Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2013 Ran by vaio (administrator) on 05-05-2013 14:13:28 Running from C:\Users\vaio\Desktop Windows 8 Pro (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Farbar) C:\Users\vaio\Desktop\FRST64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2278504 2011-11-10] (Realtek Semiconductor) HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [765056 2012-10-09] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-10-09] (Atheros Communications) HKLM\...\Runonce: [GrpConv] grpconv -o [x] HKCU\...\Run: [KiesPDLR] D:\Programy\Kies\External\FirmwareUpdate\KiesPDLR.exe [x] HKCU\...\Run: [KiesPreload] D:\Programy\Kies\Kies.exe /preload [x] HKCU\...\Run: [Steam] "D:\Programy\Steam\steam.exe" -silent [x] HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google) HKCU\...\Run: [KiesAirMessage] D:\Programy\Kies\KiesAirMessage.exe -startup [x] HKCU\...\Run: [] D:\Programy\Kies\External\FirmwareUpdate\KiesPDLR.exe [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] "D:\Programy\AVAST Software\Avast\avastUI.exe" /nogui [x] HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [60552 2011-09-20] (Sony Corporation) HKLM-x32\...\Run: [KiesTrayAgent] D:\Programy\Kies\KiesTrayAgent.exe [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-01] () HKLM-x32\...\Run: [Anvi Smart Defender] D:\Programy\Anvi Smart Defender\ASDTray.exe [x] HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-01-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 85.128.107.242 213.134.134.134 FireFox: ======== FF ProfilePath: C:\Users\vaio\AppData\Roaming\Mozilla\Firefox\Profiles\u1rrwswh.default FF SelectedSearchEngine: Google FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Programy\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\vaio\AppData\Roaming\Mozilla\Firefox\Profiles\u1rrwswh.default\Extensions\ich@maltegoetz.de FF Extension: 502ba60b6d32f - C:\Users\vaio\AppData\Roaming\Mozilla\Firefox\Profiles\u1rrwswh.default\Extensions\502ba60b6d32f@502ba60b6d368.info.xpi FF Extension: autoinstaller - C:\Users\vaio\AppData\Roaming\Mozilla\Firefox\Profiles\u1rrwswh.default\Extensions\autoinstaller@adblockplus.org.xpi FF Extension: No Name - C:\Users\vaio\AppData\Roaming\Mozilla\Firefox\Profiles\u1rrwswh.default\Extensions\{68bb078e-8477-41df-b016-118f0482ab60}.xpi FF Extension: No Name - C:\Users\vaio\AppData\Roaming\Mozilla\Firefox\Profiles\u1rrwswh.default\Extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi Chrome: ======= CHR Extension: (continuetosave) - C:\Users\vaio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkbphknoikbillhkngbpenhngmhiegg\1 ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 asdsrv; D:\Programy\Anvi Smart Defender\ASDSrv.exe [735592 2012-12-21] (Anvisoft) S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-09] (Qualcomm Atheros Commnucations) S2 avast! Antivirus; D:\Programy\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-07] (AVAST Software) S2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation) S2 uCamMonitor; c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation) S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-09] (Atheros) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [x] S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [x] S2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft) S2 asdrs; C:\WINDOWS\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft) S2 asdws; C:\WINDOWS\system32\DRIVERS\asdws.sys [17232 2012-11-07] () S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-07] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-07] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-07] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-07] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-07] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-07] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-07] (AVAST Software) S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-07] () S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto) S3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation) S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) U3 idsvc; S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-05 14:08 - 2013-05-05 14:13 - 00000254 ____A C:\Users\vaio\Desktop\Search.txt 2013-05-05 14:06 - 2013-05-05 14:06 - 01878556 ____A (Farbar) C:\Users\vaio\Desktop\FRST64.exe 2013-05-05 01:50 - 2013-05-05 01:50 - 00000826 ____A C:\Users\vaio\Desktop\lista.txt 2013-05-05 01:14 - 2013-05-05 01:14 - 00032492 ____A C:\Users\vaio\Desktop\Addition.txt 2013-05-05 01:03 - 2013-05-05 01:03 - 00000000 ____D C:\FRST 2013-05-05 00:51 - 2013-05-05 01:28 - 00002258 ____A C:\Users\vaio\Desktop\SpyHunter.lnk 2013-05-05 00:51 - 2013-05-05 01:28 - 00000000 ____D C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-05-05 00:51 - 2013-05-05 00:51 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-04 23:03 - 2013-05-04 23:03 - 00000000 ____D C:\Users\vaio\AppData\Roaming\ArcSoft 2013-05-04 23:03 - 2013-05-04 23:03 - 00000000 ____D C:\Users\vaio\AppData\Local\ArcSoft 2013-04-28 00:19 - 2012-12-11 10:46 - 00465408 ____A C:\Users\vaio\Desktop\Timer.exe 2013-04-22 23:25 - 2013-04-22 23:28 - 00000000 ____D C:\Users\vaio\Desktop\Browar 2013-04-22 08:10 - 2013-04-22 08:10 - 00032273 ____A C:\Users\vaio\Downloads\[kat.ph]game.of.thrones.s03e04.hdtv.x264.evolve.ettv(1).torrent 2013-04-22 08:09 - 2013-04-22 08:09 - 00032273 ____A C:\Users\vaio\Downloads\[kat.ph]game.of.thrones.s03e04.hdtv.x264.evolve.ettv.torrent 2013-04-16 00:29 - 2013-04-16 00:29 - 00383280 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-12 22:34 - 2013-04-12 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-12 21:03 - 2013-04-12 21:03 - 00000000 ____D C:\Users\vaio\AppData\Local\{0295397E-EFC4-4B22-A6CA-2310F5D09C80} 2013-04-12 21:02 - 2013-04-12 21:30 - 00000000 ____D C:\Users\vaio\Desktop\Docs 2013-04-12 20:45 - 2013-03-02 13:02 - 00058288 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2013-04-12 20:45 - 2013-03-02 12:57 - 00337128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS 2013-04-12 20:45 - 2013-03-02 12:57 - 00332520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys 2013-04-12 20:45 - 2013-03-02 12:57 - 00283880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys 2013-04-12 20:45 - 2013-03-02 12:57 - 00077544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys 2013-04-12 20:45 - 2013-03-02 12:45 - 00194792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys 2013-04-12 20:45 - 2013-03-02 12:45 - 00148712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys 2013-04-12 20:45 - 2013-03-02 12:45 - 00125160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys 2013-04-12 20:45 - 2013-03-02 12:39 - 00495336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys 2013-04-12 20:45 - 2013-03-02 12:39 - 00327912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys 2013-04-12 20:45 - 2013-03-02 12:39 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys 2013-04-12 20:45 - 2013-03-02 11:59 - 02231528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-04-12 20:45 - 2013-03-02 11:59 - 00411880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2013-04-12 20:45 - 2013-03-02 10:24 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-04-12 20:45 - 2013-03-02 10:23 - 17560576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 01338880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 00893952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 00601088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 00504320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 00356352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 00246784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 00100864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll 2013-04-12 20:45 - 2013-03-02 10:23 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-04-12 20:45 - 2013-03-02 10:22 - 05091840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-04-12 20:45 - 2013-03-02 10:22 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll 2013-04-12 20:45 - 2013-03-02 10:22 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll 2013-04-12 20:45 - 2013-03-02 10:21 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-04-12 20:45 - 2013-03-02 10:21 - 00550912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll 2013-04-12 20:45 - 2013-03-02 10:21 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll 2013-04-12 20:45 - 2013-03-02 10:21 - 00145408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl 2013-04-12 20:45 - 2013-03-02 10:21 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 19748864 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 10116608 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 03240448 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 01627648 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 01161728 ____A (Microsoft Corporation) C:\Windows\System32\sppobjs.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 01149952 ____A (Microsoft Corporation) C:\Windows\System32\winmde.