Anonim / 3 lata, 3 miesiące temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by User (administrator) on KOMPUTER on 18-07-2014 08:16:28
Running from C:\Documents and Settings\User\Moje dokumenty\Pobrane
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe
(S3 Graphics Co., Ltd.) C:\WINDOWS\system32\S3Trayp.exe
() C:\Program Files\Winamp\winampa.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Irfan Skiljan) C:\Program Files\IrfanView\i_view32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VTTimer] => C:\WINDOWS\system32\VTTimer.exe [53248 2006-06-16] (S3 Graphics, Inc.)
HKLM\...\Run: [S3Trayp] => C:\WINDOWS\system32\S3trayp.exe [163840 2005-11-01] (S3 Graphics Co., Ltd.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [12288 2003-04-02] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20053608 2011-05-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-05-04] (Nero AG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\.DEFAULT\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\.DEFAULT\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\.DEFAULT\...\Policies\Explorer: [NoSMHelp] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [149040 2007-05-04] (Nero AG)
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Run: [GG] => C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe [4023360 2014-07-12] (GG Network S.A.)
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Run: [1clickcoin] => C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Math Problem Solver\Optimize.exe [67740 2014-01-20] ()
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Run: [uTorrent] => C:\Documents and Settings\User\Dane aplikacji\uTorrent\updates\3.4.1_31139.exe [1272400 2014-06-23] (BitTorrent Inc.)
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Run: [ChicaPasswordManager] => "C:\Program Files\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Run: [Yahoo! Search] => C:\Documents and Settings\User\Dane aplikacji\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-343818398-1960408961-1801674531-1001\...\MountPoints2: {b2193e54-ef73-11e2-b82e-001e8c9b810c} - K:\iStudio.exe
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
BHO: TinyBHO Class -> {00e71626-0bef-11dc-8314-0800200c9a66} -> C:\Documents and Settings\User\Dane aplikacji\DownloaderGold\ieplug.dll ()
BHO: TinyBHO Class -> {00e71626-0bef-11dc-8314-0864264c9a64} -> C:\Documents and Settings\User\Dane aplikacji\DownloaderGold\ieplug.dll ()
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\y1hhrv80.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @ganymede/GanymedeNetPlugin,version=1.0 - C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( )
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Widget context - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-02-04]
FF Extension: shortcut - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\y1hhrv80.default\Extensions\shortcutff@gmail.com [2014-07-08]
FF Extension: Block site - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\y1hhrv80.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-15]
FF Extension: Adblock Plus - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\y1hhrv80.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-13]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-05]
FF HKLM\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\y1hhrv80.default\extensions\shortcutff@gmail.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR NewTab: "chrome-extension://ifohbjbgfchkkfhphahclmkpgejiplfo/index.html"
CHR DefaultSearchKeyword: delta-homes
CHR DefaultSearchProvider: delta-homes
CHR DefaultSearchURL: http://search.delta-homes.com/web/?type=ds&ts=1402585340&from=wpm0612&uid=ST3160215AS_6RA7JN0TXXXX6RA7JN0T&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-06-25] (AVAST Software)
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [43008 2008-06-16] (Microsoft Corporation) [File not signed]
S2 helpsvc; C:\WINDOWS\System32\svchost.exe [14336 2008-06-16] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [53248 2008-06-16] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [99840 2008-06-16] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
S2 ERSvc; %SystemRoot%\System32\ersvc.dll [X]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-06-25] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-06-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-06-25] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-02-05] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252464 2014-06-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-06-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-06-25] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-06-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-06-25] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-06-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-06-25] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R3 S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [808448 2006-06-23] (S3 Graphics Co., Ltd.)
R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [62208 2008-06-16] (Silicon Image, Inc.) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361344 2008-06-16] (Microsoft Corporation) [File not signed]
R0 viamraid; C:\WINDOWS\system32\Drivers\viamraid.sys [114944 2008-06-16] (VIA Technologies inc,.ltd) [File not signed]
R1 {42e50651-9669-456e-9081-d5a836274274}t; C:\WINDOWS\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}t.sys [55224 2014-04-24] (StdLib)
S4 IntelIde; No ImagePath
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14336 2008-06-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 18:14 - 2014-07-17 09:58 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\Skończ ten cyrk, zacznij życ !
