Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by Tadeusz (administrator) on TADEUSZ on 29-05-2014 18:43:03 Running from E:\H\internet Platform: Windows 8 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation) HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [645168 2013-09-11] (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com SearchScopes: HKLM - DefaultScope {51FDFFC3-2AC0-4BFC-A412-978BF4BC2BE7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS SearchScopes: HKLM - {51FDFFC3-2AC0-4BFC-A412-978BF4BC2BE7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS SearchScopes: HKLM-x32 - DefaultScope {51FDFFC3-2AC0-4BFC-A412-978BF4BC2BE7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS SearchScopes: HKLM-x32 - {51FDFFC3-2AC0-4BFC-A412-978BF4BC2BE7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS SearchScopes: HKCU - DefaultScope {51FDFFC3-2AC0-4BFC-A412-978BF4BC2BE7} URL = SearchScopes: HKCU - {51FDFFC3-2AC0-4BFC-A412-978BF4BC2BE7} URL = Tcpip\Parameters: [DhcpNameServer] 79.139.16.1 79.139.16.2 FireFox: ======== FF ProfilePath: C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default FF Homepage: hxxp://www.gazeta.pl/0,0.html FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF SearchPlugin: C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default\searchplugins\google-language-en.xml FF SearchPlugin: C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default\searchplugins\google-language-it.xml FF SearchPlugin: C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default\searchplugins\google-language-ru-.xml FF SearchPlugin: C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default\searchplugins\googlede.xml FF SearchPlugin: C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default\searchplugins\googlefr.xml FF SearchPlugin: C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default\searchplugins\googleit.xml FF Extension: DownloadHelper - C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-29] FF Extension: S3.Google Translator - C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default\Extensions\s3google@translator.xpi [2014-05-29] FF Extension: Google Translator for Firefox - C:\Users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\ds5ay2rl.default\Extensions\translator@zoli.bod.xpi [2014-05-29] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-05-29] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-05-29] ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-08-02] (Realtek Microelectronics) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation ) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-29 18:40 - 2014-05-29 18:43 - 00000000 ____D () C:\FRST 2014-05-29 17:58 - 2014-05-29 17:58 - 00000000 ____D () C:\cf4020eb627bcb50a2c16f8a6bbe8ca3 2014-05-29 17:49 - 2014-05-29 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-05-29 17:49 - 2014-05-29 17:49 - 00000000 ____D () C:\ProgramData\ESET 2014-05-29 17:49 - 2014-05-29 17:49 - 00000000 ____D () C:\Program Files\ESET 2014-05-29 17:36 - 2014-05-29 17:58 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak2 2014-05-29 17:30 - 2014-05-29 17:30 - 00000000 ___RD () C:\Users\Tadeusz\Desktop\pliki mało używane 2014-05-29 17:28 - 2014-05-27 18:39 - 00000512 _____ () C:\Users\Tadeusz\Documents\indexfile.txt 2014-05-29 13:03 - 2014-05-29 13:03 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1 2014-05-29 09:00 - 2014-05-29 09:00 - 00000000 _____ () C:\Recovery.txt 2014-05-29 08:54 - 2014-05-29 13:03 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak 2014-05-29 08:47 - 2014-05-29 08:47 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\Macromedia 2014-05-29 08:41 - 2014-05-29 18:37 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-29 08:41 - 2014-05-29 08:41 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-05-29 08:40 - 2014-05-29 18:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3272040304-3755979146-2439947456-1001 2014-05-29 08:40 - 2014-05-29 08:40 - 00000000 ____D () C:\Users\Tadeusz\AppData\Roaming\ATI 2014-05-29 08:40 - 2014-05-29 08:40 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\ATI 2014-05-29 08:39 - 2014-05-29 08:39 - 00000000 ____D () C:\Users\Tadeusz\AppData\Roaming\Mozilla 2014-05-29 08:39 - 2014-05-29 08:39 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\Mozilla 2014-05-29 08:38 - 2014-05-29 08:38 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-29 08:38 - 2014-05-29 