Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-08-2015 02 Ran by Ja (administrator) on JA-PC (12-08-2015 14:06:26) Running from C:\Users\Ja\Documents\Antywirusy Loaded Profiles: Ja (Available Profiles: Ja) Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) Language: Polski (Polska) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Google Inc.) C:\Program Files\Google\Update\Install\{69811C33-9D20-41C7-BD82-18A04939E48C}\GoogleUpdateSetup.exe (Google Inc.) C:\Program Files\GUMCF9D.tmp\GoogleUpdate.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-02-24] (RealNetworks, Inc.) HKLM\...\Policies\Explorer: [CDRAutoRun] 0 HKU\S-1-5-21-70149214-1339082029-3386996294-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-70149214-1339082029-3386996294-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-70149214-1339082029-3386996294-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-70149214-1339082029-3386996294-1000\...\Run: [ChomikBox] => C:\Program Files\ChomikBox\chomikbox.exe [6033408 2015-04-16] ( ) HKU\S-1-5-21-70149214-1339082029-3386996294-1000\...\Run: [uTorrent] => C:\Users\Ja\AppData\Roaming\uTorrent\uTorrent.exe [1045072 2014-05-06] (BitTorrent Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4-0] -> {86E347EF-A3D7-4BA8-95DC-9B9D88F9E501} => C:\Program Files\Common Files\CBFS\cbfsMntNtf4.dll [2012-12-24] (EldoS Corporation) ShellIconOverlayIdentifiers: [_IconOverlayHandlerPrivateFolder] -> {EB8BE1F7-C2C7-44F5-AC36-DDDE33BF278F} => No File ShellIconOverlayIdentifiers: [_IconOverlayHandlerSharedFolder] -> {00C79FB6-CFE5-494B-B843-80B4704AF902} => No File BootExecute: autocheck autochk /p \??\L:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-70149214-1339082029-3386996294-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ HKU\S-1-5-21-70149214-1339082029-3386996294-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://idg.pl SearchScopes: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> DefaultScope {FB46773B-E61F-4CBB-946D-AE0885ECC19D} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> {1640682A-E301-44D1-BFE0-02F9A607E8FB} URL = http://pl.wikipedia.org/w/index.php?title=Specjalna:Szukaj&search={searchTerms} SearchScopes: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> {54C17501-7094-44C8-B3F4-BBD0BD39E822} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> {86DAD855-C638-4EC2-936F-CEDF9F6519B9} URL = http://www.nasza-klasa.pl/szukaj/profile?q={searchTerms} SearchScopes: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> {B6C81B24-86CD-4A43-B78B-CEED1F3D4C76} URL = http://www.idg.pl/szukaj/default.asp?cx=005416299804844657847%3A24ty2mhze6s&cof=FORID%3A11&ie=UTF-8&q={searchTerms}&sa=Szukaj SearchScopes: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> {BC205373-8D4E-4548-B0FE-4644FAFF1F7E} URL = http://www.allegro.pl/search.php?sg=0&string={searchTerms} SearchScopes: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> {C8A9CACB-2679-4076-9A0E-ADA0DC669772} URL = http://www.facebook.com/search/?q={searchTerms} SearchScopes: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> {FB46773B-E61F-4CBB-946D-AE0885ECC19D} URL = https://www.google.com/search?q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-14] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-14] (Google Inc.) Toolbar: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.) Toolbar: HKU\S-1-5-21-70149214-1339082029-3386996294-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-14] (Google Inc.) Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-27] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-27] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-27] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-27] (Lavasoft Limited) Winsock: Catalog9 29 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-07-27] (Lavasoft Limited) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 217.172.224.160 89.231.1.206 Tcpip\..