12,8d,d0,63, b4,f2,b0,b7,02,f1,9c,da,94,eb,ed,97,a4 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}"=hex:51,66,7a,6c,4c,1d,38,12,a1,96,f9, b9,d4,be,8e,04,c2,2b,f3,4f,3c,fa,ad,2d "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:00,88,0f,8f,3c,26,cd,01 . [HKEY_USERS\S-1-5-21-3424204967-3351298522-564494906-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź] @="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-3424204967-3351298522-564494906-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc] @="c:\\Users\\User\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2014-05-10 20:10:05 ComboFix-quarantined-files.txt 2014-05-10 18:10 ComboFix2.txt 2014-05-02 17:20 . Przed: 18 671 165 440 bajtów wolnych Po: 18 374 762 496 bajtów wolnych . - - End Of File - - 57B8C4C8FAB87377FFD1ABEC4A205A54 A36C5E4F47E84449FF07ED3517B43A31
- May 10, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

For the sake of accuracy to my last post I have included two logs from AdwCleaner. Log "AdwCleanerS1.txt" represents the logs of removal (usunięto). In this case, I'll skip the rescan this program, am I right?
- May 10, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

I didn't know that ComboFix can be so dangerous. I found the logs from it but unfortunately I don't have logs from RogueKiller. I did everything you asked, I attach the logs. I'm sorry that some of the data is in Polish, but when I downloaded the program there was no option to change the language, I hope you can handle it. ComboFix.txt ESETScan.txt Fixlog.txt JRT.txt AdwCleanerR1.txt AdwCleanerS1.txt
- May 9, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2014 02Ran by User at 2014-05-08 20:39:33Running from C:\Users\User\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)7-Zip 4.57 (HKLM-x32\...\7-Zip) (Version: - )ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)Akademia jazdy konnej (HKLM-x32\...\Akademia jazdy konnej_is1) (Version: - dtp)Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft)Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft)Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft)Aktualizacje NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version: - )Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)AVG 2012 (Version: 12.0.2193 - AVG Technologies) HiddenAVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)AVG 2014 (Version: 14.0.3931 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4577 - AVG Technologies) HiddenAVG Nation toolbar (HKLM-x32\...\AVG Nation toolbar) (Version: 18.1.0.443 - InfoSpace)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Browsers Protector (HKLM-x32\...\Browsers Protector) (Version: 1.0.0.0 - Publisher Name) <==== ATTENTIONClearSkinFX for Digital Cameras (HKLM-x32\...\ClearSkinFX for Digital Cameras_is1) (Version: - )CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )CrystalDiskInfo 6.1.12 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)CyberLink DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.3019 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDeluxe Ski Jump 4 (HKLM-x32\...\Deluxe Ski Jump 4_is1) (Version: 1.5.1 - Mediamond Tmi)Dzielenie i łączenie plików v1.2.2 (HKLM-x32\...\Dzielenie i łączenie plików_is1) (Version: - Michał Bąbik)Easy Tune 6 B10.0728.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)Easy Tune 6 B10.0728.1 (x32 Version: 1.00.0000 - GIGABYTE) HiddeneduROM Gra edukacyjna Język polski "Czytam i piszę" (HKLM-x32\...\{B1EB0284-674E-48BD-9EBF-14954C95668C}) (Version: 1.00.0000 - ydp)e-pity 2012 wersja 4.0 (HKLM-x32\...\{089EC62B-72C9-490C-94BD-BA6B833A0EB2}}_is1) (Version: 4.0 - e-file sp. z o.o.)Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )Epson Stylus SX210_SX410_TX210_TX410 Podręcznik (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Przewodnik użytkownika) (Version: - )EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)Football Manager 2014 wersja 14.1.4 (HKLM-x32\...\Football Manager 2014_is1) (Version: 14.1.4 - Sega)Football Superstars (HKLM-x32\...\Football Superstars_is1) (Version: - CyberSports Ltd)Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: - )Free Notes & Office Ink (HKLM-x32\...\{556F2137-B772-43BB-9A45-E0275234DD16}) (Version: - )Galeria fotografii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenGG (HKCU\...\GG) (Version: 11 - GG Network S.A.)GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddeniTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)K-Lite Codec Pack 6.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.9.0 - )MacroKey Manager (HKLM-x32\...\InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}) (Version: - )MacroKey Manager (Version: 1.00.0000 - Your Company Name) HiddenMakeUp Pilot Full 4.3.0 (HKLM-x32\...\MakeUp Pilot Full_is1) (Version: 4.3.0 - Two Pilots)Malwarebytes Anti-Malware wersja 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)MaturaRom - Chemia (HKLM-x32\...\{F14CB6B6-0B1A-4654-BFA8-CE784FABFFCC}) (Version: 1.10.0006 - YDP)Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (Polish) 2007 (x32 Version: 12.0.4518.1020 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)Minecraft Beta Cracked (HKLM-x32\...\Minecraft Beta Cracked) (Version: - )Minecraft1.6.2 (HKLM-x32\...\Minecraft1.6.2) (Version: - )Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenMozilla Firefox (3.6.17) (HKLM-x32\...\Mozilla Firefox (3.6.17)) (Version: 3.6.17 (pl) - Mozilla)Mój wymarzony chłopak (HKLM-x32\...\Mój wymarzony chłopak_is1) (Version: - dtp)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My Horse and Me 2 (HKLM-x32\...\My Horse and Me 2) (Version: 1.0 - Atari)Nero 7 Essentials (HKLM-x32\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1045}) (Version: 7.03.1303 - Nero AG)neroxml (x32 Version: 1.0.0 - Nero AG) HiddenNVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5919 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) HiddenNVIDIA Oprogramowanie systemu PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) HiddenNVIDIA Sterownik 3D Vision 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)NVIDIA Sterownik dźwięku HD 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)NVIDIA Sterownik graficzny 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)NVIDIA Sterownik kontrolera 3D Vision 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) HiddenObsługa programów Apple (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Odinstaluj Igrzyska Sportowe 2004 (HKLM-x32\...\Igrzyska Sportowe 2004) (Version: - )oggcodecs 0.71.0946 (HKLM-x32\...\oggcodecs) (Version: 0.71.0946 - illiminable)OpenAL (HKLM-x32\...\OpenAL) (Version: - )Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)Panel sterowania NVIDIA 335.23 (Version: 335.23 - NVIDIA Corporation) HiddenPAP project files (HKLM-x32\...\PAP project files_is1) (Version: - )PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )Pcsx2 0.9.6 (HKLM-x32\...\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}) (Version: 1.0.0 - Pcsx2 Team)Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenPhotoScape (HKLM-x32\...\PhotoScape) (Version: - )Pivot Stickfigure Animator (HKLM-x32\...\{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}) (Version: 2.2.5 - Peter Bone)Pizza Dude (HKLM-x32\...\{33485F72-0CFC-4D46-8625-357A89059B27}_is1) (Version: - )Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)Podstawowe programy Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenPower Presenter RE (HKLM-x32\...\{6AF6BFD2-D368-4F81-9B82-D3B1414351C8}) (Version: - )Pro Beach Soccer (x32 Version: 1.00.0000 - Wanadoo Editions\Pam Developement) HiddenProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)PS TO PC CONVERTER (HKLM-x32\...\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}) (Version: 2007.01.01 - )PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)SAMSUNG Android USB Modem Software (HKLM\...\SAMSUNG Android USB Modem) (Version: V5.28.2.1 - )Santa Claus in Trouble (HKLM-x32\...\Santa Claus in Trouble) (Version: - )Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version: - ) <==== ATTENTIONSearchNewTab (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 1.2.0.1288 - SearchNewTab) <==== ATTENTIONSetup - FIFA 14 Ultimate Edition ... (HKLM-x32\...\Setup - FIFA 14 Ultimate Edition ...) (Version: ... - Electronic Arts)Shockwave (HKLM-x32\...\Shockwave) (Version: - )Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTeamExtreme Minecraft Installer 1.3.2 (HKLM-x32\...\TeamExtreme Minecraft Installer 1.3.2) (Version: - )TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)Total War: ROME II Caesar in Gaul (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{840D15BD-72E8-4710-ABDD-8E883B88BD5D}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)USB Force Wheel (HKLM-x32\...\{D5778AE9-6376-4CE6-AD4A-8712F4EC3302}) (Version: 2002.10.8 - )USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )Virtua Tennis 4™ (HKLM-x32\...\GFWL_{53450FA2-E900-456E-9715-501000008200}) (Version: 1.0.0000.130 - SEGA)Virtua Tennis 4™ (x32 Version: 1.0.0000.130 - SEGA) HiddenVisual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Web Light (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{25a98636}) (Version: - 24soft) <==== ATTENTIONWinamp (HKLM-x32\...\Winamp) (Version: 5.571 - Nullsoft, Inc)Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Worms Armageddon (HKLM-x32\...\Worms Armageddon) (Version: - )Załoga G (HKLM-x32\...\{DE5ECBF6-8A4A-4855-98D0-D6576145EBFF}) (Version: 1.00.0000 - Disney Interactive Studios)Zgrywus - Nie ma zmiłuj (HKLM-x32\...\ZgrywusNMZ_is1) (Version: - ) ==================== Restore Points ========================= 07-05-2014 16:13:01 Windows Update08-05-2014 17:44:31 Removed WSC Real 09. ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-05-02 19:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {17342202-47F7-4CD4-BD8E-96179729BEA6} - System32\Tasks\RunAsStdUser Task => C:\Users\User\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe <==== ATTENTIONTask: {1BCE489E-A259-42AA-ABDB-D5E66B332D0E} - System32\Tasks\{24E22920-8999-4145-9FDB-AAE83096A9F2} => C:\Program Files (x86)\Deluxe Ski Jump 3\DSJ3.exeTask: {27F6C6B5-84FA-45BE-9641-439F3056E439} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000Core => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29] (Facebook Inc.)Task: {2CC76933-F5AE-4187-A5D0-07BD91A740E5} - System32\Tasks\e-pity2012_styczen => C:\Program Files (x86)\e-file\e-pity2012\signxml.exe [2013-03-10] (e-file sp. z o.o.)Task: {63501B16-2BE7-41AA-B707-BE09879501FF} - System32\Tasks\e-pity2012_kwiecien => C:\Program Files (x86)\e-file\e-pity2012\signxml.exe [2013-03-10] (e-file sp. z o.o.)Task: {84F4C200-4740-4551-BE14-EEE57D18EFDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17] (Google Inc.)Task: {961723AE-C36B-4663-B20A-A3E93637B302} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000UA => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29] (Facebook Inc.)Task: {A1E4AF80-3F3C-4365-AEDB-742A39B2C115} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)Task: {A2504D6B-4FE3-44FC-A148-182A42E334F2} - System32\Tasks\Origin => C:\Users\User\AppData\Roaming\Origin\update.vbe [2013-11-12] () <==== ATTENTIONTask: {AFBA6013-9D2F-4BE2-BB17-6B43B80EEB6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exeTask: {B1CB0889-B0FB-4A41-9C86-00E1C53F17DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17] (Google Inc.)Task: {F864F123-EC7F-4F4D-B478-11F9980C742F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3424204967-3351298522-564494906-1000Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-13 18:51 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-10-05 19:22 - 2014-04-28 20:35 - 02556744 _____ () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe2011-01-24 16:22 - 2013-04-01 20:57 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2011-01-24 16:23 - 2013-07-03 22:41 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe2014-04-28 20:36 - 2014-04-28 20:35 - 00158536 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe2009-08-06 10:34 - 2009-08-06 10:34 - 00662248 _____ () C:\Windows\System32\atwtusb.exe2009-08-06 10:34 - 2009-08-06 10:34 - 00662248 _____ () C:\Windows\system32\atwtusb.exe2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-04-28 20:36 - 2014-04-28 20:35 - 00518472 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:376F0B4F ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: MacroKeyManager => WTMKM.