Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2013 Ran by Czarek (administrator) on CZAREK-KOMPUTER on 27-12-2013 16:13:42 Running from D:\Pobrane Pliki Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (IObit) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Windows\System32\PnkBstrA.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (FNet Co., Ltd.) C:\Program Files\XFastUsb\XFastUsb.exe (Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Macrovision Europe Ltd.) C:\Users\Czarek\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Flux Software LLC) C:\Users\Czarek\AppData\Local\FluxSoftware\Flux\flux.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Czarek\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [XFastUsb] - C:\Program Files\XFastUsb\XFastUsb.exe [4942336 2012-05-22] (FNet Co., Ltd.) HKLM\...\Run: [CTSyncService] - C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd) HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd) HKLM\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [574296 2012-03-06] (IObit) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd) HKCU\...\Run: [Google Update] - C:\Users\Czarek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-06] (Google Inc.) HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-25] (AMD) HKCU\...\Run: [GG] - C:\Users\Czarek\AppData\Local\GG\Application\gghub.exe [4047424 2013-12-22] (GG Network S.A.) HKCU\...\Run: [f.lux] - C:\Users\Czarek\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKCU\...\Policies\system: [EnableLUA] 0 MountPoints2: {491e98fa-1908-11e1-984d-002522cc5546} - H:\autorun.exe MountPoints2: {50899814-adac-11e1-bfeb-002522cc5546} - G:\setup.exe ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKCU - {5D1B80C7-4EE2-4fad-AC00-87D50438DACC} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Czarek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 213.172.186.4 8.8.8.8 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Users\Czarek\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Czarek\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Czarek\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Unity Player) - C:\Users\Czarek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Google Update) - C:\Users\Czarek\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll No File CHR Extension: (Adblock Pro) - C:\Users\Czarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch\2.8_0 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-25] (Creative Labs) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel(R) Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2011-11-03] () R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.) R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-25] (Creative Labs) ==================== Drivers (Whitelisted) ==================== R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2011-10-26] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-06-03] (DT Soft Ltd) R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-11-14] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-25] (FNet Co., Ltd.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-10-26] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-29] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [126184 2013-05-29] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [107752 2013-05-29] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124648 2013-05-29] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61672 2013-05-29] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [106344 2013-05-29] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [287336 2013-05-29] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [161384 2013-05-29] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-29] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [230376 2013-05-29] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-29] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105704 2013-10-11] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175848 2013-10-11] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114920 2013-10-11] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [127720 2013-10-11] (Panda Security, S.L.) S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [97512 2013-10-11] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-11-27] () U3 adzmbb9v; C:\Windows\System32\Drivers\adzmbb9v.sys [0 ] (Advanced Micro Devices) S0 qibokemq; System32\drivers\ghnloyb.