Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01 Ran by Artur (administrator) on STANEK on 01-02-2014 11:56:34 Running from F:\004_Downloads\FRST Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\System32\atieclxx.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (SOURCENEXT) C:\Windows\System32\bgsvcgen.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE () C:\Program Files\Gigabyte\EasySaver\essvr.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Ritlabs S.R.L.) C:\Program Files\The Bat!\thebat.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [591696 2008-05-07] (SEIKO EPSON CORPORATION) HKLM\...\Run: [NexusServer] - C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe [520192 2008-01-16] () HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation) HKLM\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=092211 serial=DR12CNC-8322248-NFT lang=PL HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-08-02] (CyberLink Corp.) HKLM\...\Run: [BDRegion] - C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-11-23] (cyberlink) HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\lgfw.exe [27760 2013-03-19] (Bitleader) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-29] (Kaspersky Lab ZAO) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [fst_pl_41] - [x] Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO) HKCU\...\Run: [thebat_startup] - C:\Program Files\The Bat!\thebat.exe [14089136 2012-03-02] (Ritlabs S.R.L.) HKCU\...\Run: [Active Desktop Calendar] - C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [4598784 2009-07-20] (XemiComputers ltd.) HKCU\...\Run: [Flock Update] - C:\Users\Artur\AppData\Local\Flock\Update\FlockUpdate.exe [136312 2010-09-22] (Google Inc.) HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-04] (Google Inc.) HKCU\...\Run: [Google Update] - C:\Users\Artur\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-20] (Google Inc.) HKCU\...\Run: [EPSON Stylus Photo R265 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE [139264 2006-05-19] (SEIKO EPSON CORPORATION) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) MountPoints2: {649576ef-7d84-11e2-afd7-6cf049e483da} - H:\AutoRun.exe MountPoints2: {6495777a-7d84-11e2-afd7-6cf049e483da} - D:\AutoRun.exe MountPoints2: {64957785-7d84-11e2-afd7-6cf049e483da} - H:\AutoRun.exe Startup: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stankiewicz.warszawa.pl/start/start.html SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {74947213-AC7E-4932-886A-F7BF3B57CF38} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_pl SearchScopes: HKCU - {74947213-AC7E-4932-886A-F7BF3B57CF38} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_pl BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} http://mardibloke.co.uk/gsccam/IPCamPluginMJPEG.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\wdo6jpuw.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Artur\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Artur\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @update.flock.com/Flock Update;version=8 - C:\Users\Artur\AppData\Local\Flock\Update\1.2.213.0\npFlockOneClick8.dll (Flock Inc.) FF Extension: DownloadHelper - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\wdo6jpuw.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-25] FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011-11-24] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-11-24] FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011-11-24] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Users\Artur\AppData\Local\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Artur\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Artur\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (AdobeExManDetect) - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Flock Update) - C:\Users\Artur\AppData\Local\Flock\Update\1.2.213.0\npFlockOneClick8.dll (Flock Inc.) CHR Plugin: (Google Update) - C:\Users\Artur\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Dysk Google) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15] CHR Extension: (Kaspersky URL Advisor) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-10-26] CHR Extension: (Klawiatura wirtualna) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-10-26] CHR Extension: (Google Wallet) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15] CHR Extension: (Blokowanie banerów) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-10-26] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-07-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-07-28] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-07-28] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Artur\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-06] ========================== Services (Whitelisted) ================= R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-29] (Kaspersky