Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02 Ran by Administrator (administrator) on KSIEGOWY-HP on 13-01-2015 15:10:46 Running from C:\Users\Administrator\Downloads Loaded Profile: Administrator (Available profiles: KSIEGOWY & Administrator) Platform: Windows 7 Professional (X64) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Ammyy LLC) C:\Users\KSIEGOWY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21MHOHVE\pomoc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Panasonic System Networks Co., Ltd.) C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE (Panasonic) C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Ammyy LLC) C:\Users\KSIEGOWY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21MHOHVE\pomoc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Panasonic System Networks Co., Ltd.) C:\Program Files (x86)\Panasonic\Device Monitor\DMWakeup.exe ( ) C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe HKLM-x32\...\Run: [Panasonic Device Monitor Wakeup] => C:\Program Files (x86)\Panasonic\Device Monitor\dmwakeup.exe [413696 2010-01-09] (Panasonic System Networks Co., Ltd.) HKLM-x32\...\Run: [Panasonic Device Manager for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe [135168 2010-02-02] ( ) HKLM-x32\...\Run: [Panasonic PCFAX for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe [765952 2010-01-18] (Panasonic System Networks Co.,Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [{4e8405fa-8ada-47b0-5da9-f8edc703f718}] => "C:\ProgramData\Microsoft\{4e8405fa-8ada-47b0-5da9-f8edc703f718}\{4e8405fa-8ada-47b0-5da9-f8edc703f718}.exe" HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [{4e8405fa-8ada-47b0-5da9-f8edc703f718}] => "C:\ProgramData\Microsoft\{4e8405fa-8ada-47b0-5da9-f8edc703f718}\{4e8405fa-8ada-47b0-5da9-f8edc703f718}.exe" No File BootExecute: autocheck autochk * sh4native Sh4Removal ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF HKU\S-1-5-21-3668452077-1106565234-3799211801-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF HKU\S-1-5-21-3668452077-1106565234-3799211801-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3668452077-1106565234-3799211801-500 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = BHO: No Name -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll No File Toolbar: HKLM-x32 - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKU\S-1-5-21-3668452077-1106565234-3799211801-500 -> No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.2 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "f7c9b5669dd71a8" service could not be unlocked. <===== ATTENTION R2 AmmyyAdmin; C:\Users\KSIEGOWY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21MHOHVE\pomoc.exe [743704 2014-10-23] (Ammyy LLC) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] R2 Panasonic Local Printer Service; C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed] R2 Panasonic Trap Monitor Service; C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-26] (Panasonic) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X] S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982912 2011-01-26] () [File not signed] S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [File not signed] S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed] S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] () [File not signed] S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed] U5 f7c9b5669dd71a8; C:\Windows\System32\Drivers\f7c9b5669dd71a8.sys [74688 2014-12-16] () <===== ATTENTION Necurs Rootkit? S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed] S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed] R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed] S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed] S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed] R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] () [File not signed] S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed] U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [22896 2012-03-01] () [File not signed] R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] () [File not signed] S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed] S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed] S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] () [File not signed] R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] () [File not signed] S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed] S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed] S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed] R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] () [File not signed] S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] () [File not signed] R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] () [File not signed] R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] () [File not signed] S3 i8042prt; C:\Windows\system32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed] S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed] R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-04-21] () [File not signed] S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed] S3 Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [158976 2010-02-26] () [File not signed] R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2484072 2010-09-07] () [File not signed] R0 intelide; C:\Windows\System32\DRIVERS\intelide.sys [16960 2009-07-14] () [File not signed] R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed] S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] () [File not signed] S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] () [File not signed] S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed] S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed] S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] () [File not signed] S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] () [File not signed] R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed] R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] () [File not signed] R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95088 2012-06-02] () [File not signed] R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [152432 2012-06-02] () [File not signed] R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed] S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-08-02] () [File not