Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012 Ran by SYSTEM at 07-12-2012 11:40:01 Running from F:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6486120 2010-09-08] (Realtek Semiconductor) HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [5634800 2012-06-14] (ESET) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-03] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.) HKU\Sebastian\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-03-04] (Hewlett-Packard Company) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 ==================== Services (Whitelisted) =================== 2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [1288104 2012-06-14] (ESET) 2 syshost32; "C:\Windows\Installer\{C582D60C-44EB-C52F-C3C0-F961A39258FE}\syshost.exe" /service [59392 2012-12-06] () ==================== Drivers (Whitelisted) ===================== 1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [211344 2012-06-14] (ESET) 1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [149592 2012-06-14] (ESET) 2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [138232 2012-06-14] (ESET) 1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-07 10:58 - 2012-12-07 10:58 - 00000000 ____D C:\FRST 2012-12-06 12:51 - 2012-12-06 12:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-06 12:51 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-06 12:38 - 2012-12-06 22:40 - 00000648 ____A C:\Windows\PFRO.log 2012-12-05 22:36 - 2012-12-07 11:22 - 00000560 ____A C:\Windows\setupact.log 2012-12-05 22:36 - 2012-12-05 22:36 - 00000000 ____A C:\Windows\setuperr.log 2012-12-05 08:48 - 2012-12-05 09:52 - 00000000 ____D C:\Users\Sebastian\Downloads\The.Walking.Dead.S03E08.HDTV.x264-2HD 2012-12-05 08:42 - 2012-12-05 08:49 - 00000000 ____D C:\Users\Sebastian\Downloads\Dexter.S07E10.HDTV.x264-ASAP 2012-12-05 08:41 - 2012-12-05 10:40 - 00000000 ____D C:\Users\Sebastian\Downloads\90210.S05E08.HDTV.x264-2HD 2012-11-25 18:59 - 2012-11-25 18:59 - 00001989 ____A C:\o.xml 2012-11-25 18:59 - 2012-11-25 18:59 - 00001634 ____A C:\c.xml 2012-11-15 15:40 - 2012-07-26 05:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-11-15 15:40 - 2012-07-26 05:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-11-15 15:40 - 2012-07-26 03:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-11-15 15:40 - 2012-06-02 15:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-11-15 15:39 - 2012-08-23 15:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll 2012-11-15 15:39 - 2012-08-23 15:12 - 00029696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\terminpt.sys 2012-11-15 15:39 - 2012-08-23 15:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys 2012-11-15 15:39 - 2012-08-23 15:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys 2012-11-15 15:39 - 2012-08-23 15:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys 2012-11-15 15:39 - 2012-08-23 14:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2012-11-15 15:39 - 2012-08-23 14:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2012-11-15 15:39 - 2012-08-23 14:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2012-11-15 15:39 - 2012-08-23 14:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2012-11-15 15:39 - 2012-08-23 14:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll 2012-11-15 15:39 - 2012-08-23 14:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll 2012-11-15 15:39 - 2012-08-23 14:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2012-11-15 15:39 - 2012-08-23 14:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll 2012-11-15 15:39 - 2012-08-23 14:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll 2012-11-15 15:39 - 2012-08-23 13:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2012-11-15 15:39 - 2012-08-23 12:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe 2012-11-15 15:39 - 2012-08-23 12:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2012-11-15 15:39 - 2012-08-23 12:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe 2012-11-15 15:39 - 2012-08-23 12:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2012-11-15 15:39 - 2012-08-23 11:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2012-11-15 15:39 - 2012-08-23 11:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll 2012-11-15 15:39 - 2012-08-23 11:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2012-11-15 15:39 - 2012-08-23 11:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe 2012-11-15 15:39 - 2012-08-23 10:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll 2012-11-15 15:39 - 2012-08-23 09:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2012-11-15 15:39 - 2012-08-23 09:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2012-11-15 15:35 - 2012-10-08 13:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-11-15 15:35 - 2012-10-08 12:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-11-15 15:35 - 2012-10-08 12:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-15 15:35 - 2012-10-08 12:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-11-15 15:35 - 2012-10-08 12:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-11-15 15:35 - 2012-10-08 12:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-11-15 15:35 - 2012-10-08 12:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-11-15 15:35 - 2012-10-08 12:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-11-15 15:35 - 2012-10-08 12:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-11-15 15:35 - 2012-10-08 12:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-11-15 15:35 - 2012-10-08 12:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-11-15 15:35 - 2012-10-08 12:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-11-15 15:35 - 2012-10-08 12:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-11-15 15:35 - 2012-10-08 12:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-11-15 15:35 - 2012-10-08 12:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-11-15 15:35 - 2012-10-08 12:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-11-15 15:35 - 2012-10-08 09:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-11-15 15:35 - 2012-10-08 09:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-11-15 15:35 - 2012-10-08 08:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-11-15 15:35 - 2012-10-08 08:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-11-15 15:35 - 2012-10-08 08:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-11-15 15:35 - 2012-10-08 08:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-11-15 15:35 - 2012-10-08 08:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-11-15 15:35 - 2012-10-08 08:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-11-15 15:35 - 2012-10-08 08:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-11-15 15:35 - 2012-10-08 08:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-11-15 15:35 - 2012-10-08 08:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-11-15 15:35 - 2012-10-08 08:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-11-15 15:35 - 2012-10-08 08:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-11-15 15:35 - 2012-10-08 08:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-11-15 15:35 - 2012-10-08 08:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-11-15 15:35 - 2012-10-08 08:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-11-15 15:34 - 2012-08-24 19:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-11-15 15:34 - 2012-08-24 19:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-11-15 15:34 - 2012-08-24 19:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-11-15 15:34 - 2012-08-24 19:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-11-15 15:34 - 2012-08-24 19:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2012-11-15 15:34 - 2012-08-24 17:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-11-15 15:34 - 2012-08-24 17:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-11-15 15:34 - 2012-08-24 17:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-11-15 15:34 - 2012-08-24 17:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-11-15 15:34 - 2012-07-26 04:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-11-15 15:34 - 2012-07-26 04:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-11-15 15:34 - 2012-07-26 04:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-11-15 15:34 - 2012-07-26 04:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-11-15 15:34 - 2012-07-26 04:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-11-15 15:34 - 2012-07-26 03:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-11-15 15:34 - 2012-07-26 03:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-11-15 15:34 - 2012-06-02 15:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-11-15 15:21 - 2012-10-18 19:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-11-15 15:21 - 2012-10-09 19:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll 2012-11-15 15:21 - 2012-10-09 19:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll 2012-11-15 15:21 - 2012-10-09 18:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2012-11-15 15:21 - 2012-10-09 18:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2012-11-15 15:21 - 2012-10-03 18:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-11-15 15:21 - 2012-10-03 18:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2012-11-15 15:21 - 2012-10-03 18:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll 2012-11-15 15:21 - 2012-10-03 18:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2012-11-15 15:21 - 2012-10-03 18:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2012-11-15 15:21 - 2012-10-03 18:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll 2012-11-15 15:21 - 2012-10-03 18:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll 2012-11-15 15:21 - 2012-10-03 17:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2012-11-15 15:21 - 2012-10-03 17:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2012-11-15 15:21 - 2012-10-03 17:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2012-11-15 15:21 - 2012-10-03 17:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-11-15 15:21 - 2012-09-25 23:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2012-11-15 15:21 - 2012-09-25 23:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-11-15 15:21 - 2012-01-13 08:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2012-11-12 15:10 - 2012-11-12 15:10 - 00000000 ____D C:\Users\Sebastian\Documents\TomTom 2012-11-12 15:10 - 2012-11-12 15:10 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TomTom 2012-11-12 15:10 - 2012-11-12 15:10 - 00000000 ____D C:\Users\Sebastian\AppData\Local\TomTom 2012-11-12 15:08 - 2012-11-12 15:08 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Downloaded Installations 2012-11-07 11:08 - 2012-11-07 