Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by sandoz (administrator) on SANDOZ on 09-10-2013 20:26:33 Running from C:\Users\sandoz\Documents\bezpieczeństwo Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe () C:\Program Files\ATK Hotkey\ASLDRSrv.exe (Broadcom Corporation.) c:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe () C:\Windows\system32\PnkBstrA.exe (Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe (Lenovo Group Limited) C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe () C:\Program Files\ATK Hotkey\MsgTranAgt.exe (Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\ATK Hotkey\HControlUser.exe (Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\ATK Hotkey\LOSD.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files\ATK Hotkey\ATKOSD.exe () C:\Program Files\ATK Hotkey\WDC.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1111336 2008-05-29] (Synaptics, Inc.) HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [HControlUser] - C:\Program Files\ATK Hotkey\HcontrolUser.exe [98304 2008-07-03] () HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [5207880 2008-05-22] (Lenovo(beijing) Limited) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.199.0.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61 FireFox: ======== FF ProfilePath: C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default FF SelectedSearchEngine: Wikipedia (pl) FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\sandoz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\searchplugins\ceneo.xml FF SearchPlugin: C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\searchplugins\filmwebpl.xml FF SearchPlugin: C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml FF Extension: Flagfox - C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: DivXWebPlayer - C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\Extensions\DivXWebPlayer@divx.com.xpi FF Extension: No Name - C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\Extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi FF Extension: No Name - C:\Users\sandoz\AppData\Roaming\Mozilla\Firefox\Profiles\9adrfnj9.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () R2 btwdins; c:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [522792 2008-08-26] (Broadcom Corporation.) R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [32768 2008-02-14] (Lenovo Group Limited) S3 IncSvc; C:\Program Files\Lenovo\ReadyComm\IncSvc.dll [469504 2007-06-03] (Lenovo Group Limited) R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] () R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-02-14] () S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [270336 2007-04-11] (Lenovo Group Limited) R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [98304 2008-02-15] (Lenovo Group Limited) R2 System_Repair_UpdateMonitor; C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [430080 2008-09-27] (Lenovo Group Limited) ==================== Drivers (Whitelisted) ==================== R0 75131467; C:\Windows\System32\DRIVERS\75131467.sys [133208 2012-03-05] (Kaspersky Lab ZAO) R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2013-07-06] () R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [49472 2009-11-07] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-07-06] () R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1761048 2008-10-15] () R3 vhidmini; C:\Windows\System32\DRIVERS\ITEhidCIR.sys [10880 2008-01-24] (ITE Tech. Inc. ) R0 Wdkbdmou; C:\Windows\System32\DRIVERS\Wdkbdmou.sys [8832 2008-06-13] () R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [8832 2008-06-13] (Windows (R) Codename Longhorn DDK provider) S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81192 2008-01-10] (CyberLink) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [x] U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-09 20:25 - 2013-10-09 20:25 - 00000000 ____D C:\FRST 2013-10-09 12:36 - 2013-10-09 12:36 - 00000306 _____ C:\Windows\PFRO.log 2013-10-09 12:22 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 12:22 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 12:22 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 12:22 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-10-09 12:22 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 12:22 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 12:22 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-10-09 12:22 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 12:22 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-10-09 12:22 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 12:22 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-10-09 12:22 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 12:22 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 12:22 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 12:22 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-10-09 12:22 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 12:08 - 2013-10-09 12:13 - 00000000 ____D C:\830cba557848106e1a3afae1 2013-10-09 10:57 - 2013-10-09 10:57 - 00000000 ____D C:\Users\sandoz\Downloads\Korn - The Paradigm Shift [2013] 320 2013-10-09 08:44 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-09 08:44 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-10-09 08:44 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-10-09 08:44 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-10-09 08:44 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-10-09 08:44 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-10-09 08:44 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-10-09 08:44 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-10-09 08:44 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-10-09 08:44 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-10-09 08:44 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-09 08:44 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2013-10-09 08:44 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 08:43 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-09 08:43 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-09 