signed] R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed] S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed] S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed] S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed] S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed] R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed] S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed] S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed] S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed] R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed] R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed] R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed] R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] () [File not signed] S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed] S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157696 2011-05-04] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [287744 2011-07-09] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [126464 2011-05-04] () [File not signed] S3 msahci; C:\Windows\system32\DRIVERS\msahci.sys [30088 2011-02-02] () [File not signed] S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] () [File not signed] R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed] S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed] R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed] S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] () [File not signed] R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed] S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed] S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] () [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed] S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] () [File not signed] R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] () [File not signed] S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed] R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed] R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1653096 2013-04-12] () [File not signed] R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed] S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed] S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed] S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] () [File not signed] S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] () [File not signed] S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [98304 2008-07-31] () [File not signed] S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75632 2012-03-17] () [File not signed] R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] () [File not signed] S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12352 2009-07-14] () [File not signed] S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed] R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] () [File not signed] S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] () [File not signed] S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed] S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] () [File not signed] R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed] S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-14] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed] S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2012-04-28] () [File not signed] R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed] R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [349800 2010-09-20] () [File not signed] S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [6656 2009-07-14] () [File not signed] S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] () [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] () [File not signed] R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed] S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed] S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed] S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed] S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] () [File not signed] S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] () [File not signed] S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2011-02-02] () [File not signed] S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed] S3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [721768 2009-12-02] () [File not signed] S3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [269672 2009-12-02] () [File not signed] S3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [25960 2009-12-02] () [File not signed] S3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [22376 2009-12-02] () [File not signed] S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed] S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed] R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed] R3 srv; C:\Windows\System32\DRIVERS\srv.sys [461312 2011-04-29] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [399872 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [161792 2011-04-29] () [File not signed] S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed] R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-14] () [File not signed] S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [34896 2009-07-14] () [File not signed] R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed] R1 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1893224 2013-01-04] () [File not signed] S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1893224 2013-01-04] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-15] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] () [File not signed] R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-14] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] () [File not signed] S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] () [File not signed] S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] () [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] () [File not signed] S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2011-03-25] () [File not signed] S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] () [File not signed] R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52224 2011-03-25] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-25] () [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-03-25] () [File not signed] S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed] S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-14] () [File not signed] R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91136 2011-03-11] () [File not signed] R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2011-03-25] () [File not