Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by ADMIN (administrator) on ADMIN-PC on 06-04-2014 16:16:33 Running from C:\Users\ADMIN\Desktop\anty Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Overwolf LTD) C:\Program Files\Overwolf\Overwolf.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Realtek) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe (AVG) C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (AVG) C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesApp32.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Overwolf LTD) C:\Program Files\Common Files\Overwolf\OverwolfHelper.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2014-02-03] (Power Software Ltd) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-03] (AVAST Software) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2378528702-529034937-1684982878-1000\...\Run: [AQQ] - C:\Program Files\WapSter\WapSter AQQ\AQQ.exe [8174592 2013-10-16] (AQQ Sp. z o.o.) HKU\S-1-5-21-2378528702-529034937-1684982878-1000\...\Run: [Overwolf] - C:\Program Files\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD) HKU\S-1-5-21-2378528702-529034937-1684982878-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2378528702-529034937-1684982878-1002\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 68.168.98.196 8.8.8.8 Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (AdBlock) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-29] CHR Extension: (avast! Online Security) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-03] CHR Extension: (Google Wallet) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-03] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-03] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-03] (AVAST Software) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD) R2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe [1739064 2013-10-12] (AVG) ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-04-03] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-03] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-04-03] (ALWIL Software) R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [252208 2014-04-03] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-03] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-03] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-03] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-03] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-03] () R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114408 2014-02-03] (Power Software Ltd) R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software) R3 TuneUpUtilitiesDrv; C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4 C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\system32\drivers\aswKbd.sys 903CAF22AEA9D84B0191FEA5F5D483A4 C:\Windows\system32\drivers\aswMonFlt.sys B347D2FEAE2D063943F16EC98634AB89 C:\Windows\System32\DRIVERS\aswNdis.sys 7B948E3657BEA62E437BC46CA6EF6012 C:\Windows\system32\Drivers\aswNdis2.sys 0EAECBB1A82D5CF37DB0C92CBBD77998 C:\Windows\system32\drivers\aswRdr.sys 71A7C3DB37ED3F6118AC7FEB50574C35 C:\Windows\system32\Drivers\aswRvrt.sys 84B4C00AE8CDFC52CF68F322D821F34C C:\Windows\system32\drivers\aswSnx.sys 3A50AD6AE8D8A0F78F03316F5B93FE45 C:\Windows\system32\drivers\aswSP.sys B6381B4DC603C558419641BA969930E0 C:\Windows\system32\drivers\aswTdi.sys 4A90E597A9AF787C4CEA0DE95C1F74A7 C:\Windows\system32\Drivers\aswVmm.sys 680448905E27BBC6587ADB28597640D6 C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1 C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4 C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6 C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314 C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132 C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8 C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C C:\Windows\System32\DRIVERS\ssudbus.sys 54D0B8343CE8C22412A5F29D32EFD211 C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80 C:\Windows\System32\drivers\dxgkrnl.sys 988670D8343EF9835FB3659DB71B2EFA