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/07/2014 08:03:55 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Nazwa aplikacji powodującej błąd: nvcplui.exe, wersja: 7.6.740.0, sygnatura czasowa: 0x5315cbb9Nazwa modułu powodującego błąd: NVCPL.DLL, wersja: 8.17.13.3523, sygnatura czasowa: 0x5315beb9Kod wyjątku: 0xc0000005Przesunięcie błędu: 0x0000000000384cf0Identyfikator procesu powodującego błąd: 0x1570Godzina uruchomienia aplikacji powodującej błąd: 0xnvcplui.exe0Ścieżka aplikacji powodującej błąd: nvcplui.exe1Ścieżka modułu powodującego błąd: nvcplui.exe2Identyfikator raportu: nvcplui.exe3 Error: (05/03/2014 08:28:45 PM) (Source: Application Hang) (User: ) (EventID: 1002)Description: Program mbam.exe w wersji 1.0.0.500 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 96c Godzina rozpoczęcia: 01cf66fb9b86e842 Godzina zakończenia: 6 Ścieżka aplikacji: D:\Gry\Malwarebytes Anti-Malware\mbam.exe Identyfikator raportu: c13b3ee7-d2f0-11e3-b66d-1c6f655c03b5 Error: (05/03/2014 08:14:11 PM) (Source: Application Hang) (User: ) (EventID: 1002)Description: Program mbam.exe w wersji 1.0.0.500 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: b2c Godzina rozpoczęcia: 01cf66f928a0f8e7 Godzina zakończenia: 34 Ścieżka aplikacji: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Identyfikator raportu: b79780d1-d2ee-11e3-b66d-1c6f655c03b5 Error: (05/03/2014 07:54:12 PM) (Source: Application Hang) (User: ) (EventID: 1002)Description: Program mbam.exe w wersji 1.0.0.500 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 1178 Godzina rozpoczęcia: 01cf66f7624f175f Godzina zakończenia: 5 Ścieżka aplikacji: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Identyfikator raportu: ebc283df-d2eb-11e3-99ad-1c6f655c03b5 Error: (05/03/2014 07:18:21 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Nazwa aplikacji powodującej błąd: mbam.exe, wersja: 1.0.0.500, sygnatura czasowa: 0x533d8de2Nazwa modułu powodującego błąd: MSVCR100.dll, wersja: 10.0.40219.325, sygnatura czasowa: 0x4df2be1eKod wyjątku: 0x40000015Przesunięcie błędu: 0x0008d6fdIdentyfikator procesu powodującego błąd: 0x1368Godzina uruchomienia aplikacji powodującej błąd: 0xmbam.exe0Ścieżka aplikacji powodującej błąd: mbam.exe1Ścieżka modułu powodującego błąd: mbam.exe2Identyfikator raportu: mbam.exe3 Error: (05/03/2014 07:01:29 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Nazwa aplikacji powodującej błąd: mbam.exe, wersja: 1.0.0.500, sygnatura czasowa: 0x533d8de2Nazwa modułu powodującego błąd: MSVCR100.dll, wersja: 10.0.40219.325, sygnatura czasowa: 0x4df2be1eKod wyjątku: 0x40000015Przesunięcie błędu: 0x0008d6fdIdentyfikator procesu powodującego błąd: 0x1600Godzina uruchomienia aplikacji powodującej błąd: 0xmbam.exe0Ścieżka aplikacji powodującej błąd: mbam.exe1Ścieżka modułu powodującego błąd: mbam.exe2Identyfikator raportu: mbam.exe3 Error: (04/05/2014 06:55:22 PM) (Source: SideBySide) (User: ) (EventID: 35)Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"1". Błąd w pliku manifestu lub w pliku zasad "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"2" w wierszu Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"3.Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.Odwołanie to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148".Definicja to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1".Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (03/26/2014 10:39:41 PM) (Source: SideBySide) (User: ) (EventID: 35)Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"1". Błąd w pliku manifestu lub w pliku zasad "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"2" w wierszu Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"3.Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.Odwołanie to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148".Definicja to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1".Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (03/26/2014 08:19:29 PM) (Source: SideBySide) (User: ) (EventID: 35)Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"1". Błąd w pliku manifestu lub w pliku zasad "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"2" w wierszu Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"3.Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.Odwołanie to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148".Definicja to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1".Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (03/25/2014 10:18:24 PM) (Source: SideBySide) (User: ) (EventID: 35)Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"1". Błąd w pliku manifestu lub w pliku zasad "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"2" w wierszu Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"3.Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.Odwołanie to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148".Definicja to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1".Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. System errors:=============Error: (05/08/2014 08:37:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: acedrv07 Error: (05/08/2014 08:36:44 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)Description: Nie można uruchomić usługi vToolbarUpdater15.5.0 z powodu następującego błędu: %%2 Error: (05/08/2014 08:06:35 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: acedrv07 Error: (05/08/2014 08:06:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)Description: Nie można uruchomić usługi vToolbarUpdater15.5.0 z powodu następującego błędu: %%2 Error: (05/08/2014 07:08:35 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: acedrv07 Error: (05/08/2014 07:07:59 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)Description: Nie można uruchomić usługi vToolbarUpdater15.5.0 z powodu następującego błędu: %%2 Error: (05/08/2014 10:08:30 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: acedrv07 Error: (05/08/2014 10:07:50 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)Description: Nie można uruchomić usługi vToolbarUpdater15.5.0 z powodu następującego błędu: %%2 Error: (05/07/2014 08:09:22 PM) (Source: DCOM) (User: ) (EventID: 10010)Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (05/07/2014 08:06:59 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: acedrv07 Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2014-05-08 20:35:34.818 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-08 20:35:34.600 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-08 20:05:21.300 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-08 20:05:21.066 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-08 19:07:25.106 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-08 19:07:24.872 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-08 10:07:10.419 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-08 10:07:10.185 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-07 20:05:59.294 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-07 20:05:59.060 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 36%Total physical RAM: 4093.55 MBAvailable physical RAM: 2596.52 MBTotal Pagefile: 8185.29 MBAvailable Pagefile: 6665.54 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100.1 GB) (Free:26.33 GB) NTFSDrive d: () (Fixed) (Total:365.56 GB) (Free:178.04 GB) NTFSDrive j: (WSC2009_REAL) (CDROM) (Total:3.17 GB) (Free:0 GB) CDFSDrive k: (ihfhc14) (CDROM) (Total:1.16 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DB4DDB4D)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- May 8, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2014 02 Ran by User (administrator) on USER-KOMPUTER on 08-05-2014 20:38:48 Running from C:\Users\User\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Microsoft Corporation) C:\Windows\System32\schtasks.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) D:\Gry\iTunes\iTunesHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Windows\System32\atwtusb.exe () C:\Windows\System32\atwtusb.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2556744 2014-04-28] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => D:\Gry\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKU\S-1-5-21-3424204967-3351298522-564494906-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKU\S-1-5-21-3424204967-3351298522-564494906-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchisfun.info/?l=1&q={searchTerms}&pid=233&r=2013/10/01&hid=14175640421394237113&lg=EN&cc=PL&unqvl=33 SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=b8a1a40f-39fc-11e1-a39f-1c6f655c03b5&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=b8a1a40f-39fc-11e1-a39f-1c6f655c03b5&q={searchTerms} SearchScopes: HKCU - {2C952BC7-7141-4287-A459-DB33168EA274} URL = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=c50394f147414773a73a5b86bb5f8172 SearchScopes: HKCU - {BC379085-F906-4D4F-BE05-1D1E8B40A3B0} URL = http://startsear.ch/?aff=2&src=sp&cf=b8a1a40f-39fc-11e1-a39f-1c6f655c03b5&q={searchTerms} BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default FF DefaultSearchEngine: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch"); FF SelectedSearchEngine: WebSearch FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Gry\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\Extensions\rotateimage@minisystems.de [2014-03-07] FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\Extensions\staged [2011-11-10] FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{a653d99c-4ec1-58a8-4969-8ab9269bb31d} [2012-09-07] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-01-17] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-18] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-02] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011-05-14] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-15] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-07-03] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-24] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ FF HKLM-x32\...\Firefox\Extensions: [07_tr@eeyftreoa.edu] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14] FF HKLM-x32\...\Firefox\Extensions: [uioi.yb@qpo-wbk.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14] FF HKLM-x32\...\Firefox\Extensions: [yuoy.bpne@fovpaa.edu] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14] FF HKCU\...\Firefox\Extensions: [07_tr@eeyftreoa.edu] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14] FF HKCU\...\Firefox\Extensions: [uioi.yb@qpo-wbk.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14] FF HKCU\...\Firefox\Extensions: [yuoy.bpne@fovpaa.edu] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14] Chrome: ======= CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02] CHR Extension: (Dysk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02] CHR Extension: (Szukaj w Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02] CHR Extension: (AAlleSSaver) - C:\ProgramData\dhpgpcfienlaeaifadehfplkehmffnmk [2014-01-02] CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\User\AppData\Local\Temp\crx4211.tmp [2014-01-02] CHR HKLM-x32\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files (x86)\StartSearch plugin\startsplg.crx [2014-01-02] CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Nation toolbar\ChromeExt\18.1.0.443\avg.crx [2014-04-28] ==================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-04-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2013-07-03] () R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1793536 2014-04-28] (AVG Secure Search) R2 WTService; C:\Windows\System32\atwtusb.exe [662248 2009-08-06] () S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2011-01-23] () R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-05-04] () R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-13] () R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7808 2009-04-16] (Windows ® Codename Longhorn DDK provider) U3 a40t1abl; C:\Windows\System32\Drivers\a40t1abl.sys [0 ] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-08 20:38 - 2014-05-08 20:39 - 00019314 _____ () C:\Users\User\Desktop\FRST.txt 2014-05-08 20:38 - 2014-05-08 20:38 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion 2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA 2014-05-07 20:04 - 2014-05-07 20:04 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-07 20:03 - 2014-05-07 20:03 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2014-05-07 18:21 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-05-07 18:21 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-05-07 18:21 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-05-07 