Anonim / 2 lata, 10 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Kasia (administrator) on QWERTY-A-PC on 06-02-2015 14:47:04
Running from C:\Users\Kasia\Downloads
Loaded Profiles: Kasia (Available profiles: Kasia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-84332385-3745824528-537804561-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-84332385-3745824528-537804561-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-84332385-3745824528-537804561-1001\...\MountPoints2: {6d1e3833-7d41-11e4-9266-90fba6ebd8b1} - F:\Setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-84332385-3745824528-537804561-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.actina.pl
HKU\S-1-5-21-84332385-3745824528-537804561-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 94.251.160.14 94.251.182.11

FireFox:
========
FF ProfilePath: C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\utvy4t49.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-84332385-3745824528-537804561-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kasia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\utvy4t49.default\searchplugins\avira-safesearch.xml
FF Extension: Video Downloader professional - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\utvy4t49.default\Extensions\ffext_basicvideoext@startpage24.xpi [2014-12-06]
FF Extension: Flagfox - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\utvy4t49.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-12-06]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\utvy4t49.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-12-06]
FF Extension: Adblock Plus - C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\utvy4t49.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-12-06] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-06] (Disc Soft Ltd)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [97496 2015-02-06] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-12-06] (Duplex Secure Ltd.)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [197120 2008-08-29] (Vimicro Corporation) [File not signed]
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation) [File not signed]
U3 agqjqugk; C:\Windows\System32\Drivers\agqjqugk.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 14:47 - 2015-02-06 14:47 - 00010634 _____ () C:\Users\Kasia\Downloads\FRST.txt
2015-02-06 14:46 - 2015-02-06 14:47 - 00000000 ____D () C:\FRST
2015-02-06 14:40 - 2015-02-06 14:40 - 02131968 _____ (Farbar) C:\Users\Kasia\Downloads\FRST64.exe
2015-02-06 14:39 - 2015-02-06 14:40 - 02112512 _____ () C:\Users\Kasia\Downloads\adwcleaner_4.110.exe
2015-02-06 12:39 - 2015-02-06 14:47 - 00008423 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 12:36 - 2015-02-06 14:43 - 00000112 _____ () C:\Windows\setupact.log
2015-02-06 12:36 - 2015-02-06 12:36 - 00001114 _____ () C:\Windows\PFRO.log
2015-02-06 12:36 - 2015-02-06 12:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 11:25 - 2015-02-06 11:25 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-06 11:25 - 2015-02-06 11:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-06 11:23 - 2015-02-06 11:23 - 18570328 _____ () C:\Users\Kasia\Desktop\RogueKillerX64.exe
2015-02-06 11:18 - 2015-02-06 11:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-03 07:38 - 2015-02-03 07:38 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-02-01 21:38 - 2015-02-01 21:38 - 00002411 _____ () C:\Windows\SysWOW64\lgAxconfig.ini
2015-02-01 21:38 - 2015-02-01 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2015-02-01 21:38 - 2015-02-01 21:38 - 00000000 ____D () C:\ProgramData\LGMOBILEAX
2015-02-01 21:38 - 2011-05-06 10:37 - 00655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2015-02-01 21:38 - 2011-05-06 10:37 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2015-02-01 21:38 - 2011-05-06 10:37 - 00224768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcm90.dll
2015-02-01 21:38 - 2006-04-30 05:33 - 00053248 _____ () C:\Windows\SysWOW64\CommonDL.dll
2015-02-01 21:38 - 2005-11-19 23:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2015-02-01 21:38 - 2005-09-29 22:39 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2015-01-30 18:53 - 2015-01-30 18:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-30 18:52 - 2015-01-30 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-29 10:28 - 2015-01-30 13:30 - 00000000 ____D () C:\Recovery
2015-01-27 05:12 - 2015-01-27 05:13 - 00126464 ___SH () C:\Users\Kasia\Desktop\Thumbs.db
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 15:33 - 2015-01-26 17:45 - 00551936 ___SH () C:\Users\Kasia\Downloads\Thumbs.db
2015-01-24 09:03 - 2015-01-24 09:03 - 00008192 _____ () C:\Windows\system32\config\userdiff