C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371 C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE C:\Windows\system32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8 C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05 C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\giveio.sys 77EBF3E9386DAA51551AF429052D88D0 C:\Windows\System32\drivers\HdAudio.sys 3F90E001369A07243763BD5A523D8722 C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401 C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3 C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68 C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9 C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034 C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7 C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20 C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6 C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC C:\Windows\system32\drivers\mbam.sys 0C6EA0109CFEDF441F06D031E9A8D1A9 C:\Windows\system32\drivers\MBAMSwissArmy.sys 661B911FA04E73FB073FF9B1C9BD2E05 C:\Windows\system32\drivers\mwac.sys 351E390DD5D257EAFF6E74A3C7239A5D C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8 C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263 C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2 C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03 C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C C:\Windows\System32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7 C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515 C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62 C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07 C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416 C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42 C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61 C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389 C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3 C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3 C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78 C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6 C:\Windows\System32\DRIVERS\netr28.sys AF997B1E67971C5EC34F52962617B55D C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26 C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7 C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E C:\Windows\System32\DRIVERS\nvmfdx32.sys D668632606D1CEBF0B6EC64C1DF7ED6F C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A77B1C13BCCEDDF78DFD7AFC25B4F5E C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC C:\Windows\System32\DRIVERS\nvstor32.sys 1A649B87A7B7C1220A2B16B121F2198E C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4 C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9 C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1 C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7 C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3 C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0 C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935 C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899 C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD C:\Windows\System32\DRIVERS\RTL8192su.sys 0797877413D3225700D94488F06273A8 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\system32\Drivers\SCDEmu.sys 61FA09E5FC13B46D5E5495165AA38DC2 C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys CE9EC966638EF0B10B864DDEDF62A099 C:\Windows\System32\DRIVERS\serial.sys 6D663022DB3E7058907784AE14B69898 C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624 C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04 C:\Windows\System32\speedfan.sys DC8D2952FB6FFBAEC67BD1B93A34DF11 C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91 C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44 C:\Windows\System32\DRIVERS\ssudmdm.sys D2C02234E3E87EA5FE420F045068099B C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56 C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D C:\Windows\System32\DRIVERS\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7 