Anonim / 2 lata, 7 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
Ran by HP (administrator) on HP-LAPTOP on 15-04-2015 10:26:55
Running from C:\Users\elmaestro\Desktop\frst
Loaded Profiles: HP (Available profiles: HP & elmaestro & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oasrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-12] (Avast Software s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-06-24] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-950601680-909652224-4197209155-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
HKU\S-1-5-21-950601680-909652224-4197209155-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=CMNTDF
HKU\S-1-5-21-950601680-909652224-4197209155-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-950601680-909652224-4197209155-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-950601680-909652224-4197209155-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-950601680-909652224-4197209155-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-950601680-909652224-4197209155-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-950601680-909652224-4197209155-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-12] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-12] (Avast Software s.r.o.)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Tcpip\..\Interfaces\{912D7D8D-6D80-4A22-BD49-5D6522226C87}: [NameServer] 194.204.159.1,194.204.152.34
Tcpip\..\Interfaces\{936CE2CD-E440-46B6-8F6A-6633FAD03574}: [NameServer] 194.204.159.1,194.204.152.34
Tcpip\..\Interfaces\{FA6D2E10-D447-438C-9ACF-CD0083214141}: [NameServer] 194.204.159.1,194.204.152.34

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-11]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-12] (Avast Software s.r.o.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2015-02-20] (Comodo Security Solutions, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-02-19] (PDF Complete Inc)
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-12] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-12] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-12] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-12] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-12] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-12] ()
R0 F731DF91; C:\Windows\System32\drivers\F731DF91.sys [457824 2015-04-04] (Kaspersky Lab ZAO)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino) [File not signed]
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
S3 PORTMON; C:\Users\elmaestro\Downloads\sys\PORTMSYS.SYS [28656 2015-03-23] (Systems Internals) [File not signed]
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 10:24 - 2015-04-15 10:24 - 00000000 ____D () C:\Users\TEMP.HP-LAPTOP\AppData\Roaming\OnlineArmor
2015-04-15 10:24 - 2015-04-15 10:24 - 00000000 ____D () C:\Users\TEMP.HP-LAPTOP\AppData\Roaming\AVAST Software
2015-04-15 10:23 - 2015-04-15 10:23 - 00003976 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0E08BA15-CEF8-43CC-848D-AA205EAAB146}
2015-04-15 10:23 - 2015-04-15 10:23 - 00001421 _____ () C:\Users\TEMP.HP-LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 10:23 - 2015-04-15 10:23 - 00000000 ____D () C:\Users\TEMP.HP-LAPTOP\AppData\Roaming\Adobe
2015-04-15 10:22 - 2015-04-15 10:22 - 00000020 ___SH () C:\Users\TEMP.HP-LAPTOP\ntuser.ini
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\Ustawienia lokalne
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\Szablony
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\Moje dokumenty
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\Menu Start
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\Documents\Moje wideo
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\Documents\Moje obrazy
