Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-05-2014 Ran by Albert (administrator) on ALBERT-KOMPUTER on 31-05-2014 12:34:14 Running from C:\Users\Albert\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (ABBYY) D:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ArtistScope Pty Ltd) C:\Program Files\Common Files\ArtistScope\CSHelper32.exe (Foxit Corporation) D:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (NV Access Inc) C:\Program Files\NVDA\nvda_service.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Samsung Electronics Co., Ltd.) D:\AllShare\AllShare\AllShareDMS\AllShareDMS.exe (Farbar) C:\Users\Albert\Desktop\FRST(1).exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10979984 2012-05-18] (Realtek Semiconductor) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Bonus.SSR.FR11] => D:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-30] (ABBYY.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-3471368258-3413815123-251901639-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Albert\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-3471368258-3413815123-251901639-1000\...\Run: [IROElauncher] => C:\Program Files\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe [86016 2008-09-24] (Nektra S.A.) HKU\S-1-5-21-3471368258-3413815123-251901639-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google) HKU\S-1-5-21-3471368258-3413815123-251901639-1000\...\MountPoints2: E - E:\autorun.exe HKU\S-1-5-21-3471368258-3413815123-251901639-1000\...\MountPoints2: {1624ba24-1a00-11e2-9204-806e6f6e6963} - E:\PrawkoB2013P.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\eaafqmyf.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Albert\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix) FF Plugin HKCU: ubisoft.com/uplaypc - D:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF Extension: Ivona Firefox Toolbar - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\eaafqmyf.default\Extensions\IvonaFirefoxToolbar@ivona.com [2012-10-21] FF Extension: Adblock Plus - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\eaafqmyf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-20] ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Professional.11.0; D:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY) R2 CSHelper; C:\Program Files\Common Files\ArtistScope\CSHelper32.exe [236624 2013-10-03] (ArtistScope Pty Ltd) R2 FoxitCloudUpdateService; D:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-05-15] (Foxit Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) R2 nvda; C:\Program Files\NVDA\nvda_service.exe [37616 2011-08-05] (NV Access Inc) R2 SamsungAllShareV2.0; D:\AllShare\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-03-02] (Samsung Electronics Co., Ltd.) S3 SimpleSlideShowServer; D:\AllShare\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) ==================== Drivers (Whitelisted) ==================== S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-08-16] (ATI Technologies, Inc.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2013-03-20] () R1 CSDriver; C:\Program Files\Common Files\ArtistScope\CSDriver32.sys [43888 2013-10-03] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-25] (DT Soft Ltd) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2013-03-20] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation) S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) R1 MpKsl8ed93fa5; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35F25867-E03A-4F61-BEA9-5457BC486E16}\MpKsl8ed93fa5.