Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014 02 Ran by cAst0r (administrator) on CAST0R-KOMPUTER on 10-03-2014 15:45:25 Running from E:\Download Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Windows\SysWOW64\ASDR.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe (FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-09-10] (FNet Co., Ltd.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-179643350-3452753548-535153788-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-179643350-3452753548-535153788-1000\...\Policies\Explorer: [DisableThumbnails] 0 HKU\S-1-5-21-179643350-3452753548-535153788-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-179643350-3452753548-535153788-1000\...\Policies\Explorer: [TaskbarNoNotification] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {88E66704-746B-41a8-BC68-EC8DB8642984} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM-x32 - No Name - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{E24F4C60-6AD1-4C06-921C-FA89B8E3F08B}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017 FF Homepage: hxxp://onet.pl FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flashblock - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-05-06] FF Extension: iMacros for Firefox - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-03-04] FF Extension: Default Full Zoom Level - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2013-07-10] FF Extension: Adblock Plus - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-01] FF Extension: BetterPrivacy - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-12] FF Extension: Greasemonkey - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-10-01] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\Mozilla Thunderbird FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\cAst0r\AppData\Roaming\IDM\idmmzcc5 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG) R2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] () S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () S4 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] () R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-01-09] () S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2572072 2013-10-23] (O&O Software GmbH) S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-01] () R2 syshost32; C:\Windows\Installer\{AFAB592E-495F-A6CB-3F0B-EB311EE1DA0B}\syshost.exe [108032 2014-03-07] () S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X] ==================== Drivers (Whitelisted) ==================== S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-17] (Avira Operations GmbH & Co. KG) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc) R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2011-12-20] (ASUSTeK Computer Inc.) R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-01-21] () S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () S3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2009-07-14] () R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] () R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] () S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-09-11] () R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-09-10] () S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] () R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-21] () S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] () S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] () R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-21] () S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] () S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] () S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] () R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] () S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7808 2013-12-17] () S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] () R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-21] () R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] () S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] () S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2010-11-21] () S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] () S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2445672 2010-07-28] () S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] () S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] () S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] () S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-21] () R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-21] () R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95600 2012-06-02] () R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [151920 2012-06-02] () R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () S3 kxwdmdrv; C:\Windows\System32\drivers\kx.sys [548936 2010-12-18] () S3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [55312 2009-06-17] () R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [57872 