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\Documents\Moja muzyka
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\Dane aplikacji
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\AppData\Local\Historia
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 _SHDL () C:\Users\TEMP.HP-LAPTOP\AppData\Local\Dane aplikacji
2015-04-15 10:22 - 2015-04-15 10:22 - 00000000 ____D () C:\Users\TEMP.HP-LAPTOP\AppData\Local\VirtualStore
2015-04-15 10:22 - 2015-04-12 13:01 - 00000000 ____D () C:\Users\TEMP.HP-LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-15 10:22 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\TEMP.HP-LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-15 10:22 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\TEMP.HP-LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-15 10:21 - 2015-04-15 10:23 - 00000000 ____D () C:\Users\TEMP.HP-LAPTOP
2015-04-14 12:24 - 2015-04-14 12:24 - 00021275 _____ () C:\Users\elmaestro\AppData\Local\recently-used.xbel
2015-04-14 10:57 - 2015-04-14 11:07 - 00003976 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A3FC43E1-CE0E-495B-9B4A-0E524638B2CB}
2015-04-13 11:21 - 2015-04-13 11:21 - 00001407 _____ () C:\Users\elmaestro\Downloads\gmer.txt
2015-04-13 10:14 - 2015-04-13 10:14 - 00380416 _____ () C:\Users\elmaestro\Downloads\32bjv68l.exe
2015-04-13 10:11 - 2015-04-13 10:11 - 00380416 _____ () C:\Users\elmaestro\Downloads\tmjvvfhz.exe
2015-04-12 13:08 - 2015-04-12 13:09 - 00243600 _____ () C:\Users\elmaestro\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-12 13:01 - 2015-04-12 13:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-12 13:01 - 2015-04-12 13:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-12 13:01 - 2015-04-12 13:01 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-12 12:09 - 2015-04-12 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-12 12:08 - 2015-04-12 12:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-12 12:06 - 2015-04-12 12:06 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-12 12:06 - 2015-04-12 12:06 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-12 12:06 - 2015-04-12 12:06 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-12 12:06 - 2015-04-12 12:06 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-12 12:06 - 2015-04-12 12:06 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-12 12:06 - 2015-04-12 12:06 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-12 12:06 - 2015-04-12 12:06 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-12 12:06 - 2015-04-12 12:06 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-12 12:06 - 2015-04-12 12:06 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-12 12:06 - 2015-04-12 12:06 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-11 19:13 - 2015-04-11 19:16 - 00095930 _____ () C:\Users\elmaestro\Downloads\Extras.Txt
2015-04-11 19:11 - 2015-04-11 19:16 - 00097006 _____ () C:\Users\elmaestro\Downloads\OTL.Txt
2015-04-11 13:40 - 2015-04-11 13:40 - 00000000 ____D () C:\Program Files (x86)\River
2015-04-11 13:38 - 2015-04-11 13:38 - 00000000 ____D () C:\Program Files (x86)\Firebird
2015-04-11 13:35 - 2015-04-12 05:28 - 00000000 ____D () C:\Users\elmaestro\Downloads\zaranek
2015-04-11 13:16 - 2015-04-11 13:16 - 00000000 ____D () C:\Users\elmaestro\AppData\Roaming\AVAST Software
2015-04-11 13:05 - 2015-04-11 13:05 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-11 12:51 - 2015-04-11 12:58 - 00000000 ____D () C:\ProgramData\OnlineArmor
2015-04-10 17:30 - 2015-04-10 17:39 - 00000000 ____D () C:\Users\TEMP
2015-04-10 11:46 - 2015-04-15 10:27 - 00000000 ____D () C:\FRST
2015-04-09 18:17 - 2015-04-12 05:28 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-04-09 18:08 - 2015-04-09 18:08 - 06420600 _____ (Tim Kosse) C:\Users\elmaestro\Downloads\FileZilla_3.10.3_win64-setup.exe
