Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013 Ran by Krzysiek (administrator) on KRZYSIEKO on 03-12-2013 14:46:46 Running from C:\Users\Krzysiek\Desktop\frst Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe () C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Krzysiek\Downloads\bol\BoL Studio.exe (Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (www.counter-strike.de - MUff[99]) C:\Users\Krzysiek\Desktop\gammacontrol.exe (www.counter-strike.de - MUff[99]) C:\Users\Krzysiek\Desktop\gammacontrol.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [OscarEditor] - C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe [3536896 2010-12-24] () HKCU\...\Run: [OscarKeyboard] - C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe [3536896 2010-12-24] () HKCU\...\Run: [Bloody2] - C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe [11895808 2013-08-30] () MountPoints2: {6cf0d103-f6d0-11e2-a589-00241d6467e5} - G:\SETUP.EXE HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-02] (AVAST Software) BootExecute: ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 109.196.40.29 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\631lkd1q.default FF NewTab: hxxp://www.google.com/firefox FF SearchEngineOrder.1: Google FF Homepage: about:home FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Krzysiek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Battlefield Play4Free - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\631lkd1q.default\Extensions\battlefieldplay4free@ea.com FF Extension: Adblock Plus - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\631lkd1q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Krzysiek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () CHR Extension: (avast! Online Security) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0 CHR Extension: (Google Wallet) - C:\Users\Krzysiek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-02] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-02] () S3 WinDefend; ^%ProgramFiles^%\Windows Defender\mpsvc.dll [x] ==================== Drivers (Whitelisted) ==================== S3 arusb_win7x; C:\Windows\System32\DRIVERS\arusb_win7x.sys [769024 2010-06-01] (Atheros Communications, Inc.) R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-02] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-02] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-02] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) U4 Util WebConnect; S4 XFDriver64; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-02 23:20 - 2013-12-02 23:21 - 00002412 _____ C:\Users\Krzysiek\Desktop\OTL PO SKRYPCIE.txt 2013-12-02 23:20 - 2013-12-02 23:20 - 00004826 _____ C:\Users\Krzysiek\Desktop\12022013_231441.log 2013-12-02 23:17 - 2013-12-02 23:17 - 00000056 _____ C:\Windows\setupact.log 2013-12-02 23:17 - 2013-12-02 23:17 - 00000000 _____ C:\Windows\setuperr.log 2013-12-02 23:16 - 2013-12-02 23:16 - 00000590 _____ C:\Windows\PFRO.log 2013-12-02 23:14 - 2013-12-02 23:14 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA% 2013-12-02 23:14 - 2013-12-02 23:14 - 00000000 ____D C:\_OTL 2013-12-02 22:15 - 2013-12-02 22:15 - 00002369 _____ C:\Users\Krzysiek\Downloads\FSS.txt 2013-12-02 22:12 - 2013-12-02 22:12 - 00360881 _____ (Farbar) C:\Users\Krzysiek\Downloads\FSS.exe 2013-12-02 22:11 - 2013-12-03 14:46 - 00000000 ____D C:\Users\Krzysiek\Desktop\frst 2013-12-02 21:32 - 2013-12-02 21:32 - 00146112 _____ C:\Users\Krzysiek\Documents\cc_20131202_213249.reg 2013-12-02 21:31 - 2013-12-02 21:31 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-02 21:31 - 2013-12-02 21:31 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-02 21:31 - 2013-12-02 21:31 - 00000000 ____D C:\Program Files\CCleaner 2013-12-02 21:30 - 2013-12-02 21:30 - 04618136 _____ (Piriform Ltd) C:\Users\Krzysiek\Downloads\ccsetup408.exe 2013-12-02 21:16 - 2013-12-02 21:18 - 21812990 _____ (Acresso Software Inc. ) C:\Users\Krzysiek\Downloads\LeagueOfLegendsBaseNA.exe 2013-12-02 21:15 - 2013-12-02 21:18 - 18095192 _____ (Adobe Systems Inc.) C:\Users\Krzysiek\Downloads\AdobeAIRInstaller.exe 2013-12-02 18:11 - 2013-12-02 