Anonim / 2 lata, 9 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Klauduś (administrator) on KLAUDUŚ on 02-04-2015 17:25:21
Running from C:\Users\Klauduś\Desktop\Downloads
Loaded Profiles: Klauduś (Available profiles: Klauduś & Gość)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) D:\Protector Suite\upeksvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(UPEK Inc.) D:\Protector Suite\psqltray.exe
() C:\Program Files\Hostless Modem\USB device MF63\CheckNDISPort_df.exe
() C:\Program Files\Hostless Modem\USB device MF63\CancelAutoPlay_df.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ZTE) C:\Program Files\T-Mobile\InternetManager_Z\Bin\mcserver.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
() C:\Program Files\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Farbar) C:\Users\Klauduś\Desktop\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AirCardEnabler] => [X]
HKLM\...\Run: [PSQLLauncher] => D:\Protector Suite\launcher.exe [49168 2007-06-05] (UPEK Inc.)
HKLM\...\Run: [Updater] => C:\Users\Klauduś\Documents\Microsoft Visual C++ Redistributable Package\vcredist_x86.exe [61440 2014-03-10] ()
HKLM\...\Run: [fst_pl_130] => [X]
HKLM\...\Run: [fst_pl_129] => [X]
HKLM\...\Run: [CheckNDISPortF0acE3] => C:\Program Files\Hostless Modem\USB device MF63\CheckNDISPort_df.exe [459008 2013-08-28] ()
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\Hostless Modem\USB device MF63\CancelAutoPlay_df.exe [446208 2013-08-28] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-375576244-3175298552-77264437-1000\...\Run: [EPSON SX510W Series (Kopia 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-375576244-3175298552-77264437-1000\...\Run: [GG] => C:\Users\Klauduś\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-02] (GG Network S.A.)
HKU\S-1-5-21-375576244-3175298552-77264437-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-375576244-3175298552-77264437-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-375576244-3175298552-77264437-1000\...\MountPoints2: {1562f9bf-75e4-11e3-888f-0090f58f9a0d} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-375576244-3175298552-77264437-1000\...\MountPoints2: {bf79cab5-6fc1-11e3-928f-0090f58f9a0d} - E:\windows\Install\Install.exe
HKU\S-1-5-21-375576244-3175298552-77264437-1000\...\MountPoints2: {c2fba4ed-d210-11e3-8e08-0090f58f9a0d} - E:\AutoRun.exe
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk
ShortcutTarget: mcserver.lnk -> C:\Program Files\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => C:\Users\Klauduś\AppData\Roaming\Macwebtoise\explorerEx.dll ()
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => D:\Protector Suite\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => D:\Protector Suite\farchns.dll (UPEK Inc.)
BootExecute: autocheck autochk * aswBoot.exe /M:97959b156 /dir:"C:\Program Files\AVAST Software\Avast"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.netmahal.com/?bd=ds&oem=ntsvc&uid=SAMSUNGXHM321HI_S24PJ1KZ400213&version=2.0.0.1288&pid=414031160&cs=383d3c3d1600c83c3c87dd6a2ca2881d&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.netmahal.com/?bd=ds&oem=ntsvc&uid=SAMSUNGXHM321HI_S24PJ1KZ400213&version=2.0.0.1288&pid=414031160&cs=383d3c3d1600c83c3c87dd6a2ca2881d&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=pl-PL&Src=MSE&Tid=0003295F&OHP=about%3Ablank&OSP=
HKU\S-1-5-21-375576244-3175298552-77264437-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=pl-PL&Src=MSE&Tid=0003295F&OHP=http%3A%2F%2Fwww.netmahal.com%2F%3Fbd%3Dhp%26oem%3Dntsvc%26uid%3DSAMSUNGXHM321HI%5FS24PJ1KZ400213%26version%3D2.0.0.1288%26pid%3D414031160%26cs%3D383d3c3d1600c83c3c87dd6a2ca2881d&OSP=http%3A%2F%2Fsearch.netmahal.com%2F%3Fbd%3Dds%26oem%3Dntsvc%26uid%3DSAMSUNGXHM321HI%5FS24PJ1KZ400213%26version%3D2.0.0.1288%26pid%3D414031160%26cs%3D383d3c3d1600c83c3c87dd6a2ca2881d%26q%3D%7BsearchTerms%7D
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=199&itype=a&ver=13337&tm=376&src=ds&p={searchTerms}