2015-04-09 17:54 - 2015-04-15 10:27 - 00335009 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 17:53 - 2015-04-15 10:07 - 00001572 _____ () C:\Windows\setupact.log
2015-04-09 17:53 - 2015-04-12 18:04 - 00002542 _____ () C:\Windows\PFRO.log
2015-04-09 17:53 - 2015-04-09 17:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-09 17:48 - 2015-04-11 13:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-09 17:38 - 2015-04-09 17:38 - 01087448 _____ (Avira Operations GmbH & Co. KG) C:\Users\elmaestro\Downloads\avira_registry_cleaner_en(1).exe
2015-04-09 17:33 - 2015-04-09 17:33 - 05481352 _____ (Avast Software s.r.o.) C:\Users\elmaestro\Downloads\avast_free_antivirus_setup_online(1).exe
2015-04-09 17:15 - 2015-04-09 17:22 - 00003976 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5EBD4380-77D1-4E5C-9D36-6C3ADB263574}
2015-04-09 10:49 - 2015-04-09 10:49 - 00000000 ____D () C:\.Trash-999
2015-04-08 18:43 - 2015-04-08 18:43 - 00000000 ____D () C:\Users\elmaestro\AppData\Roaming\OnlineArmor
2015-04-08 18:30 - 2015-04-08 18:30 - 00003976 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{37D3BCB2-065A-4CBC-B724-00DFE5ADFC5C}
2015-04-08 18:08 - 2015-04-14 11:04 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2015-04-08 18:08 - 2015-04-11 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2015-04-08 18:08 - 2013-10-11 03:41 - 00062008 _____ () C:\Windows\SysWOW64\Drivers\oahlp64.sys
2015-04-08 18:08 - 2013-10-11 03:40 - 00064720 _____ () C:\Windows\SysWOW64\Drivers\OADriver.sys
2015-04-08 18:08 - 2013-10-11 03:40 - 00052360 _____ (Emsisoft) C:\Windows\SysWOW64\Drivers\OAmon.sys
2015-04-08 18:08 - 2013-10-11 03:40 - 00035368 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2015-04-08 17:55 - 2015-04-08 17:55 - 00003976 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{390E0FB0-6D49-4E3E-882F-721832944984}
2015-04-08 17:32 - 2015-04-08 17:32 - 00003290 _____ () C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2015-04-08 12:15 - 2015-04-08 12:15 - 00049657 _____ () C:\Users\HP\Documents\CisReport_x64_v8.1.0.4426_20150408-121504.zip
2015-04-08 10:38 - 2015-04-08 10:43 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Steganos VPN
2015-04-08 10:37 - 2015-04-08 10:49 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Steganos
2015-04-08 10:30 - 2015-04-08 10:30 - 00001323 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio 2015.lnk
2015-04-08 10:30 - 2015-04-08 10:30 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Ashampoo
2015-04-08 10:30 - 2015-04-08 10:30 - 00000000 ____D () C:\Users\HP\AppData\Local\ashampoo
2015-04-08 10:30 - 2015-04-08 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-04-08 10:28 - 2015-04-08 10:30 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-04-08 10:28 - 2015-04-08 10:28 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2015-04-07 12:27 - 2015-04-07 15:30 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2015-04-04 14:08 - 2015-04-11 22:49 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 14:08 - 2015-04-04 14:08 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 13:27 - 2015-04-04 13:28 - 00000000 ____D () C:\KVRT_Data
2015-04-04 13:27 - 2015-04-04 13:27 - 00457824 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\F731DF91.sys
2015-04-03 20:39 - 2015-04-03 20:39 - 00000000 ____D () C:\Users\elmaestro\AppData\Local\Google
2015-04-03 20:37 - 2015-04-12 13:15 - 00000000 ____D () C:\Users\HP\AppData\Local\Google
2015-04-03 20:37 - 2015-04-12 13:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 20:30 - 2015-04-03 20:30 - 05481352 _____ (Avast Software s.r.o.) C:\Users\elmaestro\Downloads\avast_free_antivirus_setup_online.exe
2015-04-03 18:48 - 2015-04-03 18:48 - 00000000 ____D () C:\Users\HP\AppData\Roaming\FileZilla Server
