ADVERTISEMENT

FRST.txt

Jak odzyskać pliki doc, pdf, txt po infekcji CTB Locker

dziekuje. prosze jeszcze o zerkniecie na log po skanowaniu antywirusami.


Download file - link to post

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by KYNEK (administrator) on KYNEK-KOMPUTER on 28-01-2015 23:05:43
Running from C:\Users\KYNEK\Downloads
Loaded Profiles: KYNEK (Available profiles: KYNEK)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Tor\tor.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Xerox) C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] = & gt; C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] = & gt; C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Communications)
HKLM\...\Run: [ShadowPlay] = & gt; C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] = & gt; C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [] = & gt; [X]
HKLM\...\Run: [AdAwareTray] = & gt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3169467079-2108416694-2320416126-1001\...\Run: [ChomikBox] = & gt; C:\Program Files (x86)\ChomikBox\ChomikBox.exe [6033408 2014-06-21] ( )
HKU\S-1-5-21-3169467079-2108416694-2320416126-1001\...\Run: [DAEMON Tools Lite] = & gt; C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3169467079-2108416694-2320416126-1001\...\Run: [AdobeBridge] = & gt; [X]
HKU\S-1-5-21-3169467079-2108416694-2320416126-1001\...\Run: [AlcoholAutomount] = & gt; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-3169467079-2108416694-2320416126-1001\...\Run: [whdzsvd] = & gt; C:\Users\KYNEK\AppData\Local\Temp\jkbqipj.exe & lt; ===== ATTENTION
HKU\S-1-5-21-3169467079-2108416694-2320416126-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3169467079-2108416694-2320416126-1001\...\MountPoints2: {0e69a4a0-802b-11e3-ac98-94dbc9b31635} - H:\Startme.exe
HKU\S-1-5-21-3169467079-2108416694-2320416126-1001\...\MountPoints2: {87e5ed4a-9f36-11e4-a96d-94dbc9b31635} - I:\SISetup.exe
HKU\S-1-5-21-3169467079-2108416694-2320416126-1001\...\MountPoints2: {d93b2df2-340d-11e3-bbee-94dbc9b31635} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\start.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll = & gt; C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll = & gt; c:\windows\syswow64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll = & gt; C:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] - & gt; {6D4133E5-0742-4ADC-8A8C-9303440F7190} = & gt; C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] - & gt; {64174815-8D98-4CE6-8646-4C039977D808} = & gt; C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction & lt; ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM - & gt; DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKLM - & gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms} & form=ASUTDF & pc=NP06 & src=IE-SearchBox
SearchScopes: HKLM-x32 - & gt; DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - & gt; {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT - & gt; DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT - & gt; {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 - & gt; DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 - & gt; {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 - & gt; DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 - & gt; {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3169467079-2108416694-2320416126-1001 - & gt; DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3169467079-2108416694-2320416126-1001 - & gt; {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3169467079-2108416694-2320416126-1001 - & gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3169467079-2108416694-2320416126-1001 - & gt; {8AC9491C-8BFB-413C-A99F-D459706E7DD5} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - & gt; {9030D464-4C02-4ABF-8ECC-5164760863C6} - & gt; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: No Name - & gt; {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - & gt; No File
BHO-x32: CIESpeechBHO Class - & gt; {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - & gt; C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - & gt; {9030D464-4C02-4ABF-8ECC-5164760863C6} - & gt; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/PL/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{979B980F-DB81-472A-89B1-23A203789930}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\KYNEK\AppData\Roaming\Mozilla\Firefox\Profiles\c82pgfo6.default
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE - & gt; disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - & gt; C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - & gt; C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - & gt; C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - & gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - & gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - & gt; C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3169467079-2108416694-2320416126-1001: @Google.com/GoogleEarthPlugin - & gt; C:\Users\KYNEK\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKU\S-1-5-21-3169467079-2108416694-2320416126-1001: @tools.google.com/Google Update;version=3 - & gt; C:\Users\KYNEK\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3169467079-2108416694-2320416126-1001: @tools.google.com/Google Update;version=9 - & gt; C:\Users\KYNEK\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3169467079-2108416694-2320416126-1001: ubisoft.com/uplaypc - & gt; C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\KYNEK\AppData\Roaming\Mozilla\Firefox\Profiles\c82pgfo6.default\searchplugins\avira-safesearch.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\KYNEK\AppData\Roaming\Mozilla\Firefox\Profiles\c82pgfo6.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-04-29]
FF Extension: Avira Browser Safety - C:\Users\KYNEK\AppData\Roaming\Mozilla\Firefox\Profiles\c82pgfo6.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Classic Theme Restorer - C:\Users\KYNEK\AppData\Roaming\Mozilla\Firefox\Profiles\c82pgfo6.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-01-18]
FF Extension: Adblock Plus - C:\Users\KYNEK\AppData\Roaming\Mozilla\Firefox\Profiles\c82pgfo6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-04]