2009-06-17] () S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] () S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] () S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] () S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] () R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [40976 2009-06-17] () S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] () S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] () R3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-19] () S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] () S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] () S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-21] () R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-21] () S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] () R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () R0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-21] () S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] () R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] () R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () R3 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [194848 2013-02-25] () R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11235104 2013-06-21] () S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2010-11-21] () S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2010-11-21] () S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () R0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-14] () S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] () R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-21] () R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [20992 2010-11-21] () S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] () R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [838216 2013-03-04] () S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-21] () S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [93240 2011-06-15] () S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] () R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] () S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () S0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2011-09-11] (Duplex Secure Ltd.) R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-21] () S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [34688 2010-11-21] () R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () S3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [88960 2010-11-21] () S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project) R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1910632 2013-05-08] () S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1910632 2013-05-08] () R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-21] () S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] () S3 terminpt; C:\Windows\system32\drivers\terminpt.sys [34816 2010-11-21] () S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-21] () S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] () R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] () R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2010-11-21] () S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-14] () R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52224 2010-11-21] () R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2010-11-21] () S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2009-07-14] () S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-14] () S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2010-11-21] () S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2009-07-14] () S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146736 2011-10-03] () R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () S3 vmbus; C:\Windows\system32\drivers\vmbus.sys [199552 2010-11-21] () S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-21] () R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] () S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-14] () S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] () R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [26440 2010-04-27] () S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [43976 2010-04-27] () S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [16200 2010-04-27] () R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [77512 2010-04-27] () R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-21] () S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-21] () U5 c8396628229a3cf3; C:\Windows\System32\Drivers\c8396628229a3cf3.sys [80344 2014-03-07] () S3 ESEADriver2; \??\C:\Users\cAst0r\AppData\Local\Temp\ESEADriver2.sys [X] S3 tizekdrv; \??