18:18 - 21812990 _____ (Acresso Software Inc. ) C:\Users\Krzysiek\Downloads\LeagueOfLegendsBaseNA.exe.part 2013-12-02 16:51 - 2013-12-02 03:23 - 00073376 _____ C:\Users\Krzysiek\Downloads\Extras.Txt 2013-12-02 16:32 - 2013-12-02 16:32 - 00089532 _____ C:\Users\Krzysiek\Downloads\OTL.Txt 2013-12-02 15:56 - 2013-12-02 15:56 - 00263429 _____ C:\Users\Krzysiek\Downloads\GMER SCAN.txt 2013-12-02 15:55 - 2013-12-02 15:55 - 00000000 ____D C:\Users\Krzysiek\Downloads\Nowy folder 2013-12-02 15:53 - 2013-12-02 15:53 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Krzysiek\Downloads\tdsskiller.exe 2013-12-02 15:48 - 2013-12-02 21:36 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\CrashDumps 2013-12-02 15:41 - 2013-12-02 15:42 - 00019572 _____ C:\Users\Krzysiek\Downloads\Addition.txt 2013-12-02 15:41 - 2013-12-02 15:41 - 00377856 _____ C:\Users\Krzysiek\Downloads\ypff7yrn.exe 2013-12-02 15:38 - 2013-12-02 15:42 - 00034935 _____ C:\Users\Krzysiek\Downloads\FRST.txt 2013-12-02 04:03 - 2013-12-02 04:03 - 00001331 _____ C:\Users\Krzysiek\Documents\hosts.txt 2013-12-02 04:02 - 2012-07-06 00:02 - 00000000 ____D C:\Users\Krzysiek\Downloads\A.Photoshop.CS5.Extended 2013-12-02 04:00 - 2013-12-02 04:00 - 00002234 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_D_12022013_040003.txt 2013-12-02 04:00 - 2013-12-02 04:00 - 00001649 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_H_12022013_040009.txt 2013-12-02 04:00 - 2013-12-02 04:00 - 00000985 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_PR_12022013_040010.txt 2013-12-02 03:59 - 2013-12-02 03:59 - 00002202 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_S_12022013_035904.txt 2013-12-02 03:32 - 2013-12-02 03:32 - 00002166 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_S_12022013_033239.txt 2013-12-02 03:30 - 2013-12-02 03:30 - 00002449 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_D_12022013_033043.txt 2013-12-02 03:30 - 2013-12-02 03:30 - 00002407 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_S_12022013_033030.txt 2013-12-02 03:27 - 2013-12-02 03:31 - 00000000 ____D C:\Users\Krzysiek\Desktop\RK_Quarantine 2013-12-02 03:27 - 2013-12-02 03:27 - 03687936 _____ C:\Users\Krzysiek\Downloads\RogueKiller.exe 2013-12-02 03:23 - 2013-12-02 03:23 - 00084090 _____ C:\Users\Krzysiek\Desktop\OTL.Txt 2013-12-02 03:23 - 2013-12-02 03:23 - 00073376 _____ C:\Users\Krzysiek\Desktop\Extras.Txt 2013-12-02 03:13 - 2013-12-02 03:13 - 00000000 ____D C:\FRST 2013-12-02 03:12 - 2013-12-02 03:14 - 01959184 _____ (Farbar) C:\Users\Krzysiek\Downloads\FRST64.exe 2013-12-02 03:07 - 2013-12-02 03:07 - 00602112 _____ (OldTimer Tools) C:\Users\Krzysiek\Downloads\OTL.exe 2013-12-02 03:07 - 2013-12-02 03:07 - 00448512 _____ (OldTimer Tools) C:\Users\Krzysiek\Downloads\TFC.exe 2013-12-02 02:21 - 2013-12-02 02:21 - 00000000 ____D C:\Windows\pss 2013-12-02 01:14 - 2013-12-02 01:14 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-12-02 01:14 - 2013-12-02 01:14 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-12-02 01:09 - 2013-12-02 01:09 - 00000000 ____D C:\Program Files\AVAST Software 2013-12-02 01:02 - 2013-12-02 01:03 - 04733592 _____ (AVAST Software) C:\Users\Krzysiek\Downloads\avast_free_antivirus_setup_online.exe 2013-12-01 23:17 - 2013-12-01 23:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Krzysiek\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-01 23:17 - 2013-12-01 23:17 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-01 23:17 - 2013-12-01 23:17 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Malwarebytes 2013-12-01 23:17 - 2013-12-01 23:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-01 23:17 - 2013-12-01 23:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-01 23:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-01 22:59 - 2013-12-02 01:59 - 00000000 ____D C:\AdwCleaner 2013-12-01 22:59 - 2013-12-01 22:59 - 01110034 _____ C:\Users\Krzysiek\Downloads\AdwCleaner.exe 2013-11-29 14:20 - 2013-11-29 14:20 - 04085248 _____ C:\Users\Krzysiek\Downloads\rename_me.exe 2013-11-29 14:07 - 2013-04-18 21:14 - 00000000 ____D C:\Users\Krzysiek\Downloads\DisgustingAccCreator 