Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 ([color=red]ATTENTION: ====> FRST version is 26 days old and could be outdated[/color]) Ran by H&M (administrator) on HMLAPTOP on 08-04-2014 20:18:38 Running from C:\Users\H&M\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Intel Corporation) C:\windows\system32\igfxext.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Intel Corporation) C:\windows\system32\hkcmd.exe (Intel Corporation) C:\windows\system32\igfxpers.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-392818877-1939927122-1532879338-1001\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-392818877-1939927122-1532879338-1001\...\MountPoints2: {d3c816ea-1966-11e2-b8a5-e8039a9acd4d} - F:\LGAutoRun.exe AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ALLYouTubeDownloader - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\H&M\AppData\Roaming\Mozilla\Firefox\Profiles\g9dxpk7r.default-1396979634597 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\H&M\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-10-06] ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET) S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-03-26] (Windows (R) 2003 DDK 3790 provider) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation) S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [116264 2009-05-25] (MCCI Corporation) S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [19496 2009-05-25] (MCCI Corporation) S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [158760 2009-05-25] (MCCI Corporation) S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation) S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [34856 2009-05-25] (MCCI Corporation) S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [135208 2009-05-25] (MCCI Corporation) S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [151592 2009-05-25] (MCCI Corporation) R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-08 20:18 - 2014-04-08 20:19 - 00012093 _____ () C:\Users\H&M\Desktop\FRST.txt 2014-04-08 20:08 - 2014-04-08 20:10 - 00000000 ____D () C:\AdwCleaner 2014-04-08 20:06 - 2014-04-08 20:06 - 01426178 _____ () C:\Users\H&M\Desktop\adwcleaner.exe 2014-04-08 19:54 - 2014-04-08 19:54 - 00000000 ____D () C:\Users\H&M\Desktop\Stare dane programu Firefox 2014-04-08 19:52 - 2014-04-08 20:14 - 00000000 ____D () C:\Users\H&M\AppData\Local\CrashDumps 2014-04-07 00:27 - 2014-04-08 19:49 - 00000000 ____D () C:\Users\H&M\Desktop\skanery 2014-04-06 23:47 - 2014-04-06 23:47 - 00010752 ___SH () C:\Users\H&M\Desktop\Thumbs.db 2014-04-06 23:04 - 2014-04-08 20:18 - 00000000 ____D () C:\FRST 2014-04-06 23:00 - 2014-04-06 23:01 - 02157056 _____ (Farbar) C:\Users\H&M\Desktop\FRST64.exe 2014-04-06 21:05 - 2014-04-06 21:06 - 01059840 _____ () C:\Users\H&M\Downloads\MicrosoftFixit50981(1).msi 2014-04-06 21:04 - 2014-04-06 21:04 - 00353101 _____ () C:\Users\H&M\Downloads\MicrosoftFixit20084.mini.diagcab 2014-04-06 21:03 - 2014-04-06 21:04 - 01059840 _____ () C:\Users\H&M\Downloads\MicrosoftFixit50981.msi 2014-04-04 23:42 - 2014-04-04 23:42 - 03014144 _____ () C:\Users\H&M\Downloads\Wywiad_z_Bogiem.pps 2014-04-04 23:41 - 2014-04-04 23:41 - 04895744 _____ () C:\Users\H&M\Downloads\KAWUSIA.pps 2014-04-04 23:41 - 2014-04-04 23:41 - 04444672 _____ () C:\Users\H&M\Downloads\KAWA_LUWAK.pps 2014-03-30 14:59 - 2014-03-30 14:59 - 10874880 _____ () C:\Users\H&M\Downloads\02_10_Naród niepokonany_A_K.pps 2014-03-30 14:36 - 2014-04-06 21:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 13:37 - 2014-03-30 13:37 - 00053448 _____ () C:\Users\H&M\Downloads\all.htm 2014-03-16 01:23 - 2014-03-16 01:23 - 00018432 _____ () C:\Users\H&M\Downloads\lib.dll 2014-03-16 01:23 - 2014-03-16 01:23 - 00000000 ____D () C:\Users\H&M\Downloads\Pobrane 2014-03-16 01:22 - 2014-03-16 01:22 - 02345472 _____ () C:\Users\H&M\Downloads\Filefinder.exe 2014-03-13 00:06 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-03-13 00:06 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-03-13 00:06 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-13 00:06 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-03-13 00:06 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-03-13 00:06 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-03-13 00:06 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-03-13 00:06 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-13 00:06 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-13 00:06 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-03-13 00:06 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-03-13 