\C:\Users\cAst0r\AppData\Roaming\TZAC\tizek64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== NETSVC: XBCD -> No ServiceDLL Path. ==================== One Month Created Files and Folders ======== 2014-03-10 15:44 - 2014-03-10 15:45 - 00000000 ____D () C:\FRST 2014-03-10 09:34 - 2014-03-10 09:34 - 00000346 _____ () C:\Windows\Tasks\NIUpdateServiceCheckTask.job 2014-03-10 09:32 - 2014-03-10 09:32 - 00122248 _____ () C:\Users\cAst0r\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-10 09:31 - 2014-03-10 09:38 - 00000112 _____ () C:\Windows\setupact.log 2014-03-10 09:31 - 2014-03-10 09:31 - 00448128 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-10 09:31 - 2014-03-10 09:31 - 00000572 _____ () C:\Windows\PFRO.log 2014-03-10 09:31 - 2014-03-10 09:31 - 00000000 ____D () C:\Users\cAst0r\AppData\Local\National Instruments 2014-03-10 09:31 - 2014-03-10 09:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-09 22:56 - 2014-03-09 23:05 - 00000000 ____D () C:\Users\cAst0r\Documents\LabVIEW Data 2014-03-09 22:43 - 2014-03-10 15:31 - 00000000 ____D () C:\Program Files\National Instruments 2014-03-09 22:42 - 2014-03-10 15:33 - 00000000 ____D () C:\Program Files (x86)\National Instruments 2014-03-09 22:41 - 2014-03-10 15:32 - 00000000 ____D () C:\ProgramData\National Instruments 2014-03-09 11:05 - 2014-03-09 11:12 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-03-09 11:00 - 2014-03-09 11:01 - 00025710 _____ () C:\Users\cAst0r\ovpntray.log 2014-03-09 11:00 - 2014-03-09 11:00 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\PrivateTunnel 2014-03-09 11:00 - 2014-03-09 11:00 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies 2014-03-07 13:07 - 2014-03-07 13:07 - 00080344 _____ () C:\Windows\system32\Drivers\c8396628229a3cf3.sys 2014-03-06 22:47 - 2014-03-06 22:47 - 00000000 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy (3).txt 2014-03-06 09:57 - 2014-03-06 09:57 - 00000748 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy (2).txt 2014-03-04 21:45 - 2014-03-04 21:45 - 00755766 _____ () C:\Users\cAst0r\Desktop\UPC_mail.rar 2014-03-04 21:44 - 2014-03-04 21:44 - 00000000 ____D () C:\Users\cAst0r\Desktop\UPC_mail 2014-03-03 14:44 - 2014-03-03 14:44 - 00000000 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy.txt 2014-03-03 12:51 - 2014-03-03 12:51 - 04221453 _____ () C:\Users\cAst0r\Desktop\Wykresy z napędu liniowego i koparki.rar 2014-03-03 12:51 - 2014-03-03 12:51 - 00000000 ____D () C:\Users\cAst0r\Desktop\[BMP] Wykresy z napędu liniowego i koparki 2014-03-03 12:47 - 2014-03-03 12:50 - 00000000 ____D () C:\Users\cAst0r\Desktop\Wykresy z napędu liniowego i koparki_2 2014-02-26 16:03 - 2014-02-26 16:03 - 00000000 ____D () C:\Users\cAst0r\Desktop\Pawełek_OBROBIONE 2014-02-23 21:38 - 2014-02-23 21:38 - 30150584 _____ () C:\Users\cAst0r\Desktop\Plik audio 34.mp4 2014-02-23 20:58 - 2014-02-23 20:58 - 00001134 _____ () C:\Users\cAst0r\Desktop\niedz3.txt 2014-02-23 20:43 - 2014-02-23 20:43 - 00001609 _____ () C:\Users\cAst0r\Desktop\niedz2.txt 2014-02-23 20:42 - 2014-03-02 19:34 - 00001134 _____ () C:\Users\cAst0r\Desktop\niedz1.txt 2014-02-20 15:36 - 2014-03-10 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 20:23 - 2014-02-16 20:23 - 00005146 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-16 20:23 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-16 20:23 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-02-16 20:23 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-02-16 20:23 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-02-16 20:21 - 2014-02-16 20:21 - 00921512 _____ (Oracle Corporation) C:\Users\cAst0r\Downloads\JavaSetup7u51.exe 2014-02-14 17:25 - 2014-02-14 17:26 - 00010022 _____ () C:\Users\cAst0r\Desktop\config.cfg 2014-02-12 22:06 - 2014-02-19 20:12 - 00001609 _____ () C:\Users\cAst0r\Desktop\sr3.txt 2014-02-12 22:06 - 2014-02-19 20:12 - 00001609 _____ () C:\Users\cAst0r\Desktop\sr1.txt 2014-02-12 22:06 - 2014-02-19 20:12 - 00001134 _____ () C:\Users\cAst0r\Desktop\sr2.txt 2014-02-12 19:53 - 2014-02-12 19:54 - 00000000 ____D () C:\Users\cAst0r\Desktop\sr ==================== One Month Modified Files and Folders ======= 2014-03-10 15:45 - 2014-03-10 15:44 - 00000000 ____D () C:\FRST 2014-03-10 15:33 - 2014-03-09 22:42 - 00000000 ____D () C:\Program Files (x86)\National Instruments 2014-03-10 15:32 - 2014-03-09 22:41 - 00000000 ____D () C:\ProgramData\National Instruments 2014-03-10 15:31 - 2014-03-09 22:43 - 00000000 ____D () C:\Program Files\National Instruments 2014-03-10 15:31 - 2014-02-20 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-10 12:59 - 2011-09-16 23:00 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\foobar2000 2014-03-10 11:20 - 2010-11-21 13:53 - 00747552 _____ () C:\Windows\system32\perfh015.dat 2014-03-10 11:20 - 2010-11-21 13:53 - 00160144 _____ () C:\Windows\system32\perfc015.dat 2014-03-10 11:20 - 2009-07-14 06:13 - 01692112 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-10 10:31 - 2011-09-23 00:25 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\uTorrent 2014-03-10 09:46 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-10 09:46 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-10 09:38 - 2014-03-10 09:31 - 00000112 _____ () C:\Windows\setupact.log 2014-03-10 09:34 - 2014-03-10 09:34 - 00000346 _____ () C:\Windows\Tasks\NIUpdateServiceCheckTask.job 