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = http://search.netmahal.com/?bd=ds&oem=ntsvc&uid=SAMSUNGXHM321HI_S24PJ1KZ400213&version=2.0.0.1288&pid=414031160&cs=383d3c3d1600c83c3c87dd6a2ca2881d&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=199&itype=a&ver=12791&tm=376&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-375576244-3175298552-77264437-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-375576244-3175298552-77264437-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=199&itype=a&ver=13337&tm=376&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-375576244-3175298552-77264437-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = http://search.netmahal.com/?bd=ds&oem=ntsvc&uid=SAMSUNGXHM321HI_S24PJ1KZ400213&version=2.0.0.1288&pid=414031160&cs=383d3c3d1600c83c3c87dd6a2ca2881d&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-21] (Oracle Corporation)
Hosts: 178.217.187.187
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1ADDC30E-165C-47BA-9389-7DE289C9276D}: [NameServer] 213.158.199.1 213.158.199.5

FireFox:
========
FF ProfilePath: C:\Users\Klauduś\AppData\Roaming\Mozilla\Firefox\Profiles\f95fs7kb.default-1415468165832
FF Homepage: hxxp://google.pl/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-21] (Oracle Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-06-16] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-06-16] (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programy\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-375576244-3175298552-77264437-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Klauduś\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-375576244-3175298552-77264437-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Klauduś\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-11] (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2014-07-11]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\netmahal.xml [2014-12-25]
FF Extension: Adblock Plus - C:\Users\Klauduś\AppData\Roaming\Mozilla\Firefox\Profiles\f95fs7kb.default-1415468165832\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-19]
FF Extension: Disable Anti-Adblock - C:\Users\Klauduś\AppData\Roaming\Mozilla\Firefox\Profiles\f95fs7kb.default-1415468165832\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2015-04-02]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2014-05-03]

Chrome: 
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1418321514&from=cor&uid=SAMSUNGXHM321HI_S24PJ1KZ400213
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418321514&from=cor&uid=SAMSUNGXHM321HI_S24PJ1KZ400213"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSearchURL: Default -> http://isearch.omiga-plus.com/web/?type=ds&ts=1418321514&from=cor&uid=SAMSUNGXHM321HI_S24PJ1KZ400213&q={searchTerms}
CHR Profile: C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-27]
CHR Extension: (Google Drive) - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-27]
CHR Extension: (YouTube) - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-27]
CHR Extension: (Adblock Plus) - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-08]
CHR Extension: (Google Search) - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-27]
CHR Extension: (New Easy Tab) - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\glpcommoahccegkdbnieidmpmpeoeend [2014-12-27]
CHR Extension: (Google Wallet) - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-27]
CHR Extension: (Gmail) - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-27]
CHR Extension: (Lightning speedDial) - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn [2014-01-23]
CHR HKLM\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Klauduś\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Klauduś\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-01-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [224736 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, s.r.o.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [13184 2009-12-15] (Bytemobile, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-06-27] (Duplex Secure Ltd.)
R3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [20352 2007-03-26] (Sierra Wireless Inc.)
