Anonim / 2 lata, 4 miesiące temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by Tomasz S (administrator) on TOMASZS on 24-05-2015 15:50:39
Running from I:\
Loaded Profiles: Tomasz S (Available Profiles: Tomasz S & Mcx1-TOMASZS)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) H:\Nostale PL\HiPatchService.exe
() C:\Windows\SysWOW64\FLSDEVCP.EXE
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [fst_pl_107] => [X]
HKLM-x32\...\Run: [FLSDeviceControlPanel] => C:\Windows\SysWOW64\FLSDEVCP.EXE [91696 2011-08-21] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1931292538-394238772-2176522877-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1931292538-394238772-2176522877-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1931292538-394238772-2176522877-1000\...\MountPoints2: {35bf61ef-4ab9-11df-9f37-00241d8ecf85} - Q:\setup.exe
HKU\S-1-5-21-1931292538-394238772-2176522877-1000\...\MountPoints2: {3ae6aa40-0560-11e1-90f8-00241d8ecf85} - M:\LaunchU3.exe -a
HKU\S-1-5-21-1931292538-394238772-2176522877-1000\...\MountPoints2: {97d555ed-0d0e-11e2-9d19-00241d8ecf85} - M:\start.exe
HKU\S-1-5-21-1931292538-394238772-2176522877-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-27] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1931292538-394238772-2176522877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.
HKU\S-1-5-21-1931292538-394238772-2176522877-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
HKU\S-1-5-21-1931292538-394238772-2176522877-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.
URLSearchHook: HKU\S-1-5-21-1931292538-394238772-2176522877-1000 - DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} https://biz.lgservice.com/DATA/cab/djvuctrl-6.1.4-en-r34387.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tomasz S\AppData\Roaming\Mozilla\Firefox\Profiles\tshy2rm3.default-1424762491277
FF Homepage: hxxp://www.wp.pl/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-21] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-12-23] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-11-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-11-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2009-11-14] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1931292538-394238772-2176522877-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tomasz S\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-11-11] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npVividasPlayer.dll [2012-05-31] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npVividasPlayer.dll [2012-05-31] ( )
FF Extension: Glass Bottle - C:\Users\Tomasz S\AppData\Roaming\Mozilla\Firefox\Profiles\tshy2rm3.default-1424762491277\Extensions\{2db156b1-78fd-4757-9333-d8fde12ddac3}.xpi [2015-05-04]
FF Extension: Video DownloadHelper - C:\Users\Tomasz S\AppData\Roaming\Mozilla\Firefox\Profiles\tshy2rm3.default-1424762491277\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-13]
FF Extension: Adblock Plus - C:\Users\Tomasz S\AppData\Roaming\Mozilla\Firefox\Profiles\tshy2rm3.default-1424762491277\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-12-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2014-12-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files (x86)\RelevantKnowledge
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-27]

Chrome: 
=======
CHR Profile: C:\Users\Tomasz S\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-27]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - C:\Users\TOMASZ~1\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx [Not Found]

Opera: 
=======
OPR StartupUrls: "hxxp://www.gazeta.pl/0,0.html?p=173"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY (BIT Software))
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] () []
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-27] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-02-06] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 HiPatchService; H:\Nostale PL\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios) []
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) []
S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-08-09] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) []