08:38 - 00000000 ____D () C:\ProgramData\Mozilla 2014-05-29 08:38 - 2014-05-29 08:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-29 08:38 - 2014-05-29 08:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-29 05:10 - 2014-05-29 05:10 - 00000000 ____D () C:\ProgramData\ToshibaEurope 2014-05-29 05:08 - 2014-05-29 05:08 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2014-05-29 05:08 - 2014-05-29 05:08 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\SRS Labs 2014-05-29 05:07 - 2014-05-29 05:07 - 00001453 _____ () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-29 05:07 - 2014-05-29 05:07 - 00000000 ___RD () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-29 05:07 - 2014-05-29 05:07 - 00000000 ___RD () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-29 05:05 - 2014-05-29 05:05 - 00000000 ____D () C:\Users\Tadeusz\AppData\Roaming\Macromedia 2014-05-29 05:05 - 2014-05-29 05:05 - 00000000 ____D () C:\Users\Tadeusz\AppData\Roaming\Adobe 2014-05-29 05:04 - 2014-05-29 05:04 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\VirtualStore 2014-05-29 05:03 - 2014-05-29 09:37 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\Packages 2014-05-29 05:01 - 2014-05-29 18:35 - 01430969 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-29 05:01 - 2014-05-29 05:07 - 00000000 ____D () C:\Users\Tadeusz 2014-05-29 05:01 - 2014-05-29 05:01 - 00000020 ___SH () C:\Users\Tadeusz\ntuser.ini 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Ustawienia lokalne 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Szablony 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Moje dokumenty 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Menu Start 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Documents\Moje wideo 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Documents\Moje obrazy 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Documents\Moja muzyka 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Dane aplikacji 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\AppData\Local\Historia 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\AppData\Local\Dane aplikacji 2014-05-29 05:01 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-29 05:01 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-05-29 05:01 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-05-29 05:01 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ==================== One Month Modified Files and Folders ======= 2014-05-29 18:43 - 2014-05-29 18:40 - 00000000 ____D () C:\FRST 2014-05-29 18:37 - 2014-05-29 08:41 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-29 18:35 - 2014-05-29 05:01 - 01430969 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-29 18:34 - 2014-05-29 08:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3272040304-3755979146-2439947456-1001 2014-05-29 18:33 - 2012-08-02 09:05 - 00794946 _____ () C:\WINDOWS\system32\perfh015.dat 2014-05-29 18:33 - 2012-08-02 09:05 - 00159530 _____ () C:\WINDOWS\system32\perfc015.dat 2014-05-29 18:33 - 2012-08-02 08:59 - 00730544 _____ () C:\WINDOWS\system32\perfh00E.dat 2014-05-29 18:33 - 2012-08-02 08:59 - 00174018 _____ () C:\WINDOWS\system32\perfc00E.dat 2014-05-29 18:33 - 2012-08-02 08:54 - 00541792 _____ () C:\WINDOWS\system32\perfh008.dat 2014-05-29 18:33 - 2012-08-02 08:54 - 00088858 _____ () C:\WINDOWS\system32\perfc008.dat 2014-05-29 18:33 - 2012-08-02 08:48 - 00718298 _____ () C:\WINDOWS\system32\perfh005.dat 2014-05-29 18:33 - 2012-08-02 08:48 - 00147876 _____ () C:\WINDOWS\system32\perfc005.dat 2014-05-29 18:33 - 2012-07-26 09:28 - 04191394 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-05-29 18:28 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-29 18:28 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-05-29 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-05-29 17:58 - 2014-05-29 17:58 - 00000000 ____D () C:\cf4020eb627bcb50a2c16f8a6bbe8ca3 2014-05-29 17:58 - 2014-05-29 17:36 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak2 2014-05-29 17:49 - 2014-05-29 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-05-29 17:49 - 2014-05-29 17:49 - 00000000 ____D () C:\ProgramData\ESET 2014-05-29 17:49 - 2014-05-29 17:49 - 00000000 ____D () C:\Program Files\ESET 2014-05-29 17:30 - 2014-05-29 17:30 - 00000000 ___RD () C:\Users\Tadeusz\Desktop\pliki mało używane 2014-05-29 17:27 - 2012-07-26 09:21 - 00021111 _____ () C:\WINDOWS\setupact.log 