Anonim / 2 lata, 5 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Komputer (administrator) on KOMP on 13-07-2015 11:37:46
Running from E:\Downloads
Loaded Profiles: Komputer (Available Profiles: Komputer)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) F:\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Mouse\Amoumain.exe
(Sonix) C:\Windows\vsnp2std.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIEDE.EXE
(Advanced Micro Devices, Inc.) E:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Skype Technologies S.A.) F:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) F:\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() E:\Program Files\Kalendarz XP\Kalendarz.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) F:\Avira\AntiVir Desktop\avgnt.exe
(SONIX) C:\Windows\tsnp2std.exe
() C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
(Advanced Micro Devices Inc.) E:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) E:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) F:\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [196608 2000-01-01] ()
HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2007-08-07] (Sonix)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
HKLM-x32\...\Run: [StartCCC] => E:\Program Files\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-07-09] (Raptr, Inc)
HKLM-x32\...\Run: [avgnt] => F:\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [258048 2009-03-10] (SONIX)
HKLM-x32\...\Run: [UnlockerAssistant] => C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4076806238-1219484475-651196191-1000\...\Run: [EPSON SX100 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2009-07-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4076806238-1219484475-651196191-1000\...\Run: [Skype] => F:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-4076806238-1219484475-651196191-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4076806238-1219484475-651196191-1000\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2015-04-27] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-4076806238-1219484475-651196191-1000\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe
HKU\S-1-5-21-4076806238-1219484475-651196191-1000\...\Run: [Viber] => C:\Users\Komputer\AppData\Local\Viber\Viber.exe [80035536 2015-06-10] ()
HKU\S-1-5-21-4076806238-1219484475-651196191-1000\...\MountPoints2: {465f383d-e8bf-11e4-bcdf-bc5ff4c84702} - G:\Startme.exe
HKU\S-1-5-21-4076806238-1219484475-651196191-1000\...\MountPoints2: {5eae7582-2864-11e5-b513-bc5ff4c84702} - K:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-04-21] (Microsoft Corporation)
Startup: C:\Users\Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start  skrót.lnk [2015-04-15]
ShortcutTarget: Start  skrót.lnk -> E:\Program Files\Kalendarz XP\Start.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-4076806238-1219484475-651196191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
Tcpip\..\Interfaces\{18033C5F-78B6-4991-9421-BC5A7818233D}: [DhcpNameServer] 37.8.214.2 31.11.202.254
Tcpip\..\Interfaces\{6D3ED732-3FBD-4592-BDB6-6D106C887971}: [DhcpNameServer] 37.8.214.2 31.11.202.254

FireFox:
========
FF ProfilePath: C:\Users\Komputer\AppData\Roaming\Mozilla\Firefox\Profiles\jn8xbj7u.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> F:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> F:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-09-06] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Komputer\AppData\Roaming\Mozilla\Firefox\Profiles\jn8xbj7u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-04-17]
FF HKU\S-1-5-21-4076806238-1219484475-651196191-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - F:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome: 
=======
CHR Profile: C:\Users\Komputer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Przelewy24) - C:\Users\Komputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2015-07-13]
CHR Extension: (Adblock Plus) - C:\Users\Komputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-13]
CHR Extension: (The Avengers) - C:\Users\Komputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckfllifdbmfjehnombllbaojfdkmnpdm [2015-06-01]
