Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013 Ran by Kamil (administrator) on KAMIL-TOSH on 27-12-2013 09:25:53 Running from C:\Users\Kamil\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Solid Documents, LLC) C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe (Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1666144 2011-07-13] (McAfee, Inc.) HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-09-02] (Nero AG) HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA) HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2012-02-09] (Power Software Ltd) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\cb1a1c86-fbbf-4b7e-8aab-96b98408243e.exe [180184 2013-11-23] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKCU\...\Run: [Badoo Desktop] - C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe HKCU\...\Run: [IGagnant] - C:\Users\Kamil\Downloads\LaBarre-Gagnante.exe HKCU\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" HKCU\...\Run: [urlspace] - C:\Users\Kamil\Downloads\jingling.exe -h HKCU\...\Run: [EV_Autowatcher_Download-Carbon0x] - C:\Users\Kamil\Downloads\Enhanceviews Autowatcher v2.42 (1).exe HKCU\...\Run: [ChomikBox] - C:\Program Files (x86)\ChomikBox\chomikbox.exe HKCU\...\Run: [Facebook Update] - C:\Users\Kamil\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-05] (Facebook Inc.) MountPoints2: I - I:\AutoRun.exe MountPoints2: {029578a4-fdcb-11e2-aa4f-7c4fb5735bd8} - I:\AutoRun.exe MountPoints2: {029578b7-fdcb-11e2-aa4f-7c4fb5735bd8} - I:\AutoRun.exe MountPoints2: {029578d8-fdcb-11e2-aa4f-b870f45b283d} - J:\AutoRun.exe MountPoints2: {0c0e610c-06a4-11e3-bf3a-b870f45b283d} - I:\AutoRun.exe MountPoints2: {21659218-2c03-11e3-8c88-b870f45b283d} - I:\AutoRun.exe MountPoints2: {330db961-ff63-11e2-83a8-7c4fb5735bd8} - J:\AutoRun.exe MountPoints2: {3ec7d983-fdc9-11e2-ab67-7c4fb5735bd8} - I:\AutoRun.exe MountPoints2: {4f0e28cd-7041-11e0-8a72-806e6f6e6963} - E:\autorun.exe MountPoints2: {6ee302e4-e469-11e2-aa5b-7c4fb5735bd8} - I:\AutoRun.exe MountPoints2: {6ee302f6-e469-11e2-aa5b-7c4fb5735bd8} - I:\AutoRun.exe MountPoints2: {6ee30305-e469-11e2-aa5b-7c4fb5735bd8} - J:\AutoRun.exe MountPoints2: {6ee30335-e469-11e2-aa5b-b870f45b283d} - I:\AutoRun.exe MountPoints2: {856ea757-2f9a-11e1-be23-b870f45b283d} - G:\setup.exe MountPoints2: {94aad65a-1ec8-11e3-b2ec-b870f45b283d} - I:\AutoRun.exe MountPoints2: {94aad668-1ec8-11e3-b2ec-b870f45b283d} - I:\AutoRun.exe MountPoints2: {a1130c64-2b1f-11e3-a902-b870f45b283d} - I:\AutoRun.exe MountPoints2: {a1130c74-2b1f-11e3-a902-b870f45b283d} - I:\AutoRun.exe MountPoints2: {a940fa60-ff28-11e2-a5f6-b870f45b283d} - I:\AutoRun.exe MountPoints2: {a940fa7d-ff28-11e2-a5f6-b870f45b283d} - I:\AutoRun.exe MountPoints2: {a940fa8a-ff28-11e2-a5f6-b870f45b283d} - I:\AutoRun.exe MountPoints2: {ec1f9839-fd97-11e2-a6d9-b870f45b283d} - I:\AutoRun.exe MountPoints2: {f14744c2-c381-11e0-a5a2-b870f45b283d} - H:\Autorun.exe HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [4581280 2010-03-03] (TOSHIBA) HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [4581280 2010-03-03] (TOSHIBA) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Kamil\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File) Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKCU - (No Name) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B5EF2649-5CF7-48D0-AB89-0A837D0A1237}&mid=c4faa7c1bed747d0958f6939b2bfc1ce-0b6efb5e10a63851d08195547a4fa56067759ac4&lang=pl&ds=st011&pr=sa&d=2012-04-17 22:34:00&v=10.2.0.3&sap=dsp&q={searchTerms} SearchScopes: HKCU - {0C5173C9-BFCF-43B7-84F3-EA2901611F6A} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 SearchScopes: HKCU - {283F304B-CD4D-4F05-93E1-676D447DD528} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {6C06F506-5BB4-4781-869B-4B41BC282D5B} URL = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=&apn_ptnrs=PV&apn_dtid=YYYYYYYYPL&apn_uid=CD11EB0D-1DAD-4AC3-AFAE-9286790C4DFE&apn_sauid=566137FF-DFAB-4896-B758-1D20F369CA10 SearchScopes: HKCU - {794594C8-6278-4876-BA66-5BB7E4394529} URL = SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = http://badoo.com/startpage/?source=bsb&q={searchTerms} SearchScopes: HKCU - {91EBC2B7-C73F-4FEE-9A50-AF64B7DC76A0} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B5EF2649-5CF7-48D0-AB89-0A837D0A1237}&mid=c4faa7c1bed747d0958f6939b2bfc1ce-0b6efb5e10a63851d08195547a4fa56067759ac4&lang=pl&ds=st011&pr=sa&d=2012-04-17 22:34:00&v=10.2.0.3&sap=dsp&q={searchTerms} BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121029224421.dll (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121029224421.dll (McAfee, Inc.) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll () Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.1.1 Tcpip\..\Interfaces\{1C99BD5F-DFCC-4A80-AD63-916807D65488}: [NameServer]193.41.112.14 193.41.112.18 Tcpip\..\Interfaces\{9B7E2240-B8C6-4530-886F-EF0037B4BE98}: [NameServer]193.41.112.14 193.41.112.18 FireFox: ======== FF ProfilePath: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\wy6lrnw3.default-1383729895541 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 - C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( ) FF Plugin-x32: @ganymede/NAVY,version=1.0 - C:\Program Files (x86)\Ganymede\Plugins\NAVY\NPNAVY.dll (Ganymede Technologies) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll () FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Kamil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kamil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF Extension: PEKAO S.A. Sign Plugin - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\wy6lrnw3.default-1383729895541\Extensions\SignPlugin@pekao.pl FF Extension: Transferuj.pl - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\wy6lrnw3.default-1383729895541\Extensions\trtransferfill@transferuj.pl.xpi FF Extension: zPay - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\wy6lrnw3.default-1383729895541\Extensions\{6BBAF055-8EB1-4987-832A-45171690B0D6}.xpi FF Extension: Greasemonkey - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\wy6lrnw3.default-1383729895541\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HomePage: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (GanymedeNet.Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npganymedenet.dll ( ) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Kamil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Desktop) - C:\Users\Kamil\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kamil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (Google Drive) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (SiteAdvisor) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1 CHR Extension: (Google Wallet) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [501768 2011-06-23] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-10-02] () R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2011-08-09] () R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2013-12-25] () R2 SPDFCreatorReadSpool; C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe [193832 2013-03-25] (Solid Documents, LLC) R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-02-15] () R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2013-10-02] (Huawei Technologies Co., Ltd.