Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014 Ran by Kafi (administrator) on KAFI-PC on 08-02-2014 19:40:29 Running from I:\ Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ATK) C:\Program Files\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUSTeK) C:\Windows\System32\ACEngSvr.exe (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe () C:\Program Files\Dokan\DokanLibrary\mounter.exe () C:\ProgramData\DataCardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe () C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (VMware, Inc.) C:\Windows\System32\vmnat.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (PostgreSQL Global Development Group) D:\any\pgsql\bin\pg_ctl.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (France Telecom SA) C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2008-09-30] (AlcorMicro Co., Ltd.) HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS) HKLM\...\Run: [ACMON] - C:\Program Files\ASUS\Splendid\ACMON.exe [851968 2008-10-01] (ATK) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [3764024 2014-01-06] (AVAST Software) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [424864 2009-03-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2000-01-01] (Realtek Semiconductor) HKLM\...\Run: [CardDetectorHUAWEI160] - C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe [274432 2008-09-29] (France Telecom SA) HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024 2014-01-06] (AVAST Software) HKLM\...\Run: [DBAgent] - C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517128 2013-10-18] (Seagate Technology LLC) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-06] (Google Inc.) HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\Run: [Uploader] - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-10-18] (Seagate Technology LLC) HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\Run: [Mobile Partner] - C:\Program Files\Internet w Cyfrowym Polsacie\Internet w Cyfrowym Polsacie.exe [514560 2014-02-08] () HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: H - H:\AutoRunCardDetector.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {00992b03-8356-11e2-b0ca-cd5bef4fe097} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {00992b08-8356-11e2-b0ca-e78cda79b366} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {00992b0e-8356-11e2-b0ca-92ef60a92a8c} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {00992b11-8356-11e2-b0ca-b842e7ad5eb6} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {0268c3c7-8fb8-11e1-b6b1-806e6f6e6963} - E:\setup.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {058a0911-3ab3-11e0-b69b-00158315a310} - I:\MicroLauncher.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {069a3d47-f835-11de-9bd5-002618a17ac0} - F:\Setup.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {07524d08-2253-11e2-9406-945cd35d63a7} - H:\cdstart.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {0794c4c0-ed7d-11e0-8e7f-806e6f6e6963} - G:\cdstart.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {10ef9805-8e5f-11e1-afa3-9da654dc3dea} - G:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {17cf6bf4-0799-11df-9a68-002618a17ac0} - I:\MicroLauncher.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {27a3eef7-95da-11e2-9b68-d502f9e5598a} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {27a3ef07-95da-11e2-9b68-ff2f442ea868} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {285b9f2b-3d91-11e0-ac5b-00158315a310} - I:\AutoRunCardDetector.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {30c3f896-5917-11e0-9575-00158315a310} - I:\AutoRunCardDetector.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {38a56b75-8360-11e2-ba01-fc09e223d4ac} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {38a56b7a-8360-11e2-ba01-96c2008944b6} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {38a56b7e-8360-11e2-ba01-ecfcf413bda3} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {3ea4fbad-955e-11e2-8741-9e3f01fc8b24} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {4bf308a5-ad0b-11e2-b632-f80901a79cf0} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {629cd586-9cf2-11e2-b368-cd68f4b8bc30} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {629cd5aa-9cf2-11e2-b368-8f2efb8cac7f} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {629cd5b5-9cf2-11e2-b368-b46792e862df} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {63372ac9-21de-11df-a925-002618a17ac0} - I:\MicroLauncher.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {6e0511fe-a1af-11e1-8032-88912078928f} - G:\cdstart.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {70e6f377-9cea-11e2-83e1-a37eba186159} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {737b6f6e-70b4-11e3-ac4a-806e6f6e6963} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {747208e0-3b66-11e0-900e-00158315a310} - I:\MicroLauncher.