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-27 16:13 - 2013-12-27 16:13 - 00000000 ____D C:\FRST 2013-12-27 15:35 - 2013-12-27 15:35 - 00002728 _____ C:\Windows\PFRO.log 2013-12-27 15:35 - 2013-12-27 15:35 - 00000056 _____ C:\Windows\setupact.log 2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 _____ C:\Windows\setuperr.log 2013-12-27 15:34 - 2013-12-27 15:34 - 00003368 ____N C:\bootsqm.dat 2013-12-26 14:27 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2013-12-22 20:00 - 2013-12-22 21:06 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\TS3Client 2013-12-22 19:59 - 2013-12-22 19:59 - 00001120 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-12-22 19:59 - 2013-12-22 19:59 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-12-22 14:34 - 2013-12-22 14:34 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux 2013-12-22 14:34 - 2013-12-22 14:34 - 00000000 ____D C:\Users\Czarek\AppData\Local\FluxSoftware 2013-12-22 14:32 - 2013-12-22 17:54 - 00000000 ____D C:\Users\Czarek\AppData\Local\Mobogenie 2013-12-22 14:32 - 2013-12-22 17:53 - 00000000 ____D C:\Users\Czarek\AppData\Local\genienext 2013-12-22 14:32 - 2013-12-22 14:32 - 00000000 ____D C:\Users\Czarek\Documents\Mobogenie 2013-12-22 14:32 - 2013-12-22 14:32 - 00000000 ____D C:\Users\Czarek\.android 2013-12-22 14:32 - 2013-12-22 14:32 - 00000000 _____ C:\Users\Czarek\daemonprocess.txt 2013-12-22 14:31 - 2013-12-22 17:54 - 00000000 ____D C:\Program Files\Mobogenie 2013-12-21 00:44 - 2013-12-23 21:17 - 00000000 ____D C:\Users\Czarek\Documents\Euro Truck Simulator 2 2013-12-13 00:20 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-13 00:20 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-13 00:19 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-13 00:19 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-13 00:19 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-13 00:19 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-13 00:19 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-13 00:19 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-13 00:19 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-13 00:19 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-13 00:19 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-13 00:19 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-13 00:19 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-13 00:19 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-13 00:19 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-13 00:19 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-13 00:19 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-13 00:19 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-13 00:19 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-13 00:16 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-13 00:16 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 13:38 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 13:38 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 13:38 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 13:38 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 13:38 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 13:38 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 13:38 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 13:38 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 13:38 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 13:38 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 13:38 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-02 00:07 - 2013-12-27 15:16 - 55246848 _____ C:\Windows\system32\config\SOFTWARE.iobit 2013-12-02 00:07 - 2013-12-27 15:16 - 19947520 _____ C:\Windows\system32\config\SYSTEM.iobit 2013-12-02 00:07 - 2013-12-27 15:16 - 00389120 _____ C:\Windows\system32\config\DEFAULT.iobit 2013-12-02 00:07 - 2013-12-27 15:16 - 00069632 _____ C:\Windows\system32\config\SAM.iobit 2013-12-02 00:07 - 2013-12-27 15:16 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit ==================== One Month Modified Files and Folders ======= 2013-12-27 16:13 - 2013-12-27 16:13 - 00000000 ____D C:\FRST 2013-12-27 16:02 - 2012-12-06 20:08 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938636079-2743700497-1177568648-1000UA.job 2013-12-27 15:59 - 2011-10-25 16:51 - 01870050 _____ C:\Windows\WindowsUpdate.log 2013-12-27 15:57 - 2009-07-14 05:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-27 15:57 - 2009-07-14 05:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-27 15:48 - 2011-10-25 19:01 - 00000000 ____D C:\Users\Czarek\Downloads\Programy- instalki 2013-12-27 15:48 - 2011-10-25 17:12 - 00000000 ____D C:\Users\Czarek\Desktop\System 2013-12-27 15:39 - 2011-10-25 16:55 - 01670590 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-27 15:39 - 2009-07-14 09:07 - 00740438 _____ C:\Windows\system32\perfh015.dat 2013-12-27 15:39 - 2009-07-14 09:07 - 00156012 _____ C:\Windows\system32\perfc015.dat 2013-12-27 15:36 - 2013-07-08 09:37 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\GG 2013-12-27 15:35 - 2013-12-27 15:35 - 00002728 _____ C:\Windows\PFRO.log 2013-12-27 15:35 - 2013-12-27 15:35 - 00000056 _____ C:\Windows\setupact.log 2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 _____ C:\Windows\setuperr.log 2013-12-27 15:35 - 2012-07-13 12:16 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-12-27 15:35 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-27 15:34 - 2013-12-27 15:34 - 00003368 ____N C:\bootsqm.dat 2013-12-27 15:21 - 2012-04-27 17:50 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-27 15:16 - 2013-12-02 00:07 - 55246848 _____ C:\Windows\system32\config\SOFTWARE.iobit 2013-12-27 15:16 - 2013-12-02 00:07 - 19947520 _____ C:\Windows\system32\config\SYSTEM.iobit 2013-12-27 15:16 - 2013-12-02 00:07 - 00389120 _____ C:\Windows\system32\config\DEFAULT.iobit 2013-12-27 15:16 - 2013-12-02 00:07 - 00069632 _____ C:\Windows\system32\config\SAM.iobit 2013-12-27 15:16 - 2013-12-02 00:07 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit 2013-12-27 15:16 - 2012-05-04 11:05 - 32284672 _____ C:\Windows\system32\config\COMPONENTS.iobit 2013-12-27 15:16 - 2011-10-25 16:51 - 00000000 ____D C:\Users\Czarek 2013-12-27 15:15 - 2013-03-22 12:46 - 00000000 ____D C:\Users\Czarek\AppData\Local\Sony 2013-12-27 15:14 - 2009-07-14 09:28 - 00000000 ____D C:\Windows\ShellNew 2013-12-27 14:08 - 2013-10-13 16:09 - 00000000 ____D C:\Users\Czarek\AppData\Local\PMB Files 2013-12-27 12:56 - 2013-10-13 16:09 - 00000000 ____D C:\ProgramData\PMB Files 2013-12-26 18:02 - 2012-12-06 20:08 - 00001010 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938636079-2743700497-1177568648-1000Core.job 2013-12-25 19:26 - 2011-10-26 16:25 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\DAEMON Tools Lite 2013-12-23 21:17 - 2013-12-21 00:44 - 00000000 ____D C:\Users\Czarek\Documents\Euro Truck Simulator 2 2013-12-23 11:23 - 2013-07-08 09:37 - 00000000 ____D C:\Users\Czarek\AppData\Local\GG 2013-12-22 22:18 - 2011-10-25 18:56 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Skype 2013-12-22 21:06 - 2013-12-22 20:00 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\TS3Client 2013-12-22 19:59 - 2013-12-22 19:59 - 00001120 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-12-22 19:59 - 2013-12-22 19:59 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-12-22 19:58 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public 2013-12-22 17:54 - 2013-12-22 14:32 - 00000000 ____D C:\Users\Czarek\AppData\Local\Mobogenie 2013-12-22 17:54 - 2013-12-22 14:31 - 00000000 ____D C:\Program Files\Mobogenie 2013-12-22 17:53 - 2013-12-22 14:32 - 00000000 ____D C:\Users\Czarek\AppData\Local\genienext 2013-12-22 14:34 - 2013-12-22 14:34 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux 2013-12-22 14:34 - 2013-12-22 14:34 - 00000000 ____D C:\Users\Czarek\AppData\Local\FluxSoftware 2013-12-22 14:32 - 2013-12-22 14:32 - 00000000 ____D C:\Users\Czarek\Documents\Mobogenie 2013-12-22 14:32 - 2013-12-22 14:32 - 00000000 ____D C:\Users\Czarek\.android 2013-12-22 14:32 - 2013-12-22 14:32 - 00000000 _____ C:\Users\Czarek\daemonprocess.txt 2013-12-22 14:32 - 2012-01-24 21:35 - 00000000 ____D C:\Users\Czarek\AppData\Local\cache 2013-12-22 13:48 - 2011-10-26 21:26 - 00000000 ____D C:\Users\Czarek\AppData\Local\CrashDumps 2013-12-21 00:40 - 2013-09-03 17:32 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-13 21:39 - 2011-12-11 20:07 - 00000000 ___RD C:\Users\Czarek\Desktop\Programy 2013-12-13 21:21 - 2011-10-25 19:06 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Media Player Classic 2013-12-13 18:27 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2013-12-13 08:06 - 2009-07-14 05:33 - 00344832 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-13 08:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\pl-PL 2013-12-13 00:18 - 2013-07-16 23:56 - 00000000 ____D C:\Windows\system32\MRT 2013-12-13 00:17 - 2011-10-25 18:14 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-11 21:40 - 2009-07-14 05:53 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-11 15:23 - 2012-04-27 17:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-11 15:23 - 2011-10-25 17:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-01 00:06 - 2011-10-25 19:12 - 00000000 ____D C:\Users\Czarek\AppData\Roaming\Winamp 2013-11-29 17:41 - 2012-01-31 14:14 - 00000000 ____D C:\Program Files\JDownloader Files to move or delete: ==================== C:\Users\Czarek\TWEE_Upgrade.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-20 13:28 ==================== End Of Log ============================