Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 02 Ran by Joanna (administrator) on JO on 17-01-2014 15:47:25 Running from C:\Documents and Settings\Joanna\Moje dokumenty\Pobieranie Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Webroot) C:\Program Files\Webroot\WRSA.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe () C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [DiskeeperSystray] - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [221184 2005-11-22] (Diskeeper Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-13] (AVAST Software) HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [763480 2014-01-15] (Webroot) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\WgaLogon: C:\WINDOWS\system32\WgaLogon.dll () HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [94208 2005-09-03] (Nero AG) HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Policies\system: [DisableCMD] 0 HKCU\...\Policies\system: [NoDispAppearancePage] 0 HKCU\...\Policies\system: [NoDispBackgroundPage] 0 HKCU\...\Policies\system: [NoDispSettingsPage] 0 HKCU\...\Policies\Explorer: [NoFolderOptions] 0 HKCU\...\Policies\Explorer: [NoViewOnDrive] 0 HKCU\...\Policies\Explorer: [NoControlPanel] 0 HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKCU\...\Policies\Explorer: [NoViewContextMenu] 0 HKCU\...\Policies\Explorer: [NoShellSearchButton] 0 HKCU\...\Policies\Explorer: [NoFind] 0 HKCU\...\Policies\Explorer: [NoFile] 0 HKCU\...\Policies\Explorer: [HideClock] 0 HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0 HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKCU\...\Policies\Explorer: [NoSetFolders] 0 HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKCU\...\Policies\Explorer: [NoSetTaskbar] 0 HKCU\...\Policies\Explorer: [NoDeletePrinter] 0 HKCU\...\Policies\Explorer: [NoDFSTab] 0 HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0 HKCU\...\Policies\Explorer: [NoLogoff] 0 HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0 HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0 HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKCU\...\Policies\Explorer: [NoResolveSearch] 0 HKCU\...\Policies\Explorer: [NoSaveSettings] 0 HKCU\...\Policies\Explorer: [NoHardwareTab] 0 HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe [ 2005-09-04] (Nero AG) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk ShortcutTarget: DSLMON.lnk -> C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://netiasecure.pl.pl/skaner/fscax.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{94EFFAAB-5075-4DE4-B1BB-EB6DDA5BADCD}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Joanna\Dane aplikacji