Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Michal0z (administrator) on MICHAL0Z-KOMP on 02-04-2014 21:57:25 Running from E:\Z Seagate\PORZĄDKOWANIE\KONSERWACJA SYSTEMU\FRST Windows 7 Ultimate (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1468797941-644744347-2243216756-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-1468797941-644744347-2243216756-1000\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-09-18] (AMD) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Michal0z\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-1468797941-644744347-2243216756-1000\FireFox FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @live.heroesandgenerals.com/npretox - F:\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Michal0z\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Michal0z\AppData\Local\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Michal0z\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS) FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-11-27] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-11-27] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-11-27] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-11-27] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-11-27] Chrome: ======= CHR Extension: (Dokumenty Google) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11] CHR Extension: (Dysk Google) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11] CHR Extension: (Ultimate YouTube Downloader) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop [2013-11-11] CHR Extension: (YouTube) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11] CHR Extension: (Szukaj w Google) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11] CHR Extension: (Kaspersky URL Advisor) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-11-11] CHR Extension: (Blokada zawartości) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-11-11] CHR Extension: (Klawiatura wirtualna) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-11-11] CHR Extension: (Google Wallet) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11] CHR Extension: (Gmail) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11] CHR Extension: (Blokowanie banerów) - C:\Users\Michal0z\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-26] () S3 BITCOMET_HELPER_SERVICE; F:\BitTorrent\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.) S3 OverwolfUpdaterService; E:\Overwolf\OverwolfUpdater.exe [98560 2014-02-16] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-01] () R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-06-30] () R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-06-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-11] (Kaspersky Lab ZAO) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-06-30] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] () S3 rt61x64; C:\Windows\System32\DRIVERS\WMP54Gv41x64.sys [362496 2007-06-26] (Ralink Technology Inc.) S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [63520 2009-09-18] (Siano) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-10-15] (Oracle Corporation) S3 ALSysIO; \??\C:\Users\Michal0z\AppData\Local\Temp\ALSysIO64.sys [X] S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-02 21:55 - 2014-04-02 21:57 - 00000000 ____D () C:\FRST 2014-04-01 12:05 - 2014-04-01 12:05 - 00166713 _____ () C:\Users\Michal0z\Desktop\LOG-MICHAL0Z.rar 2014-04-01 12:04 - 2014-04-01 12:04 - 00170167 _____ () C:\Users\Michal0z\Desktop\LOGI-MICHAL0Z.zip 2014-04-01 11:31 - 2014-04-01 11:33 - 00024765 _____ () C:\Users\Michal0z\Desktop\log2 - WOT.CSV 2014-04-01 11:22 - 2014-04-01 11:29 - 00082662 _____ () C:\Users\Michal0z\Desktop\log2 - minecraft.CSV 2014-04-01 11:10 - 2014-04-01 11:15 - 00060393 _____ () C:\Users\Michal0z\Desktop\log2 - l4d2.CSV 2014-04-01 10:05 - 2014-04-02 11:14 - 00000280 _____ () C:\Windows\setupact.log 2014-04-01 10:05 - 2014-04-01 10:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-01 01:12 - 2014-04-01 12:05 - 00003829 _____ () C:\Users\Michal0z\Desktop\Nowy dokument tekstowy (2).TXT 2014-04-01 00:48 - 2014-04-01 00:49 - 00013639 _____ () C:\Users\Michal0z\Desktop\log1 - Tomb Raider (menu).CSV 2014-03-30 19:48 - 2014-04-02 13:51 - 00005343 _____ () C:\Users\Michal0z\Documents\TombRaider.log 2014-03-29 13:06 - 2014-03-29 13:06 - 00000682 _____ () C:\Users\Michal0z\Desktop\CABAL Online (Europe).lnk 2014-03-29 01:01 - 2014-03-29 01:01 - 00000000 _____ () C:\Users\Michal0z\Desktop\adwcleaner.exe 2014-03-25 20:01 - 2014-03-25 23:47 - 00000066 _____ () C:\Users\Michal0z\Desktop\muzyka-hotmixr80.txt 