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-02-15] () R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.) R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-08-10] () U3 axa5zxh8; C:\Windows\System32\Drivers\axa5zxh8.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-27 09:25 - 2013-12-27 09:26 - 00032639 _____ C:\Users\Kamil\Downloads\FRST.txt 2013-12-27 09:25 - 2013-12-27 09:25 - 00000000 ____D C:\FRST 2013-12-27 09:24 - 2013-12-27 09:25 - 01928716 _____ (Farbar) C:\Users\Kamil\Downloads\FRST64.exe 2013-12-26 19:35 - 2013-12-26 19:35 - 00000138 _____ C:\Users\Kamil\Desktop\tele.txt 2013-12-26 15:12 - 2008-11-13 14:37 - 00000470 _____ C:\Users\Kamil\Downloads\SpolszczenieFC2.TXT 2013-12-26 14:04 - 2013-12-26 14:31 - 80311860 _____ C:\Users\Kamil\Downloads\SpolszczenieFC2.7z 2013-12-25 20:22 - 2013-12-25 20:22 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2013-12-25 19:18 - 2008-11-13 15:43 - 00000000 ____D C:\Users\Kamil\Downloads\Data_Win32 2013-12-25 19:18 - 2008-11-12 20:15 - 00000031 _____ C:\Users\Kamil\Downloads\FC2Init.ini 2013-12-24 12:39 - 2013-12-24 12:39 - 04763136 _____ C:\Users\Kamil\Downloads\HolenderskaSzkolaFutbolu.ppt 2013-12-24 12:31 - 2013-12-24 12:31 - 06647603 _____ C:\Users\Kamil\Downloads\Doskonalenie gry w obronie i w ataku w systemie 1-4-4-2 - Robert Wójcik (1).pptx 2013-12-24 12:31 - 2013-12-24 12:31 - 01839104 _____ C:\Users\Kamil\Downloads\Gra 4 x 4 w ustawieniu 1-2-1 - Marcin Salamon KKS Lech Poznań.ppt 2013-12-24 12:24 - 2013-12-24 12:24 - 00360453 _____ C:\Users\Kamil\Downloads\325-ba.zip 2013-12-23 17:57 - 2013-12-23 17:57 - 00000000 ____D C:\Users\Kamil\Documents\Need for Speed World 2013-12-23 16:27 - 2013-12-23 16:27 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\cef-cache 2013-12-23 16:27 - 2013-12-23 16:27 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\bwincom 2013-12-20 20:40 - 2013-12-20 20:40 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Need for Speed World 2013-12-20 10:19 - 2013-12-20 10:19 - 00003104 _____ C:\Windows\System32\Tasks\{54E1E6EA-AD68-48D1-A2F7-4C0FA1683B1D} 2013-12-19 20:07 - 2013-12-19 20:07 - 00000000 ____D C:\Users\Kamil\AppData\Local\Electronic_Arts_Inc 2013-12-19 20:05 - 2013-12-19 20:05 - 00000686 _____ C:\Users\Public\Desktop\Need For Speed World.lnk 2013-12-19 20:05 - 2013-12-19 20:05 - 00000000 ____D C:\ProgramData\Electronic Arts 2013-12-17 16:44 - 2013-12-17 16:49 - 00104407 _____ C:\Users\Kamil\Downloads\setup.exe.log 2013-12-13 00:09 - 2013-12-14 20:39 - 00000207 _____ C:\Users\Kamil\Desktop\km.txt 2013-12-12 11:23 - 2013-12-12 11:24 - 04857932 _____ C:\Users\Kamil\Downloads\TSO_Tools.zip 2013-12-09 13:51 - 2013-12-09 13:52 - 00000000 ____D C:\Users\Kamil\AppData\Local\{3A0184DD-DCF7-40A7-933E-240A3B479517} 2013-12-04 21:31 - 2013-12-04 21:41 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\MultiBit 2013-11-30 14:57 - 2013-12-15 11:06 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Bitcoin 2013-11-30 14:51 - 2013-11-30 14:51 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin 2013-11-30 14:50 - 2013-11-30 14:51 - 00000000 ____D C:\Program Files (x86)\Bitcoin 2013-11-29 20:48 - 2013-12-01 09:33 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Litecoin ==================== One Month Modified Files and Folders ======= 2013-12-27 09:26 - 2013-12-27 09:25 - 00032639 _____ C:\Users\Kamil\Downloads\FRST.txt 