2014-07-15 10:28 - 2014-07-15 10:28 - 00000043 _____ () C:\Documents and Settings\User\Pulpit\battleroyale.txt
2014-07-15 10:07 - 2014-07-18 08:16 - 00000000 ____D () C:\FRST
2014-07-15 09:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-15 09:19 - 2014-07-15 09:19 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\zzzzz
2014-07-14 05:37 - 2014-07-14 05:37 - 00000000 ____D () C:\cmdcons
2014-07-14 05:37 - 2011-12-13 21:14 - 00000223 _____ () C:\Boot.bak
2014-07-14 05:37 - 2004-08-03 23:00 - 00262400 __RSH () C:\cmldr
2014-07-14 05:35 - 2014-07-14 05:35 - 00000000 ___RD () C:\Documents and Settings\User\Moje dokumenty\Muzyka
2014-07-14 05:35 - 2014-07-14 05:35 - 00000000 ___RD () C:\Documents and Settings\User\Menu Start\Programy\Narzędzia administracyjne
2014-07-14 05:34 - 2014-07-14 05:34 - 00000000 ____D () C:\WINDOWS\erdnt
2014-07-13 11:42 - 2014-07-13 13:12 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\Nowy foldermodels
2014-07-13 11:16 - 2014-07-17 10:13 - 00003611 _____ () C:\Documents and Settings\User\Pulpit\sprawy do uregulowania ebay.txt
2014-07-10 23:20 - 2014-07-10 23:35 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\moj trening
2014-07-10 21:17 - 2013-07-08 09:14 - 00000685 _____ () C:\Documents and Settings\User\Pulpit\IrfanView.lnk
2014-07-04 09:05 - 2014-07-04 09:05 - 00000043 _____ () C:\Documents and Settings\User\Pulpit\trening I dzien.txt
2014-07-02 21:54 - 2014-07-02 22:36 - 00000305 _____ () C:\Documents and Settings\User\Pulpit\dla Ali.txt
2014-07-01 18:20 - 2014-07-01 18:20 - 00000047 _____ () C:\Documents and Settings\User\Pulpit\mojapracagosport.txt
2014-07-01 18:02 - 2014-07-01 18:02 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\umowa
2014-06-30 19:57 - 2014-07-03 19:01 - 00001411 _____ () C:\Documents and Settings\User\Pulpit\do listu motwyacyjnego.txt
2014-06-29 15:50 - 2014-07-18 08:16 - 00000000 ____D () C:\Documents and Settings\User\Moje dokumenty\Pobrane
2014-06-27 09:33 - 2014-06-27 09:33 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\tata aukcje
2014-06-26 20:10 - 2014-06-26 20:10 - 00000329 _____ () C:\Documents and Settings\User\Pulpit\moje cv.txt
2014-06-26 12:46 - 2014-06-26 12:46 - 00001576 _____ () C:\Documents and Settings\User\Pulpit\parcaa warszawa.txt
2014-06-25 12:27 - 2014-06-25 12:30 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\marian gabloty pokoj
2014-06-25 10:03 - 2014-06-25 10:03 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-25 10:03 - 2014-06-25 10:03 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-06-23 21:00 - 2014-06-23 21:01 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\wtorek
2014-06-22 10:59 - 2014-06-26 11:48 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\praca Sebastiana
2014-06-21 21:03 - 2014-06-25 11:05 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\lunochod
2014-06-18 07:21 - 2014-06-18 07:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-18 08:21 - 2011-10-04 15:54 - 00000000 ____D () C:\Documents and Settings\User\Ustawienia lokalne\Temp
2014-07-18 08:16 - 2014-07-15 10:07 - 00000000 ____D () C:\FRST
2014-07-18 08:16 - 2014-06-29 15:50 - 00000000 ____D () C:\Documents and Settings\User\Moje dokumenty\Pobrane
2014-07-18 08:05 - 2013-08-23 20:31 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 08:05 - 2011-10-04 15:54 - 00000000 ____D () C:\Documents and Settings\User\Pulpit
2014-07-18 07:54 - 2013-07-17 08:43 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-18 07:15 - 2012-06-12 19:01 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-07-18 07:09 - 2013-07-09 07:46 - 00000000 ____D () C:\Documents and Settings\User\Dane aplikacji\GG
2014-07-18 07:09 - 2011-10-04 15:51 - 00313329 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-18 07:05 - 2013-08-23 20:31 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 07:04 - 2014-02-05 20:59 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-18 07:04 - 2014-02-03 21:01 - 00000000 ____D () C:\Documents and Settings\User\Dane aplikacji\uTorrent
2014-07-18 07:02 - 2011-10-04 17:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-18 07:02 - 2011-10-04 17:48 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-07-18 07:02 - 2011-10-04 16:56 - 00000308 _____ () C:\WINDOWS\Tasks\GlaryInitialize.job
2014-07-18 07:02 - 2011-10-04 15:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-17 23:39 - 2011-10-04 15:54 - 00000188 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-07-17 23:39 - 2011-10-04 15:53 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-17 17:15 - 2011-10-04 15:54 - 00000000 __SHD () C:\WINDOWS\CSC
2014-07-17 10:13 - 2014-07-13 11:16 - 00003611 _____ () C:\Documents and Settings\User\Pulpit\sprawy do uregulowania ebay.txt
2014-07-17 09:58 - 2014-07-16 18:14 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\Skończ ten cyrk, zacznij życ !
