Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013 01 Ran by SYSTEM on MININT-L0HODE4 on 28-11-2013 15:49:25 Running from M:\ Windows 7 Enterprise Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1612880 2010-01-27] (Logitech, Inc.) HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [lxdrmon.exe] - C:\Program Files (x86)\Lexmark 4900 Series\lxdrmon.exe [676520 2010-02-04] () Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer\Run: [38085] - C:\ProgramData\mskddt.exe [615222 2009-07-14] ( ()) HKLM-x32\...\Run: [P17RunE] - C:\Windows\\SysWOW64\P17RunE.dll [14848 2008-03-28] (Creative Technology Ltd.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\realplayer\Update\realsched.exe [295512 2013-11-21] (RealNetworks, Inc.) HKU\Guest\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company) HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKU\LKS\...\Run: [BitComet] - C:\Program Files\BitComet\BitComet.exe [20530432 2013-05-02] (www.BitComet.com) HKU\LKS\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-11-09] (AMD) HKU\LKS\...\Run: [CdpDownloader] - [x] AppInit_DLLs-x32: C:\Users\LKS\AppData\Local\DProtect\eBP.dll,C:\Users\LKS\AppData\Local\DProtect\eBPSD.dll [ ] () Startup: C:\Users\LKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jwwhqft.lnk ShortcutTarget: jwwhqft.lnk -> C:\ProgramData\tfqhwwj.dss (Корпорация Майкрософт) ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S2 lxdrCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdrserv.exe [29184 2009-10-16] (Lexmark International, Inc.) S2 lxdr_device; C:\Windows\system32\lxdrcoms.exe [1039360 2009-10-16] ( ) S2 lxdr_device; C:\Windows\SysWow64\lxdrcoms.exe [589824 2009-10-16] ( ) S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) S2 Winmgmt; C:\ProgramData\jwwhqft.pss [59504 2013-11-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-12-30] () S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1261568 2010-04-07] (C-Media Inc) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-12-30] () S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65688 2013-06-20] (Fuzhou Rockchip Electronics Co,Ltd.) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-06-04] (Duplex Secure Ltd.) S2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [x] ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys B9384E03479D2506BC924C16A3DB87BC C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4 C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 22A14DF59FB8D0BE918C597988AF4296 C:\Windows\System32\DRIVERS\atikmpag.sys EE22D3ED6D55A855E709F811CCCA97ED C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdsata.sys 7A4B413614C055935567CF88A9734D38 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 5A528A540B1AEE8B1C77ED65094E8CDF C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 5A528A540B1AEE8B1C77ED65094E8CDF C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\AsIO.sys 68726474C69B738EAC3A62E06B33ADDC C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys 437F55435623D4D54D36197F5AD8B435 C:\Windows\System32\DRIVERS\atikmdag.sys 22A14DF59FB8D0BE918C597988AF4296 C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163 C:\Windows\System32\DRIVERS\atksgt.sys FC0E8778C000291CAF60EB88C011E931 C:\Windows\System32\DRIVERS\avgdiska.sys 27CA53E91543B800E16129BCEC3247AD C:\Windows\System32\DRIVERS\avgidsdrivera.sys 57250DDDE2523115D0927DBBA745F9FA C:\Windows\System32\DRIVERS\avgidsha.sys 19AD820FC44AA71EDD1BC70B6E3F36B0 C:\Windows\System32\DRIVERS\avgldx64.sys 4BE8BB177B4C2BC3564845EF6D1073F1 