2013-12-27 09:25 - 2013-12-27 09:25 - 00000000 ____D C:\FRST 2013-12-27 09:25 - 2013-12-27 09:24 - 01928716 _____ (Farbar) C:\Users\Kamil\Downloads\FRST64.exe 2013-12-27 09:25 - 2009-07-14 18:55 - 00738660 _____ C:\Windows\system32\perfh015.dat 2013-12-27 09:25 - 2009-07-14 18:55 - 00155058 _____ C:\Windows\system32\perfc015.dat 2013-12-27 09:25 - 2009-07-14 06:13 - 01665036 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-27 09:23 - 2011-04-26 21:03 - 01335531 _____ C:\Windows\WindowsUpdate.log 2013-12-27 09:22 - 2012-07-21 18:09 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-27 09:01 - 2013-05-05 19:56 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237662247-3227535000-1945066009-1000UA.job 2013-12-27 08:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2013-12-27 08:45 - 2009-07-14 05:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-27 08:45 - 2009-07-14 05:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-27 08:43 - 2012-02-25 07:05 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-27 08:39 - 2012-07-07 06:15 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-12-27 08:37 - 2012-02-25 07:05 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-27 08:36 - 2013-09-16 14:34 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-12-27 08:36 - 2012-11-01 21:17 - 00107752 _____ C:\Windows\setupact.log 2013-12-27 08:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-26 19:35 - 2013-12-26 19:35 - 00000138 _____ C:\Users\Kamil\Desktop\tele.txt 2013-12-26 14:31 - 2013-12-26 14:04 - 80311860 _____ C:\Users\Kamil\Downloads\SpolszczenieFC2.7z 2013-12-26 08:55 - 2012-11-10 15:57 - 00039696 _____ C:\Windows\PFRO.log 2013-12-26 08:55 - 2009-07-14 05:45 - 00417016 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-25 21:01 - 2013-05-05 19:56 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237662247-3227535000-1945066009-1000Core.job 2013-12-25 20:32 - 2013-01-12 11:04 - 00193221 _____ C:\Windows\DirectX.log 2013-12-25 20:29 - 2011-08-09 21:16 - 02250024 _____ C:\Windows\SysWOW64\pbsvc.exe 2013-12-25 20:29 - 2011-08-09 21:16 - 00107832 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-12-25 20:22 - 2013-12-25 20:22 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2013-12-25 20:22 - 2010-11-22 10:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-25 16:37 - 2013-02-15 22:44 - 00000000 ____D C:\Users\Kamil\Documents\My Games 2013-12-25 14:42 - 2011-10-23 21:43 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\GanymedeNet 2013-12-25 12:23 - 2011-07-14 11:45 - 00109296 _____ C:\Users\Kamil\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-24 12:39 - 2013-12-24 12:39 - 04763136 _____ C:\Users\Kamil\Downloads\HolenderskaSzkolaFutbolu.ppt 2013-12-24 12:31 - 2013-12-24 12:31 - 06647603 _____ C:\Users\Kamil\Downloads\Doskonalenie gry w obronie i w ataku w systemie 1-4-4-2 - Robert Wójcik (1).pptx 2013-12-24 12:31 - 2013-12-24 12:31 - 01839104 _____ C:\Users\Kamil\Downloads\Gra 4 x 4 w ustawieniu 1-2-1 - Marcin Salamon KKS Lech Poznań.ppt 2013-12-24 12:24 - 2013-12-24 12:24 - 00360453 _____ C:\Users\Kamil\Downloads\325-ba.zip 2013-12-24 10:20 - 2011-12-18 20:23 - 00000000 ____D C:\Users\Kamil\Downloads\SELEKCJE 2013-12-24 09:58 - 2011-12-25 21:28 - 00000000 ____D C:\Users\Kamil\Downloads\chillotu vocal 2013-12-23 17:57 - 2013-12-23 17:57 - 00000000 ____D C:\Users\Kamil\Documents\Need for Speed World 2013-12-23 16:27 - 2013-12-23 16:27 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\cef-cache 2013-12-23 16:27 - 2013-12-23 16:27 