ADVERTISEMENT

FRST.txt

Laptop Acer - Pojawiające się okienka z reklamami.

Oba logi z FRST:


Download file - link to post

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by tereska (administrator) on TERESKADOM on 17-06-2015 16:53:34
Running from C:\Users\tereska\Downloads
Loaded Profiles: tereska (Available Profiles: tereska & Olee & Gość)
Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\Infigo\InfigoOperator.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(OldTimer Tools) C:\Users\tereska\Downloads\OTL.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IAStorIcon] = & gt; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] = & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-4006550626-1204394080-3215568820-1000\...\MountPoints2: {194d003c-1104-11e5-82c6-b888e3dae11b} - F:\AutoRun.exe
HKU\S-1-5-21-4006550626-1204394080-3215568820-1000\...\MountPoints2: {194d00a8-1104-11e5-82c6-b888e3dae11b} - F:\AutoRun.exe
HKU\S-1-5-21-4006550626-1204394080-3215568820-1000\...\MountPoints2: {8d4ea667-c71c-11e3-88b2-a4173179b11c} - F:\AutoRun.exe /s
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; No File
GroupPolicy: Group Policy on Chrome detected & lt; ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction & lt; ======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction & lt; ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-4006550626-1204394080-3215568820-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{6B73048B-97D1-4DE2-BF77-F5F98F92218D}: [NameServer] 212.2.96.51 212.2.96.52
Tcpip\..\Interfaces\{DDF6ECB0-4C7B-474C-9121-4E7598DF5B08}: [NameServer] 212.2.96.51 212.2.96.52