18:21 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-05-07 18:21 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-05-07 18:21 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-05-07 18:21 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-05-07 18:21 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-05-07 18:21 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-05-07 18:21 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-05-07 18:21 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-05-07 18:21 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-05-07 18:21 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-05-07 18:21 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-05-07 18:21 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-05-07 18:21 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-05-07 18:21 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-05-07 18:21 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-05-07 18:19 - 2014-05-07 18:19 - 00000020 ___SH () C:\Users\UpdatusUser.User-Komputer\ntuser.ini 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Ustawienia lokalne 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Szablony 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Moje dokumenty 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Menu Start 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Documents\Moje wideo 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Documents\Moje obrazy 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Documents\Moja muzyka 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Dane aplikacji 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\AppData\Local\Historia 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\AppData\Local\Dane aplikacji 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 ____D () C:\Users\UpdatusUser.User-Komputer 2014-05-07 18:19 - 2013-01-31 09:56 - 00000000 ____D () C:\Users\UpdatusUser.User-Komputer\AppData\Roaming\TuneUp Software 2014-05-07 18:19 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-05-07 18:19 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-05-07 18:19 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-05-07 18:19 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2014-05-07 18:19 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2014-05-07 18:19 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-05-07 18:19 - 2011-05-14 12:56 - 00000000 ____D () C:\Users\UpdatusUser.User-Komputer\AppData\Local\Microsoft Help 2014-05-07 18:19 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\UpdatusUser.User-Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-05-07 18:19 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\UpdatusUser.User-Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-05-07 18:18 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-05-07 18:02 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-05-07 18:02 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-05-07 18:02 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-05-07 18:02 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-05-07 17:55 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-07 17:55 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-04 21:38 - 2014-05-08 20:38 - 00000000 ____D () C:\FRST 2014-05-04 21:35 - 2014-05-08 20:38 - 02063872 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-05-04 21:22 - 2014-05-04 21:23 - 04527616 _____ () C:\Users\User\Desktop\RogueKillerX64.exe 2014-05-04 19:28 - 2014-05-04 19:28 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-04 19:28 - 2014-05-04 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-04 19:28 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-04 19:28 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-04 19:28 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-04 19:26 - 2014-05-04 19:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-04 19:25 - 2014-05-04 19:25 - 00001264 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk 2014-05-04 19:25 - 2014-05-04 19:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-03 18:39 - 2014-05-08 20:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-03 18:39 - 2014-05-03 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-03 18:36 - 2014-05-03 18:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-03 18:33 - 2014-05-03 18:33 - 00001186 _____ () C:\Users\User\Desktop\CrystalDiskInfo.lnk 2014-05-03 18:33 - 2014-05-03 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2014-05-03 18:33 - 2014-05-03 18:33 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2014-05-03 15:47 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-03 15:47 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-03 15:47 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-03 15:47 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-03 15:04 - 2014-05-03 15:04 - 00005986 _____ () C:\Users\User\Downloads\LG_E1940_Driver.zip 2014-05-03 15:00 - 2014-05-03 15:00 - 00041472 _____ () C:\Users\User\Downloads\launcher64.dll 2014-05-03 15:00 - 2014-05-03 15:00 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 2014-05-03 15:00 - 2014-05-03 15:00 - 00000000 ____D () C:\Users\User\AppData\Local\eSupport.com 2014-05-03 13:37 - 2014-05-03 13:37 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys 2014-05-03 13:31 - 2014-05-04 18:56 - 00030528 _____ () C:\Windows\GVTDrv64.sys 2014-05-03 13:31 - 2014-05-04 18:55 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-05-03 13:27 - 2014-05-03 13:27 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList 2014-05-03 13:27 - 2014-05-03 13:27 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList 2014-05-03 13:26 - 2014-05-03 13:26 - 00002012 _____ () C:\Users\Public\Desktop\ET6.lnk 2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\AdobeUM 2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE 2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE 2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-05-03 13:25 - 2014-05-03 13:25 - 00000000 ____D () C:\Users\User\Documents\My eBooks 2014-05-03 13:04 - 2014-05-05 19:50 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\Program Files\CPUID 2014-05-03 12:55 - 2014-05-03 16:36 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-05-03 12:55 - 2014-05-03 12:55 - 00001007 _____ () C:\Users\User\Desktop\SpeedFan.lnk 2014-05-03 12:55 - 2014-05-03 12:55 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo 2014-05-03 12:55 - 2014-05-03 12:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-05-03 12:55 - 2014-05-03 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-05-03 12:54 - 2014-05-03 12:54 - 00007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2014-05-02 19:20 - 2014-05-02 19:20 - 00037004 _____ () C:\ComboFix.txt 2014-05-02 18:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-02 18:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-02 18:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-02 18:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-02 18:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-02 18:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-02 18:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-02 18:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-02 18:55 - 2014-05-02 19:20 - 00000000 ____D () C:\Qoobox 2014-05-02 18:54 - 2014-05-02 19:19 - 00000000 ____D () C:\Windows\erdnt 2014-05-02 18:53 - 2014-05-02 18:54 - 05197895 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe 2014-04-28 20:36 - 2014-04-28 20:36 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-04-26 17:28 - 2014-04-26 17:28 - 00000661 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-04-26 14:03 - 2014-04-26 14:05 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User\Desktop\TeamSpeak3-Client-win64-3.0.14.exe 2014-04-22 20:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-22 20:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-22 20:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-22 20:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-22 20:23 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-22 20:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-22 20:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-22 20:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-22 20:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-22 20:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-22 20:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-22 20:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-22 20:23 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-22 20:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-22 20:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-22 20:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-22 20:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-22 20:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-22 20:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-22 20:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-22 20:23 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-22 20:23 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-22 20:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-22 20:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-22 20:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-22 20:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-22 20:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-22 20:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-22 20:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-22 20:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-22 20:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-22 20:23 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-22 20:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-22 20:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-22 20:23 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-22 20:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-22 20:23 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-22 20:23 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-22 20:23 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-22 20:23 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-22 20:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-22 20:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-22 20:23 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-22 20:23 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-20 14:54 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-20 14:54 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-20 14:54 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-20 14:54 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-20 14:53 - 2014-04-20 14:54 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-19 22:50 - 2014-04-26 16:59 - 00000000 ____D () C:\Users\User\Desktop\Originals 2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-04-12 21:12 - 2014-04-12 21:12 - 00003967 _____ () C:\Users\User\AppData\Local\recently-used.xbel 2014-04-12 20:27 - 2014-04-12 20:27 - 00000000 _____ () C:\Users\User\Sti_Trace.log 2014-04-12 19:35 - 2014-04-26 16:52 - 00011264 ____H () C:\Users\User\Desktop\photothumb.db 2014-04-11 21:34 - 2014-04-11 21:34 - 00003204 _____ () C:\Windows\System32\Tasks\{6610E49B-475D-46BE-A729-64DD8A4D9338} 2014-04-09 23:00 - 2014-04-09 23:01 - 00000000 ____D () C:\Users\User\Desktop\pendrive 2014-04-09 10:47 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 10:47 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 10:47 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 10:47 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 10:47 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 10:47 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 10:47 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 10:47 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 10:47 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 10:47 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 10:47 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 10:47 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 10:47 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 10:47 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 10:47 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 10:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 10:47 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2014-05-08 20:39 - 2014-05-08 20:38 - 