FRST.txt

Re: Toshiba Sattellite - zawirusowany laptop (wyskakujące reklamy) - logi.

Dziękuję za szybką odpowiedź! Załączam pliki:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Basia (administrator) on BASIA on 12-04-2015 18:20:17
Running from C:\Users\Basia\Downloads
Loaded Profiles: Basia (Available profiles: Basia)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-188607031-2838451578-2325805074-1001\...\Run: [ChomikBox] = & gt; C:\Program Files (x86)\ChomikBox\chomikbox.exe [6033408 2014-03-11] ( )
HKU\S-1-5-21-188607031-2838451578-2325805074-1001\...\Run: [HP Photosmart 7510 series (NET)] = & gt; C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-188607031-2838451578-2325805074-1001\...\RunOnce: [Application Restart #0] = & gt; C:\Users\Basia\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 549 more characters).
HKU\S-1-5-21-188607031-2838451578-2325805074-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-188607031-2838451578-2325805074-1001\Control Panel\Desktop\\SCRNSAVE.EXE - & gt; C:\Windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk - & gt; C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\Users\Basia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk
ShortcutTarget: Download.lnk - & gt; C:\ProgramData\{d8eb7085-8a7b-2d7b-d8eb-b70858a7c216}\Download.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction & lt; ======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] = & gt; Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] = & gt; http=127.0.0.1:61303;https=127.0.0.1:61303
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-188607031-2838451578-2325805074-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKLM - & gt; {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - & gt; {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-188607031-2838451578-2325805074-1001 - & gt; {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-188607031-2838451578-2325805074-1001 - & gt; {D5B9A74B-F69C-4781-B398-82341E20DE3E} URL =
BHO: NicieoOffeRS - & gt; {11ac36b9-c432-4ede-847f-6c6ffcb997e1} - & gt; C:\Program Files (x86)\NicieoOffeRS\RQWQFpw2XYbwY2.x64.dll No File
BHO-x32: NicieoOffeRS - & gt; {11ac36b9-c432-4ede-847f-6c6ffcb997e1} - & gt; C:\Program Files (x86)\NicieoOffeRS\RQWQFpw2XYbwY2.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Basia\AppData\Roaming\Mozilla\Firefox\Profiles\rt7osqyl.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://google.com
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - & gt; C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - & gt; C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: NicieoOffeRS - C:\Users\Basia\AppData\Roaming\Mozilla\Firefox\Profiles\rt7osqyl.default\Extensions\qI@W.net [2015-04-11]
FF Extension: DiscountExt - C:\Users\Basia\AppData\Roaming\Mozilla\Firefox\Profiles\rt7osqyl.default\Extensions\_uihupbcknkdswo_vbi@g_lmobmsapmidi__j.com [2015-04-11]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-08-06]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR dev: Chrome dev build detected! & lt; ======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-10-16] (Adobe Systems) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-08-06] ()
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 18:18 - 2015-04-12 18:18 - 00026268 _____ () C:\Users\Basia\Desktop\FRST.txt
2015-04-12 17:57 - 2015-04-12 17:58 - 04977216 _____ (Piriform Ltd) C:\Users\Basia\Downloads\ccsetup419.exe
2015-04-12 17:24 - 2015-04-12 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-12 17:23 - 2015-04-12 17:23 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Basia\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-12 15:43 - 2015-04-12 15:43 - 00000458 _____ () C:\Users\Basia\Desktop\tax.txt
2015-04-12 14:41 - 2015-04-12 14:41 - 00718588 _____ () C:\Users\Basia\Desktop\OTL.Txt
2015-04-12 14:41 - 2015-04-12 14:41 - 00068378 _____ () C:\Users\Basia\Desktop\Extras.Txt
2015-04-11 22:50 - 2015-04-11 22:50 - 00000000 ____D () C:\Program Files (x86)\DiscountMan
2015-04-11 22:49 - 2015-04-12 17:25 - 00000000 ____D () C:\Program Files (x86)\NicieoOffeRS
2015-04-08 14:45 - 2015-04-08 14:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-08 14:45 - 2015-04-08 14:45 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 13:28 - 2015-04-11 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-25 12:12 - 2015-03-10 22:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 12:12 - 2015-03-10 18:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-25 12:12 - 2015-03-10 18:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 12:12 - 2015-03-10 18:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 12:12 - 2015-03-10 18:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 12:12 - 2015-03-10 18:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 12:12 - 2015-03-10 18:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-22 20:22 - 2015-03-22 21:19 - 163904608 _____ () C:\Users\Basia\Downloads\GoProStudioPC-2.5.4.404.exe
2015-03-14 12:20 - 2015-03-04 17:24 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-14 12:20 - 2015-03-04 17:24 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 18:20 - 2015-02-26 18:55 - 00013913 _____ () C:\Users\Basia\Downloads\FRST.txt
2015-04-12 18:20 - 2015-02-26 18:55 - 00000000 ____D () C:\FRST
2015-04-12 18:18 - 2014-08-06 20:18 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-188607031-2838451578-2325805074-1001
2015-04-12 18:15 - 2015-03-03 23:56 - 00000000 ____D () C:\Users\Basia\Downloads\FRST-OlderVersion
2015-04-12 18:15 - 2015-02-26 18:54 - 02096640 _____ (Farbar) C:\Users\Basia\Downloads\FRST64.exe
2015-04-12 18:15 - 2014-08-31 23:01 - 00000000 ____D () C:\Users\Basia\AppData\Local\ChomikBox
2015-04-12 18:15 - 2014-05-15 18:27 - 01130209 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 18:14 - 2014-08-31 23:05 - 00000000 ____D () C:\Users\Basia\.gstreamer-0.10
2015-04-12 18:13 - 2014-08-08 03:20 - 00005094 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BASIA-Basia Basia
2015-04-12 18:13 - 2014-08-06 20:21 - 00000000 ___DO () C:\Users\Basia\OneDrive
