Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by oem (administrator) on OEM-KOMPUTER on 18-05-2014 13:08:16 Running from D:\Pobierane Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Firebird Project) C:\Program Files (x86)\ZasobyPL\Firebird2_1_PRUSZYNSKI\bin\fbguard.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Firebird Project) C:\Program Files (x86)\ZasobyPL\Firebird2_1_PRUSZYNSKI\bin\fbserver.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) D:\Program files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X] HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-178726868-3365838391-836067975-1000\...\Run: [Google Update] => C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.) HKU\S-1-5-21-178726868-3365838391-836067975-1000\...\MountPoints2: {8d0c4ebd-9460-11e0-a1d2-50e549302b2f} - G:\Startme.exe HKU\S-1-5-21-178726868-3365838391-836067975-1000\...\MountPoints2: {d965dab4-7b97-11e0-bf0a-806e6f6e6963} - F:\Prawko.exe HKU\S-1-5-21-178726868-3365838391-836067975-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\oem\AppData\Local\{6ac2c385-67cc-1eac-dbda-09cfdcfa762c}\n. ATTENTION! ====> ZeroAccess/Alureon? AppInit_DLLs: D:\PROGRA~1\KASPER~1\x64\sbhook64.dll => D:\PROGRA~1\KASPER~1\x64\sbhook64.dll File Not Found AppInit_DLLs: ,D:\PROGRA~1\KASPER~1\x64\kloehk.dll => D:\PROGRA~1\KASPER~1\x64\kloehk.dll File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=122 SearchScopes: HKCU - {A879EBF5-F68E-4492-9BAD-08C2DC599E3D} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx Tcpip\Parameters: [DhcpNameServer] 87.204.204.204 62.233.233.233 FireFox: ======== FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\065m77v5.default FF Homepage: hxxp://www.onet.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - D:\Program files\Adobe reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\oem\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\oem\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Extension: WOT - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\065m77v5.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: Ciuvo - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\065m77v5.default\Extensions\extension@ciuvo.com.xpi [2013-01-24] FF Extension: Easy YouTube to MP3 Converter - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\065m77v5.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi [2013-08-31] FF Extension: FastestFox - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\065m77v5.default\Extensions\smarterwiki@wikiatic.com.xpi [2013-01-24] FF Extension: YouTube to MP3 - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\065m77v5.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-08-31] FF Extension: Flagfox - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\065m77v5.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08] FF Extension: ImTranslator - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\065m77v5.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-01-24] FF Extension: Adblock Plus - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\065m77v5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-24] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-12-07] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-12-07] FF StartMenuInternet: FIREFOX.EXE - D:\Program files\Mozilla Firefox\firefox.exe Chrome: ======= CHR HomePage: CHR Extension: (Google Wallet) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] ==================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 BITCOMET_HELPER_SERVICE; D:\Program files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET) R2 FirebirdGuardianPruszynski; C:\Program Files (x86)\ZasobyPL\Firebird2_1_PRUSZYNSKI\bin\fbguard.exe [81920 2008-02-29] (Firebird Project) R3 FirebirdServerPruszynski; C:\Program Files (x86)\ZasobyPL\Firebird2_1_PRUSZYNSKI\bin\fbserver.exe [2719744 2008-02-29] (Firebird Project) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET) R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation) S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation) S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-07-26] () U5 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2010-11-21] (Microsoft Corporation) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) U3 avt9clai; C:\Windows\System32\Drivers\avt9clai.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-18 13:06 - 2014-05-18 13:08 - 00000000 ____D () C:\FRST 2014-05-18 12:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-14 12:16 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 12:16 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 12:16 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 12:16 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 12:16 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 12:16 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 10:28 - 2014-05-15 10:59 - 00001038 _____ () C:\Users\oem\Desktop\RS Dachy 4 Pruszyński Instrukcja.lnk 2014-05-14 10:28 - 2014-05-15 10:59 - 00000944 _____ () C:\Users\oem\Desktop\RS Dachy 4 Pruszyński.lnk 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\ProgramData\RSDachy_PRU_1 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RS Dachy Pruszyński 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\Program Files\ZasobyPL 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\Program Files (x86)\ZasobyPL 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\Program Files (x86)\FirebirdClient 2.0 2014-05-14 10:28 - 2008-02-29 09:14 - 00450560 _____ (Firebird Project) C:\Windows\SysWOW64\gds32.dll 2014-05-14 09:55 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 09:55 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 09:55 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 09:55 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 09:55 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 09:55 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 09:55 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 09:55 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 09:55 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 09:55 