00019314 _____ () C:\Users\User\Desktop\FRST.txt 2014-05-08 20:38 - 2014-05-08 20:38 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion 2014-05-08 20:38 - 2014-05-04 21:38 - 00000000 ____D () C:\FRST 2014-05-08 20:38 - 2014-05-04 21:35 - 02063872 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-05-08 20:38 - 2012-11-10 22:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2014-05-08 20:36 - 2011-04-17 10:05 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-08 20:36 - 2011-01-12 18:31 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-08 20:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-08 20:36 - 2009-07-14 06:51 - 00184199 _____ () C:\Windows\setupact.log 2014-05-08 20:36 - 2009-07-14 04:34 - 00000858 _____ () C:\Windows\win.ini 2014-05-08 20:35 - 2011-01-12 18:33 - 00272670 _____ () C:\Windows\PFRO.log 2014-05-08 20:34 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance 2014-05-08 20:33 - 2011-01-12 18:18 - 01343637 _____ () C:\Windows\WindowsUpdate.log 2014-05-08 20:29 - 2013-04-29 17:24 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000UA.job 2014-05-08 20:13 - 2009-07-14 06:45 - 00010416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-08 20:13 - 2009-07-14 06:45 - 00010416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-08 20:11 - 2011-04-17 10:05 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-08 20:09 - 2014-05-03 18:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-08 20:03 - 2013-06-17 18:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\GG 2014-05-08 20:01 - 2013-02-25 21:32 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-08 19:49 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-08 19:44 - 2011-01-12 18:35 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-08 19:26 - 2009-07-14 19:55 - 00753542 _____ () C:\Windows\system32\perfh015.dat 2014-05-08 19:26 - 2009-07-14 19:55 - 00162928 _____ () C:\Windows\system32\perfc015.dat 2014-05-08 19:26 - 2009-07-14 07:13 - 01708566 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\Users\User\AppData\Local\NVIDIA 2014-05-07 20:12 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-05-07 20:04 - 2014-05-07 20:04 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-07 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-07 20:03 - 2014-05-07 20:03 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2014-05-07 18:19 - 2014-05-07 18:19 - 00000020 ___SH () C:\Users\UpdatusUser.User-Komputer\ntuser.ini 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Ustawienia lokalne 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Szablony 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Moje dokumenty 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Menu Start 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Documents\Moje wideo 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Documents\Moje obrazy 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Documents\Moja muzyka 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\Dane aplikacji 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\AppData\Local\Historia 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 _SHDL () C:\Users\UpdatusUser.User-Komputer\AppData\Local\Dane aplikacji 2014-05-07 18:19 - 2014-05-07 18:19 - 00000000 ____D () C:\Users\UpdatusUser.User-Komputer 2014-05-07 18:19 - 2011-01-12 18:31 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-07 18:19 - 2011-01-12 18:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-07 18:18 - 2011-01-12 18:31 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-05-05 23:39 - 2013-10-05 19:22 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Nation toolbar 2014-05-05 19:50 - 2014-05-03 13:04 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2014-05-05 19:36 - 2014-03-08 16:40 - 00000000 ____D () C:\Windows\pl 2014-05-04 22:37 - 2012-10-31 21:54 - 00000000 ____D () C:\Program Files (x86)\v9Soft 2014-05-04 21:41 - 2011-10-16 18:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent 2014-05-04 21:23 - 2014-05-04 21:22 - 04527616 _____ () C:\Users\User\Desktop\RogueKillerX64.exe 2014-05-04 19:50 - 2013-10-12 23:06 - 00000000 ____D () C:\ProgramData\Doownload keuepeRu 2014-05-04 19:28 - 2014-05-04 19:28 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-04 19:28 - 2014-05-04 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-04 19:28 - 2014-05-04 19:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-05-04 19:25 - 2014-05-04 19:25 - 00001264 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk 2014-05-04 19:25 - 2014-05-04 19:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-04 18:56 - 2014-05-03 13:31 - 00030528 _____ () C:\Windows\GVTDrv64.sys 2014-05-04 18:55 - 2014-05-03 13:31 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-05-03 18:39 - 2014-05-03 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-03 18:38 - 2014-05-03 18:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-03 18:33 - 2014-05-03 18:33 - 00001186 _____ () C:\Users\User\Desktop\CrystalDiskInfo.lnk 2014-05-03 18:33 - 2014-05-03 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2014-05-03 18:33 - 2014-05-03 18:33 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2014-05-03 17:29 - 2013-04-29 17:24 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000Core.job 2014-05-03 16:36 - 2014-05-03 12:55 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-05-03 15:04 - 2014-05-03 15:04 - 00005986 _____ () C:\Users\User\Downloads\LG_E1940_Driver.zip 2014-05-03 15:00 - 2014-05-03 15:00 - 00041472 _____ () C:\Users\User\Downloads\launcher64.dll 2014-05-03 15:00 - 2014-05-03 15:00 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 2014-05-03 15:00 - 2014-05-03 15:00 - 00000000 ____D () C:\Users\User\AppData\Local\eSupport.com 2014-05-03 13:37 - 2014-05-03 13:37 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys 2014-05-03 13:27 - 2014-05-03 13:27 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList 2014-05-03 13:27 - 2014-05-03 13:27 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList 2014-05-03 13:26 - 2014-05-03 13:26 - 00002012 _____ () C:\Users\Public\Desktop\ET6.lnk 2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\AdobeUM 2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE 2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE 2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-05-03 13:26 - 2011-01-12 18:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-03 13:25 - 2014-05-03 13:25 - 00000000 ____D () C:\Users\User\Documents\My eBooks 2014-05-03 13:23 - 2011-01-12 18:26 - 00000010 _____ () C:\Windows\GSetup.ini 2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\Program Files\CPUID 2014-05-03 12:55 - 2014-05-03 12:55 - 00001007 _____ () C:\Users\User\Desktop\SpeedFan.lnk 2014-05-03 12:55 - 2014-05-03 12:55 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo 2014-05-03 12:55 - 2014-05-03 12:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-05-03 12:55 - 2014-05-03 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-05-03 12:54 - 2014-05-03 12:54 - 00007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2014-05-02 22:37 - 2013-11-11 22:23 - 00000000 ____D () C:\Users\User\Documents\FIFA 14 2014-05-02 19:24 - 2013-06-17 18:38 - 00000000 ____D () C:\Users\User\AppData\Local\GG 2014-05-02 19:20 - 2014-05-02 19:20 - 00037004 _____ () C:\ComboFix.txt 2014-05-02 19:20 - 2014-05-02 18:55 - 00000000 ____D () C:\Qoobox 2014-05-02 19:20 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-05-02 19:19 - 2014-05-02 18:54 - 00000000 ____D () C:\Windows\erdnt 2014-05-02 19:13 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-02 19:11 - 2009-07-14 04:34 - 85458944 _____ () C:\Windows\system32\config\software.bak 2014-05-02 19:11 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\system.bak 2014-05-02 19:11 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak 2014-05-02 19:11 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-05-02 19:11 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2014-05-02 18:54 - 2014-05-02 18:53 - 05197895 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe 2014-05-01 22:05 - 2013-08-28 22:44 - 00000000 _____ () C:\END 2014-05-01 20:30 - 2013-10-05 19:22 - 00000995 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-01 20:30 - 2013-05-15 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-01 20:13 - 2011-04-17 10:10 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-29 16:01 - 2014-05-03 15:47 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-03 15:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-03 15:47 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-03 15:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-28 22:02 - 2013-02-25 21:32 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-28 22:02 - 2013-02-25 21:32 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-28 22:02 - 2011-06-09 15:45 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-28 20:36 - 2014-04-28 20:36 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-04-28 20:36 - 2013-10-05 19:22 - 00000000 ____D () C:\Program Files (x86)\AVG Nation toolbar 2014-04-28 20:36 - 2012-11-08 17:43 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2014-04-27 20:52 - 2014-01-02 12:34 - 00000000 ____D () C:\ProgramData\ExsTraCoupon 2014-04-27 20:52 - 2014-01-02 12:34 - 00000000 ____D () C:\ProgramData\AAlleSSaver 2014-04-26 17:32 - 2011-04-03 18:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client 2014-04-26 17:28 - 2014-04-26 17:28 - 00000661 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-04-26 17:00 - 2014-04-07 19:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\PhotoScape 2014-04-26 16:59 - 2014-04-19 22:50 - 00000000 ____D () C:\Users\User\Desktop\Originals 2014-04-26 16:52 - 2014-04-12 19:35 - 00011264 ____H () C:\Users\User\Desktop\photothumb.db 2014-04-26 16:02 - 2013-12-06 18:49 - 00000000 ___RD () C:\Users\User\Desktop\Różne rzeczy 2014-04-26 14:05 - 2014-04-26 14:03 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User\Desktop\TeamSpeak3-Client-win64-3.0.14.exe 2014-04-26 12:53 - 2011-07-19 13:03 - 00000000 ___RD () C:\Users\User\Desktop\Moje Karaoke 2014-04-25 21:54 - 2011-10-31 11:29 - 00000000 ____D () C:\Users\User\Documents\neutron games 2014-04-22 19:20 - 2013-06-30 15:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity 2014-04-20 14:54 - 2014-04-20 14:53 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-20 14:54 - 2013-10-23 21:32 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-20 14:54 - 2011-01-17 17:50 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-04-14 20:13 - 2014-04-20 14:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-20 14:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-20 14:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-20 14:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-14 04:24 - 2014-05-07 17:55 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-07 17:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-04-12 21:12 - 2014-04-12 21:12 - 00003967 _____ () C:\Users\User\AppData\Local\recently-used.xbel 2014-04-12 21:12 - 2013-08-28 23:46 - 00000000 ____D () C:\Users\User\AppData\Local\gtk-2.0 2014-04-12 21:12 - 2013-08-28 23:43 - 00000000 ____D () C:\Users\User\.gimp-2.8 2014-04-12 20:27 - 2014-04-12 20:27 - 00000000 _____ () C:\Users\User\Sti_Trace.log 2014-04-11 21:34 - 2014-04-11 21:34 - 00003204 _____ () C:\Windows\System32\Tasks\{6610E49B-475D-46BE-A729-64DD8A4D9338} 2014-04-09 23:01 - 2014-04-09 23:00 - 00000000 ____D () C:\Users\User\Desktop\pendrive 2014-04-09 12:21 - 2011-01-12 18:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-09 12:20 - 2013-08-15 14:25 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 12:18 - 2011-01-15 20:07 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\User\AppData\Roaming\Origin\update.vbe Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\ggdrive-menu.exe C:\Users\User\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\User\AppData\Local\Temp\installstats.exe C:\Users\User\AppData\Local\Temp\ntdll_dump.dll C:\Users\User\AppData\Local\Temp\sfamcc00001.dll C:\Users\User\AppData\Local\Temp\sfextra.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-25 10:58 ==================== End Of Log ============================ mbam-log-2014-05-08 (20-09-05).xml
- May 8, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak replied to Undziak's topic in Resolved Malware Removal Logs

Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-05-2014Ran by User at 2014-05-04 21:39:47Running from C:\Users\User\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)«Euro Truck Simulator 2 - Gold Edition» v.1.8.2.5s (HKLM-x32\...\«Euro Truck Simulator 2 - Gold Edition»_is1) (Version: - SCS Software)µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)7-Zip 4.57 (HKLM-x32\...\7-Zip) (Version: - )ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)Akademia jazdy konnej (HKLM-x32\...\Akademia jazdy konnej_is1) (Version: - dtp)Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft)Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft)Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version: - )Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)AVG 2012 (Version: 12.0.2193 - AVG Technologies) HiddenAVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)AVG 2014 (Version: 14.0.3931 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4577 - AVG Technologies) HiddenAVG Nation toolbar (HKLM-x32\...\AVG Nation toolbar) (Version: 18.1.0.443 - InfoSpace)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Browsers Protector (HKLM-x32\...\Browsers Protector) (Version: 1.0.0.0 - Publisher Name) <==== ATTENTIONClearSkinFX for Digital Cameras (HKLM-x32\...\ClearSkinFX for Digital Cameras_is1) (Version: - )CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version: - )CrystalDiskInfo 6.1.12 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)CyberLink DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.3019 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDeluxe Ski Jump 4 (HKLM-x32\...\Deluxe Ski Jump 4_is1) (Version: 1.5.1 - Mediamond Tmi)Dzielenie i łączenie plików v1.2.2 (HKLM-x32\...\Dzielenie i łączenie plików_is1) (Version: - Michał Bąbik)Easy Tune 6 B10.0728.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)Easy Tune 6 B10.0728.1 (x32 Version: 1.00.0000 - GIGABYTE) HiddeneduROM Gra edukacyjna Język polski "Czytam i piszę" (HKLM-x32\...\{B1EB0284-674E-48BD-9EBF-14954C95668C}) (Version: 1.00.0000 - ydp)e-pity 2012 wersja 4.0 (HKLM-x32\...\{089EC62B-72C9-490C-94BD-BA6B833A0EB2}}_is1) (Version: 4.0 - e-file sp. z o.o.)Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )Epson Stylus SX210_SX410_TX210_TX410 Podręcznik (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Przewodnik użytkownika) (Version: - )EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)Football Manager 2014 wersja 14.1.4 (HKLM-x32\...\Football Manager 2014_is1) (Version: 14.1.4 - Sega)Football Superstars (HKLM-x32\...\Football Superstars_is1) (Version: - CyberSports Ltd)Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: - )Free Notes & Office Ink (HKLM-x32\...\{556F2137-B772-43BB-9A45-E0275234DD16}) (Version: - )Galeria fotografii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenGG (HKCU\...\GG) (Version: 11 - GG Network S.A.)GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenIHF Handball Challenge 12 (HKLM-x32\...\{CF5D5054-34F7-4A22-3594-29FF1D025029}_is1) (Version: - Neutron Games GmbH)IHF Handball Challenge 14 (HKLM-x32\...\IHF Handball Challenge 14_is1) (Version: - )iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)K-Lite Codec Pack 6.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.9.0 - )MacroKey Manager (HKLM-x32\...\InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}) (Version: - )MacroKey Manager (Version: 1.00.0000 - Your Company Name) HiddenMakeUp Pilot Full 4.3.0 (HKLM-x32\...\MakeUp Pilot Full_is1) (Version: 4.3.0 - Two Pilots)Malwarebytes Anti-Malware wersja 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)MaturaRom - Chemia (HKLM-x32\...\{F14CB6B6-0B1A-4654-BFA8-CE784FABFFCC}) (Version: 1.10.0006 - YDP)Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (PLK) (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (Polish) 2007 (x32 Version: 12.0.4518.1020 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (Polish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)Minecraft Beta Cracked (HKLM-x32\...\Minecraft Beta Cracked) (Version: - )Minecraft1.6.2 (HKLM-x32\...\Minecraft1.6.2) (Version: - )Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenMozilla Firefox (3.6.17) (HKLM-x32\...\Mozilla Firefox (3.6.17)) (Version: 3.6.17 (pl) - Mozilla)Mój wymarzony chłopak (HKLM-x32\...\Mój wymarzony chłopak_is1) (Version: - dtp)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My Horse and Me 2 (HKLM-x32\...\My Horse and Me 2) (Version: 1.0 - Atari)NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)Nero 7 Essentials (HKLM-x32\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1045}) (Version: 7.03.1303 - Nero AG)neroxml (x32 Version: 1.0.0 - Nero AG) HiddenNVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5919 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) HiddenNVIDIA Oprogramowanie systemu PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) HiddenNVIDIA Sterownik dźwięku HD 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)NVIDIA Sterownik graficzny 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)NVIDIA Sterownik kontrolera 3D Vision 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)Obsługa programów Apple (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Odinstaluj Igrzyska Sportowe 2004 (HKLM-x32\...\Igrzyska Sportowe 2004) (Version: - )oggcodecs 0.71.0946 (HKLM-x32\...\oggcodecs) (Version: 0.71.0946 - illiminable)OpenAL (HKLM-x32\...\OpenAL) (Version: - )Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)Panel sterowania NVIDIA 314.07 (Version: 314.07 - NVIDIA Corporation) HiddenPAP project files (HKLM-x32\...\PAP project files_is1) (Version: - )PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )Pcsx2 0.9.6 (HKLM-x32\...\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}) (Version: 1.0.0 - Pcsx2 Team)Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenPhotoScape (HKLM-x32\...\PhotoScape) (Version: - )Pivot Stickfigure Animator (HKLM-x32\...\{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}) (Version: 2.2.5 - Peter Bone)Pizza Dude (HKLM-x32\...\{33485F72-0CFC-4D46-8625-357A89059B27}_is1) (Version: - )Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)Podstawowe programy Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenPower Presenter RE (HKLM-x32\...\{6AF6BFD2-D368-4F81-9B82-D3B1414351C8}) (Version: - )Pro Beach Soccer (x32 Version: 1.00.0000 - Wanadoo Editions\Pam Developement) HiddenProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)PS TO PC CONVERTER (HKLM-x32\...\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}) (Version: 2007.01.01 - )PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)SAMSUNG Android USB Modem Software (HKLM\...\SAMSUNG Android USB Modem) (Version: V5.28.2.1 - )Santa Claus in Trouble (HKLM-x32\...\Santa Claus in Trouble) (Version: - )Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version: - ) <==== ATTENTIONSearchNewTab (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 1.2.0.1288 - SearchNewTab) <==== ATTENTIONSetup - FIFA 14 Ultimate Edition ... (HKLM-x32\...\Setup - FIFA 14 Ultimate Edition ...) (Version: ... - Electronic Arts)Shockwave (HKLM-x32\...\Shockwave) (Version: - )Skijumping 2007 (HKLM-x32\...\Skijumping 2007_0001) (Version: - )Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTeamExtreme Minecraft Installer 1.3.2 (HKLM-x32\...\TeamExtreme Minecraft Installer 1.3.2) (Version: - )TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)The Sims 2 MegaPack (HKLM-x32\...\The Sims 2 MegaPack_is1) (Version: - © 2009 Maxis)Total War: ROME II Caesar in Gaul (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{840D15BD-72E8-4710-ABDD-8E883B88BD5D}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)USB Force Wheel (HKLM-x32\...\{D5778AE9-6376-4CE6-AD4A-8712F4EC3302}) (Version: 2002.10.8 - )USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )Virtua Tennis 4™ (HKLM-x32\...\GFWL_{53450FA2-E900-456E-9715-501000008200}) (Version: 1.0.0000.130 - SEGA)Virtua Tennis 4™ (x32 Version: 1.0.0000.130 - SEGA) HiddenVisual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Web Light (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{25a98636}) (Version: - 24soft)Winamp (HKLM-x32\...\Winamp) (Version: 5.571 - Nullsoft, Inc)Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) HiddenWindows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Worms Armageddon (HKLM-x32\...\Worms Armageddon) (Version: - )WSC Real 09 (HKLM-x32\...\{51AA8C3F-B316-44A8-B371-4BB6047E45DF}) (Version: 1.00.0000 - Blade Interactive Studios)Załoga G (HKLM-x32\...\{DE5ECBF6-8A4A-4855-98D0-D6576145EBFF}) (Version: 1.00.0000 - Disney Interactive Studios)Zgrywus - Nie ma zmiłuj (HKLM-x32\...\ZgrywusNMZ_is1) (Version: - ) ==================== Restore Points ========================= 03-05-2014 11:25:04 Installed Easy Tune 6 B10.0728.103-05-2014 13:47:21 Windows Update04-05-2014 17:29:41 Revo Uninstaller's restore point - IMVU Avatar Chat Software ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-05-02 19:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {17342202-47F7-4CD4-BD8E-96179729BEA6} - System32\Tasks\RunAsStdUser Task => C:\Users\User\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe <==== ATTENTIONTask: {1BCE489E-A259-42AA-ABDB-D5E66B332D0E} - System32\Tasks\{24E22920-8999-4145-9FDB-AAE83096A9F2} => C:\Program Files (x86)\Deluxe Ski Jump 3\DSJ3.exeTask: {27F6C6B5-84FA-45BE-9641-439F3056E439} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000Core => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29] (Facebook Inc.)Task: {2CC76933-F5AE-4187-A5D0-07BD91A740E5} - System32\Tasks\e-pity2012_styczen => C:\Program Files (x86)\e-file\e-pity2012\signxml.exe [2013-03-10] (e-file sp. z o.o.)Task: {63501B16-2BE7-41AA-B707-BE09879501FF} - System32\Tasks\e-pity2012_kwiecien => C:\Program Files (x86)\e-file\e-pity2012\signxml.exe [2013-03-10] (e-file sp. z o.o.)Task: {84F4C200-4740-4551-BE14-EEE57D18EFDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17] (Google Inc.)Task: {961723AE-C36B-4663-B20A-A3E93637B302} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000UA => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-29] (Facebook Inc.)Task: {A1E4AF80-3F3C-4365-AEDB-742A39B2C115} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)Task: {A2504D6B-4FE3-44FC-A148-182A42E334F2} - System32\Tasks\Origin => C:\Users\User\AppData\Roaming\Origin\update.vbe [2013-11-12] () <==== ATTENTIONTask: {AFBA6013-9D2F-4BE2-BB17-6B43B80EEB6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exeTask: {B1CB0889-B0FB-4A41-9C86-00E1C53F17DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17] (Google Inc.)Task: {F864F123-EC7F-4F4D-B478-11F9980C742F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3424204967-3351298522-564494906-1000Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-13 18:51 - 2013-02-10 03:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2011-01-24 16:22 - 2013-04-01 20:57 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2011-01-24 16:23 - 2013-07-03 22:41 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe2009-08-06 10:34 - 2009-08-06 10:34 - 00662248 _____ () C:\Windows\System32\atwtusb.exe2009-08-06 10:34 - 2009-08-06 10:34 - 00662248 _____ () C:\Windows\system32\atwtusb.exe2014-04-28 20:36 - 2014-04-28 20:35 - 00158536 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe2013-10-05 19:22 - 2014-04-28 20:35 - 02556744 _____ () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-04-28 20:36 - 2014-04-28 20:35 - 00518472 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll2014-05-01 20:13 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll2014-05-01 20:13 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll2014-05-01 20:13 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll2014-05-01 20:13 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll2014-05-01 20:13 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll2014-05-01 20:13 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll2014-05-01 20:13 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll2013-06-07 11:20 - 2014-04-03 16:13 - 03205184 _____ () C:\Users\User\AppData\Local\GG\Application\xulrunner\mozjs.dll2013-06-07 11:20 - 2014-03-10 18:36 - 00122432 _____ () C:\Users\User\AppData\Local\GG\Application\ggdrive\ZLIB1.dll2013-06-07 11:20 - 2013-09-09 10:57 - 16166248 _____ () C:\Users\User\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:376F0B4F ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: MacroKeyManager => WTMKM.