CHR Extension: (Disable Youtube HTML5 Player) - C:\Users\Komputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-07-13]
CHR Extension: (Google Wallet) - C:\Users\Komputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - F:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; E:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; F:\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; F:\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; F:\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; F:\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 SkypeUpdate; F:\Program Files (x86)\Skype\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; E:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-24] (Avira Operations GmbH & Co. KG)
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [18528 2014-10-23] ()
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [15456 2014-10-23] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12379136 2008-02-13] ()
R3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12067328 2008-02-13] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-06-08] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U3 az83s0wr; C:\Windows\System32\Drivers\az83s0wr.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 CLVirtualBus01; system32\DRIVERS\CLVirtualBus01.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 11:27 - 2015-07-13 11:37 - 00000000 ____D C:\FRST
2015-07-13 11:26 - 2015-07-13 11:28 - 00000000 ____D C:\AdwCleaner
2015-07-13 11:21 - 2015-07-13 11:21 - 00011695 _____ C:\Users\Komputer\Desktop\hijackthis.log 1
2015-07-13 11:20 - 2015-07-13 11:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Komputer\Downloads\HijackThis_2.0.4.exe
2015-07-13 11:20 - 2015-07-13 11:20 - 00011662 _____ C:\Users\Komputer\Downloads\hijackthis.log
2015-07-11 17:26 - 2015-07-11 17:26 - 00827816 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\Komputer\Downloads\rufus-2.2.exe
2015-07-11 16:32 - 2015-07-11 16:32 - 00000000 ____D C:\Program Files (x86)\HyperCam 2
2015-07-11 16:31 - 2015-07-11 16:32 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-07-11 16:31 - 2015-07-11 16:31 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2015-07-11 16:31 - 2015-07-11 16:31 - 00001110 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2015-07-11 16:31 - 2015-07-11 16:31 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\NCH Software
2015-07-11 16:31 - 2015-07-11 16:31 - 00000000 ____D C:\ProgramData\NCH Software
2015-07-11 16:31 - 2015-07-11 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-07-11 16:31 - 2015-07-11 16:31 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-07-11 16:30 - 2015-07-12 08:02 - 00000000 ____D C:\Users\Komputer\Downloads\WinSetupFromUSB-1-5
2015-07-11 16:30 - 2015-07-11 16:30 - 23915677 _____ (Igor Pavlov) C:\Users\Komputer\Downloads\WinSetupFromUSB-1-5.exe
2015-07-11 16:30 - 2015-07-11 16:30 - 00003156 _____ C:\Windows\System32\Tasks\{568355D5-E9BE-434F-A254-464F15FB5FD5}
2015-07-11 09:42 - 2015-07-11 09:42 - 00000000 ____D C:\Users\Komputer\Desktop\LOL
2015-07-10 12:46 - 2015-07-10 12:53 - 00000000 ____D C:\Users\Komputer\Desktop\Ostatnie meczyki
2015-07-08 09:14 - 2015-07-08 09:15 - 03856869 _____ C:\Users\Komputer\Documents\10747131_1490699884539194_246342107_n.mp4
2015-07-07 23:18 - 2015-07-07 23:19 - 06538458 _____ C:\Users\Komputer\Documents\11537267_1433182290340083_741063345_n.mp4
2015-07-07 15:14 - 2015-07-07 15:21 - 00000000 ____D C:\Users\Komputer\Documents\Nowy folder
2015-07-07 14:57 - 2015-07-07 14:57 - 00003584 _____ C:\Users\Komputer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-07 14:44 - 2015-07-07 14:51 - 00000000 ____D C:\Users\Komputer\Documents\FFOutput
2015-07-07 13:28 - 2015-07-07 13:28 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-06 18:39 - 2015-07-06 18:40 - 01956896 _____ C:\Users\Komputer\Documents\11171290_10153182599765985_797823610_n.mp4
2015-07-06 14:19 - 2015-07-06 14:19 - 00001131 _____ C:\Users\Komputer\Desktop\ALLPlayer.Radio.lnk
2015-07-06 14:19 - 2015-07-06 14:19 - 00001123 _____ C:\Users\Komputer\Desktop\ALLPlayer.VOD.lnk
