Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-08-2015 02 Ran by Krzysiek (administrator) on KRZYSZTO-1A03A9 (04-09-2015 18:23:13) Running from C:\Documents and Settings\Krzysiek\Desktop\av\detekcja Loaded Profiles: Krzysiek (Available Profiles: Krzysiek) Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 6 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe (Microsoft Corporation) C:\WINDOWS\system32\wisptis.exe (Microsoft Corporation) C:\WINDOWS\system32\tabbtnu.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Lucent Technologies) C:\WINDOWS\LTSMMSG.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (WACOM) C:\WINDOWS\system32\digtizer.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TabletWizard] => C:\WINDOWS\help\SplshWrp.exe [16384 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [TabletTip] => C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [271872 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [LTSMMSG] => C:\WINDOWS\LTSMMSG.exe [32768 2001-12-17] (Lucent Technologies) HKLM\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [15360 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [Regedit32] => C:\WINDOWS\system32\regedit.exe HKLM\...\Run: [BEWINTERNET-PLSessionManager] => "C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" HKLM\...\Run: [MFARestart] => "C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" /usereg HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2015-09-01] (Kaspersky Lab ZAO) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2003-12-14] (Intel Corporation) Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll [2012-08-17] (Kaspersky Lab ZAO) Winlogon\Notify\loginkey: C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2004-08-03] (Microsoft Corporation) Winlogon\Notify\TabBtnWL: C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29] (Microsoft Corporation) Winlogon\Notify\tpgwlnotify: C:\WINDOWS\system32\tpgwlnot.dll [2004-08-03] (Microsoft Corporation) HKU\S-1-5-21-1993962763-1935655697-1708537768-1003\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [1961984 2005-09-16] (Ahead Software AG) HKU\S-1-5-21-1993962763-1935655697-1708537768-1003\...\Run: [CsimPlayer] => C:\Documents and Settings\Krzysiek\CsimPlayer.exe HKU\S-1-5-18\...\Run: [TabletWizard] => %windir%\help\wizard.hta BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1993962763-1935655697-1708537768-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ HKU\S-1-5-21-1993962763-1935655697-1708537768-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-1993962763-1935655697-1708537768-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-09-01] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-09-01] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll [2015-09-01] (Kaspersky Lab ZAO) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2015-09-01] (Kaspersky Lab ZAO) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll No File FireFox: ======== FF ProfilePath: C:\Documents and Settings\Krzysiek\Application Data\Mozilla\Firefox\Profiles\lh9jlufe.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2009-10-27] () FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-25] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-02-08] (mozilla.org) FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2015-09-01] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2015-09-01] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2015-09-01] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2009-05-20] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2009-05-20] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2009-05-20] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2009-05-20] Chrome: ======= CHR Profile: C:\Documents and Settings\Krzysiek\Local Settings\Application Data\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2013-02-28] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2013-02-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2013-02-28] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2015-09-01] (Kaspersky Lab ZAO) R2 Digitizer; C:\WINDOWS\System32\digtizer.exe [61440 2004-06-30] (WACOM) [File not signed] S2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [X] S2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) R3 FJTabBtn; C:\WINDOWS\System32\DRIVERS\FjTabBtn.sys [10496 2003-01-09] (Fujitsu PC Corporation) [File not