Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 Ran by TEST (administrator) on TEST-TOSH on 25-05-2014 12:44:58 Running from C:\Users\TEST\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (HP) C:\Windows\System32\HPSIsvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\ProgramData\Mobilny Internet\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1504608 2010-04-23] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705432 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\S-1-5-21-791905581-3450427400-1526033727-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-29] (Google Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.msn.com/?pc=UP97&ocid=UP97DHP SearchScopes: HKCU - DefaultScope {940D23F9-84A4-4AE0-80F0-C06E23BA6E50} URL = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7GZAZ_plPL442 SearchScopes: HKCU - {56F07A2D-217C-4476-B43F-E8ECAFEF372D} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {92F24D98-80BA-434E-AC27-2101D444602B} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms} SearchScopes: HKCU - {940D23F9-84A4-4AE0-80F0-C06E23BA6E50} URL = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7GZAZ_plPL442 SearchScopes: HKCU - {D66EE8CE-80A5-4A2F-B5CC-7A89B495D91E} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0A7B294C-E698-498E-8B40-10E4E42DD1DD}: [NameServer]213.158.199.1 213.158.199.5 Tcpip\..\Interfaces\{5AF1CE6C-2AF7-4007-B4C5-6EA1827CA5B8}: [NameServer]0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\kp38ngeg.default FF DefaultSearchEngine: Allegro FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Allegro FF Homepage: hxxp://www.onet.pl/ FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\TEST\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\kp38ngeg.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\kp38ngeg.default\searchplugins\askcomsearch.xml FF SearchPlugin: C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\kp38ngeg.default\searchplugins\bingp.xml FF Extension: 20-20 3D Viewer - IKEA - C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\kp38ngeg.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-01-05] FF Extension: Google Toolbar for Firefox - C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\kp38ngeg.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-07-10] FF Extension: Add-on Compatibility Reporter - C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\kp38ngeg.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-07-23] FF Extension: Groowe Search Toolbar - C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\kp38ngeg.default\Extensions\{268ad77e-cff8-42d7-b479-da60a7b93305}.xpi [2011-05-19] FF Extension: Googlebar Lite - C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\kp38ngeg.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2011-05-18] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10] FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-03-30] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/", "hxxp://google.pl/" CHR Extension: (Google Translate) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-10-05] CHR Extension: (Dokumenty Google) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30] CHR Extension: (Dysk Google) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30] CHR Extension: (Vocabla: tłumacz angielskie słówka) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\bchnamjcpocgphheheekmchilaabjdnb [2013-10-06] CHR Extension: (YouTube) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20] CHR Extension: (Szukaj w Google) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20] CHR Extension: (Full Screen Weather) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2013-08-04] CHR Extension: (Bubble Translate) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhlebbhengjlhmcjebbkambaekglhkf [2013-10-06] CHR Extension: (Skype Click to Call) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-05-03] CHR Extension: (Google Wallet) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-01-07] CHR Extension: (Gmail) - C:\Users\TEST\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2012-05-28] () S2 Mobilny Internet. RunOuc; C:\Program Files (x86)\Mobilny Internet\UpdateDog\ouc.exe [655712 2012-05-28] () R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation) R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-05-28] (Bytemobile, Inc.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2012-05-28] (Huawei Technologies Co., Ltd.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-05-28] (Bytemobile, Inc.) S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-25 12:36 - 2014-05-25 12:36 - 00000000 ____D () C:\Users\TEST\Downloads\FRST-OlderVersion 2014-05-25 12:14 - 2014-02-16 10:35 - 00000426 _____ () C:\AVScanner.ini 2014-05-24 16:55 - 2014-05-24 16:55 - 00002683 _____ () C:\Users\TEST\Downloads\GMER.log 2014-05-24 16:45 - 2014-05-24 16:45 - 00380416 _____ () C:\Users\TEST\Downloads\h3lg4nv8.exe 2014-05-24 12:17 - 2014-05-24 12:17 - 00109874 _____ () C:\Users\TEST\Downloads\Extras.Txt 2014-05-24 12:14 - 2014-05-24 12:14 - 00109460 _____ () C:\Users\TEST\Downloads\OTL.Txt 2014-05-24 11:57 - 2014-05-24 11:57 - 00602112 _____ (OldTimer Tools) C:\Users\TEST\Downloads\OTL.exe 2014-05-24 11:54 - 2014-05-24 11:56 - 00063133 _____ () C:\Users\TEST\Downloads\Addition.txt 2014-05-24 11:52 - 2014-05-25 12:45 - 00021074 _____ () C:\Users\TEST\Downloads\FRST.txt 