2015-04-03 12:25 - 2015-04-03 12:25 - 00000000 ____D () C:\Users\elmaestro\AppData\Roaming\FileZilla Server
2015-04-03 11:27 - 2015-04-03 11:27 - 06420600 _____ (Tim Kosse) C:\Users\HP\Downloads\FileZilla_3.10.3_win64-setup.exe
2015-04-03 11:05 - 2015-04-03 11:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\HP\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-02 19:58 - 2015-04-02 19:58 - 00000350 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{B5739E4F-5CB8-45FE-A886-C157120CD0DC}.job
2015-04-02 19:58 - 2015-04-02 19:58 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2015-04-02 19:58 - 2015-04-02 19:58 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2015-04-02 19:58 - 2015-04-02 19:58 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-03-31 13:01 - 2015-04-11 13:02 - 00000000 ____D () C:\Users\elmaestro\Downloads\mark
2015-03-28 13:59 - 2015-04-12 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-27 19:25 - 2015-03-27 20:19 - 00000000 ____D () C:\Users\elmaestro\Downloads\pedzle
2015-03-26 13:42 - 2015-03-26 13:42 - 00003288 ____N () C:\bootsqm.dat
2015-03-24 14:38 - 2015-03-24 14:42 - 00000000 ____D () C:\pagefile
2015-03-24 13:55 - 2015-03-24 13:55 - 00000000 ____D () C:\output
2015-03-23 13:42 - 2015-04-12 05:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-23 12:26 - 2015-04-08 18:43 - 00000296 __RSH () C:\Users\elmaestro\ntuser.pol
2015-03-23 12:20 - 2015-03-23 12:20 - 00000000 ____D () C:\Users\elmaestro\Desktop\reg
2015-03-23 11:38 - 2015-04-03 17:34 - 00000008 __RSH () C:\Users\HP\ntuser.pol
2015-03-22 19:12 - 2015-03-23 12:23 - 00000000 ____D () C:\Users\elmaestro\Downloads\sys
2015-03-21 19:57 - 2015-03-21 20:00 - 10696960 _____ (Emsisoft GmbH ) C:\Users\elmaestro\Downloads\OnlineArmorSetup.exe
2015-03-21 19:21 - 2015-04-08 12:11 - 00000000 ____D () C:\Users\elmaestro\Desktop\scr
2015-03-21 15:24 - 2015-03-21 15:24 - 00000000 ____D () C:\Users\HP\AppData\Roaming\TrojanHunter
2015-03-21 14:27 - 2015-03-21 15:26 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-03-21 14:27 - 2015-03-21 14:27 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2015-03-20 20:12 - 2015-03-27 20:20 - 00000000 ____D () C:\Users\elmaestro\Downloads\networkminer
2015-03-19 13:42 - 2015-03-19 13:43 - 00000000 ____D () C:\Users\elmaestro\Downloads\pe
2015-03-18 18:28 - 2015-04-15 10:26 - 00000000 ____D () C:\Users\elmaestro\Desktop\frst
2015-03-18 13:54 - 2015-03-18 13:54 - 00000000 ____D () C:\Users\elmaestro\Desktop\Stare dane programu Firefox
2015-03-18 12:29 - 2015-03-18 12:29 - 00448512 _____ (OldTimer Tools) C:\Users\elmaestro\Downloads\TFC.exe
2015-03-17 13:00 - 2015-03-24 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KFSensor
2015-03-17 13:00 - 2015-03-24 10:52 - 00000000 ____D () C:\kfsensor
2015-03-17 13:00 - 2015-03-17 13:00 - 00000000 ____D () C:\Program Files (x86)\KeyFocus
2015-03-17 12:56 - 2015-03-17 12:56 - 02754351 _____ () C:\Users\elmaestro\Downloads\kfsens40.exe
2015-03-17 11:44 - 2015-03-17 11:44 - 02171392 _____ () C:\Users\HP\Downloads\adwcleaner_4.112_www.INSTALKI.pl(1).exe
2015-03-17 11:04 - 2015-03-17 11:04 - 00051232 _____ (gkweb) C:\Users\elmaestro\Downloads\wwdc_141_(dobreprogramy.pl).exe
2015-03-16 20:05 - 2015-03-16 20:06 - 02171392 _____ () C:\Users\HP\Downloads\adwcleaner_4.112_www.INSTALKI.pl.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 10:16 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 10:16 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 10:14 - 2012-03-20 00:26 - 00816730 _____ () C:\Windows\system32\perfh015.dat
2015-04-15 10:14 - 2012-03-20 00:26 - 00211370 _____ () C:\Windows\system32\perfc015.dat