2013-11-29 13:52 - 2013-11-29 13:53 - 00000000 ____D C:\Users\Krzysiek\Desktop\lol orginal cfg 2013-11-28 21:38 - 2013-11-28 22:59 - 00000000 ____D C:\Users\Krzysiek\Desktop\karolina spiderman 2013-11-27 17:56 - 2013-11-27 17:56 - 00001194 _____ C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2013-11-27 17:56 - 2013-11-27 17:56 - 00001186 _____ C:\Users\Krzysiek\Desktop\OpenFM.lnk 2013-11-27 17:56 - 2013-11-27 17:56 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\OpenFM 2013-11-27 17:56 - 2013-11-27 17:56 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\OpenFM 2013-11-26 14:35 - 2013-11-26 14:35 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-11-25 21:17 - 2013-11-25 21:17 - 00159744 _____ C:\Users\Krzysiek\Downloads\wykład nr 4 RT studia stacjonarne.ppt 2013-11-21 03:01 - 2013-11-21 03:01 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-11-21 03:01 - 2013-11-21 03:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-11-20 10:16 - 2013-11-20 10:22 - 00000000 ____D C:\Users\Krzysiek\Downloads\LOLPBE 2013-11-20 00:02 - 2013-11-20 00:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-11-20 00:02 - 2013-11-20 00:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-11-19 20:47 - 2013-11-19 20:47 - 00000000 ____D C:\ProgramData\Brother 2013-11-18 00:43 - 2013-11-18 01:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-14 03:03 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-14 03:03 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-14 03:03 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-14 03:03 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-14 03:03 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-14 03:03 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-14 03:03 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-14 03:03 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-14 03:03 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-14 03:03 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-14 03:03 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-14 03:03 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 21:25 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 21:25 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 21:25 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 21:25 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 21:25 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 21:25 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 21:25 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 21:25 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 21:25 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-13 21:25 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 21:25 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 21:25 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 21:25 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-13 21:25 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 21:25 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 21:25 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 21:25 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 21:25 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 21:25 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 21:25 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 21:25 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 21:25 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 21:25 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 21:25 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 21:25 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 21:25 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 21:25 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 21:25 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 21:25 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 21:25 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-13 10:29 - 2013-11-13 10:29 - 00000827 _____ C:\Users\Krzysiek\Desktop\BoL Studio — skrót.lnk 2013-11-11 21:31 - 2013-11-11 21:31 - 00000000 ____D C:\ProgramData\Oracle 2013-11-11 21:31 