Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Laciaty (administrator) on LACIATY-PC on 27-03-2014 14:56:13 Running from C:\Users\Laciaty\Desktop\Pobr Windows 7 Professional (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (OldTimer Tools) C:\Users\Laciaty\Desktop\Pobr\OTH.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM\...\Run: [Cm108Sound] - C:\Windows\Syswow64\cm108.dll [8757248 2013-01-16] (C-Media Corporation) HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2763776 2009-10-28] (VIA) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1677957099-4081012278-1826052583-1000\...\Run: [Bloody2] - C:\Program Files (x86)\Bloody2\Bloody2\Bloody2.exe [4255232 2012-08-10] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x88A56576B2E2CE01 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Laciaty\AppData\Roaming\Mozilla\Firefox\Profiles\drt38851.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] ==================== Services (Whitelisted) ================= S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-02-23] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-04] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) ==================== Drivers (Whitelisted) ==================== S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2014-01-17] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-27 14:55 - 2014-03-27 14:56 - 00000000 ____D () C:\FRST 2014-03-26 22:15 - 2014-03-27 09:10 - 00001114 _____ () C:\Windows\PFRO.log 2014-03-26 22:15 - 2014-03-26 22:15 - 00291856 _____ () C:\Windows\Minidump\032614-22292-01.dmp 2014-03-26 22:14 - 2014-03-27 14:44 - 00002128 _____ () C:\Windows\setupact.log 2014-03-26 22:14 - 2014-03-26 22:14 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-26 22:03 - 2014-03-26 22:03 - 00012166 _____ () C:\Users\Laciaty\Desktop\dds.txt 2014-03-26 22:03 - 2014-03-26 22:03 - 00005043 _____ () C:\Users\Laciaty\Desktop\attach.txt 2014-03-26 21:46 - 2014-03-26 21:46 - 00014626 _____ () C:\ComboFix.txt 2014-03-26 16:48 - 2014-03-26 16:42 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140326-164804.backup 2014-03-25 16:14 - 2014-03-25 16:14 - 00000115 _____ () C:\Users\Laciaty\Desktop\mTA.url 2014-03-23 12:42 - 2014-03-23 12:43 - 00000000 ____D () C:\Users\Laciaty\Desktop\Nowy folder (2) 2014-03-22 19:50 - 2014-03-22 19:50 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hero Editor 2014-03-22 19:49 - 2014-03-22 19:50 - 00000000 ____D () C:\Program Files (x86)\Hero Editor 2014-03-22 19:49 - 2014-03-22 19:49 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2014-03-22 19:49 - 2014-03-22 19:49 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2014-03-20 21:33 - 2014-03-20 21:33 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II 2014-03-20 21:24 - 2014-03-20 21:35 - 00026506 _____ () C:\Windows\DIIUnin.dat 2014-03-20 21:24 - 2014-03-20 21:24 - 00106496 _____ (Blizzard Entertainment) C:\Windows\DIIUnin.exe 2014-03-20 21:24 - 2014-03-20 21:24 - 00002829 _____ () C:\Windows\DIIUnin.pif 2014-03-19 20:36 - 2014-03-19 20:37 - 00072704 _____ () C:\Users\Laciaty\Desktop\wakat Ełk_po weryfikacji.xls 2014-03-18 18:38 - 2014-03-18 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-18 17:52 - 2014-03-18 19:06 - 00073216 _____ () C:\Users\Laciaty\Desktop\25 - Elwira Teodorowicz-1.xls 2014-03-18 17:49 - 2014-03-18 17:49 - 00074752 _____ () C:\Users\Laciaty\Desktop\26_wakat Ełk_do weryfikacji.xls 2014-03-16 19:49 - 2014-03-16 19:49 - 00000588 _____ () C:\Users\Laciaty\Desktop\Neverwinter.lnk 2014-03-15 13:47 - 2014-03-15 13:47 - 00000000 ____D () C:\Users\Laciaty\Documents\DayZ 2014-03-15 13:47 - 2014-03-15 13:47 - 00000000 ____D () C:\Users\Laciaty\AppData\Local\DayZ 2014-03-14 20:39 - 2014-03-27 14:56 - 00000000 ____D () C:\Users\Laciaty\Desktop\Pobr 2014-03-14 20:39 - 2014-03-14 20:39 - 00030311 _____ () C:\Users\Laciaty\Downloads\KungFuV1.0.zip 2014-03-14 20:39 - 2014-03-14 20:39 - 00000000 ____D () C:\Users\Laciaty\Downloads\KungFuV1.0 2014-03-14 20:39 - 2014-03-14 20:39 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\New Technology Studio 2014-03-14 20:39 - 2014-03-14 20:39 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV 2014-03-14 20:39 - 2014-03-14 20:39 - 00000000 ____D () C:\Users\Laciaty\AppData\Local\New Technology Studio 2014-03-14 20:29 - 2014-03-14 20:53 - 00000000 ____D () C:\Users\Laciaty\Documents\Rockstar Games 2014-03-14 20:27 - 2014-03-14 20:27 - 00000000 ____D () C:\Users\Laciaty\AppData\Local\Rockstar Games 2014-03-14 19:53 - 2014-03-14 19:53 - 00001106 _____ () C:\Users\Public\Desktop\Episodes From Liberty City.lnk 2014-03-14 19:53 - 2014-03-14 19:53 - 00000932 _____ () C:\Users\Public\Desktop\EFLC (áåç ïàðàìåòðîâ).lnk 2014-03-14 17:46 - 2014-03-14 17:46 - 00000850 _____ () C:\Users\Public\Desktop\Grand Theft Auto IV.lnk 2014-03-14 17:46 - 2014-03-14 17:46 - 00000676 _____ () C:\Users\Public\Desktop\GTA IV (áåç ïàðàìåòðîâ).lnk 2014-03-14 16:10 - 2014-03-14 16:13 - 05407232 _____ () C:\Users\Laciaty\Downloads\1378665975_ovisetup.exe 2014-03-14 09:55 - 2014-03-17 18:55 - 00023552 _____ () C:\Users\Laciaty\Desktop\Piertucha HASCO 2.xls 2014-03-12 16:20 - 2014-03-12 16:20 - 00000000 ____D () C:\Users\Laciaty\Downloads\dsmfix09 2014-03-12 16:20 - 2014-03-12 16:20 - 00000000 ____D () C:\Users\Laciaty\Downloads\DSfix22 2014-03-12 16:19 - 2014-03-12 16:19 - 00391774 _____ () C:\Users\Laciaty\Downloads\DSfix22.zip 2014-03-12 16:19 - 2014-03-12 16:19 - 00050183 _____ () C:\Users\Laciaty\Downloads\dsmfix09.zip 2014-03-12 15:57 - 2014-03-12 15:57 - 00000000 ____D () C:\Users\Laciaty\Documents\NBGI 2014-03-12 15:57 - 2014-03-12 15:57 - 00000000 ____D () C:\Users\Laciaty\AppData\Local\NBGI 2014-03-07 17:55 - 2014-03-07 17:55 - 00041472 _____ () C:\Users\Laciaty\Desktop\Projekty apteczne_Q1.2014_Teodorowicz.xls 2014-03-05 20:11 - 2014-03-05 20:11 - 00246430 _____ () C:\Users\Laciaty\Downloads\Darky Key Changer_1.1_mpgh.net.rar 2014-03-05 20:11 - 2014-03-05 20:11 - 00000000 ____D () C:\Users\Laciaty\Downloads\Darky Key Changer_1.1_mpgh.net 2014-03-05 17:59 - 2014-03-05 17:58 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140305-175920.backup 2014-03-05 13:57 - 2014-03-05 14:04 - 00183296 _____ () C:\Users\Laciaty\Desktop\Kopia Adresowy_indeks_aptek AP 2014.xls 2014-03-04 12:35 - 2014-03-04 12:35 - 04507480 _____ () C:\Users\Laciaty\Downloads\cod_4_last_pb.zip 2014-03-04 12:17 - 2014-03-04 12:19 - 00000000 ____D () C:\Users\Laciaty\Downloads\pbsetup 2014-03-04 12:13 - 2014-03-04 