Chrome:
=======
CHR Profile: C:\Users\KYNEK\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-19] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-02-07] () [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-24] ()
S3 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-04] () [File not signed] & lt; ==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XRNADB; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [141824 2013-07-30] (Xerox) [File not signed]
R2 ZAtheros Bt & Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-08] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-19] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-01-26] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
U3 am7pdtx1; C:\Windows\System32\Drivers\am7pdtx1.sys [0 ] (Advanced Micro Devices) & lt; ==== ATTENTION (zero size file/folder)
U3 atqczjp3; C:\Windows\System32\Drivers\atqczjp3.sys [0 ] (Advanced Micro Devices) & lt; ==== ATTENTION (zero size file/folder)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 23:05 - 2015-01-28 23:05 - 02130432 _____ (Farbar) C:\Users\KYNEK\Downloads\FRST64.exe
2015-01-28 23:05 - 2015-01-28 23:05 - 00022968 _____ () C:\Users\KYNEK\Downloads\FRST.txt
2015-01-28 23:05 - 2015-01-28 23:05 - 00000000 ____D () C:\FRST
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 _____ () C:\Users\KYNEK\Downloads\up6dj81a.exe
2015-01-28 23:03 - 2015-01-28 23:06 - 08552069 _____ () C:\Users\KYNEK\Downloads\up6dj81a.exe.part
2015-01-28 22:50 - 2015-01-28 22:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\KYNEK\Downloads\tdsskiller.exe
2015-01-28 22:38 - 2015-01-28 22:41 - 00009996 _____ () C:\Users\KYNEK\Documents\rozliczenie.xlsx
2015-01-28 20:40 - 2015-01-28 20:55 - 00000000 ____D () C:\zdjecia
2015-01-28 20:34 - 2015-01-28 20:36 - 00000000 ____D () C:\Users\KYNEK\zdjecia
2015-01-28 20:18 - 2015-01-28 20:18 - 00001219 _____ () C:\Users\KYNEK\Desktop\Ashampoo Undeleter.lnk
2015-01-28 20:18 - 2015-01-28 20:18 - 00000000 ____D () C:\Users\KYNEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-01-28 20:16 - 2015-01-28 20:16 - 10110880 _____ (Ashampoo GmbH & Co. KG ) C:\Users\KYNEK\Downloads\ashampoo_undeleter_1.10_sm.exe
2015-01-28 19:52 - 2015-01-28 19:52 - 00000000 ___RD () C:\Users\KYNEK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-28 19:50 - 2015-01-28 19:50 - 00000168 _____ () C:\Windows\setupact.log
2015-01-28 19:50 - 2015-01-28 19:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 19:48 - 2015-01-28 19:48 - 00000590 _____ () C:\Windows\PFRO.log
2015-01-28 19:24 - 2015-01-28 19:24 - 00001908 _____ () C:\Users\Public\Desktop\YAC.lnk
2015-01-28 19:24 - 2015-01-28 19:24 - 00000000 ____D () C:\Windows\system32\log
2015-01-28 19:24 - 2015-01-28 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-01-28 19:24 - 2015-01-19 12:04 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-01-28 19:24 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-01-28 19:23 - 2015-01-28 19:23 - 00000000 ____D () C:\Users\KYNEK\AppData\Roaming\Elex-tech
2015-01-28 19:23 - 2015-01-28 19:23 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-01-28 19:22 - 2015-01-28 19:36 - 00000000 ____D () C:\Users\KYNEK\AppData\Roaming\eCyber
2015-01-28 19:22 - 2015-01-28 19:22 - 01978096 _____ (Elex do Brasil Participações Ltda) C:\Users\KYNEK\Downloads\yet_another_cleaner_sk_5828190.exe
2015-01-28 16:52 - 2015-01-28 16:52 - 00000162 ____H () C:\Users\KYNEK\Desktop\~$powiedzenie.PDF.paorkvb
2015-01-28 16:25 - 2015-01-28 16:01 - 854912784 _____ () C:\Users\KYNEK\Outlook.PST.paorkvb
2015-01-28 16:25 - 2013-03-10 17:12 - 967032336 _____ () C:\Users\KYNEK\archive.PST.paorkvb