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {7736c213-2af4-11e2-ba74-d8e88f7e163b} - H:\Install.cmd HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {8565658a-f78d-11e2-92c7-b01f85d54634} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {886da830-e9b7-11e1-a99f-9b9f5d7aa87b} - I:\cdstart.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {886da837-e9b7-11e1-a99f-9b9f5d7aa87b} - J:\cdstart.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {92e1157e-7250-11e1-8262-9443dbe9859b} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {96559b9e-82ff-11e2-b1bb-a7fe7bb6c928} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {96559ba7-82ff-11e2-b1bb-de5b32d6bf28} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {96559baa-82ff-11e2-b1bb-923af4de09a8} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {a5355a07-2495-11e2-85c7-acc59e1dbd62} - I:\cdstart.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {a5355a0d-2495-11e2-85c7-acc59e1dbd62} - J:\cdstart.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {a5d56e16-3aa7-11e0-bc34-00158315a310} - I:\MicroLauncher.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {a5d56e37-3aa7-11e0-bc34-00158315a310} - I:\MicroLauncher.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {a7e15087-8f42-11e1-afc1-d6a4bc30de92} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {a8e924f2-9187-11e2-a4ed-f89b9b2d5a22} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {a9b8be43-3aae-11e0-b1e3-806e6f6e6963} - G:\MicroLauncher.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {ac952729-90a8-11e3-b6cc-ef9df95e69be} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {ac95272d-90a8-11e3-b6cc-ef9df95e69be} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {ac952748-90a8-11e3-b6cc-ef9df95e69be} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {c609a2f9-7183-11e1-ba4b-b3d71d7d0bb8} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {c609a2fe-7183-11e1-ba4b-d28f4a40bff0} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {c609a308-7183-11e1-ba4b-f9eb371b55d7} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {c609a312-7183-11e1-ba4b-d23f1de09dff} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {c6963841-3b2c-11e0-b4dc-00158315a310} - F:\AutoRunCardDetector.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {c696385b-3b2c-11e0-b4dc-00158315a310} - I:\AutoRunCardDetector.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {cdd84794-cd35-11e2-98cb-b621e79525b4} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {cdd8479e-cd35-11e2-98cb-9e0a9f78715e} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {d44fd941-cda0-11e2-9241-f0a334afd393} - F:\AutoRunCardDetector.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {e39454fe-a3f5-11e2-b201-efdfb9f306f9} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {e3945509-a3f5-11e2-b201-dc6aa7393c79} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {e8f9ed04-9cdb-11e2-bff2-9ccfb87d4771} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {fb06cc0c-9607-11e2-a5f3-fadc24a99978} - F:\AutoRun.exe HKU\S-1-5-21-2697945115-3049162741-1134155747-1000\...\MountPoints2: {fddf046e-5947-11e0-bde7-00158315a310} - H:\AutoRunCardDetector.exe AppInit_DLLs: c:\progra~1\mocaflix\sprote~1.dll => C:\Program Files\MocaFlix\sprotector.dll [427520 2012-10-11] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/webhp?sourceid=toolbar-instant&hl=pl&ion=1&qscrl=1&nord=1&rlz=1T4ASUS_plPL349PL349 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={2808C8AC-4A8A-11E2-821A-EFE263E40EA5} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.just-browse.info/?l=1&q={searchTerms} SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={2808C8AC-4A8A-11E2-821A-EFE263E40EA5} SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7AURU_pl SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7AURU_pl SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Pomocnik rejestrowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Kafi\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) Toolbar: HKLM - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {5D2CF9D0-113A-476B-986F-288B54571614} http://www.devalvr.com/instalacion/plugin/devalvrplugin.php DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/pi/components/bph/SignActivX.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Winsock: Catalog9 12 D:\VM\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9 13 D:\VM\vsocklib.dll [338480] (VMware, Inc.) Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION. Tcpip\Parameters: [DhcpNameServer] 212.2.96.53 212.2.96.54 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @ganymede/GanymedeNetPlugin,version=1.0 - C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Extension: FTdownloader - C:\Users\Kafi\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader@ftdownloader.com.xpi [2012-11-29] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR HomePage: hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=1E9B0025D3647A59 CHR RestoreOnStartup: "sync" : { "suppress_start" CHR Extension: (Przelewy24) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlghgifgkapabijdmenlghpcjhaojnp [2013-03-04] CHR Extension: (Przelewy24) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2013-06-27] CHR Extension: (James White) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2013-02-15] CHR Extension: (YouTube) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-02] CHR Extension: (Google Search) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-02] CHR Extension: (FTdownloader) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli [2012-12-20] CHR Extension: (avast! WebRep) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-08-02] CHR Extension: (Browse2save) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjallejegaedjjopnbmljhphfmmbabm [2012-12-20] CHR Extension: (SweetIM for Facebook) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2012-12-20] CHR Extension: (Chrome In-App Payments service) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2012-12-20] CHR Extension: (Gmail) - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-02] CHR HKLM\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [2012-11-29] CHR HKLM\...\Chrome\Extension: [ihjallejegaedjjopnbmljhphfmmbabm] - C:\ProgramData\Browse2save\ihjallejegaedjjopnbmljhphfmmbabm.crx [2012-12-20] CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-12-20] CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Kafi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-12-20] ========================== Services (Whitelisted) ================= R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-14] () R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-01-06] (AVAST Software) S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) R2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [137336 2013-02-17] (Futuremark Corporation) S2 HTCMonitorService; C:\Program Files\htc2\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 Internet w Cyfrowym Polsacie. RunOuc; C:\Program Files\Internet w Cyfrowym Polsacie\UpdateDog\ouc.exe [246112 2014-02-08] () R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () S2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-10-18] (Seagate Technology LLC) R2 SRS_VolSync_Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [70880 2009-04-07] (SRS Labs, Inc.) S3 ufad-ws60; D:\VM\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.) S2 VMAuthdService; D:\VM\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.) R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.) S2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.) R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.) U2 WorkshopDbService; D:\any\pgsql\bin\pg_ctl.exe [99840 2012-06-01] (PostgreSQL Global Development Group) ==================== Drivers (Whitelisted) ==================== S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2013-03-15] (ITETech ) R1 Amfilter; C:\Windows\System32\DRIVERS\Amfilter.sys [8704 2000-01-01] ((Standard mouse types)) S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbprt.sys [13824 2000-01-01] ((Standard mouse types)) R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-06] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-06] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-06] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-06] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-06] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2010-01-03] () S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc) S2 BulkUsb; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2013-07-03] (Microsoft Corporation) S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [6656 2008-04-07] (Generic) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-10] (DT Soft Ltd) S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [129536 2009-03-30] (ELAN Microelectronic Corp.) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2010-08-24] (FTDI Ltd.) R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( ) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2010-01-03] () R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) R1 NetworkX; C:\Windows\System32\ckldrv.sys [23360 2010-03-19] () S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2008-09-11] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2008-09-11] (Printing Communications Assoc., Inc. (PCAUSA)) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation) S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation) S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation) S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation) S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation) S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation) S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation) S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation) S3 SaiH0762; C:\Windows\System32\DRIVERS\SaiH0762.sys [192000 2006-09-13] (Saitek) S3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [104960 