signed] S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems) R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2009-07-13] (Aladdin Knowledge Systems) [File not signed] R3 hidpen; C:\WINDOWS\System32\DRIVERS\hidpen.sys [31104 2004-08-02] (Wacom Co., Ltd) R2 HOSTNT; C:\WINDOWS\system32\Drivers\HOSTNT.sys [4032 2012-05-08] () [File not signed] S3 hwdatacard; C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys [102400 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusbfake; C:\WINDOWS\System32\DRIVERS\ewusbfake.sys [102656 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2015-09-01] (Kaspersky Lab ZAO) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [595040 2015-09-01] (Kaspersky Lab ZAO) R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24160 2015-09-01] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2015-09-01] (Kaspersky Lab ZAO) R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2015-09-01] (Kaspersky Lab ZAO) R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145224 2015-09-01] (Kaspersky Lab ZAO) [File not signed] R3 LucentSoftModem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [807021 2001-12-18] (Lucent Technologies) R1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42496 2004-08-03] (Microsoft Corporation) S3 PCAMPR5; C:\WINDOWS\system32\PCAMPR5.SYS [34688 2009-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [32128 2009-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 PRISM; C:\WINDOWS\System32\DRIVERS\PRISMNDS.sys [642560 2003-06-02] (Intersil Corporation) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [45568 2002-06-12] (Realtek Semiconductor Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-03] () R3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC) R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [179664 2002-08-10] (SigmaTel, Inc.) R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [359040 2004-08-03] (Microsoft Corporation) [File not signed] R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [122942 2004-01-05] (Intel Corporation) R3 {6D08DE67-D457-4d38-A7F5-D88CCB81EE00}; C:\WINDOWS\System32\drivers\A306.sys [16951 2004-01-05] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [99002 2004-01-05] (Intel Corporation) S3 amsint32; \??\C:\WINDOWS\system32\drivers\oiqpk.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2015-09-01] (Kaspersky Lab ZAO) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-01 17:53 - 2015-09-01 17:58 - 00001024 ____H C:\WINDOWS\system32\config\elam.LOG 2015-09-01 17:53 - 2015-09-01 17:53 - 00262144 _____ C:\WINDOWS\system32\config\elam 2015-09-01 17:22 - 2015-09-01 17:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2013 2015-09-01 17:22 - 2015-09-01 17:21 - 00000855 _____ C:\Documents and Settings\All Users\Desktop\Kaspersky Anti-Virus 2013.lnk 2015-09-01 17:18 - 2015-09-04 18:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2015-09-01 17:18 - 2015-09-01 17:18 - 00000000 ____D C:\Program Files\Kaspersky Lab 2015-09-01 17:17 - 2015-09-01 19:48 - 00595040 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys 2015-09-01 17:17 - 2015-09-01 19:48 - 00074336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys 2015-09-01 16:56 - 2015-09-01 16:56 - 00000000 ____D C:\Documents and Settings\Krzysiek\Local Settings\Application Data\MFAData 2015-09-01 16:56 - 2015-09-01 16:56 - 00000000 ____D C:\Documents and Settings\Krzysiek\Local Settings\Application Data\Avg2015 2015-09-01 16:22 - 2015-09-01 16:38 - 00001012 _____ C:\WINDOWS\svcpack.log 2015-09-01 16:22 - 2015-09-01 16:22 - 00000000 ____D C:\WINDOWS\system32\CatRoot_bak 2015-08-31 16:03 - 2015-08-31 16:03 - 00000000 ____D C:\Device 2015-08-31 14:44 - 2015-08-31 16:03 - 00000000 ____D C:\Documents and Settings\Krzysiek\Doctor Web 2015-08-31 14:43 - 2015-08-31 16:10 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt 2015-08-31 14:42 - 2015-09-01 17:37 - 00000000 ____D C:\Documents and Settings\Krzysiek\Desktop\av 2015-08-27 19:27 - 2015-08-27 19:27 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-08-27 19:14 - 2015-09-04 18:23 - 00000000 ____D C:\FRST 2015-08-27 19:01 - 2015-08-27 19:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-08-27 18:53 - 2015-08-27 18:57 - 00000000 ____D C:\AdwCleaner 2015-08-27 18:19 - 2015-08-27 18:19 - 00000000 ___SD C:\ComboFix 2015-08-27 18:19 - 2015-08-27 18:19 - 00000000 ____D C:\Qoobox 2015-08-27 18:18 - 2015-08-27 18:18 - 00000000 ____D C:\WINDOWS\erdnt 2015-08-27 17:42 - 2015-08-27 17:42 - 00000000 ____D C:\Documents and Settings\Krzysiek\Application Data\TuneUp Software 2015-08-27 16:53 - 2015-08-27 16:53 - 00000000 ____D C:\Program Files\7-Zip 2015-08-27 16:53 - 2015-08-27 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip 2015-08-27 16:21 - 2015-08-26 11:26 - 148912384 _____ (AVG Technologies) C:\avg_isct_x86_all_2011_1153a3218.exe 2015-08-26 22:07 - 2015-08-26 22:07 - 00000000 ____D C:\Documents and Settings\Krzysiek\Application Data\AVG10 2015-08-26 21:15 - 2015-08-26 21:15 - 00090112 _____ C:\WINDOWS\Minidump\Mini082615-01.dmp 2015-08-26 20:27 - 2015-08-26 20:27 - 00000000 ___HD C:\$AVG 2015-08-26 19:49 - 2015-08-27 17:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011 2015-08-26 19:48 - 2015-08-27 17:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG10 2015-08-26 19:48 - 2015-08-27 17:49 - 00000000 ____D C:\WINDOWS\system32\Drivers\AVG 2015-08-26 19:46 - 2015-08-26 19:46 - 00000000 ____D C:\Program Files\AVG 2015-08-26 19:43 - 2015-09-01 16:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2015-08-26 19:21 - 2015-08-26 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files 2015-08-26 18:04 - 2015-08-26 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2015-08-26 17:56 - 2015-08-26 17:56 - 00003584 _____ C:\Documents and Settings\Krzysiek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-03-21 13:44 - 2009-07-15 00:45 - 00246272 _____ (Stirling Technologies, Inc.) C:\WINDOWS\UNINST16.EXE 2015-09-04 18:25 - 2009-05-19 22:45 - 00000000 ____D C:\Documents and Settings\Krzysiek\Local Settings\Temp 2015-09-04 18:21 - 2010-02-08 21:37 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-04 18:21 - 2009-05-19 22:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-04 18:21 - 2009-05-19 22:26 - 00065706 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-04 17:22 - 2009-05-19 22:45 - 00000178 ___SH C:\Documents and Settings\Krzysiek\ntuser.ini 2015-09-04 17:22 - 2009-05-19 22:45 - 00000000 ____D C:\Documents and Settings\Krzysiek 2015-09-04 17:22 - 2009-05-19 22:43 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt 2015-09-04 17:05 - 2004-08-03 21:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-09-04 16:39 - 2010-02-08 21:37 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-01 19:48 - 2013-02-28 21:13 - 00044000 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kltdi.sys 2015-09-01 19:48 - 2013-02-28 21:13 - 00024672 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys 2015-09-01 19:48 - 2013-02-28 21:13 - 00024160 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys 2015-09-01 19:48 - 2012-08-13 16:49 - 00145224 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys 2015-09-01 19:48 - 2012-06-19 17:28 - 00135776 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys 2015-09-01 17:22 - 2009-05-20 12:03 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-09-01 17:21 - 2009-05-19 14:39 - 00942577 _____ C:\WINDOWS\setupapi.log 2015-08-31 20:47 - 2004-08-03 21:00 - 00000245 _____ C:\WINDOWS\system.ini 2015-08-26 22:22 - 2010-10-27 19:31 - 00000726 _____ C:\WINDOWS\system32\Drivers\etc\hosts.nav 2015-08-26 22:07 - 2009-05-19 22:30 - 00001514 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk 2015-08-26 21:15 - 2009-12-29 17:51 - 00000000 ____D C:\WINDOWS\Minidump 2015-08-26 20:45 - 2012-05-07 22:21 - 00000000 ____D C:\Program Files\WinRAR 2015-08-26 20:32 - 2010-02-08 21:37 - 00000000 ____D C:\Documents and Settings\Krzysiek\Local Settings\Application Data\Temp 2015-08-26 18:47 - 2010-10-27 19:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton 2015-08-26 18:42 - 2009-05-19 14:39 - 00245892 _____ C:\WINDOWS\setupact.log 2015-08-26 17:57 - 2009-07-26 21:00 - 00000116 _____ C:\WINDOWS\NeroDigital.ini ==================== Files in the root of some directories ======= 2015-08-26 17:56 - 2015-08-26 17:56 - 0003584 _____ () C:\Documents and Settings\Krzysiek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-05-19 22:45 - 2009-05-19 22:45 - 0000131 _____ () C:\Documents and Settings\Krzysiek\Local Settings\Application Data\fusioncache.dat Some files in TEMP: ==================== C:\Documents and Settings\Krzysiek\Local Settings\Temp\avguidx.dll C:\Documents and Settings\Krzysiek\Local Settings\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================