2014-05-29 13:03 - 2014-05-29 13:03 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1 2014-05-29 13:03 - 2014-05-29 08:54 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak 2014-05-29 09:37 - 2014-05-29 05:03 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\Packages 2014-05-29 09:37 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-05-29 09:07 - 2012-11-15 02:19 - 00000000 ____D () C:\ProgramData\McAfee 2014-05-29 09:00 - 2014-05-29 09:00 - 00000000 _____ () C:\Recovery.txt 2014-05-29 09:00 - 2012-07-26 10:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2014-05-29 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2014-05-29 08:47 - 2014-05-29 08:47 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\Macromedia 2014-05-29 08:46 - 2012-11-15 10:23 - 00005702 _____ () C:\WINDOWS\PFRO.log 2014-05-29 08:46 - 2012-11-15 02:19 - 00000000 ____D () C:\Program Files\Common Files\mcafee 2014-05-29 08:46 - 2012-11-15 02:19 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-05-29 08:44 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp 2014-05-29 08:44 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-05-29 08:41 - 2014-05-29 08:41 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-05-29 08:40 - 2014-05-29 08:40 - 00000000 ____D () C:\Users\Tadeusz\AppData\Roaming\ATI 2014-05-29 08:40 - 2014-05-29 08:40 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\ATI 2014-05-29 08:39 - 2014-05-29 08:39 - 00000000 ____D () C:\Users\Tadeusz\AppData\Roaming\Mozilla 2014-05-29 08:39 - 2014-05-29 08:39 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\Mozilla 2014-05-29 08:38 - 2014-05-29 08:38 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-29 08:38 - 2014-05-29 08:38 - 00000000 ____D () C:\ProgramData\Mozilla 2014-05-29 08:38 - 2014-05-29 08:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-29 08:38 - 2014-05-29 08:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-29 05:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-05-29 05:10 - 2014-05-29 05:10 - 00000000 ____D () C:\ProgramData\ToshibaEurope 2014-05-29 05:10 - 2012-11-15 01:33 - 00000000 ____D () C:\ProgramData\Toshiba 2014-05-29 05:08 - 2014-05-29 05:08 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2014-05-29 05:08 - 2014-05-29 05:08 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\SRS Labs 2014-05-29 05:07 - 2014-05-29 05:07 - 00001453 _____ () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-29 05:07 - 2014-05-29 05:07 - 00000000 ___RD () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-29 05:07 - 2014-05-29 05:07 - 00000000 ___RD () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-29 05:07 - 2014-05-29 05:01 - 00000000 ____D () C:\Users\Tadeusz 2014-05-29 05:05 - 2014-05-29 05:05 - 00000000 ____D () C:\Users\Tadeusz\AppData\Roaming\Macromedia 2014-05-29 05:05 - 2014-05-29 05:05 - 00000000 ____D () C:\Users\Tadeusz\AppData\Roaming\Adobe 2014-05-29 05:04 - 2014-05-29 05:04 - 00000000 ____D () C:\Users\Tadeusz\AppData\Local\VirtualStore 2014-05-29 05:03 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-05-29 05:03 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore 2014-05-29 05:02 - 2012-11-15 01:47 - 00281544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-05-29 05:01 - 2014-05-29 05:01 - 00000020 ___SH () C:\Users\Tadeusz\ntuser.ini 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Ustawienia lokalne 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Szablony 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Moje dokumenty 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Menu Start 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Documents\Moje wideo 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Documents\Moje obrazy 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Documents\Moja muzyka 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\Dane aplikacji 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\AppData\Local\Historia 2014-05-29 05:01 - 2014-05-29 05:01 - 00000000 _SHDL () C:\Users\Tadeusz\AppData\Local\Dane aplikacji 2014-05-27 18:39 - 2014-05-29 17:28 - 00000512 _____ () C:\Users\Tadeusz\Documents\indexfile.txt Some content of TEMP: ==================== C:\Users\Tadeusz\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Tadeusz\AppData\Local\Temp\InstHelper.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2012-11-15 10:23 ==================== End Of Log ============================