Dziękuję ślicznie pomogło!! podaję logi
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-06-2014
Ran by Gosia (administrator) on EXTENSA on 03-07-2014 14:35:28
Running from C:\Users\Gosia\Downloads
Platform: Microsoft Windows 7 Enterprise (X86) OS Language: Polski (Polska)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Gosia\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Gosia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Facebook Inc.) C:\Users\Gosia\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Users\Gosia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Gosia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Gosia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Gosia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Gosia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVG_UI] = & gt; C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] = & gt; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-4184808580-2487017360-4061118910-1000\...\Run: [Spotify] = & gt; C:\Users\Gosia\AppData\Roaming\Spotify\Spotify.exe [6180920 2014-06-27] (Spotify Ltd)
HKU\S-1-5-21-4184808580-2487017360-4061118910-1000\...\Run: [Spotify Web Helper] = & gt; C:\Users\Gosia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-27] (Spotify Ltd)
HKU\S-1-5-21-4184808580-2487017360-4061118910-1000\...\Run: [Facebook Update] = & gt; C:\Users\Gosia\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-25] (Facebook Inc.)
Startup: C:\Users\Gosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - & gt; C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) - & gt; {99FD978C-D287-4F50-827F-B2C658EDA8E7} = & gt; C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) - & gt; {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = & gt; C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - & gt; {920E6DB1-9907-4370-B3A0-BAFC03D81399} = & gt; C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) - & gt; {16F3DD56-1AF5-4347-846D-7C10C4192619} = & gt; C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) - & gt; {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = & gt; C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Gosia\AppData\Roaming\Mozilla\Firefox\Profiles\arzi997w.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Gosia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://dts.search.ask.com/sr?src=crb & gct=ds & appid=133 & systemid=2 & v=a12281-200 & apn_uid=2146241233804772 & apn_dtid=IME002 & o=APN10641 & apn_ptnrs=AG2 & q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (DivX Web Player) - C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
CHR Extension: (Dokumenty Google) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Dysk Google) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (YouTube) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Szukaj w Google) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (Google Wallet) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-03 14:34 - 2014-07-03 14:34 - 00003585 _____ () C:\Users\Gosia\Desktop\UsbFix [Listing 5] EXTENSA.txt
2014-07-02 22:14 - 2014-07-02 22:14 - 00000000 _____ () C:\Users\Gosia\Desktop\Nowy obraz mapy bitowej.bmp
2014-07-01 23:07 - 2014-07-01 23:07 - 00265752 _____ (Secure By Design Inc.) C:\Users\Gosia\Downloads\Ninite Foxit Reader Java Installer(1).exe
2014-07-01 23:04 - 2014-07-02 21:44 - 00000000 ____D () C:\Users\Gosia\AppData\Roaming\Foxit Software
2014-07-01 23:04 - 2014-07-01 23:04 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-01 23:03 - 2014-07-01 23:05 - 223690790 _____ () C:\Users\Gosia\Downloads\na obronę.rar
2014-07-01 23:03 - 2014-07-01 23:03 - 00002062 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-07-01 23:03 - 2014-07-01 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-01 23:03 - 2014-07-01 23:03 - 00000000 ____D () C:\Program Files\Foxit Software
2014-07-01 23:02 - 2014-07-01 23:02 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-01 23:02 - 2014-07-01 23:02 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-01 23:02 - 2014-07-01 23:02 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-01 23:02 - 2014-07-01 23:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-01 23:02 - 2014-07-01 23:02 - 00000000 ____D () C:\ProgramData\Sun