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-11-11 21:31 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-11-11 21:31 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-11-11 21:31 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe ==================== One Month Modified Files and Folders ======= 2013-12-03 14:46 - 2013-12-02 22:11 - 00000000 ____D C:\Users\Krzysiek\Desktop\frst 2013-12-03 14:41 - 2013-07-27 01:18 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-03 14:11 - 2013-07-27 01:00 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-03 13:53 - 2013-07-27 00:52 - 01953537 _____ C:\Windows\WindowsUpdate.log 2013-12-02 23:41 - 2013-10-10 23:33 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\BoL 2013-12-02 23:24 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-02 23:24 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-02 23:21 - 2013-12-02 23:20 - 00002412 _____ C:\Users\Krzysiek\Desktop\OTL PO SKRYPCIE.txt 2013-12-02 23:20 - 2013-12-02 23:20 - 00004826 _____ C:\Users\Krzysiek\Desktop\12022013_231441.log 2013-12-02 23:17 - 2013-12-02 23:17 - 00000056 _____ C:\Windows\setupact.log 2013-12-02 23:17 - 2013-12-02 23:17 - 00000000 _____ C:\Windows\setuperr.log 2013-12-02 23:17 - 2013-07-27 01:18 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-02 23:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-02 23:16 - 2013-12-02 23:16 - 00000590 _____ C:\Windows\PFRO.log 2013-12-02 23:14 - 2013-12-02 23:14 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA% 2013-12-02 23:14 - 2013-12-02 23:14 - 00000000 ____D C:\_OTL 2013-12-02 23:14 - 2013-07-27 00:52 - 00000000 ___RD C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-02 22:15 - 2013-12-02 22:15 - 00002369 _____ C:\Users\Krzysiek\Downloads\FSS.txt 2013-12-02 22:12 - 2013-12-02 22:12 - 00360881 _____ (Farbar) C:\Users\Krzysiek\Downloads\FSS.exe 2013-12-02 21:36 - 2013-12-02 15:48 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\CrashDumps 2013-12-02 21:36 - 2013-09-24 16:16 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\AIMP3 2013-12-02 21:36 - 2013-08-21 00:00 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Media Player Classic 2013-12-02 21:36 - 2013-08-14 23:30 - 00000000 ____D C:\Program Files (x86)\Steam 2013-12-02 21:36 - 2013-08-02 10:51 - 00000000 ____D C:\Windows\Minidump 2013-12-02 21:36 - 2013-07-27 18:10 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\DAEMON Tools Lite 2013-12-02 21:36 - 2013-07-27 01:45 - 00000000 ____D C:\Windows\Panther 2013-12-02 21:32 - 2013-12-02 21:32 - 00146112 _____ C:\Users\Krzysiek\Documents\cc_20131202_213249.reg 2013-12-02 21:31 - 2013-12-02 21:31 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-12-02 21:31 - 2013-12-02 21:31 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-12-02 21:31 - 2013-12-02 21:31 - 00000000 ____D C:\Program Files\CCleaner 2013-12-02 21:30 - 2013-12-02 21:30 - 04618136 _____ (Piriform Ltd) C:\Users\Krzysiek\Downloads\ccsetup408.exe 2013-12-02 21:20 - 2013-07-27 11:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-02 21:18 - 2013-12-02 21:16 - 21812990 _____ (Acresso Software Inc. ) C:\Users\Krzysiek\Downloads\LeagueOfLegendsBaseNA.exe 2013-12-02 21:18 - 2013-12-02 21:15 - 18095192 _____ (Adobe Systems Inc.) C:\Users\Krzysiek\Downloads\AdobeAIRInstaller.exe 2013-12-02 21:14 - 2013-08-16 12:03 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Adobe 2013-12-02 21:12 - 2013-07-27 01:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-02 21:12 - 2013-07-27 01:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-02 21:12 - 2013-07-27 01:00 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-02 19:51 - 2013-10-09 19:50 - 00605855 _____ C:\Users\Krzysiek\Downloads\Battlefield play4free Cheaty by LeIIto.rar 2013-12-02 18:18 - 2013-12-02 18:11 - 21812990 _____ (Acresso Software Inc. ) C:\Users\Krzysiek\Downloads\LeagueOfLegendsBaseNA.exe.part 2013-12-02 18:01 - 2013-10-07 11:26 - 00000000 ____D C:\Users\Krzysiek\Downloads\bol 2013-12-02 16:32 - 2013-12-02 16:32 - 00089532 _____ C:\Users\Krzysiek\Downloads\OTL.Txt 2013-12-02 15:56 - 2013-12-02 15:56 - 00263429 _____ C:\Users\Krzysiek\Downloads\GMER SCAN.txt 2013-12-02 15:55 - 2013-12-02 15:55 - 00000000 ____D C:\Users\Krzysiek\Downloads\Nowy folder 2013-12-02 15:53 - 2013-12-02 15:53 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Krzysiek\Downloads\tdsskiller.exe 2013-12-02 15:42 - 2013-12-02 15:41 - 00019572 _____ C:\Users\Krzysiek\Downloads\Addition.txt 2013-12-02 15:42 - 2013-12-02 15:38 - 00034935 _____ C:\Users\Krzysiek\Downloads\FRST.txt 2013-12-02 15:41 - 2013-12-02 15:41 - 00377856 _____ C:\Users\Krzysiek\Downloads\ypff7yrn.exe 2013-12-02 04:03 - 2013-12-02 04:03 - 00001331 _____ C:\Users\Krzysiek\Documents\hosts.txt 2013-12-02 04:00 - 2013-12-02 04:00 - 00002234 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_D_12022013_040003.txt 2013-12-02 04:00 - 2013-12-02 04:00 - 00001649 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_H_12022013_040009.txt 2013-12-02 04:00 - 2013-12-02 04:00 - 00000985 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_PR_12022013_040010.txt 2013-12-02 03:59 - 2013-12-02 03:59 - 00002202 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_S_12022013_035904.txt 2013-12-02 03:59 - 2013-08-07 11:53 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnlockRoot Pro 2013-12-02 03:32 - 2013-12-02 03:32 - 00002166 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_S_12022013_033239.txt 2013-12-02 03:31 - 2013-12-02 03:27 - 00000000 ____D C:\Users\Krzysiek\Desktop\RK_Quarantine 2013-12-02 03:30 - 2013-12-02 03:30 - 00002449 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_D_12022013_033043.txt 2013-12-02 03:30 - 2013-12-02 03:30 - 00002407 _____ C:\Users\Krzysiek\Desktop\RKreport[0]_S_12022013_033030.txt 2013-12-02 03:27 - 2013-12-02 03:27 - 03687936 _____ C:\Users\Krzysiek\Downloads\RogueKiller.exe 2013-12-02 03:23 - 2013-12-02 16:51 - 00073376 _____ C:\Users\Krzysiek\Downloads\Extras.Txt 2013-12-02 03:23 - 2013-12-02 03:23 - 00084090 _____ C:\Users\Krzysiek\Desktop\OTL.Txt 2013-12-02 03:23 - 2013-12-02 03:23 - 00073376 _____ C:\Users\Krzysiek\Desktop\Extras.Txt 2013-12-02 03:14 - 2013-12-02 03:12 - 01959184 _____ (Farbar) C:\Users\Krzysiek\Downloads\FRST64.exe 2013-12-02 03:13 - 2013-12-02 03:13 - 00000000 ____D C:\FRST 2013-12-02 03:07 - 2013-12-02 03:07 - 00602112 _____ (OldTimer Tools) C:\Users\Krzysiek\Downloads\OTL.exe 2013-12-02 03:07 - 2013-12-02 03:07 - 00448512 _____ (OldTimer Tools) C:\Users\Krzysiek\Downloads\TFC.exe 2013-12-02 02:21 - 2013-12-02 02:21 - 00000000 ____D C:\Windows\pss 2013-12-02 01:59 - 2013-12-01 22:59 - 00000000 ____D C:\AdwCleaner 2013-12-02 01:14 - 2013-12-02 01:14 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-12-02 01:14 - 2013-12-02 01:14 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-12-02 01:14 - 2013-12-02 01:14 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-12-02 01:14 - 2013-07-27 01:18 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-12-02 01:14 - 2013-07-27 01:18 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-12-02 01:09 - 2013-12-02 01:09 - 00000000 ____D C:\Program Files\AVAST Software 2013-12-02 01:08 - 2013-07-27 01:14 - 00000000 ____D C:\ProgramData\AVAST Software 2013-12-02 01:03 - 2013-12-02 01:02 - 04733592 _____ (AVAST Software) C:\Users\Krzysiek\Downloads\avast_free_antivirus_setup_online.exe 2013-12-02 00:58 - 2013-07-27 01:18 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1385942653 2013-12-02 00:54 - 2013-07-27 01:18 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1385942314 2013-12-02 00:46 - 2013-07-27 01:18 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1385942074 2013-12-02 00:43 - 2013-07-27 01:18 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1385941613 2013-12-02 00:26 - 2013-10-23 11:41 - 00000000 ____D C:\Program Files (x86)\Jungle Timer 2013-12-01 23:37 - 2013-09-10 10:44 - 00000000 ____D C:\ADCDA2 2013-12-01 23:36 - 2013-07-27 01:18 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1385941421 2013-12-01 23:17 - 2013-12-01 23:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Krzysiek\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-01 23:17 - 2013-12-01 23:17 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-01 