2015-01-24 08:53 - 2015-01-29 10:51 - 00000000 ____D () C:\RecoveryImage
2015-01-24 08:46 - 2015-01-29 10:15 - 00094975 _____ () C:\Windows\diagerr.xml
2015-01-24 08:46 - 2015-01-29 10:15 - 00049533 _____ () C:\Windows\diagwrn.xml
2015-01-24 08:02 - 2015-01-24 08:02 - 02916352 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 02589696 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-24 08:02 - 2015-01-24 08:02 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-24 08:02 - 2015-01-24 08:02 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-24 08:02 - 2015-01-24 08:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-24 08:02 - 2015-01-24 08:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-01-23 19:15 - 2015-01-23 19:16 - 00031232 ___SH () C:\Users\Kasia\Thumbs.db
2015-01-20 22:38 - 2015-02-02 04:29 - 00000000 ___HD () C:\$Windows.~BT
2015-01-15 10:34 - 2015-01-15 10:34 - 00000000 ____D () C:\Users\Kasia\AppData\Roaming\Windows Live Writer
2015-01-15 10:34 - 2015-01-15 10:34 - 00000000 ____D () C:\Users\Kasia\AppData\Local\Windows Live Writer
2015-01-15 09:47 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:07 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:07 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:07 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 06:07 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 06:07 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 06:07 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 06:07 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 06:07 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 06:07 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 06:07 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:07 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 06:07 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 15:54 - 2015-01-12 15:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-12 15:54 - 2015-01-12 15:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-01-10 08:12 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-08 20:43 - 2014-01-09 09:05 - 00007040 _____ (Scott) C:\Windows\system32\Drivers\usbdrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 14:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 14:42 - 2014-12-17 06:46 - 00000000 ____D () C:\AdwCleaner
2015-02-06 13:09 - 2014-12-06 13:17 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-06 12:45 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 12:45 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 12:38 - 2014-12-06 13:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-06 12:38 - 2014-12-06 13:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 12:35 - 2014-12-06 13:08 - 00000000 ____D () C:\Users\Kasia\AppData\Roaming\Wise Care 365
2015-02-06 12:25 - 2014-12-06 13:09 - 00000000 ____D () C:\Users\Kasia\AppData\Roaming\uTorrent
2015-02-06 12:14 - 2014-12-06 13:08 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-02-06 11:17 - 2014-12-06 13:20 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 12:31 - 2014-12-06 13:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-02 16:24 - 2009-07-14 18:55 - 00740098 _____ () C:\Windows\system32\perfh015.dat
2015-02-02 16:24 - 2009-07-14 18:55 - 00155672 _____ () C:\Windows\system32\perfc015.dat
2015-02-02 16:24 - 2009-07-14 06:13 - 01669190 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 04:31 - 2014-12-06 12:05 - 00000000 ____D () C:\Windows\Panther
2015-01-31 08:10 - 2014-12-06 13:34 - 00001078 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-84332385-3745824528-537804561-1001UA.job
2015-01-30 19:10 - 2014-12-12 10:08 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 19:10 - 2014-12-06 14:20 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2015-01-30 19:10 - 2014-12-06 13:34 - 00001056 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-84332385-3745824528-537804561-1001Core.job
2015-01-30 18:53 - 2014-12-06 13:49 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-30 18:52 - 2014-12-06 13:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-30 18:47 - 2014-12-06 13:38 - 00000000 ____D () C:\Users\Kasia\AppData\Roaming\DAEMON Tools Lite
2015-01-30 18:47 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-30 18:43 - 2014-12-06 14:12 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-30 18:43 - 2014-12-06 14:12 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-30 18:42 - 2014-12-06 13:45 - 00000000 ____D () C:\Users\Kasia\AppData\Local\Adobe
2015-01-30 18:41 - 2014-12-08 22:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-30 18:41 - 2014-12-08 22:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 13:25 - 2014-12-20 15:31 - 00000000 ____D () C:\Program Files\AMD