00:06 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-03-13 00:06 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-13 00:06 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-03-13 00:06 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-03-13 00:06 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-13 00:06 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-03-13 00:06 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-03-13 00:06 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-03-13 00:06 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-03-13 00:06 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-13 00:06 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-13 00:06 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-03-13 00:06 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-13 00:06 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-13 00:06 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-13 00:06 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-13 00:06 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-03-13 00:05 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-13 00:05 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-03-13 00:05 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-03-13 00:05 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-03-13 00:05 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-03-13 00:05 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-03-13 00:05 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-03-13 00:05 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-13 00:05 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-13 00:05 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-03-13 00:05 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-13 00:05 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-12 23:38 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-03-12 23:38 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-03-12 23:38 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll 2014-03-12 23:38 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll 2014-03-12 23:38 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2014-03-12 23:37 - 2014-03-12 23:37 - 00000000 ____D () C:\ProgramData\ESET 2014-03-12 23:37 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-03-12 23:37 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-03-12 23:37 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-03-09 12:21 - 2014-03-09 12:21 - 00000000 ____D () C:\Users\H&M\Documents\Anvsoft 2014-03-09 12:21 - 2014-03-09 12:21 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\AnvsoftPdfTools 2014-03-09 12:21 - 2014-03-09 12:21 - 00000000 ____D () C:\Program Files (x86)\AnvSoft ==================== One Month Modified Files and Folders ======= 2014-04-08 20:19 - 2014-04-08 20:18 - 00012093 _____ () C:\Users\H&M\Desktop\FRST.txt 2014-04-08 20:18 - 2014-04-06 23:04 - 00000000 ____D () C:\FRST 2014-04-08 20:17 - 2012-01-10 06:18 - 00740688 _____ () C:\windows\system32\perfh015.dat 2014-04-08 20:17 - 2012-01-10 06:18 - 00156230 _____ () C:\windows\system32\perfc015.dat 2014-04-08 20:17 - 2009-07-14 07:13 - 01670590 _____ () C:\windows\system32\PerfStringBackup.INI 2014-04-08 20:14 - 2014-04-08 19:52 - 00000000 ____D () C:\Users\H&M\AppData\Local\CrashDumps 2014-04-08 20:12 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-04-08 20:12 - 2009-07-14 06:51 - 00113829 _____ () C:\windows\setupact.log 2014-04-08 20:11 - 2012-01-10 06:35 - 01480042 _____ () C:\windows\WindowsUpdate.log 2014-04-08 20:10 - 2014-04-08 20:08 - 00000000 ____D () C:\AdwCleaner 2014-04-08 20:07 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-08 20:07 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-08 20:06 - 2014-04-08 20:06 - 01426178 _____ () C:\Users\H&M\Desktop\adwcleaner.exe 2014-04-08 19:54 - 2014-04-08 19:54 - 00000000 ____D () C:\Users\H&M\Desktop\Stare dane programu Firefox 2014-04-08 19:49 - 2014-04-07 00:27 - 00000000 ____D () C:\Users\H&M\Desktop\skanery 2014-04-07 22:41 - 2012-01-09 13:51 - 00000000 ____D () C:\ProgramData\WildTangent 2014-04-07 00:28 - 2012-08-07 18:46 - 00000000 ___RD () C:\Users\H&M\Desktop\Pulpit skróty 2014-04-06 23:47 - 2014-04-06 23:47 - 00010752 ___SH () C:\Users\H&M\Desktop\Thumbs.db 2014-04-06 23:01 - 2014-04-06 23:00 - 02157056 _____ (Farbar) C:\Users\H&M\Desktop\FRST64.exe 2014-04-06 21:40 - 2014-03-30 14:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-06 21:40 - 2014-02-28 20:57 - 00000000 ____D () C:\Users\H&M\AppData\Local\Unity 