12:13 - 00714207 _____ () C:\Users\Laciaty\Downloads\pbsetup.zip 2014-03-04 11:56 - 2014-03-04 11:56 - 00000383 _____ () C:\Users\Public\Desktop\COD4.lnk 2014-03-04 11:56 - 2014-03-04 11:56 - 00000273 _____ () C:\Windows\game.ini 2014-03-04 11:44 - 2014-03-04 11:44 - 00000855 _____ () C:\Users\Laciaty\Desktop\µTorrent.lnk 2014-03-04 11:44 - 2014-03-04 11:44 - 00000835 _____ () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-03-03 18:58 - 2014-03-20 15:00 - 00000005 _____ () C:\Windows\treeskp.sys 2014-03-03 18:58 - 2014-03-20 15:00 - 00000005 _____ () C:\Windows\sbacknt.bin 2014-03-03 13:08 - 2014-03-03 13:08 - 00000004 _____ () C:\Windows\info147.sys 2014-03-03 10:01 - 2014-03-03 10:01 - 00000549 _____ () C:\Users\Public\Desktop\Castlevania Lords of Shadow 2.lnk 2014-03-03 10:01 - 2014-03-03 10:01 - 00000000 ____D () C:\Users\Laciaty\Documents\MercurySteam 2014-03-01 22:48 - 2014-03-01 22:48 - 00000000 ____D () C:\Users\Laciaty\Documents\Thief 2014-02-27 14:20 - 2014-02-27 14:19 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140227-142023.backup ==================== One Month Modified Files and Folders ======= 2014-03-27 14:56 - 2014-03-27 14:55 - 00000000 ____D () C:\FRST 2014-03-27 14:56 - 2014-03-14 20:39 - 00000000 ____D () C:\Users\Laciaty\Desktop\Pobr 2014-03-27 14:44 - 2014-03-26 22:14 - 00002128 _____ () C:\Windows\setupact.log 2014-03-27 14:01 - 2013-12-22 11:40 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-27 13:57 - 2009-07-14 05:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-27 13:57 - 2009-07-14 05:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-27 13:52 - 2014-02-13 19:04 - 00354143 _____ () C:\Windows\WindowsUpdate.log 2014-03-27 13:51 - 2013-12-22 11:40 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-27 13:49 - 2013-11-16 11:11 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-27 13:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-27 09:43 - 2013-06-25 16:41 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\foobar2000 2014-03-27 09:10 - 2014-03-26 22:15 - 00001114 _____ () C:\Windows\PFRO.log 2014-03-26 22:15 - 2014-03-26 22:15 - 00291856 _____ () C:\Windows\Minidump\032614-22292-01.dmp 2014-03-26 22:15 - 2014-02-12 22:23 - 00000000 ____D () C:\Windows\Minidump 2014-03-26 22:14 - 2014-03-26 22:14 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-26 22:03 - 2014-03-26 22:03 - 00012166 _____ () C:\Users\Laciaty\Desktop\dds.txt 2014-03-26 22:03 - 2014-03-26 22:03 - 00005043 _____ () C:\Users\Laciaty\Desktop\attach.txt 2014-03-26 21:58 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-26 21:46 - 2014-03-26 21:46 - 00014626 _____ () C:\ComboFix.txt 2014-03-26 21:46 - 2014-02-13 19:02 - 00000000 ____D () C:\Qoobox 2014-03-26 21:37 - 2013-11-17 22:17 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\TS3Client 2014-03-26 21:27 - 2013-11-18 01:31 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\uTorrent 2014-03-26 19:56 - 2013-12-22 11:40 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-26 19:56 - 2013-12-22 11:40 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-26 16:42 - 2014-03-26 16:48 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140326-164804.backup 2014-03-25 16:14 - 2014-03-25 16:14 - 00000115 _____ () C:\Users\Laciaty\Desktop\mTA.url 2014-03-25 15:43 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140326-164236.backup 2014-03-24 22:58 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140325-154330.backup 2014-03-24 16:04 - 2013-11-17 11:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-24 16:04 - 2013-11-17 11:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-23 23:51 - 2013-11-20 20:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-23 12:43 - 2014-03-23 12:42 - 00000000 ____D () C:\Users\Laciaty\Desktop\Nowy folder (2) 2014-03-22 19:50 - 2014-03-22 19:50 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hero Editor 2014-03-22 19:50 - 2014-03-22 19:49 - 00000000 ____D () C:\Program Files (x86)\Hero Editor 2014-03-22 19:49 - 2014-03-22 19:49 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2014-03-22 19:49 - 2014-03-22 19:49 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2014-03-22 19:49 - 2013-11-16 10:17 - 00000000 ___RD () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-22 16:51 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140324-225837.backup 2014-03-22 15:34 - 2013-12-19 00:10 - 00000000 ____D () C:\Users\Laciaty\Desktop\4kj4H6M4pn 2014-03-22 13:53 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140322-165151.backup 2014-03-21 10:03 - 2009-07-14 06:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-20 22:29 - 2014-01-26 18:14 - 00000000 ____D () C:\ProgramData\Tunngle 2014-03-20 22:29 - 2013-12-18 19:15 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Tunngle 2014-03-20 22:29 - 2013-11-30 10:15 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\DAEMON Tools Lite 2014-03-20 21:35 - 2014-03-20 21:24 - 00026506 _____ () C:\Windows\DIIUnin.dat 2014-03-20 21:35 - 2013-11-20 15:44 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-03-20 21:33 - 2014-03-20 21:33 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II 2014-03-20 21:24 - 2014-03-20 21:24 - 00106496 _____ (Blizzard Entertainment) C:\Windows\DIIUnin.exe 2014-03-20 21:24 - 2014-03-20 21:24 - 00002829 _____ () C:\Windows\DIIUnin.pif 2014-03-20 15:00 - 2014-03-03 18:58 - 00000005 _____ () C:\Windows\treeskp.sys 2014-03-20 15:00 - 2014-03-03 18:58 - 00000005 _____ () C:\Windows\sbacknt.bin 2014-03-20 14:49 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140322-135327.backup 2014-03-19 20:37 - 2014-03-19 20:36 - 00072704 _____ () C:\Users\Laciaty\Desktop\wakat Ełk_po weryfikacji.xls 2014-03-18 20:10 - 2013-11-16 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 19:49 - 2014-03-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-18 19:48 - 2013-06-25 16:36 - 00000000 ____D () C:\Users\Laciaty\Desktop\hasco 2014-03-18 19:40 - 2014-01-12 13:52 - 00000000 ____D () C:\Users\Laciaty\Desktop\DCIM 2014-03-18 19:06 - 2014-03-18 17:52 - 00073216 _____ () C:\Users\Laciaty\Desktop\25 - Elwira Teodorowicz-1.xls 2014-03-18 17:49 - 2014-03-18 17:49 - 00074752 _____ () C:\Users\Laciaty\Desktop\26_wakat Ełk_do weryfikacji.xls 2014-03-18 13:57 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140320-144909.backup 2014-03-17 18:55 - 2014-03-14 09:55 - 00023552 _____ () C:\Users\Laciaty\Desktop\Piertucha HASCO 2.xls 2014-03-17 15:18 - 2013-11-16 10:40 - 00738970 _____ () C:\Windows\system32\perfh015.dat 2014-03-17 15:18 - 2013-11-16 10:40 - 00155080 _____ () C:\Windows\system32\perfc015.dat 2014-03-17 15:18 - 2009-07-14 06:13 - 01666088 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-17 15:11 - 2013-09-19 20:32 - 00015242 _____ () C:\Users\Laciaty\Desktop\HASCO-Marzec-2014 - ia.xlsx 2014-03-16 19:49 - 2014-03-16 19:49 - 00000588 _____ () C:\Users\Laciaty\Desktop\Neverwinter.lnk 2014-03-15 15:58 - 2013-11-17 15:38 - 00268952 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-03-15 15:58 - 2013-11-17 15:38 - 00268952 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-03-15 13:47 - 2014-03-15 13:47 - 00000000 ____D () C:\Users\Laciaty\Documents\DayZ 2014-03-15 13:47 - 2014-03-15 13:47 - 00000000 ____D () C:\Users\Laciaty\AppData\Local\DayZ 2014-03-14 20:53 - 2014-03-14 20:29 - 00000000 ____D () C:\Users\Laciaty\Documents\Rockstar Games 2014-03-14 20:39 - 2014-03-14 20:39 - 00030311 _____ () C:\Users\Laciaty\Downloads\KungFuV1.0.zip 2014-03-14 20:39 - 2014-03-14 20:39 - 00000000 ____D () C:\Users\Laciaty\Downloads\KungFuV1.0 2014-03-14 20:39 - 2014-03-14 20:39 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\New Technology Studio 2014-03-14 20:39 - 2014-03-14 20:39 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV 2014-03-14 20:39 - 2014-03-14 20:39 - 00000000 ____D () C:\Users\Laciaty\AppData\Local\New Technology Studio 2014-03-14 20:27 - 2014-03-14 20:27 - 00000000 ____D () C:\Users\Laciaty\AppData\Local\Rockstar Games 2014-03-14 19:53 - 2014-03-14 19:53 - 00001106 _____ () C:\Users\Public\Desktop\Episodes From Liberty City.lnk 2014-03-14 19:53 - 2014-03-14 19:53 - 00000932 _____ () C:\Users\Public\Desktop\EFLC (áåç ïàðàìåòðîâ).lnk 2014-03-14 18:54 - 2013-11-17 22:04 - 00000000 ____D () C:\Users\Laciaty\AppData\Local\ArmA 2 OA 2014-03-14 17:46 - 2014-03-14 17:46 - 00000850 _____ () C:\Users\Public\Desktop\Grand Theft Auto IV.lnk 2014-03-14 17:46 - 2014-03-14 17:46 - 00000676 _____ () C:\Users\Public\Desktop\GTA IV (áåç ïàðàìåòðîâ).lnk 2014-03-14 16:13 - 2014-03-14 16:10 - 05407232 _____ () C:\Users\Laciaty\Downloads\1378665975_ovisetup.exe 2014-03-14 13:09 - 2013-11-17 22:16 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-03-13 11:31 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140318-135724.backup 2014-03-13 09:51 - 2013-11-17 15:38 - 00268952 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-03-12 16:20 - 2014-03-12 16:20 - 00000000 ____D () C:\Users\Laciaty\Downloads\dsmfix09 2014-03-12 16:20 - 2014-03-12 16:20 - 00000000 ____D () C:\Users\Laciaty\Downloads\DSfix22 2014-03-12 16:19 - 2014-03-12 16:19 - 00391774 _____ () C:\Users\Laciaty\Downloads\DSfix22.zip 2014-03-12 16:19 - 2014-03-12 16:19 - 00050183 _____ () C:\Users\Laciaty\Downloads\dsmfix09.zip 2014-03-12 15:57 - 2014-03-12 15:57 - 00000000 ____D () C:\Users\Laciaty\Documents\NBGI 2014-03-12 15:57 - 2014-03-12 15:57 - 00000000 ____D () C:\Users\Laciaty\AppData\Local\NBGI 2014-03-11 21:58 - 2013-10-04 13:44 - 00000705 _____ () C:\Users\Laciaty\Desktop\Enemy Territory.lnk 2014-03-08 22:58 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140313-113101.backup 2014-03-08 16:22 - 2013-12-19 20:34 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Audacity 