2008-02-18] (Saitek) S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [138760 2010-08-10] (Saitek) S3 SaiKF620; C:\Windows\System32\DRIVERS\SaiKF620.sys [106496 2008-10-22] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [23200 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [46624 2013-04-30] (Saitek) S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [35336 2010-08-10] (Saitek) S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-30] (Prolific Technology Inc.) S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories) S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] () R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_i386.sys [233128 2009-04-01] () R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.) R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.) R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36400 2010-01-22] (VMware, Inc.) R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.) R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.) R2 vstor2-ws60; D:\VM\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [186592 2007-11-14] (Jungo) S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X] S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X] S3 BT; system32\DRIVERS\btnetdrv.sys [X] S3 Btcsrusb; System32\Drivers\btcusb.sys [X] S0 BTHidEnum; System32\Drivers\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X] S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X] S3 VComm; system32\DRIVERS\VComm.sys [X] S3 VcommMgr; System32\Drivers\VcommMgr.sys [X] S3 VHidMinidrv; system32\drivers\VHIDMini.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-08 19:40 - 2014-02-08 19:40 - 00000000 ____D () C:\FRST 2014-02-08 18:46 - 2014-02-08 18:46 - 00068224 _____ () C:\Users\Kafi\Desktop\Nowy dokument tekstowy.txt 2014-02-08 12:37 - 2014-02-08 12:37 - 00000292 _____ () C:\Windows\PFRO.log 2014-02-08 11:32 - 2014-02-08 11:32 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\RedApp 2014-02-08 11:31 - 2014-02-08 12:52 - 00002400 _____ () C:\Windows\setupact.log 2014-02-08 11:31 - 2014-02-08 11:31 - 00001011 _____ () C:\Users\Public\Desktop\Internet w Cyfrowym Polsacie.lnk 2014-02-08 11:31 - 2014-02-08 11:31 - 00000000 ____D () C:\Program Files\RedApp 2014-02-08 11:31 - 2014-02-08 11:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-08 11:31 - 2014-02-08 11:30 - 00235392 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2014-02-08 11:31 - 2014-02-08 11:30 - 00194816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-02-08 11:31 - 2014-02-08 11:30 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2014-02-08 11:31 - 2014-02-08 11:30 - 00090368 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys 2014-02-08 11:31 - 2014-02-08 11:30 - 00073216 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2014-02-08 11:31 - 2014-02-08 11:30 - 00064384 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys 2014-02-08 11:31 - 2014-02-08 11:30 - 00026624 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys 2014-02-08 11:31 - 2014-02-08 11:30 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2014-02-08 11:31 - 2014-02-08 11:30 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys 2014-02-08 11:31 - 2014-02-08 11:30 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00000000 ____D () C:\Program Files\Internet w Cyfrowym Polsacie 2014-02-08 09:37 - 2014-02-08 19:37 - 00009585 _____ () C:\Windows\WindowsUpdate.log 2014-02-08 09:32 - 2014-02-08 19:31 - 00001040 _____ () C:\Windows\error.log 2014-02-08 09:27 - 2014-02-08 19:28 - 00001288 _____ () C:\Windows\errord.log 2014-01-29 21:02 - 2014-01-29 21:02 - 00005058 _____ () C:\ProgramData\ogqnaqsv.zyj 2014-01-29 20:51 - 2014-01-29 20:51 - 00000752 _____ () C:\Users\Kafi\Desktop\Autodata CDA-3.lnk 2014-01-29 20:51 - 2007-04-20 03:05 - 00660384 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatUtil.dll 2014-01-29 20:51 - 2007-04-20 03:04 - 00926624 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatCrypt2.dll 2014-01-29 20:51 - 2007-04-20 03:04 - 00856992 _____ (Chilkat Software, Inc.) C:\Windows\system32\ChilkatCert.dll 2014-01-29 20:48 - 2014-01-29 20:51 - 00000000 ____D () C:\Program Files\Autodata 2014-01-29 20:48 - 2014-01-29 20:48 - 00000000 ____D () C:\Users\Kafi\Documents\Autodata 2014-01-27 13:51 - 2014-01-27 14:00 - 00332734 _____ () C:\Users\Kafi\Documents\Wszystko 01-2014.m3u 2014-01-23 21:42 - 2014-01-23 21:42 - 00000000 ____D () C:\Users\Kafi\Desktop\POL 2014-01-23 21:31 - 2014-01-23 21:40 - 00000000 ____D () C:\ADCDA2 2014-01-23 21:10 - 2014-01-23 21:28 - 00000241 _____ () C:\Users\Kafi\Documents\ax_files.xml 2014-01-23 21:08 - 2014-01-23 21:08 - 00000000 ____D () C:\Program Files\Alcohol Soft 2014-01-20 07:46 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-20 07:45 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-20 07:45 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-20 07:45 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-20 07:44 - 2014-01-20 07:45 