2014-04-06 21:40 - 2014-02-19 17:58 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\Angry Birds Breakfast 2 2014-04-06 21:40 - 2014-02-19 17:57 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds Breakfast 2 2014-04-06 21:40 - 2014-02-19 17:50 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds Breakfast 1 2014-04-06 21:40 - 2014-02-19 17:50 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\Angry Birds Breakfast 1 2014-04-06 21:40 - 2014-01-14 22:52 - 00000000 ___SD () C:\Users\H&M\GG dysk 2014-04-06 21:40 - 2014-01-14 22:51 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\GG 2014-04-06 21:40 - 2013-10-08 15:19 - 00000000 ____D () C:\Users\H&M 2014-04-06 21:40 - 2013-03-24 14:31 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\ipla 2014-04-06 21:40 - 2013-03-24 14:30 - 00000000 ____D () C:\Program Files (x86)\ipla 2014-04-06 21:40 - 2013-03-17 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-06 21:40 - 2013-03-17 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-06 21:40 - 2013-02-09 23:46 - 00000000 ___RD () C:\Users\H&M\Desktop\w995 2014-04-06 21:40 - 2012-12-31 11:00 - 00000000 ____D () C:\Users\H&M\Desktop\MyPhoneExplorer portable 2014-04-06 21:40 - 2012-10-18 23:35 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\LG Electronics 2014-04-06 21:40 - 2012-09-25 21:57 - 00000000 ____D () C:\Users\H&M\AppData\Local\ChomikBox 2014-04-06 21:40 - 2012-08-11 13:25 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\vlc 2014-04-06 21:40 - 2012-08-11 10:56 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\AIMP 2014-04-06 21:40 - 2012-08-04 23:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-06 21:40 - 2012-01-10 05:58 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-04-06 21:40 - 2012-01-09 13:58 - 00000000 ____D () C:\ProgramData\WinClon 2014-04-06 21:40 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat 2014-04-06 21:39 - 2012-08-04 23:26 - 00000000 ____D () C:\windows\system32\Macromed 2014-04-06 21:39 - 2012-01-09 13:51 - 00000000 ____D () C:\windows\SysWOW64\Macromed 2014-04-06 21:39 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-04-06 21:39 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration 2014-04-06 21:39 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\L2Schemas 2014-04-06 21:06 - 2014-04-06 21:05 - 01059840 _____ () C:\Users\H&M\Downloads\MicrosoftFixit50981(1).msi 2014-04-06 21:04 - 2014-04-06 21:04 - 00353101 _____ () C:\Users\H&M\Downloads\MicrosoftFixit20084.mini.diagcab 2014-04-06 21:04 - 2014-04-06 21:03 - 01059840 _____ () C:\Users\H&M\Downloads\MicrosoftFixit50981.msi 2014-04-04 23:42 - 2014-04-04 23:42 - 03014144 _____ () C:\Users\H&M\Downloads\Wywiad_z_Bogiem.pps 2014-04-04 23:41 - 2014-04-04 23:41 - 04895744 _____ () C:\Users\H&M\Downloads\KAWUSIA.pps 2014-04-04 23:41 - 2014-04-04 23:41 - 04444672 _____ () C:\Users\H&M\Downloads\KAWA_LUWAK.pps 2014-03-30 18:34 - 2013-03-24 14:31 - 00000000 ____D () C:\ProgramData\ipla 2014-03-30 14:59 - 2014-03-30 14:59 - 10874880 _____ () C:\Users\H&M\Downloads\02_10_Naród niepokonany_A_K.pps 2014-03-30 13:37 - 2014-03-30 13:37 - 00053448 _____ () C:\Users\H&M\Downloads\all.htm 2014-03-24 23:55 - 2014-02-01 23:06 - 00000000 ____D () C:\Users\H&M\Desktop\Książki 2014-03-18 22:35 - 2013-08-08 23:03 - 00000000 ____D () C:\windows\system32\MRT 2014-03-18 22:32 - 2012-08-07 17:14 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-03-16 02:10 - 2013-09-07 23:36 - 00000000 ____D () C:\Users\H&M\Desktop\Nowy folder 2014-03-16 02:09 - 2013-03-17 12:55 - 00000000 ____D () C:\Users\H&M\Desktop\muza 2k13 2014-03-16 02:00 - 2013-08-17 23:06 - 00000000 ____D () C:\Program Files\Recuva 2014-03-16 01:23 - 2014-03-16 01:23 - 00018432 _____ () C:\Users\H&M\Downloads\lib.dll 2014-03-16 01:23 - 2014-03-16 01:23 - 00000000 ____D () C:\Users\H&M\Downloads\Pobrane 2014-03-16 01:22 - 2014-03-16 01:22 - 02345472 _____ () C:\Users\H&M\Downloads\Filefinder.exe 2014-03-13 22:22 - 2009-07-14 06:45 - 00287672 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-12 23:37 - 2014-03-12 23:37 - 00000000 ____D () C:\ProgramData\ESET 2014-03-09 12:21 - 2014-03-09 12:21 - 00000000 ____D () C:\Users\H&M\Documents\Anvsoft 2014-03-09 12:21 - 2014-03-09 12:21 - 00000000 ____D () C:\Users\H&M\AppData\Roaming\AnvsoftPdfTools 2014-03-09 12:21 - 2014-03-09 12:21 - 00000000 ____D () C:\Program Files (x86)\AnvSoft Some content of TEMP: ==================== C:\Users\H&M\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-22 23:54 ==================== End Of Log ============================