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 09:55 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 09:55 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 09:55 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 09:55 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 09:55 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 09:55 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 09:55 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 09:55 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 09:55 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 09:55 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 09:55 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 09:55 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 09:55 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 09:55 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 09:55 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 09:55 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 09:55 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 09:55 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 09:55 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 09:55 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 09:55 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 09:55 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 09:55 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 09:55 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-10 19:08 - 2014-05-10 19:08 - 00000000 __SHD () C:\Users\oem\AppData\Local\EmieUserList 2014-05-10 19:08 - 2014-05-10 19:08 - 00000000 __SHD () C:\Users\oem\AppData\Local\EmieSiteList 2014-05-08 20:28 - 2014-05-08 20:28 - 00000496 _____ () C:\Users\oem\Desktop\oferto płoty.txt 2014-05-08 17:57 - 2014-05-13 20:20 - 00000000 ____D () C:\Users\oem\Desktop\prawo jazdy pytania 2014-05-08 16:41 - 2014-05-13 20:20 - 00003690 _____ () C:\Users\oem\Documents\PrawkoB2013.tmp 2014-05-08 16:41 - 2014-05-08 16:41 - 00000094 _____ () C:\Users\oem\Documents\PrawkoB2013.ini 2014-05-08 16:16 - 2014-05-10 17:57 - 00000000 ____D () C:\Users\oem\Desktop\go clever 2014-05-06 13:24 - 2014-05-12 12:56 - 00000000 ____D () C:\Users\oem\Desktop\ROZBIÓRKA GARAŻU 2014-05-05 16:54 - 2014-05-14 11:09 - 00000347 _____ () C:\Users\oem\Desktop\oferta na dach.txt 2014-05-02 12:41 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-02 12:41 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-02 12:41 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-02 12:41 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-02 12:41 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-02 12:41 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-02 12:41 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-02 12:41 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-02 12:41 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-02 12:41 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-02 12:41 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-02 12:41 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-02 12:41 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-02 12:40 - 2014-05-14 15:50 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-02 12:40 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-02 12:40 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-02 12:40 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-02 12:40 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-02 12:40 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-02 12:40 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-02 12:40 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-02 12:40 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-02 12:40 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-02 12:40 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-02 12:40 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-02 12:40 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-02 12:40 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-02 12:40 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-02 12:40 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-02 12:40 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-02 12:40 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-02 12:40 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-02 12:40 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-02 12:40 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-02 12:40 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-02 12:40 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-02 12:40 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-02 12:40 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-02 12:40 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-02 12:40 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-02 12:40 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-02 12:40 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-02 12:40 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-02 12:40 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-02 12:40 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-24 16:29 - 2014-05-06 11:30 - 00000038 _____ () C:\Users\oem\Desktop\anwil.txt 2014-04-24 10:10 - 2014-04-24 10:10 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-24 10:09 - 2014-04-24 10:09 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-24 10:09 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-24 10:09 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-24 10:09 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-24 10:09 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-20 10:59 - 2014-04-20 11:01 - 00000000 ____D () C:\Users\oem\AppData\Local\NVIDIA Corporation 2014-04-20 10:59 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-04-20 10:59 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-04-20 10:58 - 2014-04-20 11:01 - 00000000 ____D () C:\Users\oem\AppData\Local\NVIDIA ==================== One Month Modified Files and Folders ======= 2014-05-18 13:08 - 2014-05-18 13:06 - 00000000 ____D () C:\FRST 2014-05-18 13:03 - 2012-09-17 