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-31 12:09 - 2014-05-31 12:09 - 00448512 _____ (OldTimer Tools) C:\Users\Albert\Downloads\TFC.exe 2014-05-30 21:53 - 2014-05-31 12:34 - 00010629 _____ () C:\Users\Albert\Desktop\FRST.txt 2014-05-30 21:45 - 2014-05-30 21:45 - 01056256 _____ (Farbar) C:\Users\Albert\Downloads\FRST(1).exe 2014-05-30 21:45 - 2014-05-30 21:45 - 01056256 _____ (Farbar) C:\Users\Albert\Desktop\FRST(1).exe 2014-05-29 19:36 - 2014-05-29 19:36 - 00143000 _____ () C:\Windows\Minidump\052914-11232-01.dmp 2014-05-29 19:23 - 2014-05-29 19:36 - 328772864 _____ () C:\Windows\MEMORY.DMP 2014-05-29 19:23 - 2014-05-29 19:36 - 00000000 ____D () C:\Windows\Minidump 2014-05-29 19:23 - 2014-05-29 19:23 - 00143000 _____ () C:\Windows\Minidump\052914-10280-01.dmp 2014-05-29 18:54 - 2014-05-29 18:54 - 00602112 _____ (OldTimer Tools) C:\Users\Albert\Downloads\OTL.exe 2014-05-29 18:54 - 2014-05-29 18:54 - 00380416 _____ () C:\Users\Albert\Desktop\4kfytc6z.exe 2014-05-29 18:53 - 2014-05-31 12:34 - 00000000 ____D () C:\FRST 2014-05-29 18:53 - 2014-05-29 18:53 - 01056256 _____ (Farbar) C:\Users\Albert\Downloads\FRST.exe 2014-05-29 17:17 - 2014-05-31 12:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-29 17:17 - 2014-05-29 17:17 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-29 17:17 - 2014-05-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-29 17:17 - 2014-05-29 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-29 17:17 - 2014-05-29 17:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-29 17:17 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-29 17:17 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-29 17:17 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-29 17:12 - 2014-05-29 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Albert\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 17:01 - 2014-05-29 17:13 - 00000000 ____D () C:\AdwCleaner 2014-05-29 17:01 - 2014-05-29 17:01 - 01327971 _____ () C:\Users\Albert\Downloads\AdwCleaner.exe 2014-05-29 17:01 - 2014-05-29 17:01 - 01327971 _____ () C:\Users\Albert\Downloads\AdwCleaner(1).exe 2014-05-28 22:06 - 2014-05-28 22:06 - 00000000 __SHD () C:\Users\Albert\AppData\Local\EmieUserList 2014-05-28 22:06 - 2014-05-28 22:06 - 00000000 __SHD () C:\Users\Albert\AppData\Local\EmieSiteList 2014-05-28 22:05 - 2014-05-29 17:13 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks 2014-05-28 22:05 - 2014-05-28 22:05 - 15302680 _____ (Adobe Systems Inc.) C:\Users\Albert\Downloads\adobe-shockwave-player [1].exe 2014-05-28 22:05 - 2014-05-28 22:05 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\WorldofTanks 2014-05-28 22:05 - 2014-05-28 22:05 - 00000000 ____D () C:\Users\Albert\AppData\Local\WorldofTanks 2014-05-28 22:04 - 2014-05-28 22:04 - 00654128 _____ () C:\Users\Albert\Downloads\adobe-shockwave-player.exe 2014-05-28 22:03 - 2014-05-28 22:04 - 00654128 _____ () C:\Users\Albert\Downloads\adobe-flash-player.exe 2014-05-18 15:28 - 2014-05-18 15:28 - 174667601 _____ () C:\Users\Albert\Documents\Brama Zadanie Domowe1.xcf 2014-05-18 15:28 - 2014-05-18 15:28 - 00004050 _____ () C:\Users\Albert\AppData\Local\recently-used.xbel 2014-05-18 15:23 - 2014-05-18 15:23 - 01883792 _____ (Irfan Skiljan) C:\Users\Albert\Downloads\iview437_setup(dobreprogramy.pl).exe 2014-05-18 10:58 - 2014-05-18 15:28 - 00000000 ____D () C:\Users\Albert\AppData\Local\gtk-2.0 2014-05-18 10:58 - 2014-05-18 10:58 - 00000000 ____D () C:\Users\Albert\.thumbnails 2014-05-18 10:56 - 2014-05-18 15:28 - 00000000 ____D () C:\Users\Albert\.gimp-2.8 2014-05-18 10:56 - 2014-05-18 10:56 - 00001047 _____ () C:\Users\Albert\Desktop\GIMP 2.lnk 2014-05-18 10:56 - 2014-05-18 10:56 - 00000000 ____D () C:\Users\Albert\AppData\Local\gegl-0.2 2014-05-18 10:54 - 2014-05-18 10:56 - 00000000 ____D () C:\Program Files\GIMP 2 2014-05-18 10:48 - 2014-05-18 10:52 - 90396104 _____ (The GIMP Team ) C:\Users\Albert\Downloads\gimp-2.8.10-setup.exe 2014-05-15 16:37 - 2014-05-15 16:37 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-15 16:35 - 2014-05-15 16:35 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-05-15 16:35 - 2014-05-15 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-15 16:35 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 16:35 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 16:35 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 16:35 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-05-15 16:35 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-05-15 16:35 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-05-15 16:35 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-05-15 