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types)) []
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.) []
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-27] ()
S2 FLE5WNNT; C:\Windows\SysWOW64\Drivers\fle5wnnt.sys [33404 2011-08-21] (Data Encryption Systems Limited) []
S2 FLSIFACE; C:\Windows\SysWOW64\Drivers\flsiface.sys [13440 2011-08-21] (Data Encryption Systems Limited) []
S2 FLSPAR; C:\Windows\SysWOW64\Drivers\flspar.sys [16314 2011-08-21] (Data Encryption Systems Limited) []
S2 FLSSER; C:\Windows\SysWOW64\Drivers\flsser.sys [8344 2011-08-21] (Data Encryption Systems Limited) []
S2 FLSVCOM; C:\Windows\SysWOW64\Drivers\flsvcom.sys [34048 2011-08-21] (Data Encryption Systems Limited) []
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () []
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-05-05] (Paragon Software Group)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164864 2012-10-10] (ITE                      )
R3 KbFilter_Kb_FlexDef3x; C:\Windows\System32\DRIVERS\KbFilter_FlexDef3x.sys [22016 2012-10-16] (Siliten)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [31744 2007-05-11] (http://libusb-win32.sourceforge.net) []
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2014-06-05] (Duplex Secure Ltd.)
S3 ULCDRHlp; C:\Windows\SysWOW64\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) []
S3 ULCDRHlp; C:\Windows\SysWOW64\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) []
R3 usbhub; C:\Windows\SysWOW64\DRIVERS\usbhub.sys [27184 1998-08-21] (Microsoft Corporation) []
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-27] (Avast Software)
U3 a7moixd2; C:\Windows\System32\Drivers\a7moixd2.sys [0 ] (Microsoft Corporation) <==== ATTENTION ( File/Folder)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 15:49 - 2015-05-24 15:50 - 00000000 ____D () C:\FRST
2015-05-24 15:38 - 2015-05-24 15:44 - 00000000 ____D () C:\AdwCleaner
2015-05-19 18:37 - 2015-05-19 18:37 - 00000499 _____ () C:\Users\Tomasz S\Desktop\f.txt
2015-05-15 06:54 - 2015-05-15 06:56 - 00000000 ____D () C:\Users\Tomasz S\Desktop\Nowy folder
2015-05-15 06:53 - 2015-05-15 06:53 - 00000000 ____D () C:\Users\Tomasz S\Desktop\FINANSE
2015-05-11 19:24 - 2015-05-11 19:24 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-05-11 18:46 - 2015-05-11 18:46 - 00000000 ____D () C:\Users\Tomasz S\AppData\Local\TeamViewer
2015-05-11 18:41 - 2015-05-24 15:36 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-11 18:41 - 2015-05-11 18:41 - 00001050 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-11 18:41 - 2015-05-11 18:41 - 00001038 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-05-11 18:41 - 2015-05-11 18:41 - 00000000 ____D () C:\Users\Tomasz S\AppData\Roaming\TeamViewer
2015-05-11 18:40 - 2015-05-11 18:40 - 07974864 _____ (TeamViewer GmbH) C:\Users\Tomasz S\Downloads\TeamViewer_Setup_pl.exe
2015-05-06 13:45 - 2015-04-27 20:40 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-04 18:50 - 2015-05-06 13:40 - 00000000 ____D () C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15
2015-05-02 16:31 - 2015-05-02 16:31 - 00000000 ____D () C:\Windows\erdnt
2015-05-01 10:26 - 2015-05-01 10:26 - 00007605 _____ () C:\Users\Tomasz S\AppData\Local\Resmon.ResmonCfg
2015-04-29 16:31 - 2015-04-30 20:43 - 00000000 ____D () C:\Users\Tomasz S\Desktop\Stare dane programu Firefox
2015-04-27 20:41 - 2015-05-24 15:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-27 20:41 - 2015-05-06 13:46 - 00001889 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-27 20:41 - 2015-05-06 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-27 20:41 - 2015-04-27 20:41 - 00000000 ____D () C:\Users\Tomasz S\AppData\Roaming\AVAST Software
2015-04-27 20:41 - 2015-04-27 20:40 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-27 20:41 - 2015-04-27 20:40 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-27 20:41 - 2015-04-27 20:40 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-27 20:40 - 2015-04-27 20:40 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-27 20:40 - 2015-04-27 20:40 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-27 20:40 - 2015-04-27 20:40 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-27 20:40 - 2015-04-27 20:40 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-27 20:40 - 2015-04-27 20:40 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-27 20:40 - 2015-04-27 20:40 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-27 20:39 - 2015-04-27 20:39 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-24 13:56 - 2015-04-24 13:56 - 00018587 _____ () C:\Windows\DirectX.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 15:51 - 2010-04-17 20:23 - 00002042 _____ () C:\service.log
2015-05-24 15:46 - 2015-04-22 13:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 15:46 - 2015-03-02 08:09 - 00027893 _____ () C:\Windows\setupact.log
2015-05-24 15:46 - 2011-12-10 21:26 - 00000074 _____ () C:\Windows\SysWOW64\log.log
2015-05-24 15:46 - 2010-12-17 18:49 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 15:46 - 2010-04-17 20:35 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-24 15:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 15:45 - 2013-08-03 14:35 - 01110006 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 15:44 - 2015-02-15 10:13 - 00000000 ____D () C:\Windows\system32\log
2015-05-24 15:44 - 2014-04-18 05:57 - 00000000 ____D () C:\Users\Tomasz S\AppData\Local\TB
2015-05-24 15:42 - 2009-07-14 19:55 - 07842486 _____ () C:\Windows\system32\perfh015.dat
2015-05-24 15:42 - 2009-07-14 19:55 - 02579258 _____ () C:\Windows\system32\perfc015.dat
2015-05-24 15:42 - 2009-07-14 07:13 - 00006268 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 15:33 - 2014-05-13 12:41 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-05-24 11:58 - 2009-07-14 06:45 - 00028752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 11:58 - 2009-07-14 06:45 - 00028752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 19:43 - 2011-09-28 20:33 - 00020480 _____ () C:\Users\Tomasz S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-23 16:09 - 2012-05-12 10:17 - 00000000 ____D () C:\Users\Tomasz S\dwhelper
2015-05-19 17:47 - 2014-11-04 17:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-19 16:52 - 2014-12-09 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-11 19:30 - 2010-04-17 21:21 - 00065152 _____ () C:\Users\Tomasz S\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-11 19:29 - 2015-04-22 08:57 - 01026728 _____ () C:\Windows\PFRO.log
2015-05-11 19:29 - 2009-07-14 06:45 - 04852344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-06 13:42 - 2010-04-17 20:12 - 00000000 ____D () C:\Users\Tomasz S
2015-05-06 13:40 - 2012-10-01 19:07 - 00000000 ____D () C:\Users\Tomasz S\AppData\Roaming\NapiProjekt
2015-05-06 13:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-06 13:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-27 20:38 - 2013-11-25 12:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-26 11:08 - 2010-07-13 18:43 - 00000000 ____D () C:\Windows\pss
2015-04-24 06:33 - 2010-09-11 20:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