2014-03-10 09:32 - 2014-03-10 09:32 - 00122248 _____ () C:\Users\cAst0r\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-10 09:31 - 2014-03-10 09:31 - 00448128 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-10 09:31 - 2014-03-10 09:31 - 00000572 _____ () C:\Windows\PFRO.log 2014-03-10 09:31 - 2014-03-10 09:31 - 00000000 ____D () C:\Users\cAst0r\AppData\Local\National Instruments 2014-03-10 09:31 - 2014-03-10 09:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-09 23:51 - 2013-01-09 00:25 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\DPlot 2014-03-09 23:05 - 2014-03-09 22:56 - 00000000 ____D () C:\Users\cAst0r\Documents\LabVIEW Data 2014-03-09 13:29 - 2011-09-15 22:24 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\Tlen.pl 2014-03-09 11:12 - 2014-03-09 11:05 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-03-09 11:01 - 2014-03-09 11:00 - 00025710 _____ () C:\Users\cAst0r\ovpntray.log 2014-03-09 11:00 - 2014-03-09 11:00 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\PrivateTunnel 2014-03-09 11:00 - 2014-03-09 11:00 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies 2014-03-09 11:00 - 2011-09-10 15:25 - 00000000 ____D () C:\Users\cAst0r 2014-03-09 10:51 - 2011-09-27 00:23 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\TS3Client 2014-03-07 15:31 - 2011-09-16 23:00 - 00000000 ____D () C:\Program Files (x86)\foobar2000 2014-03-07 13:07 - 2014-03-07 13:07 - 00080344 _____ () C:\Windows\system32\Drivers\c8396628229a3cf3.sys 2014-03-07 13:07 - 2012-02-28 22:17 - 00000458 __RSH () C:\ProgramData\ntuser.pol 2014-03-07 00:25 - 2011-09-19 20:22 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\vlc 2014-03-06 22:47 - 2014-03-06 22:47 - 00000000 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy (3).txt 2014-03-06 09:57 - 2014-03-06 09:57 - 00000748 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy (2).txt 2014-03-05 10:14 - 2013-03-10 21:26 - 00000000 ____D () C:\Users\cAst0r\Desktop\CS GO 2014-03-04 21:45 - 2014-03-04 21:45 - 00755766 _____ () C:\Users\cAst0r\Desktop\UPC_mail.rar 2014-03-04 21:44 - 2014-03-04 21:44 - 00000000 ____D () C:\Users\cAst0r\Desktop\UPC_mail 2014-03-04 16:22 - 2011-09-10 15:54 - 00000000 ____D () C:\Users\cAst0r\AppData\Local\Adobe 2014-03-04 16:19 - 2012-08-02 22:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 16:19 - 2011-09-15 18:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-03 15:27 - 2013-04-23 22:51 - 00000000 ____D () C:\Users\cAst0r\Documents\MATLAB 2014-03-03 14:44 - 2014-03-03 14:44 - 00000000 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy.txt 2014-03-03 12:51 - 2014-03-03 12:51 - 04221453 _____ () C:\Users\cAst0r\Desktop\Wykresy z napędu liniowego i koparki.rar 2014-03-03 12:51 - 2014-03-03 12:51 - 00000000 ____D () C:\Users\cAst0r\Desktop\[BMP] Wykresy z napędu liniowego i koparki 2014-03-03 12:50 - 2014-03-03 12:47 - 00000000 ____D () C:\Users\cAst0r\Desktop\Wykresy z napędu liniowego i koparki_2 2014-03-02 19:34 - 2014-02-23 20:42 - 00001134 _____ () C:\Users\cAst0r\Desktop\niedz1.txt 2014-02-27 16:05 - 2011-09-21 20:40 - 00000000 ____D () C:\Users\cAst0r\AppData\Local\CrashDumps 2014-02-26 16:03 - 2014-02-26 16:03 - 00000000 ____D () C:\Users\cAst0r\Desktop\Pawełek_OBROBIONE 2014-02-23 21:38 - 2014-02-23 21:38 - 30150584 _____ () C:\Users\cAst0r\Desktop\Plik audio 34.mp4 2014-02-23 20:58 - 2014-02-23 20:58 - 00001134 _____ () C:\Users\cAst0r\Desktop\niedz3.txt 2014-02-23 20:43 - 2014-02-23 20:43 - 00001609 _____ () C:\Users\cAst0r\Desktop\niedz2.txt 2014-02-21 10:35 - 2012-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-19 20:12 - 2014-02-12 22:06 - 00001609 _____ () C:\Users\cAst0r\Desktop\sr3.txt 2014-02-19 20:12 - 2014-02-12 22:06 - 00001609 _____ () C:\Users\cAst0r\Desktop\sr1.txt 2014-02-19 20:12 - 2014-02-12 22:06 - 00001134 _____ () C:\Users\cAst0r\Desktop\sr2.txt 2014-02-16 20:24 - 2013-09-22 19:40 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-16 20:23 - 2014-02-16 20:23 - 00005146 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-16 20:23 - 2011-09-19 17:43 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-16 20:21 - 2014-02-16 20:21 - 00921512 _____ (Oracle Corporation) C:\Users\cAst0r\Downloads\JavaSetup7u51.exe 2014-02-14 17:26 - 2014-02-14 17:25 - 00010022 _____ () C:\Users\cAst0r\Desktop\config.cfg 2014-02-14 15:31 - 2014-01-16 16:58 - 00000101 _____ () C:\Users\cAst0r\Desktop\do ogladniecia.txt 2014-02-12 19:54 - 2014-02-12 19:53 - 00000000 ____D () C:\Users\cAst0r\Desktop\sr 2014-02-12 15:33 - 2014-02-04 19:48 - 00000000 ____D () C:\Users\cAst0r\Desktop\Allegro - potwierdzenia Some content of TEMP: ==================== C:\Users\cAst0r\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2010-11-21 04:23] - [2010-11-21 04:23] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\volsnap.sys IS INFECTED. <===== ATTENTION! testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2011-11-14 09:15 ==================== End Of Log ============================