2014-07-17 09:56 - 2012-01-01 20:52 - 00032256 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-16 17:21 - 2013-07-18 19:37 - 00000438 ____H () C:\WINDOWS\Tasks\Norton Security Scan for User.job
2014-07-15 10:57 - 2014-02-06 18:59 - 00000000 ____D () C:\AdwCleaner
2014-07-15 10:57 - 2011-10-04 17:46 - 01117384 _____ () C:\WINDOWS\setupapi.log
2014-07-15 10:28 - 2014-07-15 10:28 - 00000043 _____ () C:\Documents and Settings\User\Pulpit\battleroyale.txt
2014-07-15 09:50 - 2014-05-31 08:44 - 00000730 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
2014-07-15 09:50 - 2014-05-31 08:44 - 00000724 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
2014-07-15 09:50 - 2014-01-18 11:32 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome
2014-07-15 09:50 - 2011-10-04 17:47 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-07-15 09:50 - 2011-10-04 17:47 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-07-15 09:50 - 2011-10-04 15:54 - 00000000 __RHD () C:\Documents and Settings\User\Dane aplikacji
2014-07-15 09:50 - 2011-10-04 15:54 - 00000000 ___HD () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji
2014-07-15 09:49 - 2011-10-04 17:46 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-07-15 09:19 - 2014-07-15 09:19 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\zzzzz
2014-07-15 09:05 - 2008-06-16 03:28 - 00000742 _____ () C:\WINDOWS\win.ini
2014-07-14 05:41 - 2011-10-04 17:46 - 00095864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-14 05:37 - 2014-07-14 05:37 - 00000000 ____D () C:\cmdcons
2014-07-14 05:37 - 2011-10-04 17:46 - 00000339 __RSH () C:\boot.ini
2014-07-14 05:35 - 2014-07-14 05:35 - 00000000 ___RD () C:\Documents and Settings\User\Moje dokumenty\Muzyka
2014-07-14 05:35 - 2014-07-14 05:35 - 00000000 ___RD () C:\Documents and Settings\User\Menu Start\Programy\Narzędzia administracyjne
2014-07-14 05:35 - 2011-10-04 15:54 - 00000000 ___RD () C:\Documents and Settings\User\Moje dokumenty
2014-07-14 05:35 - 2011-10-04 15:54 - 00000000 ___RD () C:\Documents and Settings\User\Menu Start\Programy
2014-07-14 05:34 - 2014-07-14 05:34 - 00000000 ____D () C:\WINDOWS\erdnt
2014-07-13 13:12 - 2014-07-13 11:42 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\Nowy foldermodels
2014-07-13 11:40 - 2013-07-18 16:09 - 00000000 ____D () C:\Documents and Settings\User\Dane aplikacji\Intelli-studio
2014-07-12 11:09 - 2013-07-09 07:46 - 00000000 ____D () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\GG
2014-07-10 23:35 - 2014-07-10 23:20 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\moj trening
2014-07-09 09:55 - 2013-07-17 08:43 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-09 09:55 - 2011-10-04 16:20 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-04 09:05 - 2014-07-04 09:05 - 00000043 _____ () C:\Documents and Settings\User\Pulpit\trening I dzien.txt
2014-07-03 19:01 - 2014-06-30 19:57 - 00001411 _____ () C:\Documents and Settings\User\Pulpit\do listu motwyacyjnego.txt
2014-07-02 22:36 - 2014-07-02 21:54 - 00000305 _____ () C:\Documents and Settings\User\Pulpit\dla Ali.txt
2014-07-01 18:20 - 2014-07-01 18:20 - 00000047 _____ () C:\Documents and Settings\User\Pulpit\mojapracagosport.txt
2014-07-01 18:02 - 2014-07-01 18:02 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\umowa
2014-06-27 10:11 - 2014-02-22 15:17 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\wyprzedaz kolekcji
2014-06-27 09:33 - 2014-06-27 09:33 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\tata aukcje