2014-03-20 19:24 - 2014-03-20 19:24 - 00187414 _____ () C:\Users\Michal0z\Documents\ts3_clientui-win32-1380283653-2014-03-20 18_24_34.086933.dmp 2014-03-19 22:58 - 2014-03-19 22:58 - 00000583 _____ () C:\Users\Public\Desktop\Medieval CUE Splitter.lnk 2014-03-16 00:36 - 2014-03-16 00:36 - 00000124 _____ () C:\Users\Michal0z\Desktop\proste_oglo.FILE 2014-03-16 00:29 - 2014-03-16 00:29 - 00000355 _____ () C:\Users\Michal0z\Desktop\przydatnef.FILE 2014-03-14 19:12 - 2014-03-14 19:12 - 00001102 _____ () C:\Users\Michal0z\Desktop\miejsca.FILE 2014-03-12 23:27 - 2014-03-12 23:26 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-03-12 23:27 - 2014-03-12 23:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-03-12 23:27 - 2014-03-12 23:26 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-03-12 23:27 - 2014-03-12 23:26 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-03-12 23:26 - 2014-03-12 23:26 - 00000000 ____D () C:\Program Files\Java 2014-03-12 22:43 - 2014-03-12 23:27 - 00000000 ____D () C:\ProgramData\Oracle 2014-03-12 22:43 - 2014-03-12 22:43 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-12 22:43 - 2014-03-12 22:43 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-12 12:35 - 2014-03-12 12:35 - 00001204 _____ () C:\Users\Michal0z\Desktop\LazyNewbPack [0.34.11] [V15] — skrót.lnk 2014-03-10 23:49 - 2014-03-10 23:49 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-03-10 23:49 - 2014-03-10 23:48 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll 2014-03-10 23:48 - 2014-03-10 23:48 - 00061440 _____ () C:\Windows\SysWOW64\nvPhotoshopUtil.dll 2014-03-10 23:48 - 2014-03-10 23:48 - 00040960 _____ () C:\Windows\SysWOW64\nvISWOW64.dll 2014-03-04 22:56 - 2014-03-09 02:04 - 00000000 ____D () C:\Users\Michal0z\AppData\Roaming\FEZ 2014-03-04 22:56 - 2014-03-04 15:46 - 00012005 _____ () C:\Users\Michal0z\AppData\Roaming\alsoft.ini 2014-03-03 20:45 - 2014-03-03 20:45 - 00194150 _____ () C:\Users\Michal0z\Documents\ts3_clientui-win32-1380283653-2014-03-03 19_45_13.991058.dmp ==================== One Month Modified Files and Folders ======= 2014-04-02 21:57 - 2014-04-02 21:55 - 00000000 ____D () C:\FRST 2014-04-02 21:54 - 2009-07-14 06:45 - 00005872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-02 21:54 - 2009-07-14 06:45 - 00005872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-02 20:51 - 2012-11-27 21:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-02 13:51 - 2014-03-30 19:48 - 00005343 _____ () C:\Users\Michal0z\Documents\TombRaider.log 2014-04-02 13:00 - 2012-08-21 11:54 - 00000000 ____D () C:\Users\Michal0z\AppData\Roaming\vlc 2014-04-02 11:14 - 2014-04-01 10:05 - 00000280 _____ () C:\Windows\setupact.log 2014-04-02 10:25 - 2012-06-03 19:24 - 01678178 _____ () C:\Windows\WindowsUpdate.log 2014-04-02 10:25 - 2009-07-14 19:55 - 00804190 _____ () C:\Windows\system32\perfh015.dat 2014-04-02 10:25 - 2009-07-14 19:55 - 00182166 _____ () C:\Windows\system32\perfc015.dat 2014-04-02 10:25 - 2009-07-14 07:13 - 01839188 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-02 10:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-01 23:06 - 2013-08-15 11:59 - 00000000 ____D () C:\ProgramData\Origin 2014-04-01 12:05 - 2014-04-01 12:05 - 00166713 _____ () C:\Users\Michal0z\Desktop\LOG-MICHAL0Z.rar 2014-04-01 12:05 - 2014-04-01 01:12 - 00003829 _____ () C:\Users\Michal0z\Desktop\Nowy dokument tekstowy (2).TXT 2014-04-01 12:05 - 2012-07-01 22:01 - 25134080 ___SH () C:\Users\Michal0z\Desktop\Thumbs.db 2014-04-01 12:04 - 2014-04-01 12:04 - 00170167 _____ () C:\Users\Michal0z\Desktop\LOGI-MICHAL0Z.zip 2014-04-01 11:33 - 2014-04-01 11:31 - 00024765 _____ () C:\Users\Michal0z\Desktop\log2 - WOT.CSV 2014-04-01 11:29 - 2014-04-01 11:22 - 00082662 _____ () C:\Users\Michal0z\Desktop\log2 - minecraft.CSV 2014-04-01 11:15 - 2014-04-01 11:10 - 00060393 _____ () C:\Users\Michal0z\Desktop\log2 - l4d2.CSV 2014-04-01 10:05 - 2014-04-01 10:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-01 00:49 - 2014-04-01 00:48 - 00013639 _____ () C:\Users\Michal0z\Desktop\log1 - Tomb Raider (menu).CSV 2014-04-01 00:39 - 2012-06-03 19:09 - 00000000 ____D () C:\Users\Michal0z\AppData\Roaming\uTorrent 2014-03-31 23:46 - 2012-06-04 19:16 - 01810858 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-31 19:17 - 2014-02-11 21:27 - 00000000 ____D () C:\Users\Michal0z\Documents\Euro Truck Simulator 2 2014-03-31 17:14 - 2012-07-08 12:33 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-31 17:14 - 2012-07-08 12:33 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-31 11:48 - 2012-07-08 