11:09 - 00000000 ____D C:\Users\Sebastian\Downloads\Linkin Park ==================== One Month Modified Files and Folders ======= 2012-12-07 11:37 - 2012-10-10 20:52 - 00000000 ____D C:\Users\Sebastian\Documents\Progr 2012-12-07 11:31 - 2009-07-14 05:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-07 11:31 - 2009-07-14 05:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-07 11:26 - 2012-09-26 11:39 - 01604863 ____A C:\Windows\WindowsUpdate.log 2012-12-07 11:22 - 2012-12-05 22:36 - 00000560 ____A C:\Windows\setupact.log 2012-12-07 11:22 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-07 11:02 - 2010-11-21 13:53 - 00698146 ____A C:\Windows\System32\perfh015.dat 2012-12-07 11:02 - 2010-11-21 13:53 - 00135224 ____A C:\Windows\System32\perfc015.dat 2012-12-07 11:02 - 2009-07-14 06:13 - 01549932 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-07 10:58 - 2012-12-07 10:58 - 00000000 ____D C:\FRST 2012-12-07 09:47 - 2012-02-08 19:28 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\uTorrent 2012-12-06 22:40 - 2012-12-06 12:38 - 00000648 ____A C:\Windows\PFRO.log 2012-12-06 12:51 - 2012-12-06 12:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-06 12:45 - 2012-06-11 15:54 - 00000000 ____D C:\Users\Sebastian\AppData\Local\CrashDumps 2012-12-06 12:02 - 2012-02-16 00:10 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\XnView 2012-12-06 11:40 - 2012-08-22 20:16 - 00000000 ____D C:\Users\Sebastian\Desktop\Ania 2012-12-05 22:36 - 2012-12-05 22:36 - 00000000 ____A C:\Windows\setuperr.log 2012-12-05 12:47 - 2010-12-10 08:24 - 00000000 ____D C:\Sebastian 2012-12-05 11:26 - 2012-10-31 18:39 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\vlc 2012-12-05 10:40 - 2012-12-05 08:41 - 00000000 ____D C:\Users\Sebastian\Downloads\90210.S05E08.HDTV.x264-2HD 2012-12-05 09:52 - 2012-12-05 08:48 - 00000000 ____D C:\Users\Sebastian\Downloads\The.Walking.Dead.S03E08.HDTV.x264-2HD 2012-12-05 08:49 - 2012-12-05 08:42 - 00000000 ____D C:\Users\Sebastian\Downloads\Dexter.S07E10.HDTV.x264-ASAP 2012-12-04 09:54 - 2012-02-08 17:59 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\HD Tune Pro 2012-12-01 17:15 - 2012-02-08 20:04 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Winamp 2012-11-28 19:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2012-11-26 20:17 - 2012-02-11 11:05 - 00000000 ____D C:\Program Files (x86)\Gadu-Gadu 10 2012-11-25 18:59 - 2012-11-25 18:59 - 00001989 ____A C:\o.xml 2012-11-25 18:59 - 2012-11-25 18:59 - 00001634 ____A C:\c.xml 2012-11-21 09:14 - 2012-02-08 18:57 - 00000000 ____D C:\Program Files (x86)\Opera 2012-11-21 09:13 - 2009-07-14 06:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-11-15 15:46 - 2012-02-08 17:43 - 00058016 ____A C:\Users\Sebastian\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-15 15:44 - 2009-07-14 05:45 - 00276200 ____A C:\Windows\System32\FNTCACHE.DAT 2012-11-15 15:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2012-11-15 15:34 - 2012-02-08 18:36 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-11-12 15:10 - 2012-11-12 15:10 - 00000000 ____D C:\Users\Sebastian\Documents\TomTom 2012-11-12 15:10 - 2012-11-12 15:10 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TomTom 2012-11-12 15:10 - 2012-11-12 15:10 - 00000000 ____D C:\Users\Sebastian\AppData\Local\TomTom 2012-11-12 15:08 - 2012-11-12 15:08 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Downloaded Installations 2012-11-08 10:44 - 2012-03-24 21:40 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\GG 2012-11-07 11:09 - 2012-11-07 11:08 - 00000000 ____D C:\Users\Sebastian\Downloads\Linkin Park ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3893.86 MB Available physical RAM: 3308.67 MB Total Pagefile: 3892.06 MB Available Pagefile: 3292.66 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:465.66 GB) (Free:435.66 GB) NTFS 3 Drive f: () (Removable) (Total:1.95 GB) (Free:1.95 GB) FAT 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (Zastrze¿one przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Nr dysku Stan Rozmiar Wolne Dyn GPT -------- ------------- ------- ------- --- --- Dysk 0 Online 465 GB 0 B Dysk 1 Online 1997 MB 0 B Partitions of Disk 0: =============== Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 100 MB 1024 KB Partycja 2 Podstawowy 465 GB 101 MB ================================================================================== Disk: 0 Partycja 1 Typ : 07 Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 1048576 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 1 Y Zastrze¾one NTFS Partycja 100 MB Zdrowy ========================================================= Disk: 0 Partycja 2 Typ : 07 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 105906176 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 2 C NTFS Partycja 465 GB Zdrowy ========================================================= Partitions of Disk 1: =============== Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 1996 MB 117 KB ================================================================================== Disk: 1 Partycja 1 Typ : 06 Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 120320 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 3 F FAT Wymienny 1996 MB Zdrowy ========================================================= Last Boot: 2012-12-05 11:45 ==================== End Of Log =============================