2015-04-12 18:13 - 2014-05-15 18:42 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 18:11 - 2014-03-25 23:16 - 01154906 _____ () C:\Windows\PFRO.log
2015-04-12 18:11 - 2013-08-22 10:46 - 00033105 _____ () C:\Windows\setupact.log
2015-04-12 18:11 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 18:10 - 2014-11-21 01:09 - 00000000 ____D () C:\AdwCleaner
2015-04-12 18:01 - 2014-03-25 23:26 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 18:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-12 17:53 - 2015-02-23 01:32 - 00000000 ____D () C:\ProgramData\{d8eb7085-8a7b-2d7b-d8eb-b70858a7c216}
2015-04-12 17:53 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-12 17:52 - 2014-08-06 20:10 - 00000000 ____D () C:\Users\Basia
2015-04-12 17:46 - 2014-08-06 20:25 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9C3002C6-47E7-464A-9824-F3ECE3529D5C}
2015-04-12 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-12 17:27 - 2014-05-15 18:42 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 17:04 - 2014-08-07 02:27 - 01902592 ___SH () C:\Users\Basia\Desktop\Thumbs.db
2015-04-12 16:58 - 2014-08-06 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-12 16:53 - 2014-08-06 20:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 16:52 - 2014-08-24 12:12 - 00000000 ____D () C:\Users\Basia\AppData\Roaming\Skype
2015-04-11 22:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-09 01:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-08 14:47 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-07 18:44 - 2014-08-24 22:44 - 00410624 ___SH () C:\Users\Basia\Downloads\Thumbs.db
2015-04-05 23:29 - 2014-10-29 19:22 - 00000000 ____D () C:\Users\Basia\AppData\Local\CrashDumps
2015-04-05 20:01 - 2014-10-16 19:14 - 00070656 ____H () C:\Users\Basia\Desktop\photothumb.db
2015-03-26 00:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-03-26 00:51 - 2014-12-11 02:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 00:51 - 2014-08-10 04:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 00:25 - 2014-12-21 00:49 - 00001135 _____ () C:\Users\Basia\Desktop\GoPro Studio.lnk
2015-03-25 00:25 - 2014-05-15 18:18 - 00045734 _____ () C:\Windows\DPINST.LOG
2015-03-19 15:05 - 2013-08-22 11:37 - 00003223 _____ () C:\Windows\DtcInstall.log
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-18 21:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-18 21:47 - 2013-08-22 15:12 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-18 21:47 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-03-18 21:47 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-03-18 21:47 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-03-18 21:47 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-03-18 21:47 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-18 21:47 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-18 21:47 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-18 21:47 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-18 21:47 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-03-18 21:47 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-18 21:47 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2015-03-18 21:44 - 2013-08-22 11:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-03-18 21:44 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-03-18 21:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-03-18 21:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-03-18 21:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-03-18 21:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2015-03-18 21:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-03-18 21:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\Com
2015-03-18 21:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\IME
2015-03-18 21:44 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-03-18 21:44 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-03-18 21:44 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-18 21:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-18 21:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-18 21:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-18 21:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-18 20:55 - 2013-08-22 11:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2015-03-18 20:55 - 2013-08-22 11:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2015-03-17 00:06 - 2014-08-08 03:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-15 23:28 - 2014-05-15 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-14 12:19 - 2013-08-22 10:44 - 00529688 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 01:40 - 2014-08-10 03:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 01:38 - 2014-08-10 03:58 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-11-17 12:33 - 2014-11-17 12:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-15 18:14 - 2014-05-15 18:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Basia\AppData\Local\Temp\2029358516933063811.exe
C:\Users\Basia\AppData\Local\Temp\A430.exe
C:\Users\Basia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Basia\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe = & gt; File is digitally signed
C:\Windows\System32\wininit.exe = & gt; File is digitally signed
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe = & gt; File is digitally signed
C:\Windows\System32\svchost.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe = & gt; File is digitally signed
C:\Windows\System32\services.exe = & gt; File is digitally signed
C:\Windows\System32\User32.dll = & gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll = & gt; File is digitally signed
C:\Windows\System32\userinit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe = & gt; File is digitally signed
C:\Windows\System32\rpcss.dll = & gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys = & gt; File is digitally signed


LastRegBack: 2015-03-28 14:13

==================== End Of Log ============================


Download file - link to post