Lab ZAO) R2 bgsvcgen; C:\Windows\system32\bgsvcgen.exe [139264 2011-05-10] (SOURCENEXT) S2 CLKMSVC10_E92D8507; C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink) R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION) R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] () R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S3 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] () ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation) S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14464 2009-07-14] (Microsoft Corporation) R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [38944 2011-05-10] (B.H.A Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () R3 gdrv; C:\Windows\gdrv.sys [17488 2014-02-01] (Windows (R) 2000 DDK provider) R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2012-08-20] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-08-20] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [203264 2012-09-18] (Huawei Technologies Co., Ltd.) S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [94336 2010-02-03] (ITE ) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-29] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab) S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2009-07-14] (Microsoft Corporation) R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-09-08] () S3 StkTMini; C:\Windows\System32\Drivers\StkTMini.sys [468096 2007-11-15] (Syntek) S3 USBW9967; C:\Windows\System32\DRIVERS\2kw9967.sys [114144 2002-10-29] (Winbond Electronics Crop.) R0 W9967CAM; C:\Windows\System32\DRIVERS\W9967STI.SYS [10256 2001-10-30] (Winbond Electronics Crop.) U3 ayti4h2o; C:\Windows\system32\Drivers\ayti4h2o.sys [0 ] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt3467.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt2237.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt2199.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt20DC.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt1E97.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt1670.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt1527.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt119A.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt1041.tmp 2014-02-01 11:19 - 2014-02-01 11:19 - 00000000 ____D C:\Program Files\predm 2014-01-31 10:17 - 2014-02-01 11:56 - 00000000 ____D C:\FRST 2014-01-31 08:53 - 2014-02-01 11:35 - 00000000 ____D C:\AdwCleaner 2014-01-30 14:47 - 2014-01-30 14:47 - 00000000 ____D C:\Users\Artur\AppData\Roaming\zhuodashi 2014-01-30 14:47 - 2014-01-30 14:47 - 00000000 ____D C:\Users\Artur\.android 2014-01-30 14:10 - 2014-01-30 14:10 - 00000000 ____D C:\Program Files\PdaNet for Android 2014-01-30 14:10 - 2011-11-25 00:26 - 00013440 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys 2014-01-30 13:52 - 2014-01-30 14:58 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnlockRoot Pro 2014-01-30 13:52 - 2014-01-30 14:58 - 00000000 ____D C:\Program Files\Unlockroot Pro 2014-01-30 13:51 - 2014-01-30 14:58 - 00000000 ____D C:\Program Files\Unlockroot 2014-01-22 20:03 - 2014-01-22 20:03 - 00005163 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-22 20:03 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-22 20:03 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-22 20:03 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-22 20:03 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-15 16:17 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 16:17 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 16:17 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 16:17 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 16:17 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 16:17 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 16:17 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 16:17 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 16:17 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-01 11:56 - 2014-01-31 10:17 - 00000000 ____D C:\FRST 2014-02-01 11:54 - 2010-09-03 21:54 - 00000000 ____D C:\Users\Artur\AppData\Roaming\The Bat! 2014-02-01 11:45 - 2009-07-14 05:34 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-01 11:45 - 2009-07-14 05:34 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt3467.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt2237.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt2199.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt20DC.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt1E97.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt1670.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt1527.