C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56 C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021 C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54 C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7 C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 C:\Program Files\AVG PC TuneUp 2014\TuneUpUtilitiesDriver32.sys E5049C43601473B5A909058596111229 C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38 C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6 C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2 C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62 C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2 C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888 C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5 C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169 C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4 C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43 C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28 C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-06 16:13 - 2014-04-06 16:14 - 00004671 _____ () C:\Users\ADMIN\Desktop\AdwCleaner[S0].txt 2014-04-06 15:24 - 2014-04-06 15:24 - 00448512 _____ (OldTimer Tools) C:\Users\ADMIN\Downloads\TFC.exe 2014-04-06 15:22 - 2014-04-06 15:22 - 00005324 _____ () C:\Users\ADMIN\Desktop\adwcleaner.txt 2014-04-06 15:13 - 2014-04-06 16:10 - 00000000 ____D () C:\AdwCleaner 2014-04-06 15:13 - 2014-04-06 15:13 - 01426178 _____ () C:\Users\ADMIN\Downloads\adwcleaner.exe 2014-04-06 14:25 - 2014-04-06 16:16 - 00000000 ____D () C:\Users\ADMIN\Desktop\anty 2014-04-06 12:28 - 2014-04-06 12:28 - 00037013 _____ () C:\Users\ADMIN\Downloads\FRST (1).txt 2014-04-05 20:46 - 2014-04-05 20:46 - 00056719 _____ () C:\Users\ADMIN\Desktop\GMER.txt 2014-04-05 16:54 - 2014-04-05 16:54 - 00018930 _____ () C:\Users\ADMIN\Desktop\Extras.txt 2014-04-05 16:53 - 2014-04-05 16:54 - 00041891 _____ () C:\Users\ADMIN\Desktop\OTL.txt 2014-04-05 16:53 - 2014-04-05 16:53 - 00037862 _____ () C:\Users\ADMIN\Downloads\Extras.Txt 2014-04-05 16:52 - 2014-04-05 16:52 - 00083784 _____ () C:\Users\ADMIN\Downloads\OTL.Txt 2014-04-05 16:49 - 2014-04-05 16:49 - 00380416 _____ () C:\Users\ADMIN\Downloads\jh1o5ruz.exe 2014-04-05 16:39 - 2014-04-05 16:40 - 00052925 _____ () C:\Users\ADMIN\Downloads\Shortcut.txt 2014-04-05 16:39 - 2014-04-05 16:40 - 00052865 _____ () C:\Users\ADMIN\Desktop\Shortcut.txt 2014-04-05 16:39 - 2014-04-05 16:40 - 00037013 _____ () C:\Users\ADMIN\Desktop\FRST.txt 2014-04-05 16:39 - 2014-04-05 16:40 - 00029247 _____ () C:\Users\ADMIN\Desktop\Addition.txt 2014-04-05 16:36 - 2014-04-05 16:36 - 00602112 _____ (OldTimer Tools) C:\Users\ADMIN\Downloads\OTL.exe 2014-04-05 16:34 - 2014-04-05 16:40 - 00029403 _____ () C:\Users\ADMIN\Downloads\Addition.txt 2014-04-05 16:33 - 2014-04-06 16:16 - 00000000 ____D () C:\FRST 2014-04-05 16:33 - 2014-04-05 16:40 - 00038210 _____ () C:\Users\ADMIN\Downloads\FRST.txt 2014-04-05 16:21 - 2014-04-05 16:21 - 00047487 _____ () C:\Users\ADMIN\Downloads\mbam.txt 2014-04-05 15:38 - 2014-04-05 15:38 - 00006770 _____ () C:\Users\ADMIN\Downloads\malware.rar 2014-04-05 15:38 - 2014-04-05 15:38 - 00006770 _____ () C:\Users\ADMIN\Desktop\malware.rar 2014-04-05 15:33 - 2014-04-05 15:33 - 00047487 _____ () C:\Users\ADMIN\Desktop\malware.txt 2014-04-05 15:26 - 2014-04-06 16:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-05 15:26 - 2014-04-05 15:26 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-05 15:26 - 2014-04-05 15:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-05 15:26 - 2014-04-05 15:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-05 15:26 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-05 15:26 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-05 15:26 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-05 11:32 - 2014-04-05 11:33 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ADMIN\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-04 19:30 - 2014-04-04 19:32 - 00000000 ____D () C:\Users\ADMIN\Desktop\Nowy folder 2014-04-03 19:43 - 2014-04-03 19:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Roaming\AVAST Software 2014-04-03 19:40 - 2014-04-03 19:40 - 00001919 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk 2014-04-03 19:40 - 2014-04-03 19:40 - 00001859 _____ () C:\Users\Public\Desktop\avast! Premier.lnk 2014-04-03 19:39 - 2014-04-03 19:39 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-03 19:39 - 2014-04-03 19:39 - 00252208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-03 19:39 - 2014-04-03 19:39 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys 2014-04-03 19:38 - 2014-04-03 19:38 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-03 19:16 - 2014-04-03 19:19 - 127246800 _____ (AVAST Software) C:\Users\ADMIN\Downloads\avast_premier_antivirus_setup (1).exe 2014-04-03 18:44 - 2014-04-03 18:44 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-03 18:43 - 2014-04-03 18:44 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\Adobe 2014-03-30 20:31 - 2014-03-31 18:46 - 15400423 _____ () C:\Users\ADMIN\Desktop\Techniki Walki (Jak skutecznie powalić przeciwnika).mp4 2014-03-30 00:09 - 2014-03-30 00:09 - 00002008 _____ () C:\Users\ADMIN\Downloads\cfgbyperse.rar 2014-03-29 16:13 - 2014-03-29 16:24 - 00000520 _____ () C:\Users\ADMIN\Desktop\Wszechswiat.txt 2014-03-29 11:44 - 2014-03-29 11:44 - 06508535 _____ () C:\Users\ADMIN\Downloads\hltv-1403281717-de_dust2-1396023420-1396024920.zip 2014-03-29 11:44 - 2014-03-29 11:44 - 06305374 _____ () C:\Users\ADMIN\Downloads\hltv-1403281651-de_dust2-1396021860-1396023360.zip 2014-03-28 12:17 - 2013-10-11 21:20 - 00002329 _____ () C:\Users\ADMIN\Desktop\SKRYPTns.txt 2014-03-28 12:16 - 2014-03-28 12:16 - 00000921 _____ () C:\Users\ADMIN\Downloads\SKRYPTnorecoilM4A1.rar 2014-03-28 12:04 - 2014-04-05 21:30 - 00000000 ____D () C:\Users\ADMIN\Desktop\poprzedni cfg 2014-03-28 12:04 - 2014-03-28 12:34 - 00000327 _____ () C:\Users\ADMIN\Desktop\userconfig.cfg 2014-03-28 12:03 - 2014-03-28 12:03 - 00002127 _____ () C:\Users\ADMIN\Downloads\f81b2c74d2383c60.zip 2014-03-24 21:08 - 2014-03-26 21:16 - 00000482 _____ () C:\Users\ADMIN\Desktop\potensjometr z przepustnicy.txt 2014-03-23 14:48 - 2014-03-28 10:46 - 00000000 ____D () C:\Users\ADMIN\Desktop\foldery 2014-03-21 17:17 - 2014-03-23 14:45 - 00000000 ____D () C:\Users\ADMIN\Desktop\THE GYm 2014-03-19 15:37 - 2014-03-19 15:37 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-19 15:37 - 2014-03-19 15:37 - 00000000 ____D () C:\Program Files\Common Files\Overwolf 2014-03-16 00:40 - 2014-03-16 00:41 - 05439830 _____ () C:\Users\ADMIN\Downloads\sdsdsdsdsds.rar 2014-03-13 14:42 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 14:42 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 14:42 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 14:42 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 14:42 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 14:42 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 14:42 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-13 14:42 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 14:42 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 14:42 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 14:42 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 14:42 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 14:42 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-13 14:42 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 14:42 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-13 14:42 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 00:16 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 00:16 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 00:16 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 00:15 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-03-12 16:31 - 2014-04-03 19:31 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-12 16:30 - 2014-03-12 16:30 - 00028895 _____ () C:\Windows\fsavunin.log 2014-03-12 16:30 - 2014-03-12 16:30 - 00003922 _____ () C:\Windows\FSGKIAIN.log 2014-03-12 16:30 - 2014-03-12 16:30 - 00001743 _____ () C:\Windows\FSLDIN.LOG 2014-03-12 