2015-01-28 16:04 - 2015-01-28 16:04 - 00000000 ____D () C:\Users\KYNEK\Desktop\SPEAK OUT
2015-01-28 15:55 - 2015-01-28 18:41 - 03148854 _____ () C:\Users\KYNEK\Documents\Decrypt-All-Files-paorkvb.bmp
2015-01-28 15:55 - 2015-01-28 18:41 - 01220985 _____ () C:\ProgramData\eaxswec.html
2015-01-28 15:55 - 2015-01-28 18:41 - 00001266 _____ () C:\Users\KYNEK\Documents\Decrypt-All-Files-paorkvb.txt
2015-01-28 11:28 - 2015-01-28 11:28 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-01-28 11:28 - 2015-01-28 11:28 - 00000000 ____D () C:\Windows\system32\NV
2015-01-28 11:26 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-28 11:26 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-28 11:26 - 2015-01-10 09:07 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-01-27 18:28 - 2015-01-28 16:07 - 00000000 ____D () C:\Users\KYNEK\Desktop\Business books
2015-01-27 17:55 - 2015-01-27 18:33 - 00000000 ____D () C:\Users\KYNEK\Desktop\ROZNE
2015-01-27 16:19 - 2015-01-27 16:19 - 00018268 _____ () C:\HPFWUpdate.log
2015-01-27 16:15 - 2015-01-27 16:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_mvusbews_01009.Wdf
2015-01-27 16:13 - 2015-01-27 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-27 16:13 - 2012-09-27 01:30 - 00126880 _____ (HP) C:\Windows\system32\HPSIsvc.exe
2015-01-27 16:12 - 2012-08-31 15:03 - 01696256 _____ () C:\Windows\system32\HP1100SM.EXE
2015-01-27 16:12 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\system32\HP1100LM.DLL
2015-01-27 16:10 - 2015-01-27 16:10 - 00000000 ____D () C:\Program Files\HP
2015-01-27 16:10 - 2012-09-26 06:45 - 00082944 _____ () C:\Windows\system32\mvusbews.dll
2015-01-27 16:10 - 2012-09-26 06:45 - 00052224 _____ () C:\Windows\system32\HP1100SMs.dll
2015-01-27 16:10 - 2012-09-26 06:45 - 00020480 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvusbews.sys
2015-01-27 16:10 - 2012-08-31 08:10 - 00350720 _____ () C:\Windows\system32\mvhlewsi.DLL
2015-01-26 17:45 - 2015-01-26 17:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 10:04 - 2015-01-25 10:06 - 00000000 ____D () C:\przedstawienie 2014
2015-01-17 22:15 - 2015-01-28 16:17 - 00000000 ____D () C:\Users\KYNEK\Desktop\Human resources
2015-01-15 16:05 - 2015-01-28 16:04 - 00000000 ____D () C:\Users\KYNEK\Desktop\business tests
2015-01-14 18:37 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:37 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 18:37 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:37 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 18:37 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 18:37 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 18:37 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 18:36 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:36 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 18:36 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 18:36 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 18:36 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 18:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 18:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 18:36 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-12 15:56 - 2015-01-12 15:56 - 00000344 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{041DA121-36C7-400C-A2FC-AEA9A98474DB}.job
2015-01-12 13:20 - 2015-01-27 17:50 - 00000000 ____D () C:\Users\KYNEK\Desktop\domino materialy
2015-01-08 20:05 - 2015-01-28 16:07 - 00000000 ____D () C:\Users\KYNEK\Desktop\marek
2015-01-02 11:51 - 2015-01-02 11:51 - 00000558 _____ () C:\Windows\Tasks\Adobe Acrobat Update Task.job