\Interfaces\{A1F89EFB-5321-40CD-844D-3F544AD7575C}: [DhcpNameServer] 217.172.224.160 89.231.1.206 FireFox: ======== FF ProfilePath: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\l0oaqh33.default FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll [No File] FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [No File] FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-02-24] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File] FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-08-03] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-08-03] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-26] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-24] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-07-18] (Macrovision Europe Ltd.) [File not signed] R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] () R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] () R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices) S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.) R1 cbfs4-0; C:\Program Files\Common Files\CBFS\cbfs4.sys [315480 2012-12-24] (EldoS Corporation) S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16896 2010-05-12] (Danish Wireless Design A/S) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] () S3 qpavstrm; C:\Windows\System32\DRIVERS\qpavstrm.sys [595200 2012-04-11] (Sigma Designs, Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-04-24] (Duplex Secure Ltd.) S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [71539 2007-08-11] (Microsoft Corporation) [File not signed] S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [583552 2010-09-01] (eMPIA Technology, Inc.) [File not signed] S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [840960 2010-09-01] (eMPIA Technology, Inc.) [File not signed] R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1102848 2009-10-21] (VIA Technologies, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X] S1 MpKslea2e9b06; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E21CA48B-EFE6-4250-938A-6CCE394F8D64}\MpKslea2e9b06.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-12 14:05 - 2015-08-12 14:05 - 06420480 _____ C:\Program Files\GUTCF9E.tmp 2015-08-12 14:05 - 2015-08-12 14:05 - 00000000 ____D C:\Program Files\GUMCF9D.tmp 2015-08-12 11:13 - 2015-07-21 22:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 11:13 - 2015-07-21 18:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-12 11:13 - 2015-07-21 18:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 11:13 - 2015-07-21 18:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2015-08-12 11:13 - 2015-07-21 18:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 11:13 - 2015-07-21 18:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-08-12 11:13 - 2015-07-21 18:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 11:13 - 2015-07-21 18:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-12 11:11 - 2015-07-31 21:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 11:11 - 2015-07-09 16:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-08-12 11:10 - 2015-07-10 21:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 11:08 - 2015-07-11 17:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-12 11:02 - 2015-07-18 18:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 11:00 - 2015-08-01 00:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 11:00 - 2015-07-31 23:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-08-12 11:00 - 2015-07-31 23:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-08-12 11:00 - 2015-07-31 23:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-08-12 11:00 - 2015-07-31 23:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-08-12 11:00 - 2015-07-31 22:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-12 11:00 - 2015-07-31 22:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-08-12 11:00 - 2015-07-31 22:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-08-12 11:00 - 2015-07-31 22:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 11:00 - 2015-07-31 22:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 11:00 - 2015-07-31 22:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 11:00 - 2015-07-31 22:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 11:00 - 2015-07-10 21:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 11:00 - 2015-07-10 21:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 10:59 - 2015-07-01 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 10:58 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 10:58 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 10:55 - 2015-07-22 22:54 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-12 10:55 - 2015-07-22 22:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 10:55 - 2015-07-22 22:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 10:55 - 2015-07-22 22:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 10:55 - 2015-07-22 22:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 10:55 - 2015-07-22 22:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 10:55 - 2015-07-22 22:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 10:55 - 2015-07-22 22:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-08-12 10:55 - 2015-07-22 22:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 10:55 - 2015-07-22 22:44 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 10:55 - 2015-07-22 22:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 10:55 - 2015-07-22 22:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 10:55 - 2015-07-22 22:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 10:55 - 2015-07-22 22:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 10:55 - 2015-07-22 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-12 10:55 - 2015-07-22 22:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 10:55 - 2015-07-22 22:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 10:55 - 2015-07-22 22:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 10:55 - 2015-07-22 22:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-08-12 10:55 - 2015-07-22 22:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-08-12 10:55 - 2015-07-22 22:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-08-12 10:55 - 2015-07-22 22:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-12 10:29 - 2015-08-12 14:06 - 00000000 ____D C:\FRST 2015-08-11 20:37 - 2015-08-11 21:09 - 00000000 ____D C:\ProgramData\Codemasters 2015-08-11 20:31 - 2009-10-15 12:44 - 00809560 ____R (Creative Labs Inc.) C:\Windows\system32\tmp9809.tmp 2015-08-11 20:31 - 2009-10-15 12:44 - 00809560 ____R (Creative Labs Inc.) C:\Windows\system32\tmp73C7.tmp 2015-08-11 20:29 - 2009-10-15 12:44 - 00809560 ____R (Creative Labs Inc.) C:\Windows\system32\tmp7397.tmp 2015-08-10 08:51 - 2015-08-12 14:03 - 00605928 _____ C:\Windows\WindowsUpdate.log 2015-08-07 10:10 - 2015-08-08 10:19 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2015-07-27 21:46 - 2015-07-27 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-07-27 21:46 - 2015-07-27 21:46 - 00002840 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-07-27 21:46 - 2015-07-27 21:45 - 00342016 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll 2015-07-27 21:45 - 2015-07-27 21:45 - 00000000 ____D C:\Users\Ja\AppData\Roaming\ProgSense 2015-07-27 21:45 - 2015-07-27 21:45 - 00000000 ____D C:\Users\Ja\AppData\Roaming\GrabPro 2015-07-27 21:44 - 2015-07-27 21:53 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Orbit 2015-07-24 12:23 - 2015-07-24 12:23 - 00000524 _____ C:\Users\Ja\Desktop\Fraps.lnk 2015-07-24 12:23 - 2015-07-24 12:23 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps 2015-07-18 13:41 - 2015-07-18 13:41 - 00000000 ____D C:\Users\Ja\Documents\Nowy wydruk fotograficzny.el6.Data 2015-07-18 13:28 - 2015-07-18 13:28 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2015-07-18 13:25 - 2015-07-18 13:25 - 00000000 ____D C:\Users\Ja\Downloads\AdobePhotoshop10pl 2015-07-18 13:23 - 2015-07-18 13:25 - 00000514 _____ C:\Windows\system32\Ahmbed.gz 2015-07-18 13:20 - 2015-07-18 13:22 - 479547806 _____ C:\Users\Ja\Downloads\AdobePhotoshop10pl.zip 2015-07-16 07:09 - 2015-07-03 18:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-16 07:08 - 2015-06-17 18:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-16 07:08 - 2015-06-17 17:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-16 07:07 - 2015-06-12 18:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-16 06:56 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-16 06:55 - 2015-06-27 18:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-16 06:55 - 2015-06-27 18:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-16 06:55 - 2015-06-27 18:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-16 06:55 - 2015-06-27 18:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-07-16 06:55 - 2015-06-27 16:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-16 06:55 - 2015-06-27 16:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-16 06:55 - 2015-06-12 15:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-16 06:55 - 2015-01-09 02:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-12 14:06 - 2012-05-12 15:44 - 00000000 ____D C:\Users\Ja\Documents\Antywirusy 2015-08-12 14:05 - 2013-05-18 03:31 - 00000000 ____D C:\Users\Ja\AppData\Roaming\uTorrent 2015-08-12 14:05 - 2013-05-10 13:02 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-12 14:05 - 2012-11-24 04:29 - 00000000 ____D C:\Users\Ja\AppData\Local\ChomikBox 