14:44 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 14:44 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 14:44 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 14:44 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 14:44 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 14:44 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 14:44 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 14:44 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 14:44 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 14:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 14:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-15 14:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 14:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 14:44 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 14:44 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-10 14:01 - 2014-05-10 14:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-06 07:30 - 2014-05-15 17:02 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-05-31 12:34 - 2014-05-30 21:53 - 00010629 _____ () C:\Users\Albert\Desktop\FRST.txt 2014-05-31 12:34 - 2014-05-29 18:53 - 00000000 ____D () C:\FRST 2014-05-31 12:34 - 2014-05-29 17:17 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-31 12:34 - 2012-10-19 17:23 - 00000000 ____D () C:\Users\Albert\AppData\Local\Temp 2014-05-31 12:28 - 2013-09-30 19:54 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-31 12:25 - 2013-06-30 09:45 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-31 12:19 - 2012-10-19 17:23 - 01485051 _____ () C:\Windows\WindowsUpdate.log 2014-05-31 12:14 - 2011-04-12 07:08 - 00740196 _____ () C:\Windows\system32\perfh015.dat 2014-05-31 12:14 - 2011-04-12 07:08 - 00155770 _____ () C:\Windows\system32\perfc015.dat 2014-05-31 12:14 - 2010-11-20 23:01 - 01669606 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-31 12:14 - 2009-07-14 06:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-31 12:14 - 2009-07-14 06:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-31 12:09 - 2014-05-31 12:09 - 00448512 _____ (OldTimer Tools) C:\Users\Albert\Downloads\TFC.exe 2014-05-31 12:09 - 2013-09-30 19:56 - 00000000 ___RD () C:\Users\Albert\Dysk Google 2014-05-31 12:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-31 12:07 - 2013-09-30 19:54 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-31 12:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-31 12:07 - 2009-07-14 06:39 - 00613682 _____ () C:\Windows\setupact.log 2014-05-30 22:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-05-30 21:51 - 2013-11-05 19:04 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin 2014-05-30 21:45 - 2014-05-30 21:45 - 01056256 _____ (Farbar) C:\Users\Albert\Downloads\FRST(1).exe 2014-05-30 21:45 - 2014-05-30 21:45 - 01056256 _____ (Farbar) C:\Users\Albert\Desktop\FRST(1).exe 2014-05-30 18:12 - 2014-04-29 14:49 - 00003681 _____ () C:\Users\Albert\Documents\PrawkoB2013P.tmp 2014-05-29 19:47 - 2014-02-17 19:04 - 00001832 _____ () C:\Users\Albert\Documents\PrawkoB2013.tmp 2014-05-29 19:36 - 2014-05-29 19:36 - 00143000 _____ () C:\Windows\Minidump\052914-11232-01.dmp 2014-05-29 19:36 - 2014-05-29 19:23 - 328772864 _____ () C:\Windows\MEMORY.DMP 2014-05-29 19:36 - 2014-05-29 19:23 - 00000000 ____D () C:\Windows\Minidump 2014-05-29 19:23 - 2014-05-29 19:23 - 00143000 _____ () C:\Windows\Minidump\052914-10280-01.dmp 2014-05-29 18:54 - 2014-05-29 18:54 - 00602112 _____ (OldTimer Tools) C:\Users\Albert\Downloads\OTL.exe 2014-05-29 18:54 - 2014-05-29 18:54 - 00380416 _____ () C:\Users\Albert\Desktop\4kfytc6z.exe 2014-05-29 18:53 - 2014-05-29 18:53 - 01056256 _____ (Farbar) C:\Users\Albert\Downloads\FRST.exe 2014-05-29 17:17 - 2014-05-29 17:17 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-29 17:17 - 2014-05-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-29 17:17 - 2014-05-29 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-29 17:17 - 2014-05-29 17:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-29 17:14 - 2010-11-20 23:48 - 00091088 _____ () C:\Windows\PFRO.log 2014-05-29 17:13 - 2014-05-29 17:01 - 00000000 ____D () C:\AdwCleaner 2014-05-29 17:13 - 2014-05-28 22:05 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks 2014-05-29 17:13 - 2012-10-19 17:24 - 00001152 _____ () C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-29 17:12 - 2014-05-29 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Albert\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-29 17:11 - 2012-10-19 18:14 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-29 17:11 - 2012-10-19 17:23 - 00000000 ____D () C:\Users\Albert 2014-05-29 17:08 - 2012-10-19 18:14 - 00001105 _____ () C:\Users\Albert\Desktop\Mozilla Firefox.lnk 2014-05-29 17:01 - 2014-05-29 17:01 - 01327971 _____ () C:\Users\Albert\Downloads\AdwCleaner.exe 2014-05-29 17:01 - 2014-05-29 17:01 - 01327971 _____ () C:\Users\Albert\Downloads\AdwCleaner(1).exe 2014-05-28 22:06 - 2014-05-28 22:06 - 00000000 __SHD () C:\Users\Albert\AppData\Local\EmieUserList 2014-05-28 22:06 - 2014-05-28 22:06 - 00000000 __SHD () C:\Users\Albert\AppData\Local\EmieSiteList 2014-05-28 22:05 - 2014-05-28 22:05 - 15302680 _____ (Adobe Systems Inc.) C:\Users\Albert\Downloads\adobe-shockwave-player [1].exe 2014-05-28 22:05 - 2014-05-28 22:05 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\WorldofTanks 2014-05-28 22:05 - 2014-05-28 22:05 - 00000000 ____D () C:\Users\Albert\AppData\Local\WorldofTanks 2014-05-28 22:04 - 2014-05-28 22:04 - 00654128 _____ () C:\Users\Albert\Downloads\adobe-shockwave-player.exe 2014-05-28 22:04 - 2014-05-28 22:03 - 00654128 _____ () C:\Users\Albert\Downloads\adobe-flash-player.exe 2014-05-27 21:01 - 2013-04-04 19:15 - 00000000 ____D () C:\Users\Albert\Desktop\Dokumenty 2014-05-26 16:33 - 2013-04-13 21:05 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-05-19 14:37 - 2009-07-14 06:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-18 15:28 - 2014-05-18 15:28 - 174667601 _____ () C:\Users\Albert\Documents\Brama Zadanie Domowe1.xcf 2014-05-18 15:28 - 2014-05-18 15:28 - 00004050 _____ () C:\Users\Albert\AppData\Local\recently-used.xbel 2014-05-18 15:28 - 2014-05-18 10:58 - 00000000 ____D () C:\Users\Albert\AppData\Local\gtk-2.0 2014-05-18 15:28 - 2014-05-18 10:56 - 00000000 ____D () C:\Users\Albert\.gimp-2.8 2014-05-18 15:23 - 2014-05-18 15:23 - 01883792 _____ (Irfan Skiljan) C:\Users\Albert\Downloads\iview437_setup(dobreprogramy.pl).exe 2014-05-18 15:20 - 2012-10-19 18:43 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Adobe 2014-05-18 10:58 - 2014-05-18 10:58 - 00000000 ____D () C:\Users\Albert\.thumbnails 2014-05-18 10:56 - 2014-05-18 10:56 - 00001047 _____ () C:\Users\Albert\Desktop\GIMP 2.lnk 2014-05-18 10:56 - 2014-05-18 10:56 - 00000000 ____D () C:\Users\Albert\AppData\Local\gegl-0.2 2014-05-18 10:56 - 2014-05-18 10:54 - 00000000 ____D () C:\Program Files\GIMP 2 2014-05-18 10:52 - 2014-05-18 10:48 - 90396104 _____ (The GIMP Team ) C:\Users\Albert\Downloads\gimp-2.8.10-setup.exe 2014-05-16 15:27 - 2012-10-19 18:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-16 15:26 - 2012-10-19 18:45 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-05-15 21:47 - 2012-11-06 19:30 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 17:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-05-15 17:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-15 17:02 - 2014-05-06 07:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 17:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-05-15 16:39 - 2013-07-29 22:16 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 16:37 - 2014-05-15 16:37 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-15 16:37 - 2012-10-19 18:02 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-15 16:35 - 2014-05-15 16:35 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log 2014-05-15 16:35 - 2014-05-15 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-15 16:35 - 2013-10-22 19:57 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-15 16:35 - 2012-10-19 18:46 - 00000000 ____D () C:\Program Files\Java 2014-05-14 13:25 - 2012-10-19 18:43 