2015-01-30 13:25 - 2014-12-20 15:07 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-01-30 13:25 - 2014-12-14 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2015-01-30 13:25 - 2014-12-06 18:18 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-30 13:25 - 2014-12-06 17:27 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-30 13:25 - 2014-12-06 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profesor Klaus - Intensywny kurs
2015-01-30 13:25 - 2014-12-06 16:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-30 13:25 - 2014-12-06 16:05 - 00000000 ____D () C:\Windows\pl
2015-01-30 13:25 - 2014-12-06 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2015-01-30 13:25 - 2014-12-06 15:45 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 13:25 - 2014-12-06 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-01-30 13:25 - 2014-12-06 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
2015-01-30 13:25 - 2014-12-06 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-30 13:25 - 2014-12-06 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-30 13:25 - 2014-12-06 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-30 13:25 - 2014-12-06 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-01-30 13:25 - 2014-12-06 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-30 13:25 - 2014-12-06 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 13:25 - 2014-12-06 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-30 13:25 - 2014-12-06 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2015-01-30 13:25 - 2014-12-06 13:07 - 00000000 ____D () C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-30 13:25 - 2014-12-06 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-30 13:25 - 2014-12-06 12:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-30 13:25 - 2014-12-06 12:11 - 00000000 ___RD () C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-30 13:25 - 2014-12-06 12:11 - 00000000 ___RD () C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-30 13:25 - 2014-12-06 12:11 - 00000000 ____D () C:\Users\Kasia
2015-01-30 13:25 - 2009-07-14 18:55 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2015-01-30 13:25 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-30 13:25 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-01-30 13:25 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\spool
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-01-30 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-30 11:55 - 2014-12-20 15:17 - 00000000 ____D () C:\Users\Kasia\Documents\Electronic Arts
2015-01-30 09:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-29 10:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
2015-01-28 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-26 22:47 - 2014-12-06 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 09:27 - 2014-12-14 11:50 - 00003272 _____ () C:\Windows\System32\Tasks\{0888F8A7-9AF6-4932-A56B-F82DAE9793C3}
2015-01-24 09:27 - 2014-12-12 10:08 - 00003978 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 09:27 - 2014-12-07 10:11 - 00003500 _____ () C:\Windows\System32\Tasks\{7B310747-2130-494B-851E-42587B750F41}
2015-01-24 09:27 - 2014-12-06 14:20 - 00003180 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2015-01-24 09:27 - 2014-12-06 14:12 - 00002882 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-24 09:27 - 2014-12-06 13:34 - 00004164 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-84332385-3745824528-537804561-1001UA
2015-01-24 09:27 - 2014-12-06 13:34 - 00003796 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-84332385-3745824528-537804561-1001Core
2015-01-24 09:09 - 2014-12-20 15:30 - 00000000 ____D () C:\AMD
2015-01-24 07:50 - 2014-12-06 14:29 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-01-23 16:07 - 2014-12-08 10:14 - 01640860 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-22 20:38 - 2009-07-14 06:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 10:34 - 2014-12-06 14:58 - 00000000 ____D () C:\Users\Kasia\AppData\Local\Windows Live
2015-01-14 08:07 - 2014-12-06 14:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:04 - 2014-12-06 14:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 15:54 - 2014-12-06 13:19 - 00000995 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-12 15:54 - 2014-12-06 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

Some content of TEMP:
====================
C:\Users\Kasia\AppData\Local\Temp\Quarantine.exe
C:\Users\Kasia\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 11:34

==================== End Of Log ============================