C:\Windows\System32\DRIVERS\avgloga.sys D3772CC086FB81F76B5A82C85E1C7C8E C:\Windows\System32\DRIVERS\avgmfx64.sys A0BCE5DC2C1F1EE5C1CA19A33375AC23 C:\Windows\System32\DRIVERS\avgrkx64.sys 12FAAF366975B2BF2E93F1866C0E480D C:\Windows\System32\DRIVERS\avgtdia.sys 4E364FABBD147F59E5D524C9EA86D772 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08 C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\system32\drivers\BVRPMPR5a64.SYS 9887CA12F407D7FBC7F48F3678F5F0B6 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit C:\Windows\System32\drivers\cmudaxp.sys 62B8EC0CB4C2E4AFB2207E5A8DDE48DC C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB C:\Windows\System32\Drivers\dfsc.sys 3F1DC527070ACB87E40AFE46EF6DA749 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys EBCE0B0924835F635F620D19F0529DCE C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LHidFilt.Sys CEB6E18DCFAD5C72B81C7DA1AC3C1CC1 C:\Windows\System32\DRIVERS\lirsgt.sys 156AB2E56DC3CA0B582E3362E07CDED7 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LMouFilt.Sys F9E48F18BE4D2B365F138987B8E7885B C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys 767A4C3BCF9410C286CED15A2DB17108 C:\Windows\System32\DRIVERS\mrxsmb10.sys 920EE0FF995FCFDEB08C41605A959E1C C:\Windows\System32\DRIVERS\mrxsmb20.sys 740D7EA9D72C981510A5292CF6ADC941 C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ASACPI.sys 19B006B181E3875FD254F7B67ACF1E7C C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\System32\drivers\P17.sys EDD1DCD36F6115ACC6935C3F88FF54D7 C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3 C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rockusb.sys 5FF4C67B10D51D5B7FFCC3382947D444 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6 C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\sptd.sys 51DE15CA5C05BCA46D8B110CD00A02FB C:\Windows\System32\DRIVERS\srv.sys 37C3ABC2338010E110D2A6A3930F3149 C:\Windows\System32\DRIVERS\srv2.sys F773D2ED090B7BAA1C1A034F3CA476C8 C:\Windows\System32\DRIVERS\srvnet.sys CCE32BB223E9FF55D241099A858FA889 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895 C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1 C:\Windows\System32\DRIVERS\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1 C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1 C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-28 15:44 - 2013-11-28 15:44 - 00000000 ____D C:\FRST 2013-11-27 23:37 - 2013-11-28 06:25 - 00000000 _____ C:\ProgramData\jwwhqft.fvv 2013-11-27 21:56 - 2013-11-27 22:14 - 95025368 ____T C:\ProgramData\vttbfrmq.bxx 2013-11-27 21:56 - 2013-11-27 21:56 - 00188928 _____ (Корпорация Майкрософт) C:\ProgramData\qmrfbttv.dss 2013-11-27 21:56 - 2013-11-27 21:56 - 00059504 ____T (Microsoft Corporation) C:\ProgramData\vttbfrmq.pss 2013-11-27 21:56 - 2013-11-27 21:56 - 00000000 _____ C:\ProgramData\vttbfrmq.fvv 2013-11-27 19:46 - 2013-11-27 19:46 - 95025368 ____T C:\ProgramData\9rjwiod4.bxx 2013-11-27 19:46 - 2013-11-27 19:46 - 00188928 _____ (Корпорация Майкрософт) C:\ProgramData\4doiwjr9.dss 2013-11-27 19:46 - 2013-11-27 19:46 - 00059504 ____T (Microsoft Corporation) C:\ProgramData\9rjwiod4.pss 2013-11-27 19:46 - 2013-11-27 19:46 - 00000000 _____ C:\ProgramData\9rjwiod4.fvv 2013-11-27 18:49 - 2013-11-27 18:49 - 00000279 _____ C:\ProgramData\jwwhqft.reg 2013-11-27 18:47 - 2013-11-28 06:25 - 95025368 ____T C:\ProgramData\jwwhqft.bxx 2013-11-27 18:47 - 2013-11-27 18:47 - 00188928 _____ (Корпорация Майкрософт) C:\ProgramData\tfqhwwj.dss 2013-11-27 18:47 - 2013-11-27 18:47 - 00059504 ____T (Microsoft