2014-07-01 23:02 - 2014-07-01 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-01 23:02 - 2014-07-01 23:02 - 00000000 ____D () C:\Program Files\Java
2014-07-01 23:02 - 2014-07-01 23:02 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-01 23:01 - 2014-07-01 23:01 - 00265752 _____ (Secure By Design Inc.) C:\Users\Gosia\Downloads\Ninite Foxit Reader Java Installer.exe
2014-07-01 22:38 - 2014-07-01 22:38 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-01 22:23 - 2014-07-01 22:25 - 00002443 _____ () C:\Users\Gosia\Desktop\fixlist.txt
2014-07-01 22:04 - 2014-07-01 19:08 - 63274451 ____N () C:\Users\Gosia\Desktop\fiszki-j-angielski-starter.zip
2014-07-01 21:44 - 2014-07-01 21:45 - 70747904 _____ () C:\Users\Gosia\Downloads\GRATISB.zip
2014-07-01 19:06 - 2014-07-01 19:06 - 63274451 _____ () C:\Users\Gosia\Downloads\fiszki-j-angielski-starter.zip
2014-07-01 16:33 - 2014-07-03 14:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 16:33 - 2014-07-01 16:33 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 16:33 - 2014-07-01 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 16:33 - 2014-07-01 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 16:33 - 2014-07-01 16:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-01 16:33 - 2014-05-12 07:35 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-01 16:33 - 2014-05-12 07:35 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-01 16:33 - 2014-05-12 07:35 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-01 16:32 - 2014-07-01 16:32 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Gosia\Downloads\mbam-setup.exe
2014-07-01 16:30 - 2014-07-01 16:31 - 00019450 _____ () C:\Users\Gosia\Downloads\Addition.txt
2014-07-01 16:29 - 2014-07-03 14:35 - 00013950 _____ () C:\Users\Gosia\Downloads\FRST.txt
2014-07-01 16:28 - 2014-07-03 14:35 - 00000000 ____D () C:\FRST
2014-07-01 16:27 - 2014-07-01 16:27 - 01073664 _____ (Farbar) C:\Users\Gosia\Downloads\FRST.exe
2014-07-01 16:09 - 2014-07-01 16:21 - 00000000 ____D () C:\UsbFix
2014-07-01 16:09 - 2014-07-01 16:09 - 04673918 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Gosia\Downloads\UsbFix.exe
2014-07-01 16:09 - 2014-07-01 16:09 - 00001448 _____ () C:\Users\Gosia\Desktop\UsbFix.lnk
2014-07-01 16:02 - 2014-07-01 16:02 - 01346519 _____ () C:\Users\Gosia\Downloads\adwcleaner_3.214.exe
2014-06-30 23:10 - 2014-06-30 23:10 - 00042350 _____ () C:\Users\Gosia\Downloads\Extras.Txt
2014-06-30 23:07 - 2014-06-30 23:07 - 00047778 _____ () C:\Users\Gosia\Downloads\OTL.Txt
2014-06-30 22:55 - 2014-06-30 22:55 - 00602112 _____ (OldTimer Tools) C:\Users\Gosia\Downloads\OTL.exe
2014-06-30 22:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-29 13:26 - 2014-06-29 13:27 - 01390944 _____ () C:\Windows\Minidump\062914-27830-01.dmp
2014-06-20 07:06 - 2014-06-20 07:07 - 44120520 _____ () C:\Users\Gosia\Downloads\download(1).zip
2014-06-18 08:57 - 2014-06-18 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-13 08:18 - 2014-06-13 08:18 - 03432539 _____ () C:\Users\Gosia\Downloads\granice_panstw.zip
2014-06-13 08:12 - 2014-06-13 08:12 - 00007149 _____ () C:\Users\Gosia\Downloads\pp.qgs
2014-06-13 07:41 - 2014-06-13 07:41 - 07222565 _____ () C:\Users\Gosia\Downloads\download.zip
2014-06-13 01:05 - 2014-06-13 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Valmiera
2014-06-13 00:26 - 2014-06-13 00:26 - 00000000 ____D () C:\Program Files\MSECache
2014-06-13 00:25 - 2014-06-13 00:26 - 39057384 _____ (Microsoft Corporation) C:\Users\Gosia\Downloads\FileFormatConverters.exe
2014-06-13 00:13 - 2014-06-13 00:16 - 368945248 _____ (Microsoft Corporation) C:\Users\Gosia\Downloads\office2007sp3-kb2526086-fullfile-en-us.exe
2014-06-11 11:03 - 2014-07-01 23:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-10 18:36 - 2014-06-10 18:36 - 91622845 _____ () C:\Users\Gosia\Downloads\fiszki-j-angielski-slownictwo-1.zip
2014-06-07 12:13 - 2014-06-07 12:13 - 01479925 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul V.pptx
2014-06-07 12:13 - 2014-06-07 12:13 - 01295120 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul II.pptx
2014-06-07 12:13 - 2014-06-07 12:13 - 01274423 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul III.pptx
2014-06-07 12:13 - 2014-06-07 12:13 - 00920062 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul I.pptx
2014-06-07 12:13 - 2014-06-07 12:13 - 00206644 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul IV.pptx
