Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013 Ran by viola (administrator) on P-2D4451388AB24 on 19-10-2013 23:52:57 Running from C:\Documents and Settings\viola\Pulpit Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (GG Network S.A.) D:\PROGRAMY UŻYTKOWE\gg\Nowe Gadu-Gadu\gg.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Apache Software Foundation) C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe (Oracle Corporation) C:\Program Files\Java\bin\jqs.exe (Apache Software Foundation) C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe (NVIDIA Corporation) C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe () D:\PROGRAMY UŻYTKOWE\gg\Nowe Gadu-Gadu\spellchecker_gg.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-10-14] (AVAST Software) HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16049664 2006-08-01] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [ROC_ROC_NT] - "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [Nowe Gadu-Gadu] - D:\PROGRAMY UŻYTKOWE\gg\Nowe Gadu-Gadu\gg.exe [11539048 2009-10-28] (GG Network S.A.) MountPoints2: {58ea6874-88e1-11e2-895d-00138ffac9d2} - G:\Startme.exe HKU\vr\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\vr\...\Run: [Gadu-Gadu 10] - "C:\Program Files\Gadu-Gadu 10\gg.exe" HKU\vr\...\Run: [IPLA!] - C:\Program Files\ipla\ipla.exe /autorun HKU\vr\...\Run: [Nowe Gadu-Gadu] - "C:\Program Files\Nowe Gadu-Gadu\gg.exe" Startup: C:\Documents and Settings\viola\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAMY UŻYTKOWE\Adobe\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\bin\jp2ssv.dll (Oracle Corporation) BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\viola\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 87.204.204.204 62.233.233.233 FireFox: ======== FF ProfilePath: C:\Documents and Settings\viola\Dane aplikacji\Mozilla\Firefox\Profiles\pf2tlzfm.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF Homepage: hxxp://ww.interia.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Adobe Acrobat) - D:\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (YouTube) - C:\DOCUME~1\viola\USTAWI~1\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\DOCUME~1\viola\USTAWI~1\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\viola\USTAWI~1\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\DOCUME~1\viola\USTAWI~1\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-10-14] (AVAST Software) R2 ForcewareWebInterface; C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe [20543 2006-04-03] (Apache Software Foundation) R2 nSvcIp; C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe [131131 2006-07-13] (NVIDIA Corporation) R2 JavaQuickStarterService; "C:\Program Files\Java\bin\jqs.exe" -service -config "C:\Program Files\Java\lib\deploy\jqs\jqs.conf" S4 nSvcLog; C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-10-14] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-10-14] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-10-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-10-14] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-10-14] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-10-14] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-10-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-10-14] () S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-18] (Microsoft Corporation) R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105088 2006-06-28] (NVIDIA Corporation) R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation) R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation) R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-19 23:52 - 2013-10-19 23:52 - 00000000 ____D C:\FRST 2013-10-19 23:50 - 2013-10-19 23:50 - 01087515 _____ (Farbar) C:\Documents and Settings\viola\Pulpit\FRST.exe 2013-10-19 23:34 - 2013-10-19 23:34 - 00078114 _____ C:\Documents and Settings\viola\Pulpit\OTL.Txt 2013-10-19 23:34 - 2013-10-19 23:34 - 00032364 _____ C:\Documents and Settings\viola\Pulpit\Extras.Txt 2013-10-19 23:17 - 2013-10-19 