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 01101824 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00951808 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00645120 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\usbmon.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00240640 ____A (Microsoft Corporation) C:\Windows\System32\fsquirt.exe 2013-04-12 20:45 - 2013-03-02 04:45 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00171008 ____A (Microsoft Corporation) C:\Windows\System32\TimeBrokerServer.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00077824 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-04-12 20:45 - 2013-03-02 04:45 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\taskhostex.exe 2013-04-12 20:45 - 2013-03-02 04:45 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\WSDPrintProxy.DLL 2013-04-12 20:45 - 2013-03-02 04:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2013-04-12 20:45 - 2013-03-02 04:45 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2013-04-12 20:45 - 2013-03-02 04:44 - 05978624 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-12 20:45 - 2013-03-02 04:44 - 01048576 ____A (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll 2013-04-12 20:45 - 2013-03-02 04:44 - 00703488 ____A (Microsoft Corporation) C:\Windows\System32\drvstore.dll 2013-04-12 20:45 - 2013-03-02 04:44 - 00455168 ____A (Microsoft Corporation) C:\Windows\System32\netcfgx.dll 2013-04-12 20:45 - 2013-03-02 04:44 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSync.dll 2013-04-12 20:45 - 2013-03-02 04:44 - 00150016 ____A (Microsoft Corporation) C:\Windows\System32\discan.dll 2013-04-12 20:45 - 2013-03-02 04:44 - 00128512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSyncInfo.dll 2013-04-12 20:45 - 2013-03-02 04:44 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\NdisImPlatform.dll 2013-04-12 20:45 - 2013-03-02 04:44 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll 2013-04-12 20:45 - 2013-03-02 04:43 - 02302464 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-04-12 20:45 - 2013-03-02 04:43 - 02146304 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll 2013-04-12 20:45 - 2013-03-02 04:43 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll 2013-04-12 20:45 - 2013-03-02 04:43 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\powercfg.cpl 2013-04-12 20:45 - 2013-03-02 04:15 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys 2013-04-12 20:45 - 2013-03-01 06:56 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys 2013-04-12 20:45 - 2013-03-01 06:56 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys 2013-04-12 20:45 - 2013-03-01 06:55 - 01175040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys 2013-04-12 20:45 - 2013-02-21 01:08 - 00387867 ____A C:\Windows\System32\ApnDatabase.xml 2013-04-11 20:27 - 2013-03-02 10:23 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll 2013-04-11 20:27 - 2013-03-02 04:44 - 01011200 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll 2013-04-11 06:34 - 2013-02-21 12:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-11 06:33 - 2013-03-20 00:19 - 04041728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-11 06:33 - 2013-03-07 08:50 - 06991592 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-11 06:33 - 2013-02-21 12:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-11 06:33 - 2013-02-21 12:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-11 06:33 - 2013-02-21 12:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-04-11 06:33 - 2013-02-21 12:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-11 06:33 - 2013-02-21 12:15 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-04-11 06:33 - 2013-02-21 12:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-04-11 06:33 - 2013-02-21 12:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-11 06:33 - 2013-02-21 12:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-11 06:33 - 2013-02-21 12:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-11 06:33 - 2013-02-21 12:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-11 06:33 - 2013-02-21 12:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-11 06:33 - 2013-02-21 12:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-11 06:33 - 2013-02-21 12:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-04-11 06:33 - 2013-02-21 12:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-11 06:33 - 2013-02-19 11:53 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2013-04-06 06:47 - 2013-04-06 06:48 - 00000000 ____D C:\Users\vaio\AppData\Local\Nero 2013-04-06 06:47 - 2013-04-06 06:47 - 00000000 ____D