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-01-11] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [67968 2011-08-10] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [9984 2011-08-10] (ZTE)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S3 JMCR; system32\DRIVERS\jmcr.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 15:49 - 2015-04-03 15:49 - 01224704 _____ () C:\Users\Klauduś\AppData\Roaming\CmB5aFNwrEUf.exe
2015-04-02 17:23 - 2015-04-02 17:25 - 00000000 ____D () C:\FRST
2015-04-02 15:49 - 2015-04-02 15:49 - 00000000 ____D () C:\Users\Klauduś\AppData\Roaming\AVG2015
2015-04-02 15:48 - 2015-04-02 15:48 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-02 15:48 - 2015-04-02 15:48 - 00000000 ____D () C:\Users\Klauduś\AppData\Roaming\TuneUp Software
2015-04-02 15:48 - 2015-04-02 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-02 15:47 - 2015-04-02 16:03 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-02 15:47 - 2015-04-02 15:47 - 00000000 ___HD () C:\$AVG
2015-04-02 15:47 - 2015-04-02 15:47 - 00000000 ____D () C:\Program Files\AVG
2015-04-02 15:46 - 2015-04-02 15:50 - 00000000 ____D () C:\Users\Klauduś\AppData\Local\Avg2015
2015-04-02 15:46 - 2015-04-02 15:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-02 15:46 - 2015-04-02 15:46 - 00000000 ____D () C:\Users\Klauduś\AppData\Local\MFAData
2015-04-02 15:43 - 2015-04-02 16:00 - 00000582 _____ () C:\Windows\PFRO.log
2015-04-02 15:43 - 2015-04-02 16:00 - 00000112 _____ () C:\Windows\setupact.log
2015-04-02 15:43 - 2015-04-02 15:43 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-02 15:40 - 2015-04-02 15:40 - 00023385 _____ () C:\220f5ea8-6497-4b48-807c-969f09940efe.dmp
2015-04-01 21:14 - 2015-04-02 16:00 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 20:14 - 2015-04-02 17:14 - 00001312 _____ () C:\Windows\Tasks\disco_games_notification_service.job
2015-04-01 20:14 - 2015-04-02 16:14 - 00000674 _____ () C:\Windows\Tasks\disco_games_updating_service.job
2015-04-01 20:14 - 2015-04-02 16:03 - 00000000 ____D () C:\Program Files\disco games
2015-04-01 20:14 - 2015-04-01 20:14 - 00001004 _____ () C:\Windows\Tasks\CmB5aFNwrEUf.job
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\Klauduś\AppData\Roaming\CmB5aFNwrEUf
2015-03-29 18:16 - 2015-03-29 18:18 - 00000000 ___RD () C:\Users\Klauduś\Desktop\Nieużywane
2015-03-25 18:26 - 2015-03-25 18:25 - 00000661 _____ () C:\Users\Klauduś\Desktop\Muzyka.lnk
2015-03-25 11:23 - 2015-03-25 11:23 - 00224736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-03-21 22:47 - 2015-04-01 20:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 17:08 - 2015-03-20 17:08 - 00001632 _____ () C:\Users\Klauduś\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 17:26 - 2013-12-27 21:07 - 00000000 ____D () C:\Users\Klauduś\AppData\Local\genienext
2015-04-02 16:59 - 2014-06-16 19:59 - 00001400 _____ () C:\Windows\Tasks\76be98a2-caba-4502-a815-a52409c417de-7.job
2015-04-02 16:39 - 2013-12-27 20:20 - 02021251 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 16:07 - 2013-12-31 19:09 - 00000000 ____D () C:\Users\Klauduś\AppData\Roaming\Skype
2015-04-02 16:07 - 2009-07-14 06:34 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 16:07 - 2009-07-14 06:34 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 16:04 - 2013-12-27 20:41 - 00000000 ____D () C:\Users\Klauduś\AppData\Roaming\GG
2015-04-02 16:04 - 2011-04-12 07:08 - 00697912 _____ () C:\Windows\system32\perfh015.dat