==================== Files in the root of some directories =======

2014-06-05 08:08 - 2014-06-05 08:16 - 0099384 _____ () C:\Users\Tomasz S\AppData\Roaming\inst.exe
2014-06-05 08:08 - 2014-06-05 08:16 - 0007859 _____ () C:\Users\Tomasz S\AppData\Roaming\pcouffin.cat
2014-06-05 08:08 - 2014-06-05 08:16 - 0001167 _____ () C:\Users\Tomasz S\AppData\Roaming\pcouffin.inf
2014-06-05 08:08 - 2014-06-05 08:16 - 0082816 _____ (VSO Software) C:\Users\Tomasz S\AppData\Roaming\pcouffin.sys
2011-09-28 20:33 - 2015-05-23 19:43 - 0020480 _____ () C:\Users\Tomasz S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-01 10:26 - 2015-05-01 10:26 - 0007605 _____ () C:\Users\Tomasz S\AppData\Local\Resmon.ResmonCfg
2012-01-29 13:31 - 2012-01-29 13:31 - 2161160 _____ (DownVision                                                  ) C:\Users\Tomasz S\AppData\Local\setup.exe
2011-12-16 20:30 - 2012-04-03 18:20 - 0000041 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\Tomasz S\AppData\Local\Temp\proxy_vole3491679070653064978.dll
C:\Users\Tomasz S\AppData\Local\Temp\Quarantine.exe
C:\Users\Tomasz S\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 20:21

==================== End of log ============================