2015-07-06 14:19 - 2015-07-06 14:19 - 00001019 _____ C:\Users\Komputer\Desktop\ALLPlayer.lnk
2015-07-06 14:19 - 2015-07-06 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer
2015-07-06 14:19 - 2015-07-06 14:19 - 00000000 ____D C:\ProgramData\ALLPlayer
2015-07-06 14:19 - 2015-07-06 14:19 - 00000000 ____D C:\Program Files (x86)\ALLPlayer
2015-07-06 14:19 - 2013-04-05 21:26 - 02106368 _____ C:\Windows\SysWOW64\ac3filter.ax
2015-07-06 14:19 - 2013-04-05 21:26 - 00276992 _____ (IntelleSoft) C:\Windows\SysWOW64\BugTrap.dll
2015-07-06 14:19 - 2007-10-07 15:36 - 00258048 _____ C:\Windows\SysWOW64\libFLAC.dll
2015-07-06 14:18 - 2015-07-06 14:18 - 42921200 _____ (ALLPlayer ) C:\Users\Komputer\Documents\ALLPlayerPL.exe
2015-07-06 14:13 - 2015-07-06 14:17 - 73054376 _____ C:\Users\Komputer\Documents\10855289_10152901943487287_359063776_n.mp4
2015-07-06 14:09 - 2015-07-06 14:09 - 00041465 _____ C:\Users\Komputer\Documents\15737_09c99c04129db749d2fdafb79e125e4a.jpeg
2015-07-05 16:27 - 2015-07-13 11:29 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\ViberPC
2015-07-05 16:27 - 2015-07-05 16:27 - 00000995 _____ C:\Users\Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2015-07-05 16:27 - 2015-07-05 16:27 - 00000987 _____ C:\Users\Komputer\Desktop\Viber.lnk
2015-07-05 16:27 - 2015-07-05 16:27 - 00000000 ____D C:\Users\Komputer\AppData\Local\Viber
2015-07-05 16:26 - 2015-07-05 16:26 - 64298248 _____ (Viber Media Inc) C:\Users\Komputer\Downloads\ViberSetup.exe
2015-07-05 16:26 - 2015-07-05 16:26 - 01122679 _____ C:\Users\Komputer\Documents\Viber(41180)-dp.jse
2015-07-04 07:44 - 2015-07-04 07:44 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-07-04 07:42 - 2015-07-13 11:35 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-04 07:42 - 2015-07-04 07:42 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-04 07:39 - 2015-07-04 07:42 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-04 07:39 - 2015-07-04 07:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 13:44 - 2015-07-03 13:44 - 00359936 _____ C:\Users\Komputer\Downloads\Image Resizer Powertoy Clone 2.1 64-bit.msi
2015-07-03 13:44 - 2015-07-03 13:44 - 00000000 ____D C:\Program Files (x86)\Image Resizer
2015-07-03 11:50 - 2015-07-03 11:51 - 00000000 ____D C:\Users\Komputer\AppData\Local\Opera Software
2015-07-03 11:49 - 2015-07-03 11:51 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-03 11:15 - 2015-07-03 11:15 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-03 11:15 - 2015-07-03 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-03 11:15 - 2015-07-03 11:15 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-02 22:10 - 2015-07-02 22:10 - 00000000 ____D C:\Program Files (x86)\Unlocker
2015-07-02 21:53 - 2015-07-02 21:53 - 00402911 _____ C:\Users\Komputer\Downloads\Unlocker1.9.2.exe
2015-07-02 21:53 - 2015-07-02 21:53 - 00000364 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-07-02 21:50 - 2015-07-02 21:50 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\InstallShield
2015-07-02 21:50 - 2015-07-02 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC Camera (SN9C201&202)
2015-07-02 21:50 - 2009-03-10 18:28 - 00258048 _____ (SONIX) C:\Windows\tsnp2std.exe
2015-07-02 21:50 - 2008-02-13 11:35 - 12379136 _____ () C:\Windows\system32\Drivers\snp2sxp.sys
2015-07-02 21:50 - 2008-02-13 11:34 - 12067328 _____ () C:\Windows\SysWOW64\Drivers\snp2sxp.sys
2015-07-02 21:50 - 2007-08-07 11:38 - 00675840 _____ (Sonix) C:\Windows\vsnp2std.exe
2015-07-02 21:50 - 2007-03-29 16:04 - 00328704 _____ (Sonix) C:\Windows\system32\vsnp2std.dll
2015-07-02 21:50 - 2007-03-29 16:04 - 00249856 _____ (Sonix) C:\Windows\SysWOW64\vsnp2std.dll
2015-07-02 21:50 - 2007-01-25 18:48 - 00033664 _____ () C:\Windows\system32\Drivers\sncamd.sys
2015-07-02 21:50 - 2007-01-25 18:48 - 00025472 _____ () C:\Windows\SysWOW64\Drivers\sncamd.sys
2015-07-02 21:50 - 2006-11-16 15:57 - 00083968 _____ ( ) C:\Windows\system32\csnp2std.dll
2015-07-02 21:50 - 2006-10-12 17:21 - 00151552 _____ ( ) C:\Windows\SysWOW64\rsnp2std.dll
2015-07-02 21:50 - 2004-12-09 17:23 - 00015497 _____ C:\Windows\snp2std.ini
2015-07-02 21:50 - 2004-12-09 17:23 - 00013022 _____ C:\Windows\snp2std.src
