Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04 Ran by Braszki (administrator) on KOMP on 02-09-2013 17:59:56 Running from C:\Users\Braszki\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (AVAST Software) C:\Program Files\Avast\AvastSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (GG Network S.A.) C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (CyberLink Corp.) C:\Program Files (x86)\CyberLink PowerDVD10\PowerDVD10\PDVD10Serv.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (AVAST Software) C:\Program Files\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKCU\...\Run: [Gadu-Gadu 10] - C:\Program Files (x86)\Gadu-Gadu 10\gg.exe [13374048 2011-07-04] (GG Network S.A.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd) MountPoints2: {a17d85fc-5720-11e2-92ea-806e6f6e6963} - E:\Autorun.exe MountPoints2: {ff847a50-7da5-11e2-bfc9-00241dae3bf1} - F:\Autorun.exe HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink PowerDVD10\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] - C:\Program Files\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Bonus.SSR.FR10] - C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2010-01-22] (ABBYY.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) Startup: C:\Users\Braszki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 217.76.122.129 217.76.112.66 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Braszki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Extension: (YouTube) - C:\Users\Braszki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Braszki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Gmail) - C:\Users\Braszki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2010-07-22] (ABBYY) R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-10-07] (Intel Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-10-07] (Intel Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-23] (DT Soft Ltd) R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink PowerDVD10\PowerDVD10\NavFilter\000.fcl [146928 2012-08-15] (CyberLink Corp.) R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink PowerDVD10\PowerDVD10\NavFilter\000.fcl [146928 2012-08-15] (CyberLink Corp.) S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-01 19:12 - 2013-09-02 17:57 - 01951950 _____ (Farbar) C:\Users\Braszki\Desktop\FRST64.exe 2013-09-01 19:12 - 2013-09-01 19:12 - 00000000 ____D C:\FRST 2013-08-31 20:51 - 2013-08-31 20:51 - 00602112 _____ (OldTimer Tools) C:\Users\Braszki\Desktop\OTL.exe 2013-08-31 20:24 - 2013-08-31 20:24 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-31 20:24 - 2013-08-31 20:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-31 20:24 - 2013-08-31 20:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-31 20:24 - 2013-08-31 20:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-31 20:24 - 2013-08-31 20:24 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-31 20:24 - 2013-08-31 20:23 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-31 20:23 - 2013-08-31 20:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-31 20:23 - 2013-08-31 20:23 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-31 20:23 - 2013-08-31 20:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-31 20:23 - 2013-08-31 20:23 - 00000000 ____D C:\Program Files\Java 2013-08-29 11:56 - 2013-08-29 11:56 - 00000000 ____D C:\Users\Braszki\AppData\Roaming\Malwarebytes 2013-08-29 11:56 - 2013-08-29 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-29 11:56 - 2013-08-29 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-29 11:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-29 11:54 - 2013-08-29 11:54 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-29 11:27 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-29 11:27 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-29 11:27 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-29 11:27 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-29 11:27 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-29 11:27 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-29 11:27 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-29 11:27 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-29 11:27 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-29 11:27 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-29 11:27 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-29 11:27 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-29 11:27 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-29 11:27 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-29 11:27 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-29 11:27 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-29 11:27 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-29 11:27 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-29 11:27 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-29 11:27 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-29 11:27 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-29 11:27 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-29 11:22 - 2013-08-29 11:24 - 00000000 ____D C:\Windows\system32\MRT 2013-08-29 11:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-29 11:20 - 2013-08-29 11:21 - 00000000 ____D C:\Remove WAT 2.2.6.0 2013-08-29 11:20 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-29 11:20 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-29 11:20 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-29 11:20 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-29 11:20 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-29 11:20 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-29 11:20 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-29 11:20 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-29 11:20 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-29 11:20 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-29 11:20 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-29 11:20 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-29 11:20 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-29 11:20 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-29 11:20 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-29 