2014-03-07 17:55 - 2014-03-07 17:55 - 00041472 _____ () C:\Users\Laciaty\Desktop\Projekty apteczne_Q1.2014_Teodorowicz.xls 2014-03-06 16:48 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140308-225855.backup 2014-03-05 20:14 - 2013-07-12 19:10 - 00000000 ____D () C:\Users\Laciaty\Documents\ArmA 2 2014-03-05 20:11 - 2014-03-05 20:11 - 00246430 _____ () C:\Users\Laciaty\Downloads\Darky Key Changer_1.1_mpgh.net.rar 2014-03-05 20:11 - 2014-03-05 20:11 - 00000000 ____D () C:\Users\Laciaty\Downloads\Darky Key Changer_1.1_mpgh.net 2014-03-05 18:04 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140306-164816.backup 2014-03-05 17:59 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140305-180442.backup 2014-03-05 17:58 - 2014-03-05 17:59 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140305-175920.backup 2014-03-05 14:04 - 2014-03-05 13:57 - 00183296 _____ () C:\Users\Laciaty\Desktop\Kopia Adresowy_indeks_aptek AP 2014.xls 2014-03-05 07:24 - 2013-07-21 19:46 - 00017482 _____ () C:\Users\Laciaty\Desktop\kk OFERTA marzec14.xlsx 2014-03-04 12:43 - 2013-11-17 15:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-03-04 12:35 - 2014-03-04 12:35 - 04507480 _____ () C:\Users\Laciaty\Downloads\cod_4_last_pb.zip 2014-03-04 12:19 - 2014-03-04 12:17 - 00000000 ____D () C:\Users\Laciaty\Downloads\pbsetup 2014-03-04 12:16 - 2013-11-16 11:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-04 12:13 - 2014-03-04 12:13 - 00714207 _____ () C:\Users\Laciaty\Downloads\pbsetup.zip 2014-03-04 11:56 - 2014-03-04 11:56 - 00000383 _____ () C:\Users\Public\Desktop\COD4.lnk 2014-03-04 11:56 - 2014-03-04 11:56 - 00000273 _____ () C:\Windows\game.ini 2014-03-04 11:44 - 2014-03-04 11:44 - 00000855 _____ () C:\Users\Laciaty\Desktop\µTorrent.lnk 2014-03-04 11:44 - 2014-03-04 11:44 - 00000835 _____ () C:\Users\Laciaty\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-03-03 23:26 - 2013-11-17 15:43 - 00000800 _____ () C:\Windows\Cm108.ini.imi 2014-03-03 13:08 - 2014-03-03 13:08 - 00000004 _____ () C:\Windows\info147.sys 2014-03-03 10:01 - 2014-03-03 10:01 - 00000549 _____ () C:\Users\Public\Desktop\Castlevania Lords of Shadow 2.lnk 2014-03-03 10:01 - 2014-03-03 10:01 - 00000000 ____D () C:\Users\Laciaty\Documents\MercurySteam 2014-03-01 22:48 - 2014-03-01 22:48 - 00000000 ____D () C:\Users\Laciaty\Documents\Thief 2014-03-01 16:34 - 2013-06-25 16:34 - 00025088 _____ () C:\Users\Laciaty\Desktop\Raport_konkurencja_II_2014 ELWIRA TEODOROWICZ.xls 2014-02-28 15:23 - 2013-11-16 11:14 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-28 14:58 - 2013-11-16 11:14 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-27 14:20 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140305-175829.backup 2014-02-27 14:19 - 2014-02-27 14:20 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140227-142023.backup 2014-02-26 22:15 - 2014-02-24 21:09 - 00000000 ____D () C:\Users\Laciaty\AppData\Roaming\Raptr 2014-02-26 08:24 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140227-141945.backup 2014-02-25 21:08 - 2014-02-24 21:11 - 00000000 ____D () C:\Users\Laciaty\Documents\dragoon ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-20 20:35 ==================== End Of Log ============================