FireFox:
========
FF ProfilePath: C:\Users\tereska\AppData\Roaming\Mozilla\Firefox\Profiles\bvgzwd8o.default
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: https://www.google.pl/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-15] ()
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Website Discovery Pro - C:\Users\tereska\AppData\Roaming\Mozilla\Firefox\Profiles\bvgzwd8o.default\Extensions\discoverypro@discoverypro.com [2014-07-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 InfigoOperator; C:\Program Files (x86)\Infigo\InfigoOperator.exe [19720 2014-12-11] ()
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2015-06-16] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2015-06-13] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2015-06-13] (Huawei Technologies Co., Ltd.)
R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2015-06-16] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2012-03-20] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [X]
S3 zgdcat; system32\DRIVERS\zgdcat.sys [X]
S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X]
S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X]
S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X]
S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 16:53 - 2015-06-17 16:54 - 00008594 _____ C:\Users\tereska\Downloads\FRST.txt
2015-06-17 16:53 - 2015-06-17 16:53 - 00000000 ____D C:\FRST
2015-06-17 16:52 - 2015-06-17 16:53 - 02109952 _____ (Farbar) C:\Users\tereska\Downloads\FRST64.exe
2015-06-17 16:51 - 2015-06-17 16:52 - 01148416 _____ (Farbar) C:\Users\tereska\Downloads\FRST.exe
2015-06-17 15:55 - 2015-06-17 15:55 - 00037426 _____ C:\Users\tereska\Desktop\Extras.Txt
2015-06-17 15:43 - 2015-06-17 15:45 - 00075612 _____ C:\Users\tereska\Desktop\OTL.Txt
2015-06-17 15:43 - 2015-06-17 15:43 - 00037426 _____ C:\Users\tereska\Downloads\Extras.Txt
2015-06-17 15:42 - 2015-06-17 15:42 - 00075612 _____ C:\Users\tereska\Downloads\OTL.Txt
2015-06-17 15:37 - 2015-06-17 15:37 - 00602112 _____ (OldTimer Tools) C:\Users\tereska\Downloads\OTL.exe
2015-06-17 15:36 - 2015-06-17 13:36 - 00006038 _____ C:\Users\tereska\Desktop\protection-log-2015-06-17.xml
2015-06-17 15:36 - 2015-06-17 13:34 - 00020308 _____ C:\Users\tereska\Desktop\mbam-log-2015-06-17 (12-59-29).xml
2015-06-17 15:35 - 2015-06-17 12:13 - 00009480 _____ C:\Users\tereska\Desktop\AdwCleaner[S0].txt
2015-06-17 15:35 - 2015-06-17 12:02 - 00010760 _____ C:\Users\tereska\Desktop\AdwCleaner[R0].txt
2015-06-17 15:34 - 2015-06-17 14:33 - 01773034 _____ C:\Users\tereska\Desktop\cureit.log
2015-06-17 14:22 - 2015-06-17 14:22 - 00000000 ____D C:\Users\tereska\Doctor Web
2015-06-17 13:58 - 2015-06-17 14:16 - 163947216 _____ C:\Users\tereska\Downloads\launch.exe
2015-06-17 12:58 - 2015-06-17 15:54 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 12:55 - 2015-06-17 12:55 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-17 12:55 - 2015-06-17 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-17 12:55 - 2015-06-17 12:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-17 12:55 - 2015-06-17 12:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-17 12:55 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 12:55 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-17 12:55 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 12:54 - 2015-06-17 12:55 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\tereska\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-17 12:01 - 2015-06-17 12:13 - 00000000 ____D C:\AdwCleaner
2015-06-17 12:00 - 2015-06-17 12:00 - 02231296 _____ C:\Users\tereska\Downloads\adwcleaner_4.206_www.INSTALKI.pl.exe
2015-06-17 11:34 - 2015-06-17 11:34 - 00171344 _____ (Kaspersky Lab ZAO) C:\Users\tereska\Downloads\salitykiller_1.3.6.0.exe
2015-06-16 23:27 - 2015-06-16 23:27 - 00055384 _____ (Sunbelt Software) C:\Windows\system32\Drivers\SBREDrv.sys
2015-06-16 21:51 - 2015-06-17 13:36 - 00003618 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2015-06-16 21:51 - 2015-06-16 21:51 - 00001060 _____ C:\Users\Public\Desktop\Ad-Aware.lnk
2015-06-16 21:51 - 2015-06-16 21:51 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2015-06-16 21:51 - 2015-06-16 21:51 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2015-06-16 21:51 - 2015-06-16 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-06-16 21:51 - 2015-06-16 21:51 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-06-16 21:51 - 2012-03-20 13:41 - 00069376 _____ (Lavasoft AB) C:\Windows\system32\Drivers\Lbd.sys
2015-06-16 07:42 - 2015-06-16 07:42 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-16 07:42 - 2015-06-16 07:42 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-16 07:42 - 2015-06-16 07:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-16 07:39 - 2015-06-16 07:39 - 41000672 _____ C:\Users\tereska\Downloads\Firefox%20Setup%2038.0.6.exe
2015-06-15 21:53 - 2015-06-15 21:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-15 21:52 - 2015-06-15 21:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-15 21:52 - 2015-06-15 21:52 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-15 21:52 - 2015-06-15 21:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-15 08:22 - 2015-06-15 08:22 - 18404016 _____ (Adobe Systems Incorporated) C:\Users\tereska\Downloads\install_flash_player.exe
2015-06-14 23:11 - 2015-06-14 23:11 - 00000000 ____D C:\Users\tereska\AppData\Roaming\Movavi
2015-06-14 23:11 - 2015-06-14 23:11 - 00000000 ____D C:\Users\tereska\AppData\Local\Movavi
2015-06-14 23:07 - 2015-06-14 23:07 - 00000000 ____D C:\Users\tereska\AppData\Roaming\MAGIX
2015-06-13 16:06 - 2015-06-13 16:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2015-06-13 16:06 - 2015-06-13 16:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2015-06-13 16:05 - 2015-06-13 16:05 - 00001047 _____ C:\Users\Public\Desktop\PLAY ONLINE.lnk
2015-06-13 16:05 - 2015-06-13 16:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2015-06-13 16:05 - 2015-06-13 16:05 - 00000000 ____D C:\ProgramData\PLAY ONLINE