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-14 13:25 - 2012-10-19 18:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-12 07:26 - 2014-05-29 17:17 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-29 17:17 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:25 - 2014-05-29 17:17 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 08:40 - 2012-10-19 18:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-10 14:01 - 2014-05-10 14:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-09 09:06 - 2014-05-15 14:44 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 09:04 - 2014-05-15 14:44 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 19:08 - 2013-06-26 16:51 - 00000000 ____D () C:\Users\Albert\Desktop\Udostępniam to! 2014-05-06 05:25 - 2014-05-15 16:35 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 05:07 - 2014-05-15 16:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 04:10 - 2014-05-15 16:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-05 09:24 - 2013-09-30 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-05-03 13:27 - 2012-11-27 22:00 - 00000000 ____D () C:\Users\Albert\AppData\Roaming\Skype ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe [2014-05-15 14:44] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Menedľer rozruchu systemu Windows --------------------------------- Identyfikator {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale pl-PL inherit {globalsettings} default {current} resumeobject {a95178ee-fb14-11e0-ad5b-ce8f0f512959} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {a95178ec-fb14-11e0-ad5b-ce8f0f512959} device ramdisk=[C:]\Recovery\a95178ec-fb14-11e0-ad5b-ce8f0f512959\Winre.wim,{a95178ed-fb14-11e0-ad5b-ce8f0f512959} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\a95178ec-fb14-11e0-ad5b-ce8f0f512959\Winre.wim,{a95178ed-fb14-11e0-ad5b-ce8f0f512959} systemroot \windows nx OptIn winpe Yes Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale pl-PL inherit {bootloadersettings} recoverysequence {a95178f0-fb14-11e0-ad5b-ce8f0f512959} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {a95178ee-fb14-11e0-ad5b-ce8f0f512959} nx OptIn increaseuserva 3072 Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {a95178f0-fb14-11e0-ad5b-ce8f0f512959} device ramdisk=[C:]\Recovery\a95178f0-fb14-11e0-ad5b-ce8f0f512959\Winre.wim,{a95178f1-fb14-11e0-ad5b-ce8f0f512959} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\a95178f0-fb14-11e0-ad5b-ce8f0f512959\Winre.wim,{a95178f1-fb14-11e0-ad5b-ce8f0f512959} systemroot \windows nx OptIn winpe Yes Wznawianie ze stanu hibernacji ------------------------------ Identyfikator {a95178ee-fb14-11e0-ad5b-ce8f0f512959} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale pl-PL inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Moduˆ testujĄcy pami©† systemu Windows -------------------------------------- Identyfikator {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Diagnostyka pami©ci systemu Windows locale pl-PL inherit {globalsettings} badmemoryaccess Yes Ustawienia usˆug EMS -------------------- Identyfikator {emssettings} bootems Yes Ustawienia debugera ------------------- Identyfikator {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Uszkodzenia pami©ci RAM ----------------------- Identyfikator {badmemory} Ustawienia globalne ------------------- Identyfikator {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Ustawienia moduˆu ˆadujĄcego rozruchu ------------------------------------- Identyfikator {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Ustawienia funkcji hypervisor ----------------------------- Identyfikator {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Ustawienia moduˆu ˆadujĄcego wznawiania --------------------------------------- Identyfikator {resumeloadersettings} inherit {globalsettings} Opcje urzĄdzenia ---------------- Identyfikator {a95178f1-fb14-11e0-ad5b-ce8f0f512959} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\a95178f0-fb14-11e0-ad5b-ce8f0f512959\boot.sdi LastRegBack: 2014-05-29 09:19 ==================== End Of Log ============================