2014-05-24 11:52 - 2014-05-25 12:44 - 00000000 ____D () C:\FRST 2014-05-24 11:51 - 2014-05-25 12:36 - 02066432 _____ (Farbar) C:\Users\TEST\Downloads\FRST64.exe 2014-05-24 06:38 - 2014-05-24 06:38 - 00000000 ____D () C:\Users\TEST\Doctor Web 2014-05-24 06:21 - 2014-05-24 06:35 - 149562352 _____ () C:\Users\TEST\Downloads\cureit.exe 2014-05-24 05:26 - 2014-05-24 05:26 - 00029434 _____ () C:\ComboFix.txt 2014-05-22 08:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-22 08:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-22 08:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-22 08:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-22 08:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-22 08:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-22 08:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-22 08:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-17 12:41 - 2014-05-17 12:41 - 00023340 _____ () C:\Users\TEST\Downloads\91af11635a53d257da62bb7b25e0eb66.xlsx 2014-05-14 17:45 - 2014-05-14 17:45 - 00728576 _____ () C:\Users\TEST\Downloads\rejestr_sor08.05.2014.xls 2014-05-14 16:55 - 2014-05-14 16:56 - 46876672 _____ () C:\Users\TEST\Downloads\PRZYMROZKI – PRZYCZYNY POWSTAWANIA I MECHANIZM.ppt 2014-05-14 14:31 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 14:31 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 14:31 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 14:31 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 14:31 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 14:31 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 06:44 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 06:44 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 06:44 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 06:44 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 06:44 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 06:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 06:44 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 06:44 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 06:44 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 06:44 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 06:44 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 06:44 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 06:44 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 06:44 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 06:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 06:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 06:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 06:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 06:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 06:44 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 06:44 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 06:44 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 06:43 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 06:43 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 06:43 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 06:43 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 06:43 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 06:43 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 06:43 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 06:43 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 06:43 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 06:43 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 06:43 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 06:43 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 06:43 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 06:43 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 06:43 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 06:43 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 06:43 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 06:43 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 06:43 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 06:43 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 06:43 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 06:43 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 06:43 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-13 11:40 - 2014-05-13 11:41 - 98797568 _____ () C:\Users\TEST\Downloads\Cięcie i formowanie drzew.ppt 2014-05-12 09:48 - 2014-05-12 09:48 - 00466395 _____ () C:\Users\TEST\Documents\Choroby przechowalnicze owoców.pptx 2014-05-10 09:18 - 2014-05-10 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-30 19:56 - 2014-05-14 15:27 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-05-25 12:45 - 2014-05-24 11:52 - 00021074 _____ () C:\Users\TEST\Downloads\FRST.txt 2014-05-25 12:44 - 2014-05-24 11:52 - 00000000 ____D () C:\FRST 2014-05-25 12:41 - 2009-07-14 06:45 - 00020368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-25 12:41 - 2009-07-14 06:45 - 00020368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-25 12:38 - 2011-01-04 18:55 - 01230380 _____ () C:\Windows\WindowsUpdate.log 2014-05-25 12:37 - 2011-05-09 19:25 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9C05B023-AF4C-4DFA-BE9D-245DB48F27C6} 2014-05-25 12:36 - 2014-05-25 12:36 - 00000000 ____D () C:\Users\TEST\Downloads\FRST-OlderVersion 2014-05-25 12:36 - 2014-05-24 11:51 - 02066432 _____ (Farbar) C:\Users\TEST\Downloads\FRST64.exe 