20:31 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-178726868-3365838391-836067975-1000UA.job 2014-05-18 12:57 - 2013-09-15 16:00 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-18 12:53 - 2009-07-14 06:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-18 12:53 - 2009-07-14 06:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-18 12:52 - 2010-11-21 14:53 - 00746480 _____ () C:\Windows\system32\perfh015.dat 2014-05-18 12:52 - 2010-11-21 14:53 - 00158560 _____ () C:\Windows\system32\perfc015.dat 2014-05-18 12:52 - 2009-07-14 07:13 - 01687414 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-18 12:46 - 2011-06-08 16:52 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-05-18 12:46 - 2011-05-18 19:11 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-18 12:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-18 12:45 - 2014-02-11 17:13 - 00000000 ____D () C:\AdwCleaner 2014-05-18 12:45 - 2013-12-07 13:47 - 01201116 ____N () C:\Windows\WindowsUpdate.log 2014-05-18 11:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-05-16 11:05 - 2012-09-17 20:32 - 00002364 _____ () C:\Users\oem\Desktop\Google Chrome.lnk 2014-05-15 10:59 - 2014-05-14 10:28 - 00001038 _____ () C:\Users\oem\Desktop\RS Dachy 4 Pruszyński Instrukcja.lnk 2014-05-15 10:59 - 2014-05-14 10:28 - 00000944 _____ () C:\Users\oem\Desktop\RS Dachy 4 Pruszyński.lnk 2014-05-15 10:58 - 2011-05-12 14:08 - 00000000 ____D () C:\Users\oem\AppData\Roaming\Adobe 2014-05-14 16:03 - 2012-09-17 20:31 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-178726868-3365838391-836067975-1000Core.job 2014-05-14 15:52 - 2013-09-11 12:37 - 00000000 ___RD () C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-14 15:52 - 2011-05-11 08:59 - 00000000 ___RD () C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-14 15:50 - 2014-05-02 12:40 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-14 12:16 - 2013-08-14 13:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 12:16 - 2011-05-11 09:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-14 12:15 - 2011-05-11 09:23 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 11:57 - 2013-09-15 16:00 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 11:57 - 2013-03-08 19:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 11:57 - 2012-11-28 15:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 11:09 - 2014-05-05 16:54 - 00000347 _____ () C:\Users\oem\Desktop\oferta na dach.txt 2014-05-14 10:32 - 2011-05-11 08:59 - 00000000 ____D () C:\Users\oem\AppData\Local\VirtualStore 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\ProgramData\RSDachy_PRU_1 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RS Dachy Pruszyński 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\Program Files\ZasobyPL 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\Program Files (x86)\ZasobyPL 2014-05-14 10:28 - 2014-05-14 10:28 - 00000000 ____D () C:\Program Files (x86)\FirebirdClient 2.0 2014-05-13 20:20 - 2014-05-08 17:57 - 00000000 ____D () C:\Users\oem\Desktop\prawo jazdy pytania 2014-05-13 20:20 - 2014-05-08 16:41 - 00003690 _____ () C:\Users\oem\Documents\PrawkoB2013.tmp 2014-05-12 12:56 - 2014-05-06 13:24 - 00000000 ____D () C:\Users\oem\Desktop\ROZBIÓRKA GARAŻU 2014-05-10 19:08 - 2014-05-10 19:08 - 00000000 __SHD () C:\Users\oem\AppData\Local\EmieUserList 2014-05-10 19:08 - 2014-05-10 19:08 - 00000000 __SHD () C:\Users\oem\AppData\Local\EmieSiteList 2014-05-10 18:23 - 2012-12-01 00:20 - 00000000 ____D () C:\Users\oem\Desktop\Niemcy praca 2014-05-10 17:57 - 2014-05-08 16:16 - 00000000 ____D () C:\Users\oem\Desktop\go clever 2014-05-10 12:05 - 2014-01-07 21:21 - 00000000 ____D () C:\Users\oem\AppData\Roaming\AIMP3 2014-05-09 15:58 - 2012-09-17 20:31 - 00004016 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178726868-3365838391-836067975-1000UA 2014-05-09 15:58 - 2012-09-17 20:31 - 00003620 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178726868-3365838391-836067975-1000Core 2014-05-09 08:14 - 2014-05-14 09:55 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 09:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 20:28 - 2014-05-08 20:28 - 00000496 _____ () C:\Users\oem\Desktop\oferto płoty.txt 2014-05-08 16:41 - 2014-05-08 16:41 - 00000094 _____ () C:\Users\oem\Documents\PrawkoB2013.ini 2014-05-07 13:50 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-06 11:30 - 2014-04-24 16:29 - 00000038 _____ () C:\Users\oem\Desktop\anwil.txt 2014-05-06 06:40 - 2014-05-14 12:16 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-14 12:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-14 12:16 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-14 12:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-14 12:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 12:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 16:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-04 13:49 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-02 12:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-24 10:10 - 2014-04-24 10:10 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-24 10:09 - 2014-04-24 10:09 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-24 10:09 - 2012-03-04 16:36 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-23 11:56 - 2014-01-23 13:27 - 00000000 ____D () C:\PIT Format 2013 2014-04-20 11:01 - 2014-04-20 10:59 - 00000000 ____D () C:\Users\oem\AppData\Local\NVIDIA Corporation 2014-04-20 11:01 - 2014-04-20 10:58 - 00000000 ____D () C:\Users\oem\AppData\Local\NVIDIA 2014-04-20 11:01 - 2011-05-18 19:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-04-20 11:00 - 2011-05-18 19:12 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-20 10:59 - 2011-05-18 19:10 - 00000000 ____D () C:\Program Files\NVIDIA Corporation ZeroAccess: C:\Users\oem\AppData\Local\{6ac2c385-67cc-1eac-dbda-09cfdcfa762c} C:\Users\oem\AppData\Local\{6ac2c385-67cc-1eac-dbda-09cfdcfa762c}\@ Some content of TEMP: ==================== C:\Users\oem\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-14 09:55] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-05 16:10 ==================== End Of Log ============================