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-18 16:50 - 2014-01-18 16:50 - 00000000 ____D () C:\Program Files\Seagate 2014-01-18 16:48 - 2014-01-18 16:48 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\Seagate 2014-01-18 16:48 - 2014-01-18 16:48 - 00000000 ____D () C:\ProgramData\Seagate 2014-01-18 16:45 - 2014-01-18 16:45 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\Leadertech 2014-01-17 13:43 - 2014-01-17 13:43 - 00053332 _____ () C:\Users\Kafi\Documents\cc_20140117_134312.reg 2014-01-17 11:37 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-17 11:37 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-17 11:37 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-17 11:37 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-17 11:37 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-17 11:37 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-17 11:37 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-17 11:37 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-17 11:37 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-17 11:37 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-17 11:37 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-17 11:37 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-17 11:37 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-17 11:37 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-17 11:37 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-17 11:37 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-16 22:49 - 2014-01-16 22:49 - 00000000 __SHD () C:\found.000 2014-01-16 22:42 - 2014-01-16 07:46 - 45445120 _____ () C:\Windows\system32\config\COMPONENTS.OLD 2014-01-16 22:42 - 2014-01-16 07:43 - 73105408 _____ () C:\Windows\system32\config\SYSTEM.OLD 2014-01-16 22:42 - 2014-01-16 07:43 - 00233472 _____ () C:\Windows\system32\config\DEFAULT.OLD 2014-01-16 22:42 - 2014-01-16 07:43 - 00065536 _____ () C:\Windows\system32\config\SAM.OLD 2014-01-16 22:42 - 2014-01-16 07:41 - 53428224 _____ () C:\Windows\system32\config\SOFTWARE.OLD 2014-01-16 22:42 - 2014-01-16 07:39 - 00032768 _____ () C:\Windows\system32\config\SECURITY.OLD ==================== One Month Modified Files and Folders ======= 2014-02-08 19:40 - 2014-02-08 19:40 - 00000000 ____D () C:\FRST 2014-02-08 19:37 - 2014-02-08 09:37 - 00009585 _____ () C:\Windows\WindowsUpdate.log 2014-02-08 19:33 - 2011-11-17 06:30 - 00000000 ____D () C:\ProgramData\VMware 2014-02-08 19:31 - 2014-02-08 09:32 - 00001040 _____ () C:\Windows\error.log 2014-02-08 19:28 - 2014-02-08 09:27 - 00001288 _____ () C:\Windows\errord.log 2014-02-08 19:28 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-08 19:28 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-08 18:46 - 2014-02-08 18:46 - 00068224 _____ () C:\Users\Kafi\Desktop\Nowy dokument tekstowy.txt 2014-02-08 14:49 - 2008-04-18 01:01 - 01027580 _____ () C:\Windows\system32\perfh015.dat 2014-02-08 14:49 - 2008-04-18 01:01 - 00268796 _____ () C:\Windows\system32\perfc015.dat 2014-02-08 14:49 - 2006-11-02 11:33 - 00279742 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-08 12:58 - 2012-03-19 11:05 - 00000000 ____D () C:\ProgramData\DataCardService 2014-02-08 12:52 - 2014-02-08 11:31 - 00002400 _____ () C:\Windows\setupact.log 2014-02-08 12:37 - 2014-02-08 12:37 - 00000292 _____ () C:\Windows\PFRO.log 2014-02-08 11:32 - 2014-02-08 11:32 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\RedApp 2014-02-08 11:31 - 2014-02-08 11:31 - 00001011 _____ () C:\Users\Public\Desktop\Internet w Cyfrowym Polsacie.lnk 2014-02-08 11:31 - 2014-02-08 11:31 - 00000000 ____D () C:\Program Files\RedApp 2014-02-08 11:31 - 2014-02-08 11:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-08 11:31 - 2014-02-08 11:30 - 00000000 ____D () C:\Program Files\Internet w Cyfrowym Polsacie 2014-02-08 11:31 - 2009-10-15 04:19 - 00000000 ____D () C:\Users\Kafi 2014-02-08 11:30 - 2014-02-08 11:31 - 00235392 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00194816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00090368 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00073216 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00064384 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00026624 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys 2014-02-08 11:30 - 2014-02-08 11:31 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2014-02-08 11:30 - 2012-03-19 11:05 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll 2014-02-08 11:30 - 2009-06-09 12:41 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2014-02-08 11:20 - 2009-10-15 04:19 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2014-02-08 08:45 - 2011-07-20 06:43 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\DAEMON Tools Lite 2014-02-08 08:45 - 2010-09-19 15:44 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\Winamp 2014-02-07 17:55 - 2012-06-14 04:28 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-07 17:55 - 2006-11-02 14:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-07 17:55 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-07 17:16 - 2013-06-05 08:16 - 00000282 _____ () C:\Windows\Tasks\DSite.job 2014-02-07 17:14 - 2010-02-10 06:57 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-07 07:28 - 2010-02-10 06:57 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-05 18:55 - 2012-04-24 20:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-05 18:55 - 2011-11-18 04:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-01-31 16:26 - 2009-10-21 06:20 - 00163840 _____ () C:\Users\Kafi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-29 21:02 - 2014-01-29 21:02 - 00005058 _____ () C:\ProgramData\ogqnaqsv.zyj 2014-01-29 20:51 - 2014-01-29 20:51 - 00000752 _____ () C:\Users\Kafi\Desktop\Autodata CDA-3.lnk 2014-01-29 20:51 - 2014-01-29 20:48 - 00000000 ____D () C:\Program Files\Autodata 2014-01-29 20:48 - 2014-01-29 20:48 - 00000000 ____D () C:\Users\Kafi\Documents\Autodata 2014-01-27 14:00 - 2014-01-27 13:51 - 00332734 _____ () C:\Users\Kafi\Documents\Wszystko 01-2014.m3u 2014-01-23 21:42 - 2014-01-23 21:42 - 00000000 ____D () C:\Users\Kafi\Desktop\POL 2014-01-23 21:40 - 2014-01-23 21:31 - 00000000 ____D () C:\ADCDA2 2014-01-23 21:28 - 2014-01-23 21:10 - 00000241 _____ () C:\Users\Kafi\Documents\ax_files.xml 2014-01-23 21:19 - 2006-11-02 11:23 - 00000276 _____ () C:\Windows\win.ini 2014-01-23 21:08 - 2014-01-23 21:08 - 00000000 ____D () C:\Program Files\Alcohol Soft 2014-01-22 07:27 - 2013-07-28 15:19 - 00000000 ____D () C:\Users\Kafi\AppData\Local\HTC MediaHub 2014-01-20 07:47 - 2013-11-23 07:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 07:45 - 2014-01-20 07:44 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-20 07:45 - 2012-09-04 06:46 - 00000000 ____D () C:\Program Files\Java 2014-01-18 16:53 - 2010-01-01 17:39 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\Nero 2014-01-18 16:52 - 2012-01-30 19:02 - 00000000 ____D () C:\Users\Kafi\Desktop\Skróty 2014-01-18 16:51 - 2010-01-01 17:33 - 00000000 ____D () C:\ProgramData\Nero 2014-01-18 16:51 - 2010-01-01 17:33 - 00000000 ____D () C:\Program Files\Common Files\Nero 2014-01-18 16:50 - 2014-01-18 16:50 - 00000000 ____D () C:\Program Files\Seagate 2014-01-18 16:48 - 2014-01-18 16:48 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\Seagate 2014-01-18 16:48 - 2014-01-18 16:48 - 00000000 ____D () C:\ProgramData\Seagate 2014-01-18 16:45 - 2014-01-18 16:45 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\Leadertech 2014-01-18 16:01 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2014-01-17 13:43 - 2014-01-17 13:43 - 00053332 _____ () C:\Users\Kafi\Documents\cc_20140117_134312.reg 2014-01-17 13:42 - 2013-02-13 17:01 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\TS3Client 2014-01-17 13:31 - 2011-06-23 18:43 - 00000000 ____D () C:\Users\Kafi\AppData\Local\Ubisoft Game Launcher 2014-01-17 13:30 - 2013-03-21 14:09 - 00000000 ____D () C:\Users\Kafi\AppData\Roaming\Skype 2014-01-17 13:30 - 2013-03-21 14:09 - 00000000 ____D () C:\ProgramData\Skype 2014-01-17 12:58 - 2013-11-21 08:37 - 00000000 ____D () C:\Program Files\MSI Afterburner 2014-01-17 12:58 - 2009-08-07 00:23 - 00000000 ____D () C:\Program Files\ASUS 2014-01-17 12:56 - 2009-08-07 00:06 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-01-17 12:45 - 2013-09-28 15:09 - 00207970 _____ () C:\Users\Kafi\workshopdata.log 2014-01-17 12:35 - 2012-05-18 18:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-01-17 12:35 - 2009-08-07 00:27 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-01-17 12:34 - 2013-11-21 08:53 - 00000000 ____D () C:\Program Files\Futuremark 2014-01-17 11:54 - 2006-11-02 13:47 - 00438816 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-17 11:45 - 2013-03-02 13:00 - 00000000 ____D () C:\Windows\system32\RTCOM 2014-01-17 11:43 - 2009-08-06 23:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-17 11:36 - 2013-07-13 10:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-16 22:49 - 2014-01-16 22:49 - 00000000 __SHD () C:\found.000 2014-01-16 07:46 - 2014-01-16 22:42 - 45445120 _____ () C:\Windows\system32\config\COMPONENTS.OLD 2014-01-16 07:43 - 2014-01-16 22:42 - 73105408 _____ () C:\Windows\system32\config\SYSTEM.OLD 2014-01-16 07:43 - 2014-01-16 22:42 - 00233472 _____ () C:\Windows\system32\config\DEFAULT.OLD 2014-01-16 07:43 - 2014-01-16 22:42 - 00065536 _____ () C:\Windows\system32\config\SAM.OLD 2014-01-16 07:41 - 2014-01-16 22:42 - 53428224 _____ () C:\Windows\system32\config\SOFTWARE.OLD 2014-01-16 07:39 - 2014-01-16 22:42 - 00032768 _____ () C:\Windows\system32\config\SECURITY.OLD 2014-01-10 07:45 - 2013-07-15 06:44 - 00000000 ____D () C:\Users\Kafi\Desktop\Skroty warsztat Some content of TEMP: ==================== C:\Users\Kafi\AppData\Local\Temp\DataCard_Setup.exe C:\Users\Kafi\AppData\Local\Temp\ResetDevice.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 19:43 ==================== End Of Log ============================