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/03/2014 08:28:45 PM) (Source: Application Hang) (User: )Description: Program mbam.exe w wersji 1.0.0.500 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 96c Godzina rozpoczęcia: 01cf66fb9b86e842 Godzina zakończenia: 6 Ścieżka aplikacji: D:\Gry\Malwarebytes Anti-Malware\mbam.exe Identyfikator raportu: c13b3ee7-d2f0-11e3-b66d-1c6f655c03b5 Error: (05/03/2014 08:14:11 PM) (Source: Application Hang) (User: )Description: Program mbam.exe w wersji 1.0.0.500 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: b2c Godzina rozpoczęcia: 01cf66f928a0f8e7 Godzina zakończenia: 34 Ścieżka aplikacji: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Identyfikator raportu: b79780d1-d2ee-11e3-b66d-1c6f655c03b5 Error: (05/03/2014 07:54:12 PM) (Source: Application Hang) (User: )Description: Program mbam.exe w wersji 1.0.0.500 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 1178 Godzina rozpoczęcia: 01cf66f7624f175f Godzina zakończenia: 5 Ścieżka aplikacji: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Identyfikator raportu: ebc283df-d2eb-11e3-99ad-1c6f655c03b5 Error: (05/03/2014 07:18:21 PM) (Source: Application Error) (User: )Description: Nazwa aplikacji powodującej błąd: mbam.exe, wersja: 1.0.0.500, sygnatura czasowa: 0x533d8de2Nazwa modułu powodującego błąd: MSVCR100.dll, wersja: 10.0.40219.325, sygnatura czasowa: 0x4df2be1eKod wyjątku: 0x40000015Przesunięcie błędu: 0x0008d6fdIdentyfikator procesu powodującego błąd: 0x1368Godzina uruchomienia aplikacji powodującej błąd: 0xmbam.exe0Ścieżka aplikacji powodującej błąd: mbam.exe1Ścieżka modułu powodującego błąd: mbam.exe2Identyfikator raportu: mbam.exe3 Error: (05/03/2014 07:01:29 PM) (Source: Application Error) (User: )Description: Nazwa aplikacji powodującej błąd: mbam.exe, wersja: 1.0.0.500, sygnatura czasowa: 0x533d8de2Nazwa modułu powodującego błąd: MSVCR100.dll, wersja: 10.0.40219.325, sygnatura czasowa: 0x4df2be1eKod wyjątku: 0x40000015Przesunięcie błędu: 0x0008d6fdIdentyfikator procesu powodującego błąd: 0x1600Godzina uruchomienia aplikacji powodującej błąd: 0xmbam.exe0Ścieżka aplikacji powodującej błąd: mbam.exe1Ścieżka modułu powodującego błąd: mbam.exe2Identyfikator raportu: mbam.exe3 Error: (04/05/2014 06:55:22 PM) (Source: SideBySide) (User: )Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"1". Błąd w pliku manifestu lub w pliku zasad "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"2" w wierszu Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"3.Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.Odwołanie to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148".Definicja to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1".Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (03/26/2014 10:39:41 PM) (Source: SideBySide) (User: )Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"1". Błąd w pliku manifestu lub w pliku zasad "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"2" w wierszu Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"3.Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.Odwołanie to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148".Definicja to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1".Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (03/26/2014 08:19:29 PM) (Source: SideBySide) (User: )Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"1". Błąd w pliku manifestu lub w pliku zasad "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"2" w wierszu Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"3.Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.Odwołanie to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148".Definicja to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1".Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (03/25/2014 10:18:24 PM) (Source: SideBySide) (User: )Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"1". Błąd w pliku manifestu lub w pliku zasad "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"2" w wierszu Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"3.Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.Odwołanie to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148".Definicja to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1".Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (03/25/2014 06:48:38 PM) (Source: SideBySide) (User: )Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"1". Błąd w pliku manifestu lub w pliku zasad "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"2" w wierszu Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148"3.Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.Odwołanie to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.4148".Definicja to Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1".Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. System errors:=============Error: (05/04/2014 08:41:01 PM) (Source: Service Control Manager) (User: )Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: acedrv07 Error: (05/04/2014 08:40:09 PM) (Source: Service Control Manager) (User: )Description: Nie można uruchomić usługi vToolbarUpdater15.5.0 z powodu następującego błędu: %%2 Error: (05/04/2014 08:37:50 PM) (Source: DCOM) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (05/04/2014 07:55:04 PM) (Source: Service Control Manager) (User: )Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: acedrv07 Error: (05/04/2014 07:54:25 PM) (Source: Service Control Manager) (User: )Description: Nie można uruchomić usługi vToolbarUpdater15.5.0 z powodu następującego błędu: %%2 Error: (05/04/2014 07:52:03 PM) (Source: DCOM) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (05/04/2014 06:56:04 PM) (Source: Service Control Manager) (User: )Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: acedrv07 Error: (05/04/2014 06:55:25 PM) (Source: Service Control Manager) (User: )Description: Nie można uruchomić usługi vToolbarUpdater15.5.0 z powodu następującego błędu: %%2 Error: (05/03/2014 07:58:29 PM) (Source: Service Control Manager) (User: )Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: acedrv07 Error: (05/03/2014 07:57:31 PM) (Source: Service Control Manager) (User: )Description: Nie można uruchomić usługi vToolbarUpdater15.5.0 z powodu następującego błędu: %%2 Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2014-05-04 20:39:30.383 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-04 20:39:30.165 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-04 19:53:46.277 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-04 19:53:46.043 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-04 18:54:49.078 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-04 18:54:48.844 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-03 19:56:53.797 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-03 19:56:53.563 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-03 16:01:22.769 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-03 16:01:22.535 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 63%Total physical RAM: 4093.55 MBAvailable physical RAM: 1499.46 MBTotal Pagefile: 8185.29 MBAvailable Pagefile: 5370.16 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100.1 GB) (Free:25.11 GB) NTFSDrive d: () (Fixed) (Total:365.56 GB) (Free:146.05 GB) NTFSDrive j: (WSC2009_REAL) (CDROM) (Total:3.17 GB) (Free:0 GB) CDFSDrive k: (ihfhc14) (CDROM) (Total:1.16 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DB4DDB4D)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- May 4, 2014
- 21 replies
Trojan.Agent.Gen - svhost.exe

Undziak posted a topic in Resolved Malware Removal Logs

So, for some time my avg detects my startup coinminer, a message appears that the threat has been removed successfully.I didn't follow it too much until my computer started spontaneously turn off. A friend advised me to use your program. So I did it, I removed all detected threats and restarted the computer. I repeated that again scan detected a number of threats that have allegedly removed. I attach the logs. Please help, because I do not know how to permanently get rid of these Trojans. FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-05-2014Ran by User (administrator) on USER-KOMPUTER on 04-05-2014 21:38:32Running from C:\Users\User\DesktopWindows 7 Ultimate Service Pack 1 (X64) OS Language: PolishInternet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corporation) C:\Windows\System32\wscript.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE() C:\Windows\SysWOW64\PnkBstrA.exe() C:\Windows\SysWOW64\PnkBstrB.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE() C:\Windows\System32\atwtusb.exe() C:\Windows\System32\atwtusb.exe(Microsoft Corporation) C:\Windows\System32\schtasks.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe() C:\Program Files (x86)\AVG Nation toolbar\vprot.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) D:\Gry\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(GG Network S.A.) C:\Users\User\AppData\Local\GG\Application\gghub.exe(GG Network S.A.) C:\Users\User\AppData\Local\GG\Application\ggapp.exe(GG Network S.A.) C:\Users\User\AppData\Local\GG\Application\ggdrive\ggdrive.exe(GG Network S.A.) C:\Users\User\AppData\Local\GG\Application\xulrunner\gghub.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2556744 2014-04-28] ()HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iTunesHelper] => D:\Gry\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKU\S-1-5-21-3424204967-3351298522-564494906-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)HKU\S-1-5-21-3424204967-3351298522-564494906-1000\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-28] (BitTorrent Inc.)HKU\S-1-5-21-3424204967-3351298522-564494906-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)HKU\S-1-5-21-3424204967-3351298522-564494906-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)HKU\S-1-5-21-3424204967-3351298522-564494906-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-28] (BitTorrent Inc.)HKU\S-1-5-21-3424204967-3351298522-564494906-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)HKU\S-1-5-21-3424204967-3351298522-564494906-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchisfun.info/?l=1&q={searchTerms}&pid=233&r=2013/10/01&hid=14175640421394237113&lg=EN&cc=PL&unqvl=33SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=b8a1a40f-39fc-11e1-a39f-1c6f655c03b5&q={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=b8a1a40f-39fc-11e1-a39f-1c6f655c03b5&q={searchTerms}SearchScopes: HKCU - {2C952BC7-7141-4287-A459-DB33168EA274} URL = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=c50394f147414773a73a5b86bb5f8172SearchScopes: HKCU - {BC379085-F906-4D4F-BE05-1D1E8B40A3B0} URL = http://startsear.ch/?aff=2&src=sp&cf=b8a1a40f-39fc-11e1-a39f-1c6f655c03b5&q={searchTerms}BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No FileBHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No FileHandler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.defaultFF DefaultSearchEngine: WebSearchFF SearchEngineOrder.1: WebSearchFF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");FF SelectedSearchEngine: WebSearch FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Gry\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xmlFF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\Extensions\rotateimage@minisystems.de [2014-03-07]FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\Extensions\staged [2011-11-10]FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{a653d99c-4ec1-58a8-4969-8ab9269bb31d} [2012-09-07]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-01-17]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-18]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-02]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011-05-14]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-15]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-07-03]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-24]FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\FF HKLM-x32\...\Firefox\Extensions: [07_tr@eeyftreoa.edu] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensionsFF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14]FF HKLM-x32\...\Firefox\Extensions: [uioi.yb@qpo-wbk.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensionsFF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14]FF HKLM-x32\...\Firefox\Extensions: [yuoy.bpne@fovpaa.edu] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensionsFF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14]FF HKCU\...\Firefox\Extensions: [07_tr@eeyftreoa.edu] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensionsFF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14]FF HKCU\...