2014-06-04 08:00 - 2014-06-04 08:00 - 01508720 _____ () C:\Windows\Minidump\060414-38969-01.dmp
==================== One Month Modified Files and Folders =======
2014-07-03 14:36 - 2014-07-01 16:29 - 00013950 _____ () C:\Users\Gosia\Downloads\FRST.txt
2014-07-03 14:35 - 2014-07-01 16:28 - 00000000 ____D () C:\FRST
2014-07-03 14:34 - 2014-07-03 14:34 - 00003585 _____ () C:\Users\Gosia\Desktop\UsbFix [Listing 5] EXTENSA.txt
2014-07-03 14:33 - 2014-01-16 16:22 - 00000000 ____D () C:\Users\Gosia\AppData\Roaming\Spotify
2014-07-03 14:28 - 2014-07-01 16:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 14:28 - 2013-02-10 22:23 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 14:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 14:28 - 2009-07-14 06:39 - 00077418 _____ () C:\Windows\setupact.log
2014-07-03 14:27 - 2013-02-07 22:53 - 01187875 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 14:27 - 2009-07-14 06:34 - 00009600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 14:27 - 2009-07-14 06:34 - 00009600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 14:08 - 2013-02-21 12:20 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 13:50 - 2013-02-10 22:23 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 09:56 - 2013-02-07 23:49 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-02 22:14 - 2014-07-02 22:14 - 00000000 _____ () C:\Users\Gosia\Desktop\Nowy obraz mapy bitowej.bmp
2014-07-02 21:44 - 2014-07-01 23:04 - 00000000 ____D () C:\Users\Gosia\AppData\Roaming\Foxit Software
2014-07-02 21:12 - 2013-02-07 23:36 - 01668226 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 21:12 - 2009-07-14 09:37 - 00739932 _____ () C:\Windows\system32\perfh015.dat
2014-07-02 21:12 - 2009-07-14 09:37 - 00155474 _____ () C:\Windows\system32\perfc015.dat
2014-07-02 10:22 - 2013-02-08 01:37 - 00011508 _____ () C:\Windows\PFRO.log
2014-07-01 23:07 - 2014-07-01 23:07 - 00265752 _____ (Secure By Design Inc.) C:\Users\Gosia\Downloads\Ninite Foxit Reader Java Installer(1).exe
2014-07-01 23:05 - 2014-07-01 23:03 - 223690790 _____ () C:\Users\Gosia\Downloads\na obronę.rar
2014-07-01 23:04 - 2014-07-01 23:04 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-01 23:04 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-07-01 23:03 - 2014-07-01 23:03 - 00002062 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-07-01 23:03 - 2014-07-01 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-01 23:03 - 2014-07-01 23:03 - 00000000 ____D () C:\Program Files\Foxit Software
2014-07-01 23:02 - 2014-07-01 23:02 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-01 23:02 - 2014-07-01 23:02 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-01 23:02 - 2014-07-01 23:02 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-01 23:02 - 2014-07-01 23:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-01 23:02 - 2014-07-01 23:02 - 00000000 ____D () C:\ProgramData\Sun
2014-07-01 23:02 - 2014-07-01 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-01 23:02 - 2014-07-01 23:02 - 00000000 ____D () C:\Program Files\Java
2014-07-01 23:02 - 2014-07-01 23:02 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-01 23:01 - 2014-07-01 23:01 - 00265752 _____ (Secure By Design Inc.) C:\Users\Gosia\Downloads\Ninite Foxit Reader Java Installer.exe
2014-07-01 23:00 - 2014-06-11 11:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-01 22:38 - 2014-07-01 22:38 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-01 22:38 - 2013-02-08 16:59 - 00000000 ____D () C:\Users\Gosia\AppData\Local\Adobe
2014-07-01 22:38 - 2013-02-08 02:02 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-01 22:25 - 2014-07-01 22:23 - 00002443 _____ () C:\Users\Gosia\Desktop\fixlist.txt
2014-07-01 21:45 - 2014-07-01 21:44 - 70747904 _____ () C:\Users\Gosia\Downloads\GRATISB.zip
2014-07-01 19:08 - 2014-07-01 22:04 - 63274451 ____N () C:\Users\Gosia\Desktop\fiszki-j-angielski-starter.zip
2014-07-01 19:06 - 2014-07-01 19:06 - 63274451 _____ () C:\Users\Gosia\Downloads\fiszki-j-angielski-starter.zip
2014-07-01 16:48 - 2013-02-08 01:31 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-01 16:33 - 2014-07-01 16:33 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 16:33 - 2014-07-01 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 16:33 - 2014-07-01 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 16:33 - 2014-07-01 16:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-01 16:32 - 2014-07-01 16:32 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Gosia\Downloads\mbam-setup.exe