C:\Users\vaio\AppData\Roaming\Nero 2013-04-06 06:47 - 2013-04-06 06:47 - 00000000 ____D C:\Users\vaio\AppData\Local\Nero_AG ==================== One Month Modified Files and Folders ======= 2013-05-05 14:13 - 2013-05-05 14:08 - 00000254 ____A C:\Users\vaio\Desktop\Search.txt 2013-05-05 14:06 - 2013-05-05 14:06 - 01878556 ____A (Farbar) C:\Users\vaio\Desktop\FRST64.exe 2013-05-05 14:02 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI 2013-05-05 14:01 - 2012-10-15 20:35 - 00001044 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-05 14:01 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-05 01:50 - 2013-05-05 01:50 - 00000826 ____A C:\Users\vaio\Desktop\lista.txt 2013-05-05 01:35 - 2012-08-08 17:07 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-05 01:28 - 2013-05-05 00:51 - 00002258 ____A C:\Users\vaio\Desktop\SpyHunter.lnk 2013-05-05 01:28 - 2013-05-05 00:51 - 00000000 ____D C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-05-05 01:14 - 2013-05-05 01:14 - 00032492 ____A C:\Users\vaio\Desktop\Addition.txt 2013-05-05 01:03 - 2013-05-05 01:03 - 00000000 ____D C:\FRST 2013-05-05 00:51 - 2013-05-05 00:51 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-05 00:47 - 2012-07-26 11:51 - 00898142 ____A C:\Windows\System32\perfh015.dat 2013-05-05 00:47 - 2012-07-26 11:51 - 00205190 ____A C:\Windows\System32\perfc015.dat 2013-05-05 00:47 - 2012-07-26 09:28 - 02076402 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-05 00:30 - 2012-11-01 21:42 - 00000000 ___SD C:\Users\vaio\Dysk Google 2013-05-05 00:30 - 2012-10-31 23:53 - 01701591 ____A C:\Windows\WindowsUpdate.log 2013-05-05 00:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru 2013-05-04 23:51 - 2012-08-16 19:39 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-04 23:24 - 2012-10-15 20:35 - 00001040 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-04 23:03 - 2013-05-04 23:03 - 00000000 ____D C:\Users\vaio\AppData\Roaming\ArcSoft 2013-05-04 23:03 - 2013-05-04 23:03 - 00000000 ____D C:\Users\vaio\AppData\Local\ArcSoft 2013-05-04 23:03 - 2012-01-18 07:26 - 00000000 ____D C:\ProgramData\ArcSoft 2013-05-04 09:46 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-05-03 23:22 - 2012-08-15 15:18 - 00000000 ____D C:\Users\vaio\AppData\Roaming\BitTorrent 2013-05-03 19:45 - 2013-02-05 09:27 - 00000000 ____D C:\Users\vaio\AppData\Local\CrashDumps 2013-05-02 21:46 - 2012-07-26 09:21 - 00381058 ____A C:\Windows\setupact.log 2013-05-02 20:03 - 2012-08-08 21:43 - 00000000 ____D C:\Users\vaio\Documents\Pliki programu Outlook 2013-05-02 19:25 - 2012-10-31 23:34 - 00000000 ____D C:\users\vaio 2013-05-02 10:25 - 2012-07-13 18:09 - 00000000 ____D C:\Users\vaio\AppData\Roaming\Adobe 2013-05-02 09:56 - 2012-07-13 18:09 - 00000000 ____D C:\Users\vaio\AppData\Local\Adobe 2013-04-30 20:45 - 2013-03-19 19:53 - 00000000 ____D C:\Users\vaio\Desktop\Foto 2013-04-30 15:27 - 2012-01-18 07:21 - 00000000 ____D C:\ProgramData\Adobe 2013-04-28 01:01 - 2012-11-01 00:14 - 00112640 __ASH C:\Users\vaio\Desktop\Thumbs.db 2013-04-22 23:28 - 2013-04-22 23:25 - 00000000 ____D C:\Users\vaio\Desktop\Browar 2013-04-22 08:10 - 2013-04-22 08:10 - 00032273 ____A C:\Users\vaio\Downloads\[kat.ph]game.of.thrones.s03e04.hdtv.x264.evolve.ettv(1).torrent 2013-04-22 08:09 - 2013-04-22 08:09 - 00032273 ____A C:\Users\vaio\Downloads\[kat.ph]game.of.thrones.s03e04.hdtv.x264.evolve.ettv.torrent 2013-04-20 21:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-04-16 00:29 - 2013-04-16 00:29 - 00383280 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-16 00:28 - 2012-08-08 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-04-16 00:27 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2013-04-16 00:27 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\oobe 2013-04-15 23:40 - 2013-01-07 23:06 - 00000000 ____D C:\Users\vaio\Desktop\Martins 2013-04-12 22:34 - 2013-04-12 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-12 21:30 - 2013-04-12 21:02 - 00000000 ____D C:\Users\vaio\Desktop\Docs 2013-04-12 21:03 - 2013-04-12 21:03 - 00000000 ____D C:\Users\vaio\AppData\Local\{0295397E-EFC4-4B22-A6CA-2310F5D09C80} 2013-04-12 00:02 - 2012-08-08 19:45 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-06 06:48 - 2013-04-06 06:47 - 00000000 ____D C:\Users\vaio\AppData\Local\Nero 2013-04-06 06:47 - 2013-04-06 06:47 - 00000000 ____D C:\Users\vaio\AppData\Roaming\Nero 2013-04-06 06:47 - 2013-04-06 06:47 - 00000000 ____D C:\Users\vaio\AppData\Local\Nero_AG ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-05-04 23:52 ==================== End Of Log ============================