Corporation) C:\ProgramData\jwwhqft.pss 2013-11-24 10:29 - 2013-11-28 06:25 - 00000672 _____ C:\Windows\setupact.log 2013-11-24 10:29 - 2013-11-27 23:37 - 00001410 _____ C:\Windows\PFRO.log 2013-11-24 10:29 - 2013-11-24 10:29 - 00000000 _____ C:\Windows\setuperr.log 2013-11-23 18:25 - 2013-11-23 18:25 - 00281336 _____ C:\Users\LKS\Documents\cc_20131123_182526.reg 2013-11-23 18:23 - 2013-11-23 18:23 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-11-23 18:23 - 2013-11-23 18:23 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-11-23 18:23 - 2013-11-23 18:23 - 00000000 ____D C:\Program Files\CCleaner 2013-11-23 15:14 - 2013-11-23 18:27 - 00003194 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2489566677-1963130879-2755309955-1000 2013-11-23 15:13 - 2013-11-23 15:13 - 00003330 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2489566677-1963130879-2755309955-1000 2013-11-21 21:31 - 2013-11-21 21:31 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2013-11-21 21:31 - 2013-11-21 21:31 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2013-11-21 21:31 - 2013-11-21 21:31 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll 2013-11-21 21:31 - 2013-11-21 21:31 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll 2013-11-21 21:25 - 2013-11-21 21:25 - 00000000 ____D C:\Users\LKS\AppData\Roaming\RealNetworks 2013-11-21 21:25 - 2013-11-21 21:25 - 00000000 ____D C:\ProgramData\RealNetworks 2013-11-21 21:25 - 2013-11-21 21:25 - 00000000 ____D C:\Program Files (x86)\RealNetworks 2013-11-16 12:10 - 2013-11-16 20:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-05 21:55 - 2013-11-05 21:55 - 00150808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgdiska.sys 2013-11-04 21:52 - 2013-11-04 21:52 - 00240920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys 2013-10-31 23:00 - 2013-10-31 23:00 - 00212280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys 2013-10-31 22:49 - 2013-10-31 22:49 - 00294712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys ==================== One Month Modified Files and Folders ======= 2013-11-28 15:44 - 2013-11-28 15:44 - 00000000 ____D C:\FRST 2013-11-28 07:21 - 2010-10-10 13:38 - 00000000 ____D C:\users\Guest 2013-11-28 07:21 - 2010-06-01 22:26 - 00000000 ____D C:\Users\LKS\AppData\Roaming\GHISLER 2013-11-28 07:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-11-28 06:25 - 2013-11-27 23:37 - 00000000 _____ C:\ProgramData\jwwhqft.fvv 2013-11-28 06:25 - 2013-11-27 18:47 - 95025368 ____T C:\ProgramData\jwwhqft.bxx 2013-11-28 06:25 - 2013-11-24 10:29 - 00000672 _____ C:\Windows\setupact.log 2013-11-28 06:25 - 2010-07-03 15:59 - 00001038 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-28 06:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-28 06:23 - 2010-07-03 15:59 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-28 06:13 - 2010-06-03 10:15 - 00000000 ____D C:\Users\LKS\AppData\Roaming\BitComet 2013-11-28 06:07 - 2010-06-01 19:01 - 01100050 _____ C:\Windows\WindowsUpdate.log 2013-11-27 23:44 - 2009-07-14 05:45 - 00016560 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-27 23:44 - 2009-07-14 05:45 - 00016560 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-27 23:37 - 2013-11-24 10:29 - 00001410 _____ C:\Windows\PFRO.log 2013-11-27 23:25 - 2012-03-30 14:12 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-27 23:14 - 2013-09-24 19:06 - 00000000 ____D C:\AdwCleaner 2013-11-27 23:04 - 2010-06-01 19:05 - 00000000 ____D C:\users\LKS 2013-11-27 22:14 - 2013-11-27 21:56 - 95025368 ____T C:\ProgramData\vttbfrmq.bxx 2013-11-27 21:56 - 