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 01:28 - 2009-07-29 06:20 - 00000000 ____D () C:\Windows\Log
2015-01-28 23:00 - 2013-01-16 22:40 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3169467079-2108416694-2320416126-1001UA.job
2015-01-28 22:34 - 2013-04-12 06:10 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 22:28 - 2013-01-12 21:14 - 00000000 ____D () C:\Users\KYNEK\Documents\Pliki programu Outlook
2015-01-28 21:37 - 2014-12-03 13:23 - 00000000 ____D () C:\Users\KYNEK\Desktop\first lessons
2015-01-28 21:34 - 2013-04-12 06:10 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 21:34 - 2013-01-30 07:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 21:34 - 2013-01-30 07:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 21:21 - 2012-05-08 07:09 - 01835522 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 20:34 - 2013-01-10 21:37 - 00000000 ____D () C:\Users\KYNEK
2015-01-28 20:17 - 2014-04-06 14:31 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2015-01-28 20:00 - 2013-01-16 22:40 - 00001006 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3169467079-2108416694-2320416126-1001Core.job
2015-01-28 19:58 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 19:58 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 19:55 - 2013-01-16 22:40 - 00004028 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3169467079-2108416694-2320416126-1001UA
2015-01-28 19:55 - 2013-01-16 22:40 - 00003632 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3169467079-2108416694-2320416126-1001Core
2015-01-28 19:51 - 2013-03-05 12:39 - 00000443 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-28 19:50 - 2013-01-10 21:38 - 00000380 _____ () C:\Users\KYNEK\AppData\Roaming\sp_data.sys
2015-01-28 19:50 - 2012-05-08 07:27 - 00002215 _____ () C:\Windows\system32\ServiceFilter.ini
2015-01-28 19:50 - 2012-05-08 07:14 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-01-28 19:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 19:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-01-28 19:45 - 2013-02-25 22:34 - 00089088 ___SH () C:\Users\KYNEK\Documents\Thumbs.db
2015-01-28 19:35 - 2013-05-14 20:35 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-01-28 19:35 - 2013-02-05 22:41 - 00000000 ____D () C:\Users\KYNEK\AppData\Roaming\vlc
2015-01-28 19:35 - 2013-01-10 22:56 - 00000000 ____D () C:\Users\KYNEK\AppData\Roaming\DAEMON Tools Lite
2015-01-28 19:35 - 2009-07-29 07:03 - 00000000 ____D () C:\Windows\Panther
2015-01-28 17:10 - 2014-09-09 08:31 - 00000000 ____D () C:\Users\KYNEK\Desktop\dzieci
2015-01-28 16:59 - 2014-09-28 20:26 - 00000000 ____D () C:\Users\KYNEK\Desktop\total english
2015-01-28 16:52 - 2014-12-01 15:18 - 00000000 ____D () C:\Users\KYNEK\Desktop\english file 3rd edition element
2015-01-28 16:49 - 2014-09-09 19:37 - 00000000 ____D () C:\Users\KYNEK\Desktop\SPEAK OUT (2)
2015-01-28 16:40 - 2014-06-01 10:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 16:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-28 16:33 - 2014-01-26 11:15 - 00000000 ____D () C:\obrazy płyt
2015-01-28 16:30 - 2013-01-12 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 16:30 - 2012-05-08 07:27 - 00002592 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-01-28 16:25 - 2014-09-09 20:04 - 00000000 ____D () C:\Users\KYNEK\Desktop\business english
2015-01-28 16:20 - 2014-11-06 15:40 - 00000000 ____D () C:\Users\KYNEK\Desktop\face2face
2015-01-28 16:17 - 2014-07-14 12:22 - 00000000 ____D () C:\Users\KYNEK\Desktop\INSTANT IDEA
2015-01-28 16:13 - 2014-09-16 10:22 - 00000000 ____D () C:\Users\KYNEK\Desktop\pictures for teaching
2015-01-28 16:12 - 2014-09-09 20:03 - 00000000 ____D () C:\Users\KYNEK\Desktop\ENGLISH FILE
2015-01-28 16:08 - 2014-09-10 08:59 - 00000000 ____D () C:\Users\KYNEK\Desktop\grammar
2015-01-28 16:06 - 2014-11-09 10:32 - 00000000 ____D () C:\Users\KYNEK\Desktop\readings
2015-01-28 16:06 - 2014-09-10 11:44 - 00000000 ____D () C:\Users\KYNEK\Desktop\speaking general
2015-01-28 16:06 - 2014-05-30 20:21 - 00000000 ____D () C:\Users\KYNEK\Desktop\testy
2015-01-28 16:05 - 2014-10-03 13:24 - 00000000 ____D () C:\Users\KYNEK\Desktop\englishbanana
2015-01-28 16:05 - 2013-01-10 21:41 - 00000000 ____D () C:\Users\KYNEK\Documents\Bluetooth Folder
2015-01-28 16:04 - 2014-09-18 17:30 - 00000000 ____D () C:\Users\KYNEK\Desktop\certyfikaty i dyplom
2015-01-28 16:04 - 2014-06-22 20:28 - 00000000 ____D () C:\Users\KYNEK\Desktop\mr bean
2015-01-28 15:59 - 2014-11-24 13:55 - 00000000 ____D () C:\Users\KYNEK\Desktop\lang dokumenty
2015-01-28 15:57 - 2013-02-07 21:57 - 00000000 ____D () C:\Users\KYNEK\Documents\Euro Truck Simulator 2