\Firefox\Extensions: [uioi.yb@qpo-wbk.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensionsFF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14]FF HKCU\...\Firefox\Extensions: [yuoy.bpne@fovpaa.edu] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensionsFF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itenp7ba.default\extensions [2011-01-14] Chrome: =======CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]CHR Extension: (Dysk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02]CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]CHR Extension: (Szukaj w Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02]CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]CHR Extension: (AAlleSSaver) - C:\ProgramData\dhpgpcfienlaeaifadehfplkehmffnmk [2014-01-02]CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\User\AppData\Local\Temp\crx4211.tmp [2014-01-02]CHR HKLM-x32\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files (x86)\StartSearch plugin\startsplg.crx [2014-01-02]CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Nation toolbar\ChromeExt\18.1.0.443\avg.crx [2014-04-28] ==================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-04-01] ()R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2013-07-03] ()R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1793536 2014-04-28] (AVG Secure Search)R2 WTService; C:\Windows\System32\atwtusb.exe [662248 2009-08-06] ()S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2011-01-23] ()R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-05-04] ()R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-04] (Malwarebytes Corporation)R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-13] ()R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7808 2009-04-16] (Windows ® Codename Longhorn DDK provider)U3 a1nt01f8; C:\Windows\System32\Drivers\a1nt01f8.sys [0 ] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-04 21:38 - 2014-05-04 21:39 - 00020720 _____ () C:\Users\User\Desktop\FRST.txt2014-05-04 21:38 - 2014-05-04 21:38 - 00000000 ____D () C:\FRST2014-05-04 21:35 - 2014-05-04 21:35 - 02062336 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe2014-05-04 21:22 - 2014-05-04 21:23 - 04527616 _____ () C:\Users\User\Desktop\RogueKillerX64.exe2014-05-04 21:02 - 2014-05-04 21:03 - 10971424 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe2014-05-04 19:28 - 2014-05-04 19:28 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-04 19:28 - 2014-05-04 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-04 19:28 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-04 19:28 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-04 19:28 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-04 19:26 - 2014-05-04 19:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004 (1).exe2014-05-04 19:25 - 2014-05-04 19:25 - 00001264 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk2014-05-04 19:25 - 2014-05-04 19:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group2014-05-04 19:24 - 2014-05-04 19:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup.exe2014-05-04 19:19 - 2014-05-04 19:20 - 10619688 _____ (VS Revo Group ) C:\Users\User\Downloads\RevoUninProSetup.exe2014-05-03 18:39 - 2014-05-04 20:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-03 18:39 - 2014-05-03 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-03 18:36 - 2014-05-03 18:38 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004.exe2014-05-03 18:33 - 2014-05-03 18:33 - 00001186 _____ () C:\Users\User\Desktop\CrystalDiskInfo.lnk2014-05-03 18:33 - 2014-05-03 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo2014-05-03 18:33 - 2014-05-03 18:33 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo2014-05-03 18:32 - 2014-05-03 18:32 - 02773664 _____ (Crystal Dew World ) C:\Users\User\Downloads\CrystalDiskInfo6_1_12-en.exe2014-05-03 15:47 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-03 15:47 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-03 15:47 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-03 15:47 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-03 15:04 - 2014-05-03 15:04 - 00005986 _____ () C:\Users\User\Downloads\LG_E1940_Driver.zip2014-05-03 15:00 - 2014-05-03 15:00 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\User\Downloads\biosagentplus_1218.exe2014-05-03 15:00 - 2014-05-03 15:00 - 00041472 _____ () C:\Users\User\Downloads\launcher64.dll2014-05-03 15:00 - 2014-05-03 15:00 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS2014-05-03 15:00 - 2014-05-03 15:00 - 00000000 ____D () C:\Users\User\AppData\Local\eSupport.com2014-05-03 13:37 - 2014-05-03 13:37 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys2014-05-03 13:31 - 2014-05-04 18:56 - 00030528 _____ () C:\Windows\GVTDrv64.sys2014-05-03 13:31 - 2014-05-04 18:55 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys2014-05-03 13:27 - 2014-05-03 13:27 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList2014-05-03 13:27 - 2014-05-03 13:27 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList2014-05-03 13:26 - 2014-05-03 13:26 - 00002012 _____ () C:\Users\Public\Desktop\ET6.lnk2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\AdobeUM2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Program Files (x86)\AMD2014-05-03 13:25 - 2014-05-03 13:25 - 00000000 ____D () C:\Users\User\Documents\My eBooks2014-05-03 13:04 - 2014-05-03 13:04 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\Program Files\CPUID2014-05-03 13:03 - 2014-05-03 13:04 - 01126296 _____ ( ) C:\Users\User\Downloads\hwmonitor_1.24-setup.exe2014-05-03 12:55 - 2014-05-03 16:36 - 00000000 ____D () C:\Program Files (x86)\SpeedFan2014-05-03 12:55 - 2014-05-03 12:55 - 02143832 _____ () C:\Users\User\Downloads\installspeedfan449(dobreprogramy.pl).exe2014-05-03 12:55 - 2014-05-03 12:55 - 00001007 _____ () C:\Users\User\Desktop\SpeedFan.lnk2014-05-03 12:55 - 2014-05-03 12:55 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo2014-05-03 12:55 - 2014-05-03 12:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan2014-05-03 12:55 - 2014-05-03 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan2014-05-03 12:54 - 2014-05-03 12:54 - 00007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg2014-05-02 19:20 - 2014-05-02 19:20 - 00037004 _____ () C:\ComboFix.txt2014-05-02 18:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe2014-05-02 18:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe2014-05-02 18:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-05-02 18:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-05-02 18:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-05-02 18:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe2014-05-02 18:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe2014-05-02 18:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe2014-05-02 18:55 - 2014-05-02 19:20 - 00000000 ____D () C:\Qoobox2014-05-02 18:54 - 2014-05-02 19:19 - 00000000 ____D () C:\Windows\erdnt2014-05-02 18:53 - 2014-05-02 18:54 - 05197895 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe2014-04-28 20:36 - 2014-04-28 20:36 - 00000000 ____D () C:\ProgramData\AVG Secure Search2014-04-26 17:28 - 2014-04-26 17:28 - 00000661 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client2014-04-26 14:03 - 2014-04-26 14:05 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User\Desktop\TeamSpeak3-Client-win64-3.0.14.exe2014-04-25 21:50 - 2014-04-25 21:50 - 00000779 _____ () C:\Users\Public\Desktop\IHF Handball Challenge 14.lnk2014-04-25 21:50 - 2014-04-25 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plug In Digital2014-04-22 20:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-04-22 20:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-04-22 20:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-04-22 20:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-04-22 20:23 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-04-22 20:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-04-22 20:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-04-22 20:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-04-22 20:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-04-22 20:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-04-22 20:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-04-22 20:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-04-22 20:23 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-04-22 20:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-04-22 20:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-04-22 20:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-04-22 20:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-04-22 20:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-04-22 20:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-04-22 20:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-04-22 20:23 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-04-22 20:23 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-04-22 20:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-04-22 20:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-04-22 20:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-04-22 20:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-04-22 20:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-04-22 20:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-04-22 20:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-04-22 20:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-04-22 20:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-04-22 20:23 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-04-22 20:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-04-22 20:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-04-22 20:23 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-04-22 20:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-04-22 20:23 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-04-22 20:23 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-04-22 20:23 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-04-22 20:23 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-04-22 20:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-04-22 20:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-04-22 20:23 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-04-22 20:23 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-04-20 14:54 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-04-20 14:54 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-04-20 14:54 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-04-20 14:54 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-04-20 14:53 - 2014-04-20 14:54 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log2014-04-19 22:50 - 2014-04-26 16:59 - 00000000 ____D () C:\Users\User\Desktop\Originals2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys2014-04-12 21:12 - 2014-04-12 21:12 - 00003967 _____ () C:\Users\User\AppData\Local\recently-used.xbel2014-04-12 20:27 - 2014-04-12 20:27 - 00000000 _____ () C:\Users\User\Sti_Trace.log2014-04-12 19:35 - 2014-04-26 16:52 - 00011264 ____H () C:\Users\User\Desktop\photothumb.db2014-04-11 21:34 - 2014-04-11 21:34 - 00003204 _____ () C:\Windows\System32\Tasks\{6610E49B-475D-46BE-A729-64DD8A4D9338}2014-04-09 23:00 - 2014-04-09 23:01 - 00000000 ____D () C:\Users\User\Desktop\pendrive2014-04-09 10:47 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-09 10:47 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2014-04-09 10:47 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2014-04-09 10:47 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2014-04-09 10:47 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2014-04-09 10:47 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2014-04-09 10:47 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-04-09 10:47 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2014-04-09 10:47 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2014-04-09 10:47 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2014-04-09 10:47 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2014-04-09 10:47 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys2014-04-09 10:47 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys2014-04-09 10:47 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys2014-04-09 10:47 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll2014-04-09 10:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll2014-04-09 