signed] R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed] S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] () [File not signed] S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] () [File not signed] S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [200272 2009-07-14] () [File not signed] S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [21760 2009-07-14] () [File not signed] R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295792 2012-09-06] () [File not signed] R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [187904 2009-09-23] () [File not signed] R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [66304 2009-09-23] () [File not signed] R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2009-09-23] () [File not signed] R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [359552 2009-09-23] () [File not signed] S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed] S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-14] () [File not signed] S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed] S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785512 2012-07-26] () [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed] S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed] S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [40448 2009-07-14] () [File not signed] R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] () [File not signed] S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed] R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed] R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 15:10 - 2015-01-13 15:10 - 00030103 _____ () C:\Users\Administrator\Downloads\FRST.txt 2015-01-13 15:09 - 2015-01-13 15:10 - 00000000 ____D () C:\FRST 2015-01-13 15:08 - 2015-01-13 15:09 - 02124288 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2015-01-13 12:48 - 2015-01-13 12:48 - 00000000 ____D () C:\ProgramData\ESET 2015-01-13 12:40 - 2015-01-13 12:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-13 12:40 - 2015-01-13 12:40 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-01-12 11:25 - 2015-01-12 15:23 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2015-01-12 11:24 - 2015-01-12 11:24 - 00089992 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-12 11:23 - 2015-01-13 13:17 - 00000000 ____D () C:\Users\Administrator\Desktop\SpyHunter 2015-01-12 11:22 - 2015-01-12 11:22 - 00000000 ____D () C:\Users\Administrator\Documents\Panasonic 2015-01-12 11:22 - 2015-01-12 11:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Panasonic 2015-01-12 11:22 - 2015-01-12 11:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2015-01-12 11:21 - 2015-01-12 11:21 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-01-12 11:21 - 2015-01-12 11:21 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Ustawienia lokalne 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Szablony 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Moje dokumenty 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Menu Start 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje wideo 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje obrazy 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moja muzyka 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Dane aplikacji 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Historia 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 ___SH () C:\Users\Administrator\ntuser.ini 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 ____D () C:\Users\Administrator\temp 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 ____D () C:\Users\Administrator 2015-01-12 11:21 - 2011-11-08 12:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2015-01-12 11:21 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-12 11:21 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-12 10:58 - 2015-01-13 13:57 - 00566099 _____ () C:\spyhunter.fix 2015-01-12 10:58 - 2010-05-13 18:34 - 00014232 _____ () C:\Windows\SysWOW64\sh4native.exe 2015-01-12 10:11 - 2015-01-13 12:44 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\SpyHunter 2015-01-12 10:05 - 2015-01-12 10:05 - 00005711 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2015-01-12 10:05 - 2015-01-12 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-12 10:05 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-12 10:05 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-12 10:05 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-12 10:05 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-12 10:02 - 2015-01-12 10:08 - 47564800 _____ () C:\Users\KSIEGOWY\Downloads\eav_nt64_plk.msi 2015-01-12 09:55 - 2015-01-12 09:56 - 00000012 _____ () C:\Users\KSIEGOWY\Desktop\Nowy dokument tekstowy.txt 2015-01-12 08:11 - 2015-01-12 08:11 - 03888054 _____ () C:\Users\KSIEGOWY\Desktop\Nowy obraz mapy bitowej.bmp 2015-01-12 08:10 - 2015-01-12 08:10 - 03888054 _____ () C:\Users\KSIEGOWY\Documents\Decrypt All Files fafktzg.bmp 2015-01-12 08:10 - 2015-01-12 08:10 - 00001240 _____ () C:\Users\KSIEGOWY\Documents\Decrypt All Files fafktzg.txt 2015-01-12 07:56 - 2015-01-12 07:59 - 01548174 _____ () C:\Users\KSIEGOWY\Desktop\nałęczów.bmp 2015-01-12 07:33 - 2015-01-12 07:33 - 00002870 _____ () C:\Windows\System32\Tasks\wckfgeb 2015-01-12 07:33 - 2015-01-12 07:33 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt 2015-01-11 06:52 - 2015-01-11 06:52 - 00032768 _____ () C:\Users\KSIEGOWY\AppData\Roaming\guttersnipes.ds 2015-01-07 10:45 - 2015-01-12 07:50 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\EMA ELFA 2014-12-30 10:47 - 2015-01-12 07:49 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\WIT-POL 2014-12-16 10:41 - 2014-12-16 10:41 - 00074688 _____ () C:\Windows\system32\Drivers\f7c9b5669dd71a8.sys 2014-12-16 08:29 - 2015-01-12 07:48 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\JOASIA ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 15:04 - 2011-11-08 12:14 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-13 15:04 - 2011-02-02 00:27 - 00743002 _____ () C:\Windows\system32\perfh015.dat 2015-01-13 15:04 - 2011-02-02 00:27 - 00156542 _____ () C:\Windows\system32\perfc015.dat 2015-01-13 15:04 - 2009-07-14 06:13 - 01672820 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-13 15:04 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-13 15:04 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-13 14:57 - 2011-11-08 12:14 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-13 14:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-13 14:56 - 2009-07-14 05:51 - 00115445 _____ () C:\Windows\setupact.log 2015-01-13 13:44 - 2014-09-02 12:39 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-13 12:41 - 2011-02-02 02:46 - 00033970 _____ () C:\Windows\PFRO.log 2015-01-13 12:40 - 2011-11-08 12:17 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-13 12:40 - 2011-11-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-01-13 12:38 - 2011-11-08 13:12 - 00000000 ____D () C:\Users\KSIEGOWY\AppData\Roaming\Skype 2015-01-13 12:38 - 2011-02-01 23:50 - 01544523 _____ () C:\Windows\WindowsUpdate.log 2015-01-12 11:21 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-01-12 10:09 - 2013-10-11 12:53 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-12 10:05 - 2014-01-15 13:08 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-12 09:10 - 2012-11-08 13:54 - 00000000 ____D () C:\Users\KSIEGOWY\AppData\Roaming\Humansoft 2015-01-12 08:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-12 08:10 - 2013-12-02 10:01 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\Kopia 2015-01-12 08:07 - 2011-11-04 09:45 - 00000000 ___RD () C:\Users\KSIEGOWY\Desktop\KAROLA 2015-01-12 08:05 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\Dokumenty 2015-01-12 08:03 - 2014-10-13 13:30 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\25 LECIE 2015-01-12 08:02 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\WIZYTÓWKI 2011 2015-01-12 07:55 - 2014-08-27 08:31 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\MV 2015-01-12 07:52 - 2012-01-17 14:03 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\Akcyza wyroby węglowe 2015-01-12 07:51 - 2014-08-08 11:40 - 00000000 ____D () C:\Program Files (x86)\RCP58 2015-01-12 07:50 - 2011-11-07 15:21 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\ISTAT2.09 DATA UTW.08.05.09 2015-01-12 07:49 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\formularze GUS 2015-01-12 07:47 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\zdjęcia żeliwiaka 2015-01-12 07:47 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\ZDJECIA DO GUSS-RINGA 2015-01-12 07:47 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\scany zdjęć 2015-01-12 07:47 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\Pobieranie 2015-01-12 07:47 - 2011-11-07 15:12 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\Moje skany 2015-01-12 07:47 - 2011-11-04 15:53 - 00000000 ____D () C:\Users\KSIEGOWY 2015-01-12 07:46 - 2014-01-28 09:41 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\kornelia 2015-01-12 07:46 - 2011-11-07 15:12 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\korespondencja 2015-01-12 07:45 - 2012-10-25 13:37 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\DANE EXCEL 2015-01-12 07:45 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\DANE SUROWCE 2015-01-12 07:45 - 2011-11-07 15:12 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\Nieużywane 2015-01-12 07:44 - 2011-12-21 09:24 - 00000000 ____D () C:\Users\KSIEGOWY\AppData\Roaming\Babylon 2015-01-12 07:42 - 2013-12-12 14:31 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\klucz i certyufikat pfron2 k.ch 2015-01-12 07:39 - 2014-08-18 10:37 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\Do wysłania 2015-01-12 07:37 - 2011-11-04 16:28 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2015-01-12 07:37 - 2010-06-15 03:07 - 00000000 ____D () C:\swsetup 2015-01-12 07:37 - 2009-08-04 22:46 - 00000000 ___HD () C:\SYSTEM.SAV 2015-01-12 07:36 - 2012-05-21 06:33 - 00000000 ____D () C:\ProgramData\Recovery 2015-01-12 07:35 - 2014-08-18 10:36 - 00000000 ____D () C:\Program Files (x86)\WinRAR 2015-01-12 07:35 - 2011-11-08 13:12 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-12 07:34 - 2014-10-29 12:17 - 00000000 ____D () C:\Program Files (x86)\Corax 2015-01-12 07:34 - 2013-01-09 09:41 - 00000000 ____D () C:\Program Files\WF-Gang 2015-01-12 07:34 - 2012-03-21 11:52 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2015-01-12 07:34 - 2011-11-04 17:08 - 00000000 ____D () C:\Program Files\Windows XP Mode 2015-01-12 07:33 - 2012-03-14 09:17 - 00000000 ____D () C:\klucze i cert pfron 2015-01-12 07:33 - 2012-02-15 09:45 - 00000000 ____D () C:\PIT Format 2011 2015-01-12 07:33 - 2011-11-09 14:24 - 00000000 ____D () C:\Nowy folder 2015-01-12 07:33 - 2011-11-09 14:15 - 00000000 ____D () C:\lj1000hb 2015-01-12 07:33 - 2011-11-04 16:46 - 00000000 ____D () C:\97966dc59e5b41adfe4d42416859c852 2015-01-12 07:33 - 2011-02-01 23:59 - 00000000 ____D () C:\ProgramData\HPQLOG 2015-01-09 14:53 - 2014-09-25 07:33 - 00013030 _____ () C:\PDOXUSRS.NET 2015-01-09 12:55 - 2011-11-09 11:53 - 00002533 _____ () C:\Users\KSIEGOWY\intlname.ols 2015-01-08 13:22 - 2011-11-04 16:46 - 00000512 _____ () C:\rcp58_log_file.TXT.fafktzg 2015-01-07 11:46 - 2011-11-04 16:46 - 00006928 _____ () C:\log.TXT.fafktzg 2015-01-07 10:44 - 2014-11-19 13:24 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\zdjęcia tadeusz gardecki 2015-01-07 08:20 - 2011-12-05 10:41 - 00003224 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKSIEGOWY-HP$ 2015-01-07 08:20 - 2011-12-05 10:41 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForKSIEGOWY-HP$.job 2014-12-29 10:17 - 2011-11-09 09:19 - 00000396 _____ () C:\Windows\KmPcFax.INI 2014-12-16 10:04 - 2011-11-04 16:46 - 00374608 _____ () C:\Users\KSIEGOWY\Desktop\KARTKA ŚWIĄTECZNA 2014.JPG.fafktzg 2014-12-16 09:45 - 2011-11-04 16:46 - 00002336 _____ () C:\Users\KSIEGOWY\Desktop\życzenia.DOC.fafktzg 2014-12-15 11:50 - 2011-11-04 16:46 - 00002560 _____ () C:\Users\KSIEGOWY\Desktop\ADVERTI.DOC.fafktzg Some content of TEMP: ==================== C:\Users\KSIEGOWY\AppData\Local\Temp\APNSetup.exe C:\Users\KSIEGOWY\AppData\Local\Temp\AskSLib.dll C:\Users\KSIEGOWY\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe C:\Users\KSIEGOWY\AppData\Local\Temp\installhelper.dll C:\Users\KSIEGOWY\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\KSIEGOWY\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\KSIEGOWY\AppData\Local\Temp\MSNE33E.exe C:\Users\KSIEGOWY\AppData\Local\Temp\SkypeSetup.exe C:\Users\KSIEGOWY\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\KSIEGOWY\AppData\Local\Temp\uninstall.exe C:\Users\KSIEGOWY\AppData\Local\Temp\_is4A1B.exe C:\Users\KSIEGOWY\AppData\Local\Temp\_isC6D8.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys [2012-12-12 07:38] - [2012-09-06 18:38] - 0295792 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION! testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2015-01-07 08:16 ==================== End Of Log ============================