08:43 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-09 08:43 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-09 08:43 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-09 08:43 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-09 08:43 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 08:43 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-09 08:43 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-09 08:43 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-09 08:43 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-09-12 09:51 - 2013-09-12 09:57 - 00009924 _____ C:\UsbFix.txt 2013-09-11 12:55 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2013-09-09 16:24 - 2013-09-09 16:33 - 00000000 ____D C:\Users\sandoz\Downloads\King Crimson- In The Court of the Crimson King [@320kbps] ==================== One Month Modified Files and Folders ======= 2013-10-09 20:25 - 2013-10-09 20:25 - 00000000 ____D C:\FRST 2013-10-09 20:14 - 2010-12-20 19:08 - 00000000 ____D C:\Users\sandoz\Documents\bezpieczeństwo 2013-10-09 20:12 - 2010-12-20 22:23 - 01973352 _____ C:\Windows\WindowsUpdate.log 2013-10-09 20:08 - 2010-01-13 03:47 - 00042526 _____ C:\ProgramData\nvModes.001 2013-10-09 20:08 - 2010-01-13 03:37 - 00042526 _____ C:\ProgramData\nvModes.dat 2013-10-09 20:04 - 2013-03-26 19:28 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-09 20:04 - 2010-08-01 12:57 - 07919917 _____ C:\FaceProv.log 2013-10-09 20:04 - 2010-01-15 01:00 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-10-09 20:04 - 2009-11-07 15:19 - 00000056 ___SH C:\_PartitionInfo 2013-10-09 20:04 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-09 20:04 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-09 20:04 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-09 19:43 - 2009-11-07 13:45 - 00000012 _____ C:\Windows\bthservsdp.dat 2013-10-09 19:43 - 2006-11-02 15:01 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-09 19:39 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing 2013-10-09 15:01 - 2011-05-26 21:26 - 00000000 ____D C:\Users\sandoz\AppData\Roaming\foobar2000 2013-10-09 14:48 - 2013-03-26 19:28 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-09 13:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-09 13:13 - 2009-11-07 12:52 - 00672140 _____ C:\Windows\system32\perfh015.dat 2013-10-09 13:13 - 2009-11-07 12:52 - 00130516 _____ C:\Windows\system32\perfc015.dat 2013-10-09 13:13 - 2006-11-02 12:33 - 01495264 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-09 13:05 - 2010-01-14 06:56 - 00102440 _____ C:\Windows\system32\ICAutoUpdate.log.bak 2013-10-09 13:05 - 2006-11-02 14:47 - 00414376 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-09 12:36 - 2013-10-09 12:36 - 00000306 _____ C:\Windows\PFRO.log 2013-10-09 12:36 - 2012-06-13 14:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 12:33 - 2009-11-07 14:25 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-09 12:29 - 2013-07-13 16:50 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 12:25 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-10-09 12:13 - 2013-10-09 12:08 - 00000000 ____D C:\830cba557848106e1a3afae1 2013-10-09 11:53 - 2013-05-10 13:01 - 00000000 ____D C:\Users\sandoz\Desktop\STUDIA 2013-10-09 11:45 - 2012-11-12 20:48 - 00000000 ____D C:\Users\sandoz\AppData\Roaming\uTorrent 2013-10-09 10:57 - 2013-10-09 10:57 - 00000000 ____D C:\Users\sandoz\Downloads\Korn - The Paradigm Shift [2013] 320 2013-10-07 15:08 - 2010-01-13 02:42 - 00000915 _____ C:\Users\sandoz\Desktop\Cyberlink Power2Go.lnk 2013-10-07 08:32 - 2012-05-08 11:43 - 00000000 ____D C:\Users\sandoz\Instalki gier 2013-10-07 08:27 - 2010-12-17 16:35 - 00000000 ____D C:\Windows\Minidump 2013-10-06 21:28 - 2012-04-19 14:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-06 21:28 - 2011-05-26 20:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-25 14:49 - 2013-06-28 01:38 - 00000000 ____D C:\Users\sandoz\AppData\Local\SKIDROW 2013-09-22 12:29 - 2013-10-09 12:22 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-22 12:22 - 2013-10-09 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-22 12:22 - 2013-10-09 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-22 12:14 - 2013-10-09 12:22 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-22 12:13 - 2013-10-09 12:22 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-22 12:13 - 2013-10-09 12:22 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-22 12:12 - 2013-10-09 12:22 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-22 12:09 - 2013-10-09 12:22 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-22 12:08 - 2013-10-09 12:22 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-22 12:07 - 2013-10-09 12:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-22 12:06 - 2013-10-09 12:22 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-22 12:05 - 2013-10-09 12:22 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-22 12:03 - 2013-10-09 12:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-22 12:03 - 2013-10-09 12:22 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-22 12:03 - 2013-10-09 12:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-22 11:59 - 2013-10-09 12:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-12 09:57 - 2013-09-12 09:51 - 00009924 _____ C:\UsbFix.txt 2013-09-12 09:57 - 2013-01-20 13:26 - 00007346 _____ C:\UsbFix_Upload_Me_SANDOZ.zip 2013-09-12 09:57 - 2012-08-13 13:18 - 00000000 ____D C:\UsbFix 2013-09-11 22:10 - 2010-01-29 07:41 - 00105472 _____ C:\Users\sandoz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-10 21:24 - 2012-03-06 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-09-09 16:33 - 2013-09-09 16:24 - 00000000 ____D C:\Users\sandoz\Downloads\King Crimson- In The Court of the Crimson King [@320kbps] Files to move or delete: ==================== C:\ProgramData\Start.exe Some content of TEMP: ==================== C:\Users\sandoz\AppData\Local\Temp\WindowsUpdateAgent30-x86.exe C:\Users\sandoz\AppData\Local\Temp\wtw-update.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-09 20:12 ==================== End Of Log ============================