2015-04-02 16:04 - 2011-04-12 07:08 - 00134990 _____ () C:\Windows\system32\perfc015.dat
2015-04-02 16:04 - 2010-11-20 23:01 - 01549696 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 16:03 - 2013-12-27 21:07 - 00000000 ____D () C:\Users\Klauduś\AppData\Roaming\newnext.me
2015-04-02 16:02 - 2014-06-14 12:56 - 00000000 ____D () C:\Users\Klauduś\AppData\Roaming\ntsvc
2015-04-02 16:00 - 2014-06-16 19:59 - 00002176 _____ () C:\Windows\Tasks\76be98a2-caba-4502-a815-a52409c417de-4.job
2015-04-02 16:00 - 2014-06-16 19:59 - 00001456 _____ () C:\Windows\Tasks\76be98a2-caba-4502-a815-a52409c417de-1.job
2015-04-02 16:00 - 2014-06-16 19:59 - 00001410 _____ () C:\Windows\Tasks\76be98a2-caba-4502-a815-a52409c417de-5.job
2015-04-02 16:00 - 2014-06-16 19:59 - 00001332 _____ () C:\Windows\Tasks\76be98a2-caba-4502-a815-a52409c417de-2.job
2015-04-02 16:00 - 2014-06-16 19:58 - 00002760 _____ () C:\Windows\Tasks\76be98a2-caba-4502-a815-a52409c417de-3.job
2015-04-02 16:00 - 2013-12-27 20:29 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 16:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 15:55 - 2013-12-28 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protector Suite QL
2015-04-02 15:46 - 2014-12-20 15:10 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-04-02 15:28 - 2013-12-27 20:41 - 00000000 ____D () C:\Users\Klauduś\AppData\Local\GG
2015-04-02 15:22 - 2014-12-11 20:13 - 00001775 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-02 15:16 - 2014-12-11 20:13 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-02 15:16 - 2013-12-27 20:27 - 00001417 _____ () C:\Users\Klauduś\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-28 19:04 - 2014-02-28 18:01 - 00000000 ____D () C:\Users\Klauduś\AppData\Roaming\vlc
2015-03-28 07:46 - 2014-12-19 14:06 - 00000000 ____D () C:\Program Files\UPCleaner
2015-03-23 09:10 - 2014-01-14 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-22 12:34 - 2014-12-11 20:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-20 17:09 - 2014-01-19 19:48 - 00000000 ____D () C:\Users\Klauduś\.gimp-2.8
2015-03-20 17:08 - 2014-01-19 20:05 - 00000000 ____D () C:\Users\Klauduś\AppData\Local\gtk-2.0
2015-03-18 17:53 - 2013-12-27 20:27 - 00000000 ____D () C:\Users\Klauduś
2015-03-03 15:16 - 2013-12-27 20:43 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-06-16 20:13 - 2014-06-16 21:14 - 0000318 _____ () C:\Users\Klauduś\AppData\Roaming\aps.uninstall.scan.results
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Klauduś\AppData\Roaming\CmB5aFNwrEUf
2015-04-03 15:49 - 2015-04-03 15:49 - 1224704 _____ () C:\Users\Klauduś\AppData\Roaming\CmB5aFNwrEUf.exe
2014-01-14 18:32 - 2014-03-28 16:32 - 0000110 _____ () C:\Users\Klauduś\AppData\Roaming\WB.CFG
2014-01-23 21:55 - 2014-01-23 21:55 - 0003584 _____ () C:\Users\Klauduś\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-16 21:13 - 2014-06-16 21:13 - 0623600 _____ (Click Me In Limited) C:\Users\Klauduś\AppData\Local\nsmAEEC.tmp
2015-03-20 17:08 - 2015-03-20 17:08 - 0001632 _____ () C:\Users\Klauduś\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Gość\AppData\Local\Temp\avgnt.exe
C:\Users\Klauduś\AppData\Local\Temp\ggdrive-menu.exe
C:\Users\Klauduś\AppData\Local\Temp\ggdrive-overlay.exe
C:\Users\Klauduś\AppData\Local\Temp\installstats.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-03-22 15:09

==================== End Of Log ============================