2014-06-26 20:10 - 2014-06-26 20:10 - 00000329 _____ () C:\Documents and Settings\User\Pulpit\moje cv.txt
2014-06-26 13:45 - 2013-07-11 07:47 - 00000000 ____D () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Temp
2014-06-26 12:46 - 2014-06-26 12:46 - 00001576 _____ () C:\Documents and Settings\User\Pulpit\parcaa warszawa.txt
2014-06-26 11:48 - 2014-06-22 10:59 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\praca Sebastiana
2014-06-26 07:20 - 2008-06-16 03:28 - 00002184 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-25 21:55 - 2014-03-11 21:33 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\porzadki1
2014-06-25 12:30 - 2014-06-25 12:27 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\marian gabloty pokoj
2014-06-25 12:26 - 2014-04-25 09:24 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\dzialam przed majowka!
2014-06-25 11:05 - 2014-06-21 21:03 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\lunochod
2014-06-25 10:05 - 2014-02-05 21:00 - 00001719 _____ () C:\Documents and Settings\All Users\Pulpit\avast! Premier.lnk
2014-06-25 10:04 - 2014-02-05 20:59 - 00777488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-06-25 10:04 - 2014-02-05 20:59 - 00411680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-06-25 10:04 - 2014-02-05 20:59 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-06-25 10:03 - 2014-06-25 10:03 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-25 10:03 - 2014-06-25 10:03 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-06-25 10:03 - 2014-02-05 20:59 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-06-25 10:03 - 2014-02-05 20:59 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-06-25 10:03 - 2014-02-05 20:59 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-06-25 10:03 - 2014-02-05 20:59 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-06-25 10:03 - 2014-02-05 20:59 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-06-25 10:02 - 2014-02-05 20:59 - 00252464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-06-25 10:02 - 2014-02-05 20:59 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-06-23 21:01 - 2014-06-23 21:00 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\wtorek
2014-06-22 11:35 - 2014-05-31 14:57 - 00000000 ____D () C:\Documents and Settings\User\Pulpit\wdrodzepolepszezycie
2014-06-18 08:22 - 2012-05-23 20:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-18 07:22 - 2014-06-18 07:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Documents and Settings\User\Ustawienia lokalne\Temp\ggdrive-menu.exe
C:\Documents and Settings\User\Ustawienia lokalne\Temp\ggdrive-overlay.exe
C:\Documents and Settings\User\Ustawienia lokalne\Temp\installstats.exe
C:\Documents and Settings\User\Ustawienia lokalne\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\User\Ustawienia lokalne\Temp\Quarantine.exe
C:\Documents and Settings\User\Ustawienia lokalne\Temp\uttFB.tmp.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-06-27 05:36] - [2008-06-27 05:36] - 1424896 ____A (Microsoft Corporation) 4ec7ed41d95d18b3cd1a2bd9dfefb591     

C:\WINDOWS\system32\winlogon.exe
[2008-06-16 03:28] - [2008-06-16 03:28] - 0549888 ____A (Microsoft Corporation) 335813eacd16e84f3047a3326f6e5473     

C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll
[2007-07-10 19:06] - [2007-07-10 19:06] - 0642560 ____A (Microsoft Corporation) ce594e18fe0d0af804f1f3694921ce62     

C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================