2015-04-15 10:14 - 2009-07-14 07:13 - 01802856 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 10:08 - 2012-03-19 16:25 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-15 10:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 17:55 - 2014-07-11 11:45 - 00000000 ____D () C:\Users\elmaestro\.gimp-2.8
2015-04-14 10:53 - 2014-07-02 18:37 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9283A0E8-51E3-4F8B-9774-FF6E73BDB3CF}
2015-04-12 18:04 - 2014-11-11 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-12 13:12 - 2014-11-11 20:48 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-12 13:12 - 2014-11-11 20:48 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-12 13:01 - 2014-08-22 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-12 12:02 - 2014-06-05 14:14 - 00000000 ____D () C:\Users\HP
2015-04-12 05:28 - 2014-07-02 18:48 - 00000000 ____D () C:\Users\Administrator
2015-04-12 05:28 - 2014-07-02 18:37 - 00000000 ____D () C:\Users\elmaestro\AppData\Local\VirtualStore
2015-04-12 05:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-11 22:49 - 2015-02-20 16:25 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-11 22:49 - 2014-07-02 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-11 22:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 22:47 - 2014-07-02 19:28 - 00000000 ____D () C:\Users\elmaestro\AppData\Local\Mozilla
2015-04-11 19:30 - 2014-07-02 18:36 - 00000000 ____D () C:\Users\elmaestro
2015-04-11 17:38 - 2014-07-10 13:09 - 00000000 ____D () C:\Users\elmaestro\AppData\Roaming\FileZilla
2015-04-11 13:00 - 2014-09-01 18:32 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-11 13:00 - 2014-09-01 18:32 - 00000000 ____D () C:\ProgramData\Avira
2015-04-08 17:56 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-08 17:37 - 2014-07-02 17:58 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-08 12:38 - 2014-09-02 18:11 - 00013312 ___SH () C:\Users\elmaestro\Downloads\Thumbs.db
2015-04-08 10:41 - 2013-09-13 15:57 - 00040664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-04-08 10:25 - 2014-06-05 14:16 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2E384ABC-82E5-42B4-B4E9-13160CD16416}
2015-04-04 13:59 - 2014-06-05 14:14 - 00000000 ____D () C:\Users\HP\AppData\Local\VirtualStore
2015-04-03 17:32 - 2014-07-04 10:31 - 00000000 ____D () C:\Users\elmaestro\AppData\Roaming\Notepad++
2015-04-03 17:28 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-03 12:11 - 2012-03-19 16:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-03 12:11 - 2012-03-19 16:26 - 00000000 ____D () C:\ProgramData\Skype
2015-04-03 10:53 - 2014-06-18 13:12 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps
2015-04-02 20:16 - 2014-07-07 17:46 - 00000000 ____D () C:\Users\elmaestro\AppData\Roaming\Skype
2015-03-29 18:49 - 2015-01-25 20:11 - 00000000 ____D () C:\Users\elmaestro\Desktop\gmic
2015-03-29 17:44 - 2015-01-29 20:04 - 00000000 ____D () C:\Users\elmaestro\Downloads\obama
2015-03-26 20:37 - 2014-07-03 13:21 - 00000000 ____D () C:\Users\HP\AppData\Roaming\FileZilla
2015-03-26 19:05 - 2015-02-27 13:45 - 00000000 ____D () C:\Users\elmaestro\Desktop\www - Kopia
2015-03-21 18:25 - 2009-07-14 07:08 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-20 18:51 - 2014-12-18 23:51 - 00000000 ____D () C:\Users\HP\Documents\Visual Studio 2013
2015-03-19 21:16 - 2015-03-01 18:12 - 00000000 ____D () C:\Users\elmaestro\Desktop\allegro
2015-03-19 11:29 - 2014-12-31 11:43 - 00000000 ____D () C:\Users\HP\AppData\Roaming\uTorrent
2015-03-18 23:12 - 2015-01-09 18:18 - 00000000 ___RD () C:\Users\elmaestro\Dropbox
2015-03-18 23:12 - 2015-01-07 10:03 - 00000000 ____D () C:\Users\elmaestro\AppData\Roaming\Dropbox
2015-03-18 17:58 - 2014-08-20 13:25 - 00000000 ____D () C:\Users\elmaestro\AppData\Local\CrashDumps

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-23 18:24

==================== End Of Log ============================