23:17 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\viola\Pulpit\OTL.exe 2013-10-19 22:26 - 2013-10-19 22:26 - 00000472 _____ C:\Documents and Settings\viola\Pulpit\defogger_disable.log 2013-10-19 22:26 - 2013-10-19 22:26 - 00000000 _____ C:\Documents and Settings\viola\defogger_reenable 2013-10-19 22:23 - 2013-10-19 22:23 - 00050477 _____ C:\Documents and Settings\viola\Pulpit\Defogger.exe 2013-10-19 20:48 - 2013-10-19 20:48 - 02986038 _____ C:\Documents and Settings\viola\Pulpit\mało miejsca na C.bmp 2013-10-19 20:06 - 2013-10-19 20:06 - 00071864 _____ C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2013-10-19 20:05 - 2013-10-19 20:05 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-10-19 20:05 - 2013-10-19 20:05 - 00000000 ____D C:\Program Files\Reference Assemblies 2013-10-19 20:05 - 2013-10-19 20:05 - 00000000 ____D C:\Program Files\MSBuild 2013-10-19 20:04 - 2008-07-06 14:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll 2013-10-19 20:04 - 2008-07-06 14:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll 2013-10-19 20:04 - 2008-07-06 14:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll 2013-10-19 20:04 - 2008-07-06 14:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll 2013-10-19 20:04 - 2008-07-06 14:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll 2013-10-19 20:04 - 2008-07-06 14:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll 2013-10-19 20:04 - 2008-07-06 12:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe 2013-10-19 18:24 - 2013-10-19 18:24 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Java 2013-10-19 18:24 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-10-19 18:24 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-10-19 18:24 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-10-19 18:24 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-10-19 18:24 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-10-19 18:23 - 2013-10-19 18:24 - 00004098 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log 2013-10-19 18:04 - 2013-10-19 18:04 - 00864614 _____ C:\Documents and Settings\viola\Pulpit\rootkit.bmp 2013-10-19 18:04 - 2013-10-19 18:04 - 00857166 _____ C:\Documents and Settings\viola\Pulpit\rootkit1.bmp 2013-10-19 17:38 - 2013-10-19 17:38 - 00000657 _____ C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Nowe Gadu-Gadu.lnk 2013-10-19 17:25 - 2013-10-19 17:25 - 00000000 ___SD C:\Documents and Settings\viola\GG dysk 2013-10-19 17:23 - 2013-10-19 17:31 - 00000000 ____D C:\Documents and Settings\viola\Dane aplikacji\GG 2013-10-19 17:22 - 2013-10-19 17:32 - 00000000 ____D C:\Documents and Settings\viola\Ustawienia lokalne\Dane aplikacji\GG 2013-10-15 14:08 - 2013-10-15 14:08 - 02986038 _____ C:\Documents and Settings\viola\Pulpit\otwarta szuflada.bmp 2013-10-11 18:57 - 2013-10-11 18:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-11 18:56 - 2013-10-11 18:57 - 00130407 _____ C:\WINDOWS\KB2862335.log 2013-10-11 18:56 - 2013-10-11 18:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-11 18:51 - 2013-10-11 18:51 - 00010950 _____ C:\WINDOWS\KB2868038.log 2013-10-11 18:51 - 2013-10-11 18:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-11 18:50 - 2013-10-11 18:51 - 00012904 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-11 18:50 - 2013-10-11 18:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-11 18:50 - 2013-10-11 18:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-11 08:23 - 2013-10-19 18:24 - 00000000 ____D C:\Program Files\Java 2013-10-11 08:12 - 2013-10-11 18:57 - 00134455 _____ C:\WINDOWS\KB2847311.log 2013-10-11 08:12 - 2013-07-17 02:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys 2013-10-11 08:12 - 2013-07-17 02:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys 2013-10-11 08:12 - 2013-07-03 04:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2013-10-11 08:12 - 2013-07-03 03:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys 2013-10-11 08:03 - 2013-08-09 02:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys 2013-10-11 08:03 - 2013-08-09 02:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys 2013-10-11 08:03 - 2013-08-09 02:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2013-10-11 08:03 - 2009-03-18 13:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys 2013-10-09 08:40 - 2013-10-09 16:40 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-10-01 09:45 - 2013-10-01 16:40 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-10-19 23:52 - 2013-10-19 23:52 - 00000000 ____D C:\FRST 2013-10-19 23:50 - 2013-10-19 23:50 - 01087515 _____ (Farbar) C:\Documents and Settings\viola\Pulpit\FRST.exe 2013-10-19 23:50 - 2012-03-26 11:41 - 00000000 ____D C:\Documents and Settings\viola\Moje dokumenty\Pobieranie 2013-10-19 23:50 - 2012-03-26 10:57 - 00000000 ____D C:\Documents and Settings\viola\Pulpit 2013-10-19 23:40 - 2012-08-09 16:32 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-19 23:34 - 2013-10-19 23:34 - 00078114 _____ C:\Documents and Settings\viola\Pulpit\OTL.Txt 2013-10-19 23:34 - 2013-10-19 23:34 - 00032364 _____ C:\Documents and Settings\viola\Pulpit\Extras.Txt 2013-10-19 23:30 - 2012-03-06 18:04 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-10-19 23:17 - 2013-10-19 23:17 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\viola\Pulpit\OTL.exe 2013-10-19 23:07 - 2012-03-26 12:50 - 00001034 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-19 22:33 - 2012-03-26 10:49 - 01057457 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-19 22:32 - 2012-07-05 05:09 - 00000316 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-10-19 22:31 - 2013-03-11 22:19 - 00000000 ____D C:\Documents and Settings\viola\Dane aplikacji\OpenOffice.org2 2013-10-19 22:31 - 2012-03-26 12:50 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-19 22:31 - 2012-03-26 10:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-19 22:30 - 2012-03-26 10:57 - 00000188 ___SH C:\Documents and Settings\viola\ntuser.ini 2013-10-19 22:30 - 2012-03-26 10:55 - 00032452 _____ C:\WINDOWS\SchedLgU.Txt 2013-10-19 22:26 - 2013-10-19 22:26 - 00000472 _____ C:\Documents and Settings\viola\Pulpit\defogger_disable.log 2013-10-19 22:26 - 2013-10-19 22:26 - 00000000 _____ C:\Documents and Settings\viola\defogger_reenable 2013-10-19 22:26 - 2012-03-26 10:57 - 00000000 ____D C:\Documents and Settings\viola 2013-10-19 22:23 - 2013-10-19 22:23 - 00050477 _____ C:\Documents and Settings\viola\Pulpit\Defogger.exe 2013-10-19 22:22 - 2012-05-14 19:28 - 01691136 ___SH C:\Documents and Settings\viola\Pulpit\Thumbs.db 2013-10-19 21:23 - 2012-03-23 04:26 - 00000216 _____ C:\WINDOWS\wiadebug.log 2013-10-19 21:12 - 2012-03-26 12:49 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVAST Software 2013-10-19 21:11 - 2012-03-26 10:50 - 00002596 _____ C:\WINDOWS\system32\CONFIG.NT 2013-10-19 20:48 - 2013-10-19 20:48 - 02986038 _____ C:\Documents and Settings\viola\Pulpit\mało miejsca na C.bmp 2013-10-19 20:48 - 2012-03-23 04:26 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-19 20:27 - 2012-03-23 04:21 - 00152598 _____ C:\WINDOWS\setupact.log 2013-10-19 20:15 - 2012-03-26 18:02 - 00087115 ____C C:\WINDOWS\spupdsvc.log 2013-10-19 20:14 - 2012-03-23 04:21 - 00127704 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-19 20:07 - 2012-03-23 04:22 - 01082590 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-19 20:07 - 2006-03-02 14:00 - 00490284 _____ C:\WINDOWS\system32\perfh015.dat 2013-10-19 20:07 - 2006-03-02 14:00 - 00083660 _____ C:\WINDOWS\system32\perfc015.dat 2013-10-19 20:06 - 2013-10-19 20:06 - 00071864 _____ C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2013-10-19 20:06 - 2012-03-26 10:55 - 00000000 ___HD C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji 2013-10-19 20:05 - 2013-10-19 20:05 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-10-19 20:05 - 2013-10-19 20:05 - 00000000 ____D C:\Program Files\Reference Assemblies 2013-10-19 20:05 - 2013-10-19 20:05 - 00000000 ____D C:\Program Files\MSBuild 2013-10-19 20:05 - 2012-03-26 17:41 - 00244087 _____ C:\WINDOWS\updspapi.log 2013-10-19 20:05 - 2010-12-16 17:53 - 00000000 ____D C:\WINDOWS\system32\spool 2013-10-19 20:04 - 2012-03-23 04:22 - 00777085 _____ C:\WINDOWS\setupapi.log 2013-10-19 18:24 - 2013-10-19 18:24 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Java 2013-10-19 18:24 - 2013-10-19 18:23 - 00004098 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log 2013-10-19 18:24 - 2013-10-11 08:23 - 00000000 ____D C:\Program Files\Java 2013-10-19 18:24 - 2012-03-23 04:22 - 00000000 ___RD C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2013-10-19 18:04 - 2013-10-19 18:04 - 00864614 _____ C:\Documents and Settings\viola\Pulpit\rootkit.bmp 2013-10-19 18:04 - 2013-10-19 18:04 - 00857166 _____ C:\Documents and Settings\viola\Pulpit\rootkit1.bmp 2013-10-19 17:38 - 2013-10-19 17:38 - 00000657 _____ C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Nowe Gadu-Gadu.lnk 2013-10-19 17:32 - 2013-10-19 17:22 - 00000000 ____D C:\Documents and Settings\viola\Ustawienia lokalne\Dane aplikacji\GG 2013-10-19 17:32 - 2012-03-26 10:57 - 00000000 ___RD C:\Documents and Settings\viola\Menu Start\Programy 2013-10-19 17:31 - 2013-10-19 17:23 - 00000000 ____D C:\Documents and Settings\viola\Dane aplikacji\GG 2013-10-19 17:25 - 2013-10-19 17:25 - 00000000 ___SD C:\Documents and Settings\viola\GG dysk 2013-10-19 17:25 - 2012-03-26 10:57 - 00000000 ___RD C:\Documents and Settings\viola\Ulubione 2013-10-19 17:23 - 2012-03-26 10:57 - 00000000 __RHD C:\Documents and Settings\viola\Dane aplikacji 2013-10-19 17:22 - 2012-03-26 10:57 - 00000000 ___HD C:\Documents and Settings\viola\Ustawienia lokalne\Dane aplikacji 2013-10-19 12:15 - 2012-03-26 11:07 - 00000000 _____ C:\WINDOWS\system32\nmp.log 2013-10-17 18:43 - 2012-03-26 10:57 - 00000000 ___RD C:\Documents and Settings\viola\Moje dokumenty 2013-10-17 18:42 - 2012-04-29 03:39 - 00039936 ___SH C:\Documents and Settings\viola\Moje dokumenty\Thumbs.db 2013-10-15 14:08 - 2013-10-15 14:08 - 02986038 _____ C:\Documents and Settings\viola\Pulpit\otwarta szuflada.bmp 2013-10-14 19:41 - 2013-03-03 17:39 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-10-14 19:41 - 2013-03-03 17:39 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-10-14 19:41 - 2013-03-03 17:39 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-10-14 19:41 - 2012-03-26 12:50 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-10-14 19:41 - 2012-03-26 12:50 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-10-14 19:41 - 2012-03-26 12:50 - 00236840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-10-14 19:41 - 2012-03-26 12:50 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-10-14 19:41 - 2012-03-26 12:50 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2013-10-14 19:41 - 2012-03-26 12:50 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-10-14 19:41 - 2012-03-26 12:50 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-10-11 19:24 - 2011-07-02 21:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 18:57 - 2013-10-11 18:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-11 18:57 - 2013-10-11 18:56 - 00130407 _____ C:\WINDOWS\KB2862335.log 2013-10-11 18:57 - 2013-10-11 08:12 - 00134455 _____ C:\WINDOWS\KB2847311.log 2013-10-11 18:57 - 2012-03-23 04:22 - 01365609 _____ C:\WINDOWS\FaxSetup.log 2013-10-11 18:57 - 2012-03-23 04:22 - 00658878 _____ C:\WINDOWS\ocgen.log 2013-10-11 18:57 - 2012-03-23 04:22 - 00525761 _____ C:\WINDOWS\tsoc.log 2013-10-11 18:57 - 2012-03-23 04:22 - 00467168 _____ C:\WINDOWS\comsetup.log 2013-10-11 18:57 - 2012-03-23 04:22 - 00282633 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-11 18:57 - 2012-03-23 04:22 - 00215784 _____ C:\WINDOWS\iis6.log 2013-10-11 18:57 - 2012-03-23 04:22 - 00085238 _____ C:\WINDOWS\ocmsn.log 2013-10-11 18:57 - 2012-03-23 04:22 - 00068386 _____ C:\WINDOWS\msgsocm.log 2013-10-11 18:57 - 2012-03-23 04:22 - 00001393 _____ C:\WINDOWS\imsins.log 2013-10-11 18:57 - 2012-03-23 04:22 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-10-11 18:56 - 2013-10-11 18:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-11 18:56 - 