2015-08-12 14:04 - 2014-07-12 21:14 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-08-12 14:04 - 2013-05-03 03:23 - 00000000 ____D C:\Users\Ja\.gstreamer-0.10 2015-08-12 14:04 - 2012-11-25 21:55 - 00000008 __RSH C:\Users\Ja\ntuser.pol 2015-08-12 14:04 - 2011-07-25 16:26 - 00000000 ____D C:\Users\Ja 2015-08-12 14:04 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-12 14:04 - 2006-11-02 14:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-12 14:04 - 2006-11-02 14:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-12 14:03 - 2006-11-02 15:01 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-12 14:01 - 2015-05-25 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Milionerzy 2015-08-12 14:01 - 2013-05-30 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monopoly Here & Now Edition 2015-08-12 14:01 - 2013-05-21 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw 2015-08-12 14:01 - 2006-11-02 13:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-08-12 13:56 - 2013-06-27 06:10 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-12 13:56 - 2013-05-10 13:02 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-12 13:34 - 2012-05-28 23:48 - 00000000 ___RD C:\Users\Ja\Documents\piłka 2015-08-12 13:31 - 2011-07-25 16:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-08-12 13:31 - 2011-07-25 16:39 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2015-08-12 12:26 - 2015-05-20 14:40 - 00000000 ____D C:\Users\Ja\AppData\Local\CrashDumps 2015-08-12 11:28 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-12 11:23 - 2006-11-02 14:47 - 00273144 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-12 11:20 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-08-12 11:14 - 2011-07-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-12 11:13 - 2011-08-15 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-12 11:13 - 2011-08-15 22:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-12 11:03 - 2013-08-15 11:31 - 00000000 ____D C:\Windows\system32\MRT 2015-08-12 11:03 - 2006-11-02 12:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-08-11 21:49 - 2015-07-03 18:21 - 00000000 ____D C:\Users\Ja\AppData\Local\NXEPassportClient 2015-08-11 21:49 - 2015-04-16 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon 2015-08-11 08:25 - 2013-08-26 12:23 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Media Player Classic 2015-08-08 10:19 - 2015-06-10 14:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-05 00:45 - 2008-01-21 08:24 - 01615912 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-05 00:45 - 2008-01-21 08:24 - 00714666 _____ C:\Windows\system32\perfh015.dat 2015-08-05 00:45 - 2008-01-21 08:24 - 00151538 _____ C:\Windows\system32\perfc015.dat 2015-08-03 15:22 - 2010-07-15 00:33 - 00000000 ____D C:\Users\Ja\Documents\Any Video Converter 2015-07-30 11:53 - 2010-10-05 12:14 - 00000000 ____D C:\Users\Ja\Desktop\Google 2015-07-28 20:51 - 2014-10-16 12:04 - 00000000 ____D C:\Users\Ja\AppData\Local\Canon Easy-PhotoPrint EX 2015-07-24 12:34 - 2015-05-18 00:08 - 00000000 ____D C:\ProgramData\Nero 2015-07-24 12:27 - 2013-09-16 22:45 - 00000000 ____D C:\Fraps 2015-07-22 18:18 - 2009-08-05 16:46 - 00000000 ____D C:\Users\Ja\Desktop\Programy 2015-07-18 13:31 - 2012-05-13 15:08 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-07-18 13:31 - 2012-05-13 15:08 - 00000000 ____D C:\Program Files\Adobe 2015-07-18 13:22 - 2014-02-25 18:01 - 00000000 ____D C:\ProgramData\CanonIJPLM 2015-07-17 11:23 - 2012-05-13 15:09 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-07-15 10:56 - 2012-04-04 10:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-07-15 10:56 - 2011-07-25 17:01 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-08-12 14:05 - 2015-08-12 14:05 - 6420480 _____ () C:\Program Files\GUTCF9E.tmp 2014-02-17 15:53 - 2014-02-24 13:50 - 0000335 _____ () C:\Users\Ja\AppData\Roaming\default.rss 2012-05-17 21:15 - 2012-05-17 21:15 - 0000552 _____ () C:\Users\Ja\AppData\Local\d3d8caps.dat 2011-07-25 16:26 - 2015-05-12 22:45 - 0003384 _____ () C:\Users\Ja\AppData\Local\d3d9caps.dat 2012-05-12 02:08 - 2013-11-04 11:49 - 0064000 _____ () C:\Users\Ja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-07 14:35 - 2012-01-07 14:35 - 0000000 _____ () C:\Users\Ja\AppData\Local\{81EC0003-839F-42E9-BE19-B68593F57BEE} 2012-12-29 18:24 - 2012-12-29 18:24 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-12 12:18 ==================== End of log ============================