2015-07-02 21:45 - 2015-07-02 21:45 - 03359544 _____ (Easeware ) C:\Users\Komputer\Downloads\DriverEasy_Setup.exe
2015-07-02 21:45 - 2015-07-02 21:45 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\Easeware
2015-07-02 21:34 - 2015-07-02 21:34 - 00000000 ____D C:\Spacekace
2015-07-02 21:33 - 2015-07-02 21:33 - 00003916 _____ C:\Windows\DPINST.LOG
2015-07-02 21:00 - 2006-07-03 10:31 - 00094208 _____ (Microsoft Corporation) C:\Windows\amcap.exe
2015-07-02 19:25 - 2015-07-02 19:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2015-06-15 18:35 - 2015-07-07 13:28 - 00001116 _____ C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 11:37 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 11:37 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 11:34 - 2009-07-14 19:55 - 00743484 _____ C:\Windows\system32\perfh015.dat
2015-07-13 11:34 - 2009-07-14 19:55 - 00156966 _____ C:\Windows\system32\perfc015.dat
2015-07-13 11:34 - 2009-07-14 07:13 - 01678034 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 11:33 - 2015-04-17 13:01 - 01427105 _____ C:\Windows\WindowsUpdate.log
2015-07-13 11:30 - 2015-04-15 13:59 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\Raptr
2015-07-13 11:29 - 2015-04-17 15:01 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 11:29 - 2015-04-15 14:00 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\Skype
2015-07-13 11:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 11:29 - 2009-07-14 06:51 - 00055865 _____ C:\Windows\setupact.log
2015-07-13 11:12 - 2015-04-17 15:01 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 07:40 - 2015-04-17 15:25 - 00570862 _____ C:\Windows\PFRO.log
2015-07-11 20:54 - 2015-05-02 12:47 - 00000820 __RSH C:\ProgramData\ntuser.pol
2015-07-11 18:13 - 2015-04-15 14:00 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\uTorrent
2015-07-11 17:26 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-11 17:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-10 08:10 - 2015-05-24 15:24 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-07-08 14:10 - 2015-04-15 13:58 - 00000000 ____D C:\Users\Komputer\AppData\Local\Deployment
2015-07-07 13:28 - 2015-06-01 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-07 13:28 - 2015-04-17 13:08 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-04 07:42 - 2015-04-15 13:58 - 00000000 ____D C:\Users\Komputer\AppData\Local\Adobe
2015-07-03 13:36 - 2015-04-27 08:46 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 13:35 - 2015-04-18 15:00 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\Apple Computer
2015-07-03 11:51 - 2015-04-15 13:59 - 00001425 _____ C:\Users\Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-03 11:51 - 2015-04-15 13:59 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\Opera Software
2015-07-03 11:16 - 2015-04-18 15:00 - 00000000 ____D C:\Users\Komputer\AppData\Local\Apple Computer
2015-07-03 10:57 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-02 22:10 - 2015-04-15 13:59 - 00000000 ____D C:\Users\Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-07-02 21:50 - 2015-04-17 14:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-02 21:50 - 2009-07-14 04:34 - 00000720 _____ C:\Windows\win.ini
2015-06-19 14:39 - 2015-06-01 22:07 - 00000000 ____D C:\ProgramData\Avira

==================== Files in the root of some directories =======

2015-07-07 14:57 - 2015-07-07 14:57 - 0003584 _____ () C:\Users\Komputer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-15 13:58 - 2015-02-11 14:46 - 0000871 _____ () C:\Users\Komputer\AppData\Local\recently-used.xbel
2015-04-15 13:58 - 2014-11-23 18:44 - 0007605 _____ () C:\Users\Komputer\AppData\Local\Resmon.ResmonCfg
2015-04-17 15:18 - 2015-04-17 15:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-17 13:42 - 2015-04-21 22:54 - 0001351 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Komputer\AppData\Local\Temp\avgnt.exe
C:\Users\Komputer\AppData\Local\Temp\ICReinstall_JSE_install_app-1435916948127.exe
C:\Users\Komputer\AppData\Local\Temp\Quarantine.exe
C:\Users\Komputer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 02:45

==================== End of log ============================