Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014 02 Ran by cAst0r (administrator) on CAST0R-KOMPUTER on 10-03-2014 19:57:59 Running from E:\Download Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Windows\SysWOW64\ASDR.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe (FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-09-10] (FNet Co., Ltd.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-179643350-3452753548-535153788-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-179643350-3452753548-535153788-1000\...\Policies\Explorer: [DisableThumbnails] 0 HKU\S-1-5-21-179643350-3452753548-535153788-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-179643350-3452753548-535153788-1000\...\Policies\Explorer: [TaskbarNoNotification] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {88E66704-746B-41a8-BC68-EC8DB8642984} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM-x32 - No Name - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Tcpip\..\Interfaces\{E24F4C60-6AD1-4C06-921C-FA89B8E3F08B}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017 FF Homepage: hxxp://onet.pl FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flashblock - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-05-06] FF Extension: iMacros for Firefox - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-03-04] FF Extension: Default Full Zoom Level - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2013-07-10] FF Extension: Adblock Plus - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-01] FF Extension: BetterPrivacy - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-12] FF Extension: Greasemonkey - C:\Users\cAst0r\AppData\Roaming\Mozilla\Firefox\Profiles\xznze30l.default-1349096762017\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-10-01] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\Mozilla Thunderbird FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\cAst0r\AppData\Roaming\IDM\idmmzcc5 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG) R2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] () S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () S4 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] () R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-01-09] () S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2572072 2013-10-23] (O&O Software GmbH) S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-01] () S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X] ==================== Drivers (Whitelisted) ==================== S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-17] (Avira Operations GmbH & Co. KG) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc) R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2011-12-20] (ASUSTeK Computer Inc.) R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-01-21] () S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-09-11] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-09-10] (FNet Co., Ltd.) S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7808 2013-12-17] (SweetLow) S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.) S3 kxwdmdrv; C:\Windows\System32\drivers\kx.sys [548936 2010-12-18] (Eugene Gavrilov) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2011-09-11] (Duplex Secure Ltd.) S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project) S3 ESEADriver2; \??\C:\Users\cAst0r\AppData\Local\Temp\ESEADriver2.sys [X] S3 tizekdrv; \??\C:\Users\cAst0r\AppData\Roaming\TZAC\tizek64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== NETSVC: XBCD -> No ServiceDLL Path. ==================== One Month Created Files and Folders ======== 2014-03-10 19:05 - 2014-03-10 19:54 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-10 15:46 - 2014-03-10 15:50 - 00000000 ____D () C:\Users\cAst0r\Desktop\FRST 2014-03-10 15:44 - 2014-03-10 19:57 - 00000000 ____D () C:\FRST 2014-03-10 09:34 - 2014-03-10 09:34 - 00000346 _____ () C:\Windows\Tasks\NIUpdateServiceCheckTask.job 2014-03-10 09:32 - 2014-03-10 09:32 - 00122248 _____ () C:\Users\cAst0r\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-10 09:31 - 2014-03-10 19:55 - 00000392 _____ () C:\Windows\setupact.log 2014-03-10 09:31 - 2014-03-10 09:31 - 00448128 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-10 09:31 - 2014-03-10 09:31 - 00000572 _____ () C:\Windows\PFRO.log 2014-03-10 09:31 - 2014-03-10 09:31 - 00000000 ____D () C:\Users\cAst0r\AppData\Local\National Instruments 2014-03-10 09:31 - 2014-03-10 09:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-09 22:56 - 2014-03-09 23:05 - 00000000 ____D () C:\Users\cAst0r\Documents\LabVIEW Data 2014-03-09 22:43 - 2014-03-10 15:31 - 00000000 ____D () C:\Program Files\National Instruments 2014-03-09 22:42 - 2014-03-10 15:33 - 00000000 ____D () C:\Program Files (x86)\National Instruments 2014-03-09 22:41 - 2014-03-10 15:32 - 00000000 ____D () C:\ProgramData\National Instruments 2014-03-09 11:05 - 2014-03-09 11:12 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-03-09 11:00 - 2014-03-09 11:01 - 00025710 _____ () C:\Users\cAst0r\ovpntray.log 2014-03-09 11:00 - 2014-03-09 11:00 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\PrivateTunnel 2014-03-09 11:00 - 2014-03-09 11:00 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies 2014-03-06 22:47 - 2014-03-06 22:47 - 00000000 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy (3).txt 2014-03-06 09:57 - 2014-03-06 09:57 - 00000748 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy (2).txt 2014-03-04 21:45 - 2014-03-04 21:45 - 00755766 _____ () C:\Users\cAst0r\Desktop\UPC_mail.rar 2014-03-04 21:44 - 2014-03-04 21:44 - 00000000 ____D () C:\Users\cAst0r\Desktop\UPC_mail 2014-03-03 14:44 - 2014-03-03 14:44 - 00000000 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy.txt 2014-03-03 12:51 - 2014-03-03 12:51 - 04221453 _____ () C:\Users\cAst0r\Desktop\Wykresy z napędu liniowego i koparki.rar 2014-03-03 12:51 - 2014-03-03 12:51 - 00000000 ____D () C:\Users\cAst0r\Desktop\[BMP] Wykresy z napędu liniowego i koparki 2014-03-03 12:47 - 2014-03-03 12:50 - 00000000 ____D () C:\Users\cAst0r\Desktop\Wykresy z napędu liniowego i koparki_2 2014-02-26 16:03 - 2014-02-26 16:03 - 00000000 ____D () C:\Users\cAst0r\Desktop\Pawełek_OBROBIONE 2014-02-23 21:38 - 2014-02-23 21:38 - 30150584 _____ () C:\Users\cAst0r\Desktop\Plik audio 34.mp4 2014-02-23 20:58 - 2014-02-23 20:58 - 00001134 _____ () C:\Users\cAst0r\Desktop\niedz3.txt 2014-02-23 20:43 - 2014-02-23 20:43 - 00001609 _____ () C:\Users\cAst0r\Desktop\niedz2.txt 2014-02-23 20:42 - 2014-03-02 19:34 - 00001134 _____ () C:\Users\cAst0r\Desktop\niedz1.txt 2014-02-20 15:36 - 2014-03-10 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 20:23 - 2014-02-16 20:23 - 00005146 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-16 20:23 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-16 20:23 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-02-16 20:23 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-02-16 20:23 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-02-16 20:21 - 2014-02-16 20:21 - 00921512 _____ (Oracle Corporation) C:\Users\cAst0r\Downloads\JavaSetup7u51.exe 2014-02-14 17:25 - 2014-02-14 17:26 - 00010022 _____ () C:\Users\cAst0r\Desktop\config.cfg 2014-02-12 22:06 - 2014-02-19 20:12 - 00001609 _____ () C:\Users\cAst0r\Desktop\sr3.txt 2014-02-12 22:06 - 2014-02-19 20:12 - 00001609 _____ () C:\Users\cAst0r\Desktop\sr1.txt 2014-02-12 22:06 - 2014-02-19 20:12 - 00001134 _____ () C:\Users\cAst0r\Desktop\sr2.txt 2014-02-12 19:53 - 2014-02-12 19:54 - 00000000 ____D () C:\Users\cAst0r\Desktop\sr ==================== One Month Modified Files and Folders ======= 2014-03-10 19:57 - 2014-03-10 15:44 - 00000000 ____D () C:\FRST 2014-03-10 19:55 - 2014-03-10 09:31 - 00000392 _____ () C:\Windows\setupact.log 2014-03-10 19:55 - 2012-02-28 22:17 - 00000458 __RSH () C:\ProgramData\ntuser.pol 2014-03-10 19:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-10 19:54 - 2014-03-10 19:05 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-10 19:16 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-10 19:16 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-10 18:49 - 2011-09-15 21:02 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A99E3231-B257-4818-8880-CDA087EE741D} 2014-03-10 18:45 - 2011-09-16 23:00 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\foobar2000 2014-03-10 15:50 - 2014-03-10 15:46 - 00000000 ____D () C:\Users\cAst0r\Desktop\FRST 2014-03-10 15:33 - 2014-03-09 22:42 - 00000000 ____D () C:\Program Files (x86)\National Instruments 2014-03-10 15:32 - 2014-03-09 22:41 - 00000000 ____D () C:\ProgramData\National Instruments 2014-03-10 15:31 - 2014-03-09 22:43 - 00000000 ____D () C:\Program Files\National Instruments 2014-03-10 15:31 - 2014-02-20 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-10 11:20 - 2010-11-21 13:53 - 00747552 _____ () C:\Windows\system32\perfh015.dat 2014-03-10 11:20 - 2010-11-21 13:53 - 00160144 _____ () C:\Windows\system32\perfc015.dat 2014-03-10 11:20 - 2009-07-14 06:13 - 01692112 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-10 10:31 - 2011-09-23 00:25 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\uTorrent 2014-03-10 09:34 - 2014-03-10 09:34 - 00000346 _____ () C:\Windows\Tasks\NIUpdateServiceCheckTask.job 2014-03-10 09:32 - 2014-03-10 09:32 - 00122248 _____ () C:\Users\cAst0r\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-10 09:31 - 2014-03-10 09:31 - 00448128 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-10 09:31 - 2014-03-10 09:31 - 00000572 _____ () C:\Windows\PFRO.log 2014-03-10 09:31 - 2014-03-10 09:31 - 00000000 ____D () C:\Users\cAst0r\AppData\Local\National Instruments 2014-03-10 09:31 - 2014-03-10 09:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-09 23:51 - 2013-01-09 00:25 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\DPlot 2014-03-09 23:05 - 2014-03-09 22:56 - 00000000 ____D () C:\Users\cAst0r\Documents\LabVIEW Data 2014-03-09 13:29 - 2011-09-15 22:24 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\Tlen.pl 2014-03-09 11:12 - 2014-03-09 11:05 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-03-09 11:01 - 2014-03-09 11:00 - 00025710 _____ () C:\Users\cAst0r\ovpntray.log 2014-03-09 11:00 - 2014-03-09 11:00 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\PrivateTunnel 2014-03-09 11:00 - 2014-03-09 11:00 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies 2014-03-09 11:00 - 2011-09-10 15:25 - 00000000 ____D () C:\Users\cAst0r 2014-03-09 10:51 - 2011-09-27 00:23 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\TS3Client 2014-03-07 15:31 - 2011-09-16 23:00 - 00000000 ____D () C:\Program Files (x86)\foobar2000 2014-03-07 00:25 - 2011-09-19 20:22 - 00000000 ____D () C:\Users\cAst0r\AppData\Roaming\vlc 2014-03-06 22:47 - 2014-03-06 22:47 - 00000000 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy (3).txt 2014-03-06 09:57 - 2014-03-06 09:57 - 00000748 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy (2).txt 2014-03-05 10:14 - 2013-03-10 21:26 - 00000000 ____D () C:\Users\cAst0r\Desktop\CS GO 2014-03-04 21:45 - 2014-03-04 21:45 - 00755766 _____ () C:\Users\cAst0r\Desktop\UPC_mail.rar 2014-03-04 21:44 - 2014-03-04 21:44 - 00000000 ____D () C:\Users\cAst0r\Desktop\UPC_mail 2014-03-04 16:22 - 2011-09-10 15:54 - 00000000 ____D () C:\Users\cAst0r\AppData\Local\Adobe 2014-03-04 16:19 - 2012-08-02 22:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 16:19 - 2011-09-15 18:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-03 15:27 - 2013-04-23 22:51 - 00000000 ____D () C:\Users\cAst0r\Documents\MATLAB 2014-03-03 14:44 - 2014-03-03 14:44 - 00000000 _____ () C:\Users\cAst0r\Desktop\Nowy dokument tekstowy.txt 2014-03-03 12:51 - 2014-03-03 12:51 - 04221453 _____ () C:\Users\cAst0r\Desktop\Wykresy z napędu liniowego i koparki.rar 2014-03-03 12:51 - 2014-03-03 12:51 - 00000000 ____D () C:\Users\cAst0r\Desktop\[BMP] Wykresy z napędu liniowego i koparki 2014-03-03 12:50 - 2014-03-03 12:47 - 00000000 ____D () C:\Users\cAst0r\Desktop\Wykresy z napędu liniowego i koparki_2 2014-03-02 19:34 - 2014-02-23 20:42 - 00001134 _____ () C:\Users\cAst0r\Desktop\niedz1.txt 2014-02-27 16:05 - 2011-09-21 20:40 - 00000000 ____D () C:\Users\cAst0r\AppData\Local\CrashDumps 2014-02-26 16:03 - 2014-02-26 16:03 - 00000000 ____D () C:\Users\cAst0r\Desktop\Pawełek_OBROBIONE 2014-02-23 21:38 - 2014-02-23 21:38 - 30150584 _____ () C:\Users\cAst0r\Desktop\Plik audio 34.mp4 2014-02-23 20:58 - 2014-02-23 20:58 - 00001134 _____ () C:\Users\cAst0r\Desktop\niedz3.txt 2014-02-23 20:43 - 2014-02-23 20:43 - 00001609 _____ () C:\Users\cAst0r\Desktop\niedz2.txt 2014-02-21 10:35 - 2012-07-05 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-19 20:12 - 2014-02-12 22:06 - 00001609 _____ () C:\Users\cAst0r\Desktop\sr3.txt 2014-02-19 20:12 - 2014-02-12 22:06 - 00001609 _____ () C:\Users\cAst0r\Desktop\sr1.txt 2014-02-19 20:12 - 2014-02-12 22:06 - 00001134 _____ () C:\Users\cAst0r\Desktop\sr2.txt 2014-02-16 20:24 - 2013-09-22 19:40 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-16 20:23 - 2014-02-16 20:23 - 00005146 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-02-16 20:23 - 2011-09-19 17:43 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-16 20:21 - 2014-02-16 20:21 - 00921512 _____ (Oracle Corporation) C:\Users\cAst0r\Downloads\JavaSetup7u51.exe 2014-02-14 17:26 - 2014-02-14 17:25 - 00010022 _____ () C:\Users\cAst0r\Desktop\config.cfg 2014-02-14 15:31 - 2014-01-16 16:58 - 00000101 _____ () C:\Users\cAst0r\Desktop\do ogladniecia.txt 2014-02-12 19:54 - 2014-02-12 19:53 - 00000000 ____D () C:\Users\cAst0r\Desktop\sr 2014-02-12 15:33 - 2014-02-04 19:48 - 00000000 ____D () C:\Users\cAst0r\Desktop\Allegro - potwierdzenia Some content of TEMP: ==================== C:\Users\cAst0r\AppData\Local\Temp\avgnt.exe C:\Users\cAst0r\AppData\Local\Temp\{3C86C1EA-F438-4339-80A7-C02F7A67D986}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2011-11-14 09:15 ==================== End Of Log ============================