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt119A.tmp 2014-02-01 11:39 - 2014-02-01 11:39 - 00000000 _____ C:\Users\cdt1041.tmp 2014-02-01 11:39 - 2010-09-04 06:32 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Skype 2014-02-01 11:39 - 2010-09-03 20:38 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2014-02-01 11:38 - 2012-04-06 05:08 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-01 11:37 - 2011-10-23 10:35 - 00000367 _____ C:\Windows\lgfwup.ini 2014-02-01 11:37 - 2011-10-23 10:35 - 00000000 ____D C:\Program Files\lg_fwupdate 2014-02-01 11:37 - 2010-09-04 14:34 - 00000147 _____ C:\service.log 2014-02-01 11:36 - 2011-05-04 09:29 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-01 11:36 - 2010-09-04 14:31 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys 2014-02-01 11:36 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-02-01 11:36 - 2009-07-14 05:39 - 00178374 _____ C:\Windows\setupact.log 2014-02-01 11:35 - 2014-01-31 08:53 - 00000000 ____D C:\AdwCleaner 2014-02-01 11:35 - 2010-09-03 20:19 - 01949534 _____ C:\Windows\WindowsUpdate.log 2014-02-01 11:21 - 2011-05-04 09:29 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-01 11:19 - 2014-02-01 11:19 - 00000000 ____D C:\Program Files\predm 2014-02-01 11:11 - 2010-09-22 14:06 - 00000904 _____ C:\Windows\Tasks\FlockUpdateTaskUserS-1-5-21-1037311394-495963596-1306396951-1001UA.job 2014-01-31 16:20 - 2013-03-01 10:58 - 00000000 ____D C:\Users\Artur\Documents\MEDICA 2014-01-31 16:20 - 2010-09-03 20:22 - 00000000 ____D C:\Users\Artur 2014-01-31 16:00 - 2012-06-19 10:09 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1037311394-495963596-1306396951-1001UA.job 2014-01-31 15:11 - 2010-09-22 14:06 - 00000852 _____ C:\Windows\Tasks\FlockUpdateTaskUserS-1-5-21-1037311394-495963596-1306396951-1001Core.job 2014-01-31 13:35 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2014-01-31 13:18 - 2010-09-04 15:10 - 00000000 ____D C:\Program Files\Euromat 2014-01-31 09:02 - 2012-04-06 05:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-01-31 09:02 - 2011-05-14 06:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-01-31 09:02 - 2010-09-04 17:04 - 00000000 ____D C:\Users\Artur\AppData\Local\Adobe 2014-01-31 07:44 - 2010-09-05 19:20 - 00074948 _____ C:\Windows\PFRO.log 2014-01-30 15:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET 2014-01-30 15:06 - 2010-09-03 20:26 - 01688650 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-30 15:06 - 2009-07-14 09:07 - 00740438 _____ C:\Windows\system32\perfh015.dat 2014-01-30 15:06 - 2009-07-14 09:07 - 00156012 _____ C:\Windows\system32\perfc015.dat 2014-01-30 14:58 - 2014-01-30 13:52 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnlockRoot Pro 2014-01-30 14:58 - 2014-01-30 13:52 - 00000000 ____D C:\Program Files\Unlockroot Pro 2014-01-30 14:58 - 2014-01-30 13:51 - 00000000 ____D C:\Program Files\Unlockroot 2014-01-30 14:47 - 2014-01-30 14:47 - 00000000 ____D C:\Users\Artur\AppData\Roaming\zhuodashi 2014-01-30 14:47 - 2014-01-30 14:47 - 00000000 ____D C:\Users\Artur\.android 2014-01-30 14:10 - 2014-01-30 14:10 - 00000000 ____D C:\Program Files\PdaNet for Android 2014-01-27 14:28 - 2012-11-09 15:04 - 00000132 _____ C:\Users\Artur\AppData\Roaming\Preferencje formatu BMP CS6 firmy Adobe 2014-01-27 14:07 - 2010-12-28 15:22 - 00000000 ____D C:\Users\Artur\AppData\Roaming\vlc 2014-01-23 16:39 - 2012-10-01 07:18 - 00000000 ____D C:\Users\Artur\AppData\Roaming\GG 2014-01-23 15:49 - 2011-11-25 20:45 - 00000000 ____D C:\Users\Artur\AppData\Local\ChomikBox 2014-01-23 08:21 - 2011-11-25 20:45 - 00000000 ____D C:\Users\Artur\.gstreamer-0.10 2014-01-22 22:03 - 2013-03-28 14:18 - 00000034 _____ C:\Windows\cdplayer.ini 2014-01-22 20:04 - 2013-11-02 08:51 - 00000000 ____D C:\ProgramData\Oracle 2014-01-22 20:03 - 2014-01-22 20:03 - 00005163 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-22 20:03 - 2010-09-04 09:06 - 00000000 ____D C:\Program Files\Java 2014-01-16 07:34 - 2009-07-14 05:33 - 07855592 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-16 07:30 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-15 22:54 - 2013-09-02 22:11 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 22:51 - 2010-09-06 07:37 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 20:11 - 2013-11-02 12:40 - 00000000 ____D C:\Users\Artur\Documents\Biblioteka calibre 2014-01-15 19:56 - 2013-11-02 12:40 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk 2014-01-15 19:56 - 2013-11-02 12:39 - 00000000 ____D C:\Program Files\Calibre2 2014-01-13 12:12 - 2011-09-12 11:57 - 00000000 ____D C:\Program Files\JDownloader 2014-01-06 13:04 - 2013-03-01 15:03 - 00000000 ____D C:\Users\Artur\AppData\Local\Windows Live 2014-01-06 10:16 - 2012-01-19 08:08 - 00000000 ____D C:\Program Files\AutoMapa EU 2014-01-06 10:13 - 2012-09-15 01:51 - 00049557 _____ C:\Program Files\AutoMapa EU.md5 2014-01-04 09:48 - 2013-02-19 12:18 - 00000133 _____ C:\Windows\VobEdit.INI 2014-01-02 19:55 - 2010-09-04 10:36 - 00000000 ____D C:\Users\Artur\Documents\TMPGEnc Authoring Works 4 ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-30 11:15 ==================== End Of Log ============================