2014-05-25 12:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-05-25 12:32 - 2014-01-23 20:01 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-05-25 12:32 - 2013-10-09 19:53 - 00268618 _____ () C:\Windows\PFRO.log 2014-05-25 12:32 - 2013-10-06 05:59 - 00030202 _____ () C:\Windows\setupact.log 2014-05-25 12:32 - 2011-07-29 22:59 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-25 12:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-25 12:11 - 2012-04-03 18:06 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-25 11:55 - 2011-07-29 22:59 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-24 19:41 - 2011-05-23 23:26 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\ZoomBrowser EX 2014-05-24 16:55 - 2014-05-24 16:55 - 00002683 _____ () C:\Users\TEST\Downloads\GMER.log 2014-05-24 16:45 - 2014-05-24 16:45 - 00380416 _____ () C:\Users\TEST\Downloads\h3lg4nv8.exe 2014-05-24 12:17 - 2014-05-24 12:17 - 00109874 _____ () C:\Users\TEST\Downloads\Extras.Txt 2014-05-24 12:14 - 2014-05-24 12:14 - 00109460 _____ () C:\Users\TEST\Downloads\OTL.Txt 2014-05-24 11:57 - 2014-05-24 11:57 - 00602112 _____ (OldTimer Tools) C:\Users\TEST\Downloads\OTL.exe 2014-05-24 11:56 - 2014-05-24 11:54 - 00063133 _____ () C:\Users\TEST\Downloads\Addition.txt 2014-05-24 06:38 - 2014-05-24 06:38 - 00000000 ____D () C:\Users\TEST\Doctor Web 2014-05-24 06:38 - 2011-05-09 18:46 - 00000000 ____D () C:\Users\TEST 2014-05-24 06:35 - 2014-05-24 06:21 - 149562352 _____ () C:\Users\TEST\Downloads\cureit.exe 2014-05-24 05:26 - 2014-05-24 05:26 - 00029434 _____ () C:\ComboFix.txt 2014-05-24 05:26 - 2012-02-17 12:12 - 00000000 ____D () C:\Qoobox 2014-05-24 05:21 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-23 16:15 - 2011-11-24 23:52 - 00002156 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-23 14:24 - 2009-07-14 19:55 - 00811812 _____ () C:\Windows\system32\perfh015.dat 2014-05-23 14:24 - 2009-07-14 19:55 - 00183422 _____ () C:\Windows\system32\perfc015.dat 2014-05-23 14:24 - 2009-07-14 07:13 - 01866224 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-23 13:14 - 2011-05-14 23:04 - 00000000 ____D () C:\Users\TEST\Documents\DOKTORAT 2014-05-23 12:21 - 2011-05-16 18:13 - 00720980 ____H () C:\Users\TEST\Documents\sync.ffs_db 2014-05-23 12:18 - 2011-08-03 18:05 - 00000000 ___RD () C:\Users\TEST\Virtual Machines 2014-05-23 12:01 - 2011-10-21 21:02 - 00000000 ____D () C:\ProgramData\ZoomBrowser 2014-05-22 08:42 - 2013-11-11 14:55 - 05200426 ____R (Swearware) C:\Users\TEST\Downloads\ComboFix.exe 2014-05-20 10:50 - 2011-05-09 22:39 - 00000000 ____D () C:\Users\TEST\AppData\Roaming\Skype 2014-05-18 21:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-17 12:41 - 2014-05-17 12:41 - 00023340 _____ () C:\Users\TEST\Downloads\91af11635a53d257da62bb7b25e0eb66.xlsx 2014-05-17 06:43 - 2013-05-04 07:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-05-17 06:33 - 2011-05-14 13:13 - 00000000 ____D () C:\Users\TEST\Documents\ARM Data 2014-05-17 06:31 - 2011-05-16 18:39 - 00000548 _____ () C:\Windows\ODBC.INI 2014-05-17 06:31 - 2011-05-16 18:38 - 00000000 ____D () C:\Program Files (x86)\ARM8 2014-05-14 19:11 - 2012-04-03 18:06 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 19:11 - 2012-04-03 18:06 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 19:11 - 2011-05-17 16:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 17:45 - 2014-05-14 17:45 - 00728576 _____ () C:\Users\TEST\Downloads\rejestr_sor08.05.2014.xls 2014-05-14 16:56 - 2014-05-14 16:55 - 46876672 _____ () C:\Users\TEST\Downloads\PRZYMROZKI – PRZYCZYNY POWSTAWANIA I MECHANIZM.ppt 2014-05-14 15:35 - 2011-05-09 18:48 - 00000000 ___RD () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-14 15:35 - 2011-05-09 18:46 - 00000000 ___RD () C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-14 15:27 - 2014-04-30 19:56 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-14 15:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 14:30 - 2011-05-13 13:58 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-14 14:28 - 2013-07-23 18:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 14:24 - 2011-05-09 19:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-13 11:41 - 2014-05-13 11:40 - 98797568 _____ () C:\Users\TEST\Downloads\Cięcie i formowanie drzew.ppt 2014-05-12 09:48 - 2014-05-12 09:48 - 00466395 _____ () C:\Users\TEST\Documents\Choroby przechowalnicze owoców.pptx 2014-05-10 16:46 - 2012-05-03 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-10 09:19 - 2014-05-10 09:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 08:14 - 2014-05-14 06:44 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 06:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 16:50 - 2011-07-29 22:59 - 00004040 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 16:50 - 2011-07-29 22:59 - 00003788 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 06:40 - 2014-05-14 14:31 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-14 14:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-14 14:31 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 14:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 21:20 - 2014-01-17 09:08 - 137747477 _____ () C:\Users\TEST\Desktop\Wykład 9 - Cięcie.pptx 2014-05-03 18:52 - 2009-07-14 07:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 10:55 ==================== End Of Log ============================