2015-06-13 16:05 - 2015-06-13 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE
2015-06-13 16:05 - 2015-06-13 16:04 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-06-13 16:05 - 2015-06-13 16:04 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2015-06-13 16:05 - 2015-06-13 16:04 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00439808 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00229376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00104448 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00073216 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2015-06-13 16:05 - 2015-06-13 16:04 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2015-06-13 16:04 - 2015-06-13 16:06 - 00000000 ____D C:\Program Files (x86)\PLAY ONLINE
2015-06-13 16:03 - 2015-06-13 16:06 - 00000000 ____D C:\ProgramData\DatacardService
2015-06-12 12:14 - 2015-06-17 12:12 - 00000000 ____D C:\Users\tereska\AppData\Everything
2015-06-12 11:27 - 2015-06-12 11:28 - 12442112 _____ C:\Users\tereska\Downloads\Ad-Aware96Install.msi
2015-06-12 10:52 - 2015-06-12 10:52 - 00000000 ____D C:\Users\tereska\AppData\Roaming\LavasoftStatistics
2015-06-12 10:51 - 2015-06-12 10:51 - 00000000 ____D C:\Users\tereska\AppData\Roaming\Lavasoft
2015-06-12 10:51 - 2015-06-12 10:51 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-06-12 10:50 - 2015-06-16 21:51 - 00000000 ____D C:\ProgramData\Lavasoft
2015-06-12 10:18 - 2015-06-12 10:18 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-06 18:21 - 2015-06-06 18:21 - 06420480 _____ C:\Program Files (x86)\GUTDF86.tmp
2015-06-06 18:21 - 2015-06-06 18:21 - 00000000 ____D C:\Program Files (x86)\GUMDF75.tmp
2015-06-06 18:21 - 2015-06-06 18:21 - 00000000 _____ C:\Users\tereska\Downloads\Kazbegi.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 16:26 - 2014-12-13 16:53 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 14:23 - 2014-04-18 11:07 - 00000000 ____D C:\Users\tereska
2015-06-17 13:42 - 2009-07-14 06:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-17 13:42 - 2009-07-14 06:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-17 13:40 - 2009-07-14 19:55 - 00687828 _____ C:\Windows\system32\perfh015.dat
2015-06-17 13:40 - 2009-07-14 19:55 - 00131382 _____ C:\Windows\system32\perfc015.dat
2015-06-17 13:40 - 2009-07-14 07:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-17 13:38 - 2014-04-18 10:58 - 00340468 _____ C:\Windows\WindowsUpdate.log
2015-06-17 13:35 - 2014-12-13 16:53 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 13:35 - 2014-04-18 13:34 - 00558382 _____ C:\Windows\PFRO.log
2015-06-17 13:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 13:35 - 2009-07-14 06:51 - 00047351 _____ C:\Windows\setupact.log
2015-06-17 12:13 - 2014-12-07 14:19 - 00000000 ____D C:\Windows\system32\log
2015-06-17 12:13 - 2014-04-18 11:09 - 00000935 _____ C:\Users\tereska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-17 12:13 - 2014-04-18 11:09 - 00000827 _____ C:\Users\tereska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-06-17 11:34 - 2009-07-14 04:34 - 00000219 _____ C:\Windows\system.ini
2015-06-17 08:27 - 2014-04-18 12:07 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-15 22:44 - 2015-02-02 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-15 22:33 - 2014-04-18 12:05 - 00000000 ____D C:\ProgramData\Adobe
2015-06-15 21:52 - 2014-04-18 12:06 - 00000000 ____D C:\Users\tereska\AppData\Local\Adobe
2015-06-15 08:30 - 2014-04-18 13:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-15 08:30 - 2014-04-18 13:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-14 23:17 - 2014-04-18 19:00 - 00003584 _____ C:\Users\tereska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-14 23:10 - 2015-02-05 00:14 - 00000000 ___RD C:\Users\Olee\Documents\MAGIX
2015-06-14 23:10 - 2015-02-05 00:10 - 00000000 ____D C:\ProgramData\MAGIX
2015-06-14 23:08 - 2015-02-05 00:19 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2015-06-12 10:16 - 2014-04-18 11:17 - 00000000 ____D C:\Users\tereska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-12 10:16 - 2014-04-18 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-12 10:16 - 2014-04-18 11:17 - 00000000 ____D C:\Program Files\WinRAR
2015-06-06 19:25 - 2009-07-14 04:34 - 00000580 _____ C:\Windows\win.ini
2015-06-06 18:21 - 2014-12-13 16:53 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-06 18:21 - 2014-12-13 16:53 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-06-06 18:21 - 2015-06-06 18:21 - 6420480 _____ () C:\Program Files (x86)\GUTDF86.tmp
2014-04-18 19:00 - 2015-06-14 23:17 - 0003584 _____ () C:\Users\tereska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-13 16:14 - 2014-12-13 16:14 - 0000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-02-01 12:31 - 2015-02-01 12:31 - 0005039 _____ () C:\ProgramData\wmzddnmb.cix

Some files in TEMP:
====================
C:\Users\Olee\AppData\Local\Temp\GoogleSetup.exe
C:\Users\tereska\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\tereska\AppData\Local\Temp\Quarantine.exe
C:\Users\tereska\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe = & gt; File is digitally signed
C:\Windows\System32\wininit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe = & gt; File is digitally signed
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe = & gt; File is digitally signed
C:\Windows\System32\svchost.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe = & gt; File is digitally signed
C:\Windows\System32\services.exe = & gt; File is digitally signed
C:\Windows\System32\User32.dll = & gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll = & gt; File is digitally signed
C:\Windows\System32\userinit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe = & gt; File is digitally signed
C:\Windows\System32\rpcss.dll = & gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys = & gt; File is digitally signed


LastRegBack: 2015-06-10 11:17

==================== End of log ============================