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\bwincom 2013-12-20 20:40 - 2013-12-20 20:40 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Need for Speed World 2013-12-20 10:19 - 2013-12-20 10:19 - 00003104 _____ C:\Windows\System32\Tasks\{54E1E6EA-AD68-48D1-A2F7-4C0FA1683B1D} 2013-12-20 09:09 - 2011-07-14 13:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-19 20:07 - 2013-12-19 20:07 - 00000000 ____D C:\Users\Kamil\AppData\Local\Electronic_Arts_Inc 2013-12-19 20:05 - 2013-12-19 20:05 - 00000686 _____ C:\Users\Public\Desktop\Need For Speed World.lnk 2013-12-19 20:05 - 2013-12-19 20:05 - 00000000 ____D C:\ProgramData\Electronic Arts 2013-12-17 16:49 - 2013-12-17 16:44 - 00104407 _____ C:\Users\Kamil\Downloads\setup.exe.log 2013-12-15 11:06 - 2013-11-30 14:57 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Bitcoin 2013-12-14 20:39 - 2013-12-13 00:09 - 00000207 _____ C:\Users\Kamil\Desktop\km.txt 2013-12-13 21:49 - 2013-08-05 08:16 - 00000000 ____D C:\Users\Kamil\Desktop\Praca 20132014 2013-12-13 00:08 - 2013-08-03 16:34 - 03422454 ____H C:\Users\Kamil\Desktop\~WRL3382.tmp 2013-12-12 11:24 - 2013-12-12 11:23 - 04857932 _____ C:\Users\Kamil\Downloads\TSO_Tools.zip 2013-12-11 08:16 - 2012-07-21 18:09 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 08:16 - 2012-05-14 19:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 08:16 - 2011-07-14 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-09 13:52 - 2013-12-09 13:51 - 00000000 ____D C:\Users\Kamil\AppData\Local\{3A0184DD-DCF7-40A7-933E-240A3B479517} 2013-12-07 17:38 - 2012-02-25 07:05 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-07 17:38 - 2012-02-25 07:05 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-07 07:06 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-04 21:41 - 2013-12-04 21:31 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\MultiBit 2013-12-01 09:33 - 2013-11-29 20:48 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Litecoin 2013-11-30 14:51 - 2013-11-30 14:51 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin 2013-11-30 14:51 - 2013-11-30 14:50 - 00000000 ____D C:\Program Files (x86)\Bitcoin 2013-11-28 19:44 - 2013-05-08 06:23 - 00000000 ____D C:\Users\Kamil\Documents\Pliki programu Outlook Files to move or delete: ==================== C:\ProgramData\dsgsdgdsgdsgw.pad Some content of TEMP: ==================== C:\Users\Kamil\AppData\Local\Temp\AutoRun.exe C:\Users\Kamil\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Kamil\AppData\Local\Temp\Ce9e7n.exe C:\Users\Kamil\AppData\Local\Temp\cres.dll C:\Users\Kamil\AppData\Local\Temp\cshell.dll C:\Users\Kamil\AppData\Local\Temp\DeltaTB.exe C:\Users\Kamil\AppData\Local\Temp\drm_dialogs.dll C:\Users\Kamil\AppData\Local\Temp\drm_dyndata_7380009.dll C:\Users\Kamil\AppData\Local\Temp\drm_dyndata_7390006.dll C:\Users\Kamil\AppData\Local\Temp\eauninstall.exe C:\Users\Kamil\AppData\Local\Temp\gert0.exe C:\Users\Kamil\AppData\Local\Temp\gg10.upgr.exe C:\Users\Kamil\AppData\Local\Temp\luya3-sv.dll C:\Users\Kamil\AppData\Local\Temp\MyBabylonTB.exe C:\Users\Kamil\AppData\Local\Temp\OptimizerPro.exe C:\Users\Kamil\AppData\Local\Temp\ResetDevice.exe C:\Users\Kamil\AppData\Local\Temp\SIInvoker.exe C:\Users\Kamil\AppData\Local\Temp\sres.dll C:\Users\Kamil\AppData\Local\Temp\The Godfather The Game_uninst.exe C:\Users\Kamil\AppData\Local\Temp\uninst1.exe C:\Users\Kamil\AppData\Local\Temp\Vnzii.exe C:\Users\Kamil\AppData\Local\Temp\_unps.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-19 12:12 ==================== End Of Log ============================