11:20 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-29 11:20 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-29 11:20 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-29 11:20 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-29 11:20 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-29 11:20 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-29 11:20 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-29 11:20 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-29 11:20 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-29 11:20 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-29 11:20 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-29 11:18 - 2013-08-29 11:18 - 00000000 ____D C:\Users\Braszki\Desktop\Zdjecia ==================== One Month Modified Files and Folders ======= 2013-09-02 17:57 - 2013-09-01 19:12 - 01951950 _____ (Farbar) C:\Users\Braszki\Desktop\FRST64.exe 2013-09-02 17:49 - 2013-01-06 20:32 - 00000000 ____D C:\Users\Braszki\AppData\Roaming\Skype 2013-09-02 17:49 - 2013-01-05 17:53 - 00098147 _____ C:\Windows\AutoKMS.log 2013-09-02 17:49 - 2013-01-05 16:30 - 00000204 _____ C:\Windows\Tasks\AutoKMS.job 2013-09-02 17:48 - 2013-02-06 21:49 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-02 17:48 - 2013-01-05 16:08 - 00004152 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-09-02 17:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-02 17:48 - 2009-07-14 06:51 - 00063964 _____ C:\Windows\setupact.log 2013-09-02 14:35 - 2013-01-05 12:16 - 01630380 _____ C:\Windows\WindowsUpdate.log 2013-09-02 14:29 - 2013-02-06 21:49 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-02 13:39 - 2013-01-05 15:31 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-01 20:08 - 2009-07-14 06:45 - 00032000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-01 20:08 - 2009-07-14 06:45 - 00032000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-01 19:37 - 2013-01-06 19:45 - 00002188 ____H C:\Users\Braszki\Documents\Default.rdp 2013-09-01 19:12 - 2013-09-01 19:12 - 00000000 ____D C:\FRST 2013-09-01 00:43 - 2013-05-25 10:39 - 00000000 ____D C:\Users\Braszki\AppData\Roaming\.minecraft 2013-08-31 20:51 - 2013-08-31 20:51 - 00602112 _____ (OldTimer Tools) C:\Users\Braszki\Desktop\OTL.exe 2013-08-31 20:25 - 2013-01-06 20:04 - 00000000 _____ C:\sparkraw.log 2013-08-31 20:24 - 2013-08-31 20:24 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-31 20:24 - 2013-08-31 20:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-31 20:24 - 2013-08-31 20:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-31 20:24 - 2013-08-31 20:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-31 20:24 - 2013-08-31 20:24 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-31 20:24 - 2013-01-05 16:10 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-31 20:24 - 2013-01-05 16:10 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-31 20:23 - 2013-08-31 20:24 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-31 20:23 - 2013-08-31 20:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-31 20:23 - 2013-08-31 20:23 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-31 20:23 - 2013-08-31 20:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-31 20:23 - 2013-08-31 20:23 - 00000000 ____D C:\Program Files\Java 2013-08-31 20:23 - 2013-01-05 16:13 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-31 20:23 - 2013-01-05 16:13 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-29 13:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-29 13:10 - 2010-11-21 05:24 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2013-08-29 13:10 - 2010-11-21 05:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2013-08-29 13:10 - 2010-11-21 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll 2013-08-29 13:10 - 2010-11-21 05:24 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2013-08-29 13:10 - 2010-11-21 05:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll 2013-08-29 12:57 - 2010-11-21 05:24 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll.old 2013-08-29 12:57 - 2010-11-21 05:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll.old 2013-08-29 12:42 - 2010-11-21 05:47 - 00089220 _____ C:\Windows\PFRO.log 2013-08-29 11:59 - 2013-02-06 21:49 - 00000000 ____D C:\Program Files\Google 2013-08-29 11:59 - 2013-02-06 21:49 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-29 11:58 - 2011-04-12 15:21 - 00701244 _____ C:\Windows\system32\perfh015.dat 2013-08-29 11:58 - 2011-04-12 15:21 - 00136262 _____ C:\Windows\system32\perfc015.dat 2013-08-29 11:58 - 2009-07-14 07:13 - 01558616 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-29 11:56 - 2013-08-29 11:56 - 00000000 ____D C:\Users\Braszki\AppData\Roaming\Malwarebytes 2013-08-29 11:56 - 2013-08-29 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-29 11:56 - 2013-08-29 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-29 11:55 - 2013-02-15 12:37 - 00000000 ____D C:\ProgramData\Norton 2013-08-29 11:54 - 2013-08-29 11:54 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-29 11:54 - 2013-02-06 21:49 - 00000000 ____D C:\Users\Braszki\AppData\Local\Google 2013-08-29 11:54 - 2013-02-06 21:49 - 00000000 ____D C:\ProgramData\Google 2013-08-29 11:48 - 2013-01-05 16:18 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-29 11:42 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini 2013-08-29 11:33 - 2013-01-05 14:44 - 00000000 ___RD C:\Users\Braszki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-29 11:24 - 2013-08-29 11:22 - 00000000 ____D C:\Windows\system32\MRT 2013-08-29 11:22 - 2013-01-05 17:07 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-29 11:21 - 2013-08-29 11:20 - 00000000 ____D C:\Remove WAT 2.2.6.0 2013-08-29 11:18 - 2013-08-29 11:18 - 00000000 ____D C:\Users\Braszki\Desktop\Zdjecia 2013-08-12 19:47 - 2013-02-15 20:00 - 00000414 _____ C:\Windows\SysWOW64\AppLog.log 2013-08-11 12:54 - 2013-05-03 13:30 - 00000000 ____D C:\Users\Braszki\Downloads\Karolina 2013-08-10 23:41 - 2013-03-12 18:28 - 00000000 ____D C:\Users\Braszki\Desktop\Karolina 2013-08-07 04:22 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-02 09:00 ==================== End Of Log ============================