2014-07-01 16:31 - 2014-07-01 16:30 - 00019450 _____ () C:\Users\Gosia\Downloads\Addition.txt
2014-07-01 16:27 - 2014-07-01 16:27 - 01073664 _____ (Farbar) C:\Users\Gosia\Downloads\FRST.exe
2014-07-01 16:21 - 2014-07-01 16:09 - 00000000 ____D () C:\UsbFix
2014-07-01 16:09 - 2014-07-01 16:09 - 04673918 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Gosia\Downloads\UsbFix.exe
2014-07-01 16:09 - 2014-07-01 16:09 - 00001448 _____ () C:\Users\Gosia\Desktop\UsbFix.lnk
2014-07-01 16:02 - 2014-07-01 16:02 - 01346519 _____ () C:\Users\Gosia\Downloads\adwcleaner_3.214.exe
2014-06-30 23:10 - 2014-06-30 23:10 - 00042350 _____ () C:\Users\Gosia\Downloads\Extras.Txt
2014-06-30 23:07 - 2014-06-30 23:07 - 00047778 _____ () C:\Users\Gosia\Downloads\OTL.Txt
2014-06-30 22:55 - 2014-06-30 22:55 - 00602112 _____ (OldTimer Tools) C:\Users\Gosia\Downloads\OTL.exe
2014-06-30 21:54 - 2014-01-16 16:22 - 00000000 ____D () C:\Users\Gosia\AppData\Local\Spotify
2014-06-30 20:33 - 2013-02-07 22:56 - 00000000 ____D () C:\Users\Gosia
2014-06-29 13:27 - 2014-06-29 13:26 - 01390944 _____ () C:\Windows\Minidump\062914-27830-01.dmp
2014-06-29 13:26 - 2014-03-19 13:43 - 00000000 ____D () C:\Windows\Minidump
2014-06-20 12:51 - 2013-02-10 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-20 07:07 - 2014-06-20 07:06 - 44120520 _____ () C:\Users\Gosia\Downloads\download(1).zip
2014-06-18 08:57 - 2014-06-18 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-18 08:57 - 2013-02-07 23:56 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2013.lnk
2014-06-15 22:47 - 2013-02-20 12:44 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 08:18 - 2014-06-13 08:18 - 03432539 _____ () C:\Users\Gosia\Downloads\granice_panstw.zip
2014-06-13 08:12 - 2014-06-13 08:12 - 00007149 _____ () C:\Users\Gosia\Downloads\pp.qgs
2014-06-13 07:41 - 2014-06-13 07:41 - 07222565 _____ () C:\Users\Gosia\Downloads\download.zip
2014-06-13 01:08 - 2014-06-13 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Valmiera
2014-06-13 00:26 - 2014-06-13 00:26 - 00000000 ____D () C:\Program Files\MSECache
2014-06-13 00:26 - 2014-06-13 00:25 - 39057384 _____ (Microsoft Corporation) C:\Users\Gosia\Downloads\FileFormatConverters.exe
2014-06-13 00:16 - 2014-06-13 00:13 - 368945248 _____ (Microsoft Corporation) C:\Users\Gosia\Downloads\office2007sp3-kb2526086-fullfile-en-us.exe
2014-06-13 00:03 - 2013-02-08 01:27 - 00000000 ____D () C:\Users\Gosia\AppData\Local\Microsoft Help
2014-06-11 16:01 - 2013-02-17 18:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-10 18:36 - 2014-06-10 18:36 - 91622845 _____ () C:\Users\Gosia\Downloads\fiszki-j-angielski-slownictwo-1.zip
2014-06-07 12:13 - 2014-06-07 12:13 - 01479925 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul V.pptx
2014-06-07 12:13 - 2014-06-07 12:13 - 01295120 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul II.pptx
2014-06-07 12:13 - 2014-06-07 12:13 - 01274423 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul III.pptx
2014-06-07 12:13 - 2014-06-07 12:13 - 00920062 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul I.pptx
2014-06-07 12:13 - 2014-06-07 12:13 - 00206644 _____ () C:\Users\Gosia\Downloads\Wyklad ZJ - Modul IV.pptx
2014-06-04 08:00 - 2014-06-04 08:00 - 01508720 _____ () C:\Windows\Minidump\060414-38969-01.dmp
Some content of TEMP:
====================
C:\Users\Gosia\AppData\Local\Temp\MSN1D7F.exe
C:\Users\Gosia\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\system32\winlogon.exe = & gt; File is digitally signed
C:\Windows\system32\wininit.exe = & gt; File is digitally signed
C:\Windows\system32\svchost.exe = & gt; File is digitally signed
C:\Windows\system32\services.exe = & gt; File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-14 01:24] - [2009-07-14 03:16] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1
C:\Windows\system32\userinit.exe = & gt; File is digitally signed
C:\Windows\system32\rpcss.dll = & gt; File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys = & gt; File is digitally signed
LastRegBack: 2014-07-02 14:45
==================== End Of Log ============================