12:33 - 00004050 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-31 11:48 - 2012-07-08 12:33 - 00003798 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-30 21:01 - 2013-08-15 15:36 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-03-30 21:01 - 2013-08-15 14:48 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-03-30 20:58 - 2013-08-16 12:29 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-03-30 01:32 - 2012-08-22 14:40 - 00000000 ____D () C:\Users\Michal0z\AppData\Local\Overwolf 2014-03-29 13:06 - 2014-03-29 13:06 - 00000682 _____ () C:\Users\Michal0z\Desktop\CABAL Online (Europe).lnk 2014-03-29 01:01 - 2014-03-29 01:01 - 00000000 _____ () C:\Users\Michal0z\Desktop\adwcleaner.exe 2014-03-25 23:47 - 2014-03-25 20:01 - 00000066 _____ () C:\Users\Michal0z\Desktop\muzyka-hotmixr80.txt 2014-03-24 19:57 - 2012-06-09 21:22 - 00000000 ____D () C:\Users\Michal0z\dwhelper 2014-03-24 15:53 - 2012-06-03 13:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-24 15:20 - 2012-06-12 18:31 - 00007649 _____ () C:\Users\Michal0z\AppData\Local\Resmon.ResmonCfg 2014-03-22 16:50 - 2012-08-19 18:13 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-03-22 15:01 - 2012-06-03 15:06 - 00000000 ____D () C:\Users\Michal0z\Documents\My Games 2014-03-21 14:51 - 2012-12-18 03:02 - 00000132 _____ () C:\Users\Michal0z\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe 2014-03-21 00:46 - 2013-06-17 20:19 - 00000000 ____D () C:\Users\Michal0z\AppData\Local\The Witcher 2014-03-20 22:42 - 2014-02-17 19:27 - 00000023 _____ () C:\Users\Michal0z\Desktop\Nowy dokument tekstowy.TXT 2014-03-20 19:24 - 2014-03-20 19:24 - 00187414 _____ () C:\Users\Michal0z\Documents\ts3_clientui-win32-1380283653-2014-03-20 18_24_34.086933.dmp 2014-03-20 12:46 - 2012-06-09 21:47 - 00000000 ____D () C:\Users\Michal0z\AppData\Roaming\Mp3tag 2014-03-19 22:58 - 2014-03-19 22:58 - 00000583 _____ () C:\Users\Public\Desktop\Medieval CUE Splitter.lnk 2014-03-16 21:19 - 2013-08-15 14:48 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-03-16 00:36 - 2014-03-16 00:36 - 00000124 _____ () C:\Users\Michal0z\Desktop\proste_oglo.FILE 2014-03-16 00:29 - 2014-03-16 00:29 - 00000355 _____ () C:\Users\Michal0z\Desktop\przydatnef.FILE 2014-03-14 19:12 - 2014-03-14 19:12 - 00001102 _____ () C:\Users\Michal0z\Desktop\miejsca.FILE 2014-03-12 23:27 - 2014-03-12 22:43 - 00000000 ____D () C:\ProgramData\Oracle 2014-03-12 23:26 - 2014-03-12 23:27 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-03-12 23:26 - 2014-03-12 23:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-03-12 23:26 - 2014-03-12 23:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-03-12 23:26 - 2014-03-12 23:27 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-03-12 23:26 - 2014-03-12 23:26 - 00000000 ____D () C:\Program Files\Java 2014-03-12 23:24 - 2012-08-14 12:17 - 00000000 ____D () C:\Program Files (x86)\Java 2014-03-12 22:43 - 2014-03-12 22:43 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-12 22:43 - 2014-03-12 22:43 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-12 22:43 - 2012-08-14 12:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-12 22:43 - 2012-08-14 12:17 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-12 21:59 - 2013-06-12 16:35 - 00000000 ____D () C:\Users\Michal0z\AppData\Roaming\.minecraft 2014-03-12 21:29 - 2013-06-12 21:25 - 02126350 _____ () C:\Users\Michal0z\Desktop\FTB_Launcher.exe 2014-03-12 12:35 - 2014-03-12 12:35 - 00001204 _____ () C:\Users\Michal0z\Desktop\LazyNewbPack [0.34.11] [V15] — skrót.lnk 2014-03-10 23:49 - 2014-03-10 23:49 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-03-10 23:48 - 2014-03-10 23:49 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll 2014-03-10 23:48 - 2014-03-10 23:48 - 00061440 _____ () C:\Windows\SysWOW64\nvPhotoshopUtil.dll 2014-03-10 23:48 - 2014-03-10 23:48 - 00040960 _____ () C:\Windows\SysWOW64\nvISWOW64.dll 2014-03-09 02:04 - 2014-03-04 22:56 - 00000000 ____D () C:\Users\Michal0z\AppData\Roaming\FEZ 2014-03-05 23:28 - 2013-07-03 20:03 - 00000000 ____D () C:\Users\Public\Documents\Jagged Alliance - Back in Action 2014-03-05 18:44 - 2014-02-28 16:46 - 00009813 _____ () C:\Users\Michal0z\Desktop\server.log 2014-03-04 15:46 - 2014-03-04 22:56 - 00012005 _____ () C:\Users\Michal0z\AppData\Roaming\alsoft.ini 2014-03-03 20:45 - 2014-03-03 20:45 - 00194150 _____ () C:\Users\Michal0z\Documents\ts3_clientui-win32-1380283653-2014-03-03 19_45_13.991058.dmp ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 17:25 ==================== End Of Log ============================