2013-11-27 21:56 - 00188928 _____ (Корпорация Майкрософт) C:\ProgramData\qmrfbttv.dss 2013-11-27 21:56 - 2013-11-27 21:56 - 00059504 ____T (Microsoft Corporation) C:\ProgramData\vttbfrmq.pss 2013-11-27 21:56 - 2013-11-27 21:56 - 00000000 _____ C:\ProgramData\vttbfrmq.fvv 2013-11-27 19:46 - 2013-11-27 19:46 - 95025368 ____T C:\ProgramData\9rjwiod4.bxx 2013-11-27 19:46 - 2013-11-27 19:46 - 00188928 _____ (Корпорация Майкрософт) C:\ProgramData\4doiwjr9.dss 2013-11-27 19:46 - 2013-11-27 19:46 - 00059504 ____T (Microsoft Corporation) C:\ProgramData\9rjwiod4.pss 2013-11-27 19:46 - 2013-11-27 19:46 - 00000000 _____ C:\ProgramData\9rjwiod4.fvv 2013-11-27 18:49 - 2013-11-27 18:49 - 00000279 _____ C:\ProgramData\jwwhqft.reg 2013-11-27 18:47 - 2013-11-27 18:47 - 00188928 _____ (Корпорация Майкрософт) C:\ProgramData\tfqhwwj.dss 2013-11-27 18:47 - 2013-11-27 18:47 - 00059504 ____T (Microsoft Corporation) C:\ProgramData\jwwhqft.pss 2013-11-27 17:18 - 2012-02-12 13:23 - 00000000 ___RD C:\Users\LKS\Dropbox 2013-11-27 17:18 - 2012-02-12 13:20 - 00000000 ____D C:\Users\LKS\AppData\Roaming\Dropbox 2013-11-27 17:17 - 2013-10-25 15:03 - 00000000 ____D C:\Users\LKS\Desktop\Nowy folder 2013-11-27 17:09 - 2012-06-28 17:26 - 00000000 ____D C:\ProgramData\MFAData 2013-11-27 15:30 - 2010-06-01 19:27 - 00740868 _____ C:\Windows\System32\perfh015.dat 2013-11-27 15:30 - 2010-06-01 19:27 - 00155496 _____ C:\Windows\System32\perfc015.dat 2013-11-27 15:30 - 2009-07-14 06:13 - 01671400 _____ C:\Windows\System32\PerfStringBackup.INI 2013-11-27 15:26 - 2010-06-01 19:26 - 00061664 _____ C:\Users\LKS\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-27 15:24 - 2009-07-14 05:45 - 00280008 _____ C:\Windows\System32\FNTCACHE.DAT 2013-11-26 18:05 - 2011-11-06 12:04 - 00000000 ____D C:\Users\LKS\Desktop\Niedzielne 2013-11-24 10:29 - 2013-11-24 10:29 - 00000000 _____ C:\Windows\setuperr.log 2013-11-24 10:29 - 2012-05-03 20:24 - 00000286 _____ C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2489566677-1963130879-2755309955-1000.job 2013-11-23 19:26 - 2010-06-02 21:40 - 00000000 ____D C:\Users\LKS\AppData\Roaming\Winamp 2013-11-23 18:27 - 2013-11-23 15:14 - 00003194 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2489566677-1963130879-2755309955-1000 2013-11-23 18:27 - 2010-08-28 12:46 - 00002572 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2489566677-1963130879-2755309955-1000 2013-11-23 18:26 - 2013-08-06 13:13 - 00003184 _____ C:\Windows\System32\Tasks\{7797164F-AF44-4FDA-B5FA-D534C1B9DF14} 2013-11-23 18:26 - 2010-06-02 19:28 - 00002956 _____ C:\Windows\System32\Tasks\{87A3B00A-8DD4-4F1B-9395-4DB9ABAA3C0E} 2013-11-23 18:25 - 2013-11-23 18:25 - 00281336 _____ C:\Users\LKS\Documents\cc_20131123_182526.reg 2013-11-23 18:24 - 2013-03-16 15:09 - 00000000 ____D C:\Program Files (x86)\Steam 2013-11-23 18:24 - 2010-06-05 12:40 - 00000000 ____D C:\Windows\Minidump 2013-11-23 18:24 - 2010-06-04 17:02 - 00000000 ____D C:\Users\LKS\AppData\Roaming\DAEMON Tools Lite 2013-11-23 18:24 - 2010-06-03 00:01 - 00000000 ____D C:\Users\LKS\AppData\Roaming\Media Player Classic 2013-11-23 18:24 - 2010-05-12 03:37 - 00000000 ____D C:\Windows\Panther 2013-11-23 18:23 - 2013-11-23 18:23 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-11-23 18:23 - 2013-11-23 18:23 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-11-23 18:23 - 2013-11-23 18:23 - 00000000 ____D C:\Program Files\CCleaner 2013-11-23 15:13 - 2013-11-23 15:13 - 00003330 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2489566677-1963130879-2755309955-1000 2013-11-23 15:12 - 2013-07-29 21:57 - 00000000 ____D C:\Program Files (x86)\Origin 2013-11-22 15:15 - 2013-06-24 15:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-11-22 15:15 - 2013-06-24 15:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-11-21 21:36 - 2013-01-07 15:20 - 00000000 ____D C:\Users\LKS\AppData\Roaming\Real 2013-11-21 21:31 - 2013-11-21 21:31 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2013-11-21 21:31 - 2013-11-21 21:31 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2013-11-21 21:31 - 2013-11-21 21:31 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll 2013-11-21 21:31 - 2013-11-21 21:31 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll 2013-11-21 21:31 - 2013-01-07 15:19 - 00000000 ____D C:\ProgramData\Real 2013-11-21 21:31 - 2010-06-01 22:44 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2013-11-21 21:31 - 2010-06-01 22:44 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2013-11-21 21:25 - 2013-11-21 21:25 - 00000000 ____D C:\Users\LKS\AppData\Roaming\RealNetworks 2013-11-21 21:25 - 2013-11-21 21:25 - 00000000 ____D C:\ProgramData\RealNetworks 2013-11-21 21:25 - 2013-11-21 21:25 - 00000000 ____D C:\Program Files (x86)\RealNetworks 2013-11-21 21:25 - 2012-03-30 14:12 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-11-21 21:01 - 2010-06-03 17:32 - 00000000 ____D C:\Users\LKS\AppData\Local\Adobe 2013-11-21 20:58 - 2012-03-30 14:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-11-21 20:58 - 2011-11-23 15:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-17 21:40 - 2013-10-26 14:06 - 00000000 ____D C:\Users\LKS\AppData\Local\Battle.net 2013-11-17 10:48 - 2013-09-24 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-16 20:10 - 2013-11-16 12:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-16 13:26 - 2013-10-26 14:06 - 00000000 ____D C:\Program Files (x86)\Battle.net 2013-11-05 21:55 - 2013-11-05 21:55 - 00150808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgdiska.sys 2013-11-04 21:52 - 2013-11-04 21:52 - 00240920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys 2013-11-03 11:14 - 2010-06-02 19:24 - 00022016 _____ C:\Users\LKS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-01 19:59 - 2010-12-12 10:21 - 00000000 ____D C:\Users\LKS\Desktop\zegarki do mania 2013-10-31 23:00 - 2013-10-31 23:00 - 00212280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys 2013-10-31 22:49 - 2013-10-31 22:49 - 00294712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys 2013-10-31 19:38 - 2011-05-26 17:39 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner ZeroAccess: C:\Windows\assembly\tmp C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} ZeroAccess: C:\Users\LKS\AppData\Local\19e99119 C:\Users\LKS\AppData\Local\19e99119\@ Files to move or delete: ==================== C:\ProgramData\4doiwjr9.dss C:\ProgramData\9rjwiod4.bxx C:\ProgramData\9rjwiod4.fvv C:\ProgramData\9rjwiod4.pss C:\ProgramData\dx504EBD57.dat C:\ProgramData\dx504F1E13.dat C:\ProgramData\dx50F4F5D7.dat C:\ProgramData\jwwhqft.bxx C:\ProgramData\jwwhqft.fvv C:\ProgramData\jwwhqft.pss C:\ProgramData\jwwhqft.reg C:\ProgramData\mskddt.exe C:\ProgramData\qmrfbttv.dss C:\ProgramData\tfqhwwj.dss C:\ProgramData\vttbfrmq.bxx C:\ProgramData\vttbfrmq.fvv C:\ProgramData\vttbfrmq.pss Some content of TEMP: ==================== C:\Users\LKS\AppData\Local\Temp\Quarantine.