16:30 - 2014-03-12 16:30 - 00000788 _____ () C:\Windows\daasunin.LOG 2014-03-12 16:30 - 2014-03-12 16:30 - 00000070 _____ () C:\Windows\fsavunin_2.log 2014-03-12 16:29 - 2014-03-12 16:30 - 17073046 _____ () C:\Windows\FSISU.log 2014-03-12 16:29 - 2014-03-12 16:30 - 00225590 _____ () C:\Windows\FSUNINST.log 2014-03-12 16:29 - 2014-03-12 16:30 - 00215259 _____ () C:\Windows\FSDEPH.log 2014-03-12 16:29 - 2014-03-12 16:30 - 00021604 _____ () C:\Windows\uninstaller.log 2014-03-12 16:28 - 2014-03-12 16:30 - 123721288 _____ (AVAST Software) C:\Users\ADMIN\Downloads\avast_premier_antivirus_setup.exe ==================== One Month Modified Files and Folders ======= 2014-04-06 16:16 - 2014-04-06 14:25 - 00000000 ____D () C:\Users\ADMIN\Desktop\anty 2014-04-06 16:16 - 2014-04-05 16:33 - 00000000 ____D () C:\FRST 2014-04-06 16:16 - 2006-11-02 14:52 - 01659528 _____ () C:\Windows\WindowsUpdate.log 2014-04-06 16:14 - 2014-04-06 16:13 - 00004671 _____ () C:\Users\ADMIN\Desktop\AdwCleaner[S0].txt 2014-04-06 16:14 - 2013-12-15 20:02 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\Overwolf 2014-04-06 16:13 - 2014-04-05 15:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-06 16:13 - 2013-11-06 19:37 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-06 16:13 - 2006-11-02 14:47 - 00004496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-06 16:13 - 2006-11-02 14:47 - 00004496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-06 16:12 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-06 16:11 - 2006-11-02 15:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-06 16:10 - 2014-04-06 15:13 - 00000000 ____D () C:\AdwCleaner 2014-04-06 16:06 - 2013-11-06 19:37 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-06 16:01 - 2006-12-05 07:22 - 00714666 _____ () C:\Windows\system32\perfh015.dat 2014-04-06 16:01 - 2006-12-05 07:22 - 00151538 _____ () C:\Windows\system32\perfc015.dat 2014-04-06 16:01 - 2006-11-02 12:33 - 01616086 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-06 15:55 - 2014-01-28 20:28 - 01238084 _____ () C:\Windows\PFRO.log 2014-04-06 15:24 - 2014-04-06 15:24 - 00448512 _____ (OldTimer Tools) C:\Users\ADMIN\Downloads\TFC.exe 2014-04-06 15:22 - 2014-04-06 15:22 - 00005324 _____ () C:\Users\ADMIN\Desktop\adwcleaner.txt 2014-04-06 15:13 - 2014-04-06 15:13 - 01426178 _____ () C:\Users\ADMIN\Downloads\adwcleaner.exe 2014-04-06 14:57 - 2014-01-31 22:35 - 00000000 ____D () C:\Users\wangjihua 2014-04-06 14:57 - 2013-12-08 22:46 - 00000000 ____D () C:\Users\wangzhisong 2014-04-06 14:57 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-04-06 14:26 - 2014-02-25 15:05 - 00000000 ____D () C:\Users\ADMIN\Desktop\programy 2014-04-06 14:26 - 2013-11-06 19:38 - 00002275 _____ () C:\Users\ADMIN\Desktop\Google Chrome.lnk 2014-04-06 14:26 - 2013-11-06 14:27 - 00001229 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-06 12:28 - 2014-04-06 12:28 - 00037013 _____ () C:\Users\ADMIN\Downloads\FRST (1).txt 2014-04-06 12:06 - 2013-12-10 19:14 - 00000000 ____D () C:\Program Files\steam 2014-04-05 21:30 - 2014-03-28 12:04 - 00000000 ____D () C:\Users\ADMIN\Desktop\poprzedni cfg 2014-04-05 20:46 - 2014-04-05 20:46 - 00056719 _____ () C:\Users\ADMIN\Desktop\GMER.txt 2014-04-05 17:14 - 2013-12-21 15:36 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\CrashDumps 2014-04-05 16:54 - 2014-04-05 16:54 - 00018930 _____ () C:\Users\ADMIN\Desktop\Extras.txt 2014-04-05 16:54 - 2014-04-05 16:53 - 00041891 _____ () C:\Users\ADMIN\Desktop\OTL.txt 2014-04-05 16:53 - 2014-04-05 16:53 - 00037862 _____ () C:\Users\ADMIN\Downloads\Extras.Txt 2014-04-05 16:52 - 2014-04-05 16:52 - 00083784 _____ () C:\Users\ADMIN\Downloads\OTL.Txt 2014-04-05 16:49 - 2014-04-05 16:49 - 00380416 _____ () C:\Users\ADMIN\Downloads\jh1o5ruz.exe 2014-04-05 16:40 - 2014-04-05 16:39 - 00052925 _____ () C:\Users\ADMIN\Downloads\Shortcut.txt 2014-04-05 16:40 - 2014-04-05 16:39 - 00052865 _____ () C:\Users\ADMIN\Desktop\Shortcut.txt 2014-04-05 16:40 - 2014-04-05 16:39 - 00037013 _____ () C:\Users\ADMIN\Desktop\FRST.txt 2014-04-05 16:40 - 2014-04-05 16:39 - 00029247 _____ () C:\Users\ADMIN\Desktop\Addition.txt 2014-04-05 16:40 - 2014-04-05 16:34 - 00029403 _____ () C:\Users\ADMIN\Downloads\Addition.txt 2014-04-05 16:40 - 2014-04-05 16:33 - 00038210 _____ () C:\Users\ADMIN\Downloads\FRST.txt 2014-04-05 16:36 - 2014-04-05 16:36 - 00602112 _____ (OldTimer Tools) C:\Users\ADMIN\Downloads\OTL.exe 2014-04-05 16:21 - 2014-04-05 16:21 - 00047487 _____ () C:\Users\ADMIN\Downloads\mbam.txt 2014-04-05 15:38 - 2014-04-05 15:38 - 00006770 _____ () C:\Users\ADMIN\Downloads\malware.rar 2014-04-05 15:38 - 2014-04-05 15:38 - 00006770 _____ () C:\Users\ADMIN\Desktop\malware.rar 2014-04-05 15:33 - 2014-04-05 15:33 - 00047487 _____ () C:\Users\ADMIN\Desktop\malware.txt 2014-04-05 15:26 - 2014-04-05 15:26 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-05 15:26 - 2014-04-05 15:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-05 15:26 - 2014-04-05 15:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-05 11:33 - 2014-04-05 11:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ADMIN\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-04 19:32 - 2014-04-04 19:30 - 00000000 ____D () C:\Users\ADMIN\Desktop\Nowy folder 2014-04-03 19:43 - 2014-04-03 19:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Roaming\AVAST Software 2014-04-03 19:40 - 2014-04-03 19:40 - 00001919 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk 2014-04-03 19:40 - 2014-04-03 19:40 - 00001859 _____ () C:\Users\Public\Desktop\avast! Premier.lnk 2014-04-03 19:39 - 2014-04-03 19:39 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-03 19:39 - 2014-04-03 19:39 - 00252208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-03 19:39 - 2014-04-03 19:39 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-04-03 19:39 - 2014-04-03 19:39 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys 2014-04-03 19:38 - 2014-04-03 19:38 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-03 19:31 - 2014-03-12 16:31 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-03 19:19 - 2014-04-03 19:16 - 127246800 _____ (AVAST Software) C:\Users\ADMIN\Downloads\avast_premier_antivirus_setup (1).exe 2014-04-03 18:44 - 2014-04-03 18:44 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-03 18:44 - 2014-04-03 18:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\Adobe 2014-04-03 18:44 - 2013-12-08 18:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-03 18:44 - 2013-12-08 18:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-03 09:51 - 2014-04-05 15:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-05 15:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-05 15:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 18:46 - 2014-03-30 20:31 - 15400423 _____ () C:\Users\ADMIN\Desktop\Techniki Walki (Jak skutecznie powalić przeciwnika).mp4 2014-03-31 17:00 - 2013-12-19 16:00 - 00000210 _____ () C:\Users\ADMIN\AppData\Roaming\WB.CFG 2014-03-30 00:27 - 2013-12-15 20:02 - 00000000 ____D () C:\Users\ADMIN\AppData\Roaming\TS3Client 2014-03-30 00:09 - 2014-03-30 00:09 - 00002008 _____ () C:\Users\ADMIN\Downloads\cfgbyperse.rar 2014-03-29 16:24 - 2014-03-29 16:13 - 00000520 _____ () C:\Users\ADMIN\Desktop\Wszechswiat.txt 2014-03-29 11:44 - 2014-03-29 11:44 - 06508535 _____ () C:\Users\ADMIN\Downloads\hltv-1403281717-de_dust2-1396023420-1396024920.zip 2014-03-29 11:44 - 2014-03-29 11:44 - 06305374 _____ () C:\Users\ADMIN\Downloads\hltv-1403281651-de_dust2-1396021860-1396023360.zip 2014-03-28 12:34 - 2014-03-28 12:04 - 00000327 _____ () C:\Users\ADMIN\Desktop\userconfig.cfg 2014-03-28 12:16 - 2014-03-28 12:16 - 00000921 _____ () C:\Users\ADMIN\Downloads\SKRYPTnorecoilM4A1.rar 2014-03-28 12:03 - 2014-03-28 12:03 - 00002127 _____ () C:\Users\ADMIN\Downloads\f81b2c74d2383c60.zip 2014-03-28 11:11 - 2014-01-29 20:43 - 00000000 ____D () C:\Users\ADMIN\Desktop\MECHANIKA 2014-03-28 10:46 - 2014-03-23 14:48 - 00000000 ____D () C:\Users\ADMIN\Desktop\foldery 2014-03-26 21:16 - 2014-03-24 21:08 - 00000482 _____ () C:\Users\ADMIN\Desktop\potensjometr z przepustnicy.txt 2014-03-23 14:45 - 2014-03-21 17:17 - 00000000 ____D () C:\Users\ADMIN\Desktop\THE GYm 2014-03-19 15:41 - 2013-11-06 18:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 15:39 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-19 15:37 - 2014-03-19 15:37 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-19 15:37 - 2014-03-19 15:37 - 00000000 ____D () C:\Program Files\Common Files\Overwolf 2014-03-19 15:37 - 2013-12-15 20:03 - 00000000 ____D () C:\Program Files\Overwolf 2014-03-16 00:41 - 2014-03-16 00:40 - 05439830 _____ () C:\Users\ADMIN\Downloads\sdsdsdsdsds.rar 2014-03-14 14:41 - 2006-11-02 14:47 - 00254832 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 23:04 - 2014-01-27 20:53 - 00002251 _____ () C:\Windows\setupact.log 2014-03-13 14:55 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2014-03-13 14:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-03-12 16:40 - 2013-11-06 19:39 - 00000000 ____D () C:\ProgramData\F-Secure 2014-03-12 16:36 - 2013-11-06 14:27 - 00000000 ____D () C:\Users\ADMIN 2014-03-12 16:30 - 2014-03-12 16:30 - 00028895 _____ () C:\Windows\fsavunin.log 2014-03-12 16:30 - 2014-03-12 16:30 - 00003922 _____ () C:\Windows\FSGKIAIN.log 2014-03-12 16:30 - 2014-03-12 16:30 - 00001743 _____ () C:\Windows\FSLDIN.LOG 2014-03-12 16:30 - 2014-03-12 16:30 - 00000788 _____ () C:\Windows\daasunin.LOG 2014-03-12 16:30 - 2014-03-12 16:30 - 00000070 _____ () C:\Windows\fsavunin_2.log 2014-03-12 16:30 - 2014-03-12 16:29 - 17073046 _____ () C:\Windows\FSISU.log 2014-03-12 16:30 - 2014-03-12 16:29 - 00225590 _____ () C:\Windows\FSUNINST.log 2014-03-12 16:30 - 2014-03-12 16:29 - 00215259 _____ () C:\Windows\FSDEPH.log 2014-03-12 16:30 - 2014-03-12 16:29 - 00021604 _____ () C:\Windows\uninstaller.log 2014-03-12 16:30 - 2014-03-12 16:28 - 123721288 _____ (AVAST Software) C:\Users\ADMIN\Downloads\avast_premier_antivirus_setup.exe 2014-03-11 22:14 - 2014-03-05 21:19 - 00000334 _____ () C:\Users\ADMIN\Desktop\Nowy dokument tekstowy.txt Some content of TEMP: ==================== C:\Users\ADMIN\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Menedľer rozruchu systemu Windows --------------------------------- Identyfikator {bootmgr} device partition=C: description Windows Boot Manager locale pl-PL inherit {globalsettings} default {current} resumeobject {51c556d9-46dc-11e3-b8a0-c75780929378} displayorder {current} toolsdisplayorder {memdiag} timeout 30 resume No Moduˆ ˆadujĄcy rozruchu systemu Windows --------------------------------------- Identyfikator {current} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale pl-PL inherit {bootloadersettings} osdevice partition=C: systemroot \Windows resumeobject {51c556d9-46dc-11e3-b8a0-c75780929378} nx OptIn Wznawianie ze stanu hibernacji ------------------------------ Identyfikator {51c556d9-46dc-11e3-b8a0-c75780929378} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale pl-PL inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Moduˆ testujĄcy pami©† systemu Windows -------------------------------------- Identyfikator {memdiag} device partition=C: path \boot\memtest.exe description Diagnostyka pami©ci systemu Windows locale pl-PL inherit {globalsettings} badmemoryaccess Yes Moduˆ ˆadujĄcy starszĄ wersj© systemu Windows --------------------------------------------- Identyfikator {ntldr} device partition=C: path \ntldr description Wcze˜niejsza wersja systemu Windows Ustawienia usˆug EMS -------------------- Identyfikator {emssettings} bootems Yes Ustawienia debugera ------------------- Identyfikator {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Uszkodzenia pami©ci RAM ----------------------- Identyfikator {badmemory} Ustawienia globalne ------------------- Identyfikator {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Ustawienia moduˆu ˆadujĄcego rozruchu ------------------------------------- Identyfikator {bootloadersettings} inherit {globalsettings} Ustawienia moduˆu ˆadujĄcego wznawiania --------------------------------------- Identyfikator {resumeloadersettings} inherit {globalsettings} LastRegBack: 2014-04-06 16:19 ==================== End Of Log ============================