23:17 - 2013-12-01 23:17 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Malwarebytes 2013-12-01 23:17 - 2013-12-01 23:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-01 23:17 - 2013-12-01 23:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-01 22:59 - 2013-12-01 22:59 - 01110034 _____ C:\Users\Krzysiek\Downloads\AdwCleaner.exe 2013-11-30 23:51 - 2013-08-27 13:14 - 00000000 ____D C:\Users\Krzysiek\Documents\Euro Truck Simulator 2 2013-11-30 15:36 - 2013-07-27 01:18 - 00004048 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-11-30 15:36 - 2013-07-27 01:18 - 00003796 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-11-29 14:20 - 2013-11-29 14:20 - 04085248 _____ C:\Users\Krzysiek\Downloads\rename_me.exe 2013-11-29 13:53 - 2013-11-29 13:52 - 00000000 ____D C:\Users\Krzysiek\Desktop\lol orginal cfg 2013-11-28 22:59 - 2013-11-28 21:38 - 00000000 ____D C:\Users\Krzysiek\Desktop\karolina spiderman 2013-11-28 21:40 - 2011-04-12 14:21 - 00737730 _____ C:\Windows\system32\perfh015.dat 2013-11-28 21:40 - 2011-04-12 14:21 - 00154418 _____ C:\Windows\system32\perfc015.dat 2013-11-28 21:40 - 2009-07-14 06:13 - 01662556 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-27 17:56 - 2013-11-27 17:56 - 00001194 _____ C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk 2013-11-27 17:56 - 2013-11-27 17:56 - 00001186 _____ C:\Users\Krzysiek\Desktop\OpenFM.lnk 2013-11-27 17:56 - 2013-11-27 17:56 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\OpenFM 2013-11-27 17:56 - 2013-11-27 17:56 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\OpenFM 2013-11-26 21:38 - 2013-09-30 19:23 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\TS3Client 2013-11-26 14:35 - 2013-11-26 14:35 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-11-26 14:35 - 2013-07-27 01:18 - 00000000 ____D C:\Users\Krzysiek\AppData\Local\Google 2013-11-26 14:35 - 2013-07-27 01:18 - 00000000 ____D C:\Program Files (x86)\Google 2013-11-25 21:17 - 2013-11-25 21:17 - 00159744 _____ C:\Users\Krzysiek\Downloads\wykład nr 4 RT studia stacjonarne.ppt 2013-11-22 12:17 - 2013-09-25 21:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-11-22 03:05 - 2013-09-25 20:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-22 03:01 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini 2013-11-21 12:21 - 2013-07-27 10:02 - 00110664 _____ C:\Users\Krzysiek\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-21 12:17 - 2009-07-14 05:45 - 04977224 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-21 03:03 - 2013-09-25 21:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2013-11-21 03:01 - 2013-11-21 03:01 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-11-21 03:01 - 2013-11-21 03:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-11-20 10:22 - 2013-11-20 10:16 - 00000000 ____D C:\Users\Krzysiek\Downloads\LOLPBE 2013-11-20 00:02 - 2013-11-20 00:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-11-20 00:02 - 2013-11-20 00:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-11-19 22:41 - 2013-07-28 16:48 - 00000000 ____D C:\Users\Krzysiek\Desktop\góry 2013-11-19 21:08 - 2013-07-27 09:41 - 00000000 ____D C:\Users\Krzysiek\AppData\Roaming\Adobe 2013-11-19 20:47 - 2013-11-19 20:47 - 00000000 ____D C:\ProgramData\Brother 2013-11-18 11:34 - 2013-07-27 01:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-18 01:05 - 2013-11-18 00:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 11:39 - 2013-07-27 01:21 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-11-14 15:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-14 03:02 - 2013-08-15 00:47 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 03:00 - 2013-07-27 10:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-13 10:29 - 2013-11-13 10:29 - 00000827 _____ C:\Users\Krzysiek\Desktop\BoL Studio — skrót.lnk 2013-11-11 21:31 - 2013-11-11 21:31 - 00000000 ____D C:\ProgramData\Oracle 2013-11-11 21:31 - 2013-08-18 19:43 - 00000000 ____D C:\Program Files (x86)\Java 2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-30 05:11 ==================== End Of Log ============================