10:47 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2014-04-07 19:40 - 2014-04-26 17:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\PhotoScape2014-04-07 19:40 - 2014-04-07 19:40 - 00001031 _____ () C:\Users\User\Desktop\PhotoScape.lnk2014-04-07 19:40 - 2014-04-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape2014-04-07 19:40 - 2014-04-07 19:40 - 00000000 ____D () C:\Program Files (x86)\PhotoScape ==================== One Month Modified Files and Folders ======= 2014-05-04 21:39 - 2014-05-04 21:38 - 00020720 _____ () C:\Users\User\Desktop\FRST.txt2014-05-04 21:38 - 2014-05-04 21:38 - 00000000 ____D () C:\FRST2014-05-04 21:35 - 2014-05-04 21:35 - 02062336 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe2014-05-04 21:23 - 2014-05-04 21:22 - 04527616 _____ () C:\Users\User\Desktop\RogueKillerX64.exe2014-05-04 21:11 - 2011-04-17 10:05 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-04 21:03 - 2014-05-04 21:02 - 10971424 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe2014-05-04 21:01 - 2013-02-25 21:32 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-05-04 20:48 - 2009-07-14 06:45 - 00010416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-04 20:48 - 2009-07-14 06:45 - 00010416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-04 20:44 - 2011-01-12 18:18 - 01127688 _____ () C:\Windows\WindowsUpdate.log2014-05-04 20:43 - 2014-05-03 18:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-04 20:41 - 2013-06-17 18:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\GG2014-05-04 20:41 - 2012-11-10 22:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype2014-05-04 20:41 - 2011-10-16 18:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent2014-05-04 20:40 - 2011-04-17 10:05 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-04 20:40 - 2009-07-14 04:34 - 00000858 _____ () C:\Windows\win.ini2014-05-04 20:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-04 20:39 - 2009-07-14 06:51 - 00183395 _____ () C:\Windows\setupact.log2014-05-04 20:29 - 2013-04-29 17:24 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000UA.job2014-05-04 19:54 - 2011-01-12 18:33 - 00261826 _____ () C:\Windows\PFRO.log2014-05-04 19:50 - 2013-10-12 23:06 - 00000000 ____D () C:\ProgramData\Doownload keuepeRu2014-05-04 19:44 - 2011-01-12 18:35 - 00000000 ____D () C:\ProgramData\MFAData2014-05-04 19:28 - 2014-05-04 19:28 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-04 19:28 - 2014-05-04 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-04 19:28 - 2014-05-04 19:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004 (1).exe2014-05-04 19:25 - 2014-05-04 19:25 - 00001264 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk2014-05-04 19:25 - 2014-05-04 19:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group2014-05-04 19:24 - 2014-05-04 19:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup.exe2014-05-04 19:20 - 2014-05-04 19:19 - 10619688 _____ (VS Revo Group ) C:\Users\User\Downloads\RevoUninProSetup.exe2014-05-04 18:56 - 2014-05-03 13:31 - 00030528 _____ () C:\Windows\GVTDrv64.sys2014-05-04 18:55 - 2014-05-03 13:31 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys2014-05-03 18:39 - 2014-05-03 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-03 18:38 - 2014-05-03 18:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004.exe2014-05-03 18:33 - 2014-05-03 18:33 - 00001186 _____ () C:\Users\User\Desktop\CrystalDiskInfo.lnk2014-05-03 18:33 - 2014-05-03 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo2014-05-03 18:33 - 2014-05-03 18:33 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo2014-05-03 18:32 - 2014-05-03 18:32 - 02773664 _____ (Crystal Dew World ) C:\Users\User\Downloads\CrystalDiskInfo6_1_12-en.exe2014-05-03 17:29 - 2013-04-29 17:24 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3424204967-3351298522-564494906-1000Core.job2014-05-03 16:36 - 2014-05-03 12:55 - 00000000 ____D () C:\Program Files (x86)\SpeedFan2014-05-03 15:04 - 2014-05-03 15:04 - 00005986 _____ () C:\Users\User\Downloads\LG_E1940_Driver.zip2014-05-03 15:00 - 2014-05-03 15:00 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\User\Downloads\biosagentplus_1218.exe2014-05-03 15:00 - 2014-05-03 15:00 - 00041472 _____ () C:\Users\User\Downloads\launcher64.dll2014-05-03 15:00 - 2014-05-03 15:00 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS2014-05-03 15:00 - 2014-05-03 15:00 - 00000000 ____D () C:\Users\User\AppData\Local\eSupport.com2014-05-03 13:37 - 2014-05-03 13:37 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys2014-05-03 13:27 - 2014-05-03 13:27 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList2014-05-03 13:27 - 2014-05-03 13:27 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList2014-05-03 13:26 - 2014-05-03 13:26 - 00002012 _____ () C:\Users\Public\Desktop\ET6.lnk2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\AdobeUM2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE2014-05-03 13:26 - 2014-05-03 13:26 - 00000000 ____D () C:\Program Files (x86)\AMD2014-05-03 13:26 - 2011-01-12 18:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-05-03 13:25 - 2014-05-03 13:25 - 00000000 ____D () C:\Users\User\Documents\My eBooks2014-05-03 13:23 - 2011-01-12 18:26 - 00000010 _____ () C:\Windows\GSetup.ini2014-05-03 13:04 - 2014-05-03 13:04 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID2014-05-03 13:04 - 2014-05-03 13:04 - 00000000 ____D () C:\Program Files\CPUID2014-05-03 13:04 - 2014-05-03 13:03 - 01126296 _____ ( ) C:\Users\User\Downloads\hwmonitor_1.24-setup.exe2014-05-03 12:55 - 2014-05-03 12:55 - 02143832 _____ () C:\Users\User\Downloads\installspeedfan449(dobreprogramy.pl).exe2014-05-03 12:55 - 2014-05-03 12:55 - 00001007 _____ () C:\Users\User\Desktop\SpeedFan.lnk2014-05-03 12:55 - 2014-05-03 12:55 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo2014-05-03 12:55 - 2014-05-03 12:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan2014-05-03 12:55 - 2014-05-03 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan2014-05-03 12:54 - 2014-05-03 12:54 - 00007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg2014-05-02 22:37 - 2013-11-11 22:23 - 00000000 ____D () C:\Users\User\Documents\FIFA 142014-05-02 19:24 - 2013-06-17 18:38 - 00000000 ____D () C:\Users\User\AppData\Local\GG2014-05-02 19:20 - 2014-05-02 19:20 - 00037004 _____ () C:\ComboFix.txt2014-05-02 19:20 - 2014-05-02 18:55 - 00000000 ____D () C:\Qoobox2014-05-02 19:20 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default2014-05-02 19:19 - 2014-05-02 18:54 - 00000000 ____D () C:\Windows\erdnt2014-05-02 19:13 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini2014-05-02 19:11 - 2009-07-14 04:34 - 85458944 _____ () C:\Windows\system32\config\software.bak2014-05-02 19:11 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\system.bak2014-05-02 19:11 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak2014-05-02 19:11 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak2014-05-02 19:11 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak2014-05-02 18:54 - 2014-05-02 18:53 - 05197895 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe2014-05-01 22:05 - 2013-08-28 22:44 - 00000000 _____ () C:\END2014-05-01 20:30 - 2013-10-05 19:22 - 00000995 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-05-01 20:30 - 2013-05-15 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-05-01 20:13 - 2011-04-17 10:10 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-04-29 16:01 - 2014-05-03 15:47 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-29 15:40 - 2014-05-03 15:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-29 14:48 - 2014-05-03 15:47 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-29 14:34 - 2014-05-03 15:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-28 22:02 - 2013-02-25 21:32 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-04-28 22:02 - 2013-02-25 21:32 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-04-28 22:02 - 2011-06-09 15:45 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-04-28 20:36 - 2014-04-28 20:36 - 00000000 ____D () C:\ProgramData\AVG Secure Search2014-04-28 20:36 - 2013-10-05 19:22 - 00000000 ____D () C:\Program Files (x86)\AVG Nation toolbar2014-04-28 20:36 - 2012-11-08 17:43 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys2014-04-27 20:52 - 2014-01-02 12:34 - 00000000 ____D () C:\ProgramData\ExsTraCoupon2014-04-27 20:52 - 2014-01-02 12:34 - 00000000 ____D () C:\ProgramData\AAlleSSaver2014-04-26 17:32 - 2011-04-03 18:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client2014-04-26 17:28 - 2014-04-26 17:28 - 00000661 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client2014-04-26 17:00 - 2014-04-07 19:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\PhotoScape2014-04-26 16:59 - 2014-04-19 22:50 - 00000000 ____D () C:\Users\User\Desktop\Originals2014-04-26 16:52 - 2014-04-12 19:35 - 00011264 ____H () C:\Users\User\Desktop\photothumb.db2014-04-26 16:02 - 2013-12-06 18:49 - 00000000 ___RD () C:\Users\User\Desktop\Różne rzeczy2014-04-26 14:05 - 2014-04-26 14:03 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User\Desktop\TeamSpeak3-Client-win64-3.0.14.exe2014-04-26 12:53 - 2011-07-19 13:03 - 00000000 ___RD () C:\Users\User\Desktop\Moje Karaoke2014-04-25 21:54 - 2011-10-31 11:29 - 00000000 ____D () C:\Users\User\Documents\neutron games2014-04-25 21:50 - 2014-04-25 21:50 - 00000779 _____ () C:\Users\Public\Desktop\IHF Handball Challenge 14.lnk2014-04-25 21:50 - 2014-04-25 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plug In Digital2014-04-22 21:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-04-22 19:20 - 2013-06-30 15:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity2014-04-20 14:54 - 2014-04-20 14:53 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log2014-04-20 14:54 - 2013-10-23 21:32 - 00000000 ____D () C:\ProgramData\Oracle2014-04-20 14:54 - 2011-01-17 17:50 - 00000000 ____D () C:\Program Files (x86)\Java2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys2014-04-14 20:13 - 2014-04-20 14:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-04-14 20:05 - 2014-04-20 14:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-04-14 20:05 - 2014-04-20 14:54 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-04-14 20:04 - 2014-04-20 14:54 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-04-12 21:12 - 2014-04-12 21:12 - 00003967 _____ () C:\Users\User\AppData\Local\recently-used.xbel2014-04-12 21:12 - 2013-08-28 23:46 - 00000000 ____D () C:\Users\User\AppData\Local\gtk-2.02014-04-12 21:12 - 2013-08-28 23:43 - 00000000 ____D () C:\Users\User\.gimp-2.82014-04-12 20:28 - 2009-07-14 19:55 - 00753542 _____ () C:\Windows\system32\perfh015.dat2014-04-12 20:28 - 2009-07-14 19:55 - 00162928 _____ () C:\Windows\system32\perfc015.dat2014-04-12 20:28 - 2009-07-14 07:13 - 01708566 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-12 20:27 - 2014-04-12 20:27 - 00000000 _____ () C:\Users\User\Sti_Trace.log2014-04-11 21:34 - 2014-04-11 21:34 - 00003204 _____ () C:\Windows\System32\Tasks\{6610E49B-475D-46BE-A729-64DD8A4D9338}2014-04-09 23:01 - 2014-04-09 23:00 - 00000000 ____D () C:\Users\User\Desktop\pendrive2014-04-09 12:21 - 2011-01-12 18:38 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-04-09 12:20 - 2013-08-15 14:25 - 00000000 ____D () C:\Windows\system32\MRT2014-04-09 12:18 - 2011-01-15 20:07 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-04-07 19:40 - 2014-04-07 19:40 - 00001031 _____ () C:\Users\User\Desktop\PhotoScape.lnk2014-04-07 19:40 - 2014-04-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape2014-04-07 19:40 - 2014-04-07 19:40 - 00000000 ____D () C:\Program Files (x86)\PhotoScape2014-04-04 18:53 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Files to move or delete:====================C:\Users\User\AppData\Roaming\Origin\update.vbe Some content of TEMP:====================C:\Users\User\AppData\Local\Temp\ggdrive-menu.exeC:\Users\User\AppData\Local\Temp\ggdrive-overlay.exeC:\Users\User\AppData\Local\Temp\installstats.exeC:\Users\User\AppData\Local\Temp\sfamcc00001.dllC:\Users\User\AppData\Local\Temp\sfextra.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-25 10:58 ==================== End Of Log ============================ mbam-log-2014-05-04 (20-43-45).xml
- May 4, 2014
- 21 replies

Sign In

Undziak

Posts

Joined

Last visited

Reputation

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Trojan.Agent.Gen - svhost.exe

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information