2015-01-28 15:55 - 2014-12-07 11:50 - 00000000 ____D () C:\Users\KYNEK\Desktop\domino dokumenty
2015-01-28 15:55 - 2014-09-25 19:21 - 00000000 ____D () C:\Users\KYNEK\Desktop\pi school raport dokumenty
2015-01-28 15:53 - 2013-06-02 17:49 - 00000000 ____D () C:\totalcmd
2015-01-28 15:52 - 2013-10-21 20:23 - 00000000 ____D () C:\naprawa pst
2015-01-28 15:52 - 2013-04-07 09:20 - 00000000 ____D () C:\ProgramData\hps
2015-01-28 15:51 - 2014-12-22 19:35 - 00000000 ____D () C:\ProgramData\Innovative Solutions
2015-01-28 15:51 - 2013-10-15 17:10 - 00000000 ____D () C:\AdwCleaner
2015-01-28 11:28 - 2012-05-08 07:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-27 21:44 - 2013-01-10 22:28 - 00000000 ____D () C:\Users\KYNEK\AppData\Local\CrashDumps
2015-01-27 16:05 - 2014-03-31 17:16 - 00000000 ___HD () C:\GrandeDevice
2015-01-23 18:24 - 2013-01-13 15:53 - 00000000 ____D () C:\Users\KYNEK\AppData\Roaming\Skype
2015-01-15 18:59 - 2014-03-31 17:18 - 00000000 _____ () C:\sparkraw.log
2015-01-15 08:42 - 2013-08-20 17:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 08:42 - 2013-01-16 22:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:35 - 2014-02-06 17:12 - 00568320 ___SH () C:\Users\KYNEK\Desktop\Thumbs.db
2015-01-10 09:07 - 2014-01-28 20:57 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 09:07 - 2013-10-03 19:34 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-10 09:07 - 2013-10-03 19:34 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-10 09:07 - 2013-06-28 19:14 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-10 09:07 - 2012-05-08 07:17 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 09:07 - 2012-05-08 07:17 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-10 09:07 - 2012-05-08 07:17 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-10 09:07 - 2012-05-08 07:17 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-10 00:30 - 2012-05-08 07:17 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-10 00:30 - 2012-05-08 07:17 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-10 00:29 - 2012-05-08 07:17 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-10 00:29 - 2012-05-08 07:17 - 01097872 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-01-10 00:29 - 2012-05-08 07:17 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-10 00:29 - 2012-05-08 07:17 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-10 00:29 - 2012-05-08 07:17 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-01-10 00:29 - 2012-05-08 07:17 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-09 20:47 - 2012-05-08 07:17 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-06 04:36 - 2013-01-20 08:49 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-01-10 21:38 - 2015-01-28 19:50 - 0000380 _____ () C:\Users\KYNEK\AppData\Roaming\sp_data.sys
2013-07-28 20:24 - 2013-09-05 09:27 - 0000069 _____ () C:\Users\KYNEK\AppData\Roaming\WB.CFG
2013-06-16 12:47 - 2013-09-05 09:27 - 0000005 _____ () C:\Users\KYNEK\AppData\Roaming\WBPU-TTL.DAT
2013-04-22 20:25 - 2013-09-14 19:59 - 0007601 _____ () C:\Users\KYNEK\AppData\Local\Resmon.ResmonCfg
2015-01-28 15:55 - 2015-01-28 18:41 - 1220985 _____ () C:\ProgramData\eaxswec.html
2012-02-24 12:55 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-05-08 07:35 - 2012-05-08 07:35 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-08 07:34 - 2012-05-08 07:35 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-08 07:34 - 2012-05-08 07:34 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\KYNEK\AppData\Local\Temp\avgnt.exe
C:\Users\KYNEK\AppData\Local\Temp\siinst.exe
C:\Users\KYNEK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\KYNEK\AppData\Local\Temp\strings.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe = & gt; File is digitally signed
C:\Windows\System32\wininit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe = & gt; File is digitally signed
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe = & gt; File is digitally signed
C:\Windows\System32\svchost.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe = & gt; File is digitally signed
C:\Windows\System32\services.exe = & gt; File is digitally signed
C:\Windows\System32\User32.dll = & gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll = & gt; File is digitally signed
C:\Windows\System32\userinit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe = & gt; File is digitally signed
C:\Windows\System32\rpcss.dll = & gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys = & gt; File is digitally signed


LastRegBack: 2013-09-02 08:52

==================== End Of Log ============================