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 1 Restore point made on: 2013-11-27 19:34:53 ==================== BCD ================================ Menedľer rozruchu systemu Windows --------------------------------- Identyfikator {bootmgr} device partition=Y: description Windows Boot Manager locale en-US inherit {globalsettings} default {default} resumeobject {f9dea86e-6dfa-11df-aa57-ab12346e9ef6} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {f9dea870-6dfa-11df-aa57-ab12346e9ef6} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {f9dea86e-6dfa-11df-aa57-ab12346e9ef6} nx OptIn Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {f9dea870-6dfa-11df-aa57-ab12346e9ef6} device ramdisk=[C:]\Recovery\f9dea870-6dfa-11df-aa57-ab12346e9ef6\Winre.wim,{f9dea871-6dfa-11df-aa57-ab12346e9ef6} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\f9dea870-6dfa-11df-aa57-ab12346e9ef6\Winre.wim,{f9dea871-6dfa-11df-aa57-ab12346e9ef6} systemroot \windows nx OptIn winpe Yes Wznawianie ze stanu hibernacji ------------------------------ Identyfikator {f9dea86e-6dfa-11df-aa57-ab12346e9ef6} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Moduˆ testujĄcy pami©† systemu Windows -------------------------------------- Identyfikator {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes Ustawienia usˆug EMS -------------------- Identyfikator {emssettings} bootems Yes Ustawienia debugera ------------------- Identyfikator {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Uszkodzenia pami©ci RAM ----------------------- Identyfikator {badmemory} Ustawienia globalne ------------------- Identyfikator {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Ustawienia moduˆu ˆadujĄcego rozruchu ------------------------------------- Identyfikator {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Ustawienia funkcji hypervisor ----------------------------- Identyfikator {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Ustawienia moduˆu ˆadujĄcego wznawiania --------------------------------------- Identyfikator {resumeloadersettings} inherit {globalsettings} Opcje urzĄdzenia ---------------- Identyfikator {f9dea871-6dfa-11df-aa57-ab12346e9ef6} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\f9dea870-6dfa-11df-aa57-ab12346e9ef6\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 4094.18 MB Available physical RAM: 3402.03 MB Total Pagefile: 4092.38 MB Available Pagefile: 3435.73 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:49.9 GB) (Free:15.5 GB) NTFS Drive d: (Emule) (Fixed) (Total:93.15 GB) (Free:63.15 GB) NTFS Drive e: (System Reserved) (Fixed) (Total:100 GB) (Free:11.36 GB) NTFS Drive f: (Filmy Archiwum) (Fixed) (Total:838.36 GB) (Free:64.09 GB) NTFS Drive g: (Filmy 2) (Fixed) (Total:381.51 GB) (Free:58.57 GB) NTFS Drive i: (Stuff) (Fixed) (Total:248.09 GB) (Free:43.47 GB) NTFS Drive j: (Seriale) (Fixed) (Total:250 GB) (Free:38.39 GB) NTFS Drive k: (Muza) (Fixed) (Total:200 GB) (Free:33.7 GB) NTFS Drive l: (GSP1RMCHPXFREO_PL_DVD) (CDROM) (Total:2.98 GB) (Free:0 GB) UDF Drive m: (FRST64) (Removable) (Total:1.91 GB) (Free:1.91 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B1CCB838) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=248 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 2D5D4A3B) Partition 1: (Active) - (Size=93 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=838 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3435E6A3) Partition 1: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=382 GB) - (Type=OF Extended) ======================================================== Disk: 3 (Size: 2 GB) (Disk ID: B0FF34EA) Partition 1: (Not Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2013-11-20 16:17 ==================== End Of Log ============================