2013-08-14 18:55 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-11 18:53 - 2012-04-16 21:04 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Microsoft Silverlight 2013-10-11 18:53 - 2012-03-26 18:09 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-11 18:51 - 2013-10-11 18:51 - 00010950 _____ C:\WINDOWS\KB2868038.log 2013-10-11 18:51 - 2013-10-11 18:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-11 18:51 - 2013-10-11 18:50 - 00012904 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-11 18:50 - 2013-10-11 18:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-11 18:50 - 2013-10-11 18:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-11 18:50 - 2012-08-08 23:44 - 00000000 ____D C:\WINDOWS\ie8updates 2013-10-11 08:26 - 2012-08-09 16:32 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-10-11 08:26 - 2012-08-09 13:14 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-10-11 08:26 - 2012-03-26 14:35 - 00000000 ____D C:\Documents and Settings\viola\Ustawienia lokalne\Dane aplikacji\Adobe 2013-10-09 16:40 - 2013-10-09 08:40 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-10-08 07:50 - 2013-10-19 18:24 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-10-08 07:46 - 2013-10-19 18:24 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-10-08 07:46 - 2013-10-19 18:24 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-10-08 07:46 - 2013-10-19 18:24 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-10-08 07:29 - 2013-10-19 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-10-01 20:41 - 2012-06-23 07:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-01 16:40 - 2013-10-01 09:45 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-23 23:55 - 2012-08-08 23:36 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2013-09-23 23:55 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-09-23 20:25 - 2012-08-09 15:24 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2013-09-23 20:25 - 2012-08-08 23:36 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2013-09-23 20:25 - 2012-08-08 23:36 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2013-09-23 20:25 - 2012-08-08 23:36 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2013-09-23 20:25 - 2012-08-08 23:36 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2013-09-23 20:25 - 2012-08-08 23:36 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2013-09-23 20:25 - 2012-08-08 23:36 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2013-09-23 20:25 - 2010-12-18 16:32 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2013-09-23 20:25 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-09-23 20:25 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-09-23 20:25 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-09-23 20:25 - 2006-03-02 14:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2013-09-23 20:25 - 2006-03-02 14:00 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2013-09-23 20:25 - 2006-03-02 14:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2013-09-23 20:07 - 2006-03-02 14:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2013-09-23 20:07 - 2006-03-02 14:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-09-23 20:07 - 2006-03-02 14:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe Some content of TEMP: ==================== C:\Documents and Settings\viola\Ustawienia lokalne\Temp\nowegg.upgr.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2006-03-02 14:00] - [2008-04-14 19:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2006-03-02 14:00] - [2008-04-14 19:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2006-03-02 14:00] - [2008-04-14 19:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2006-03-02 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2006-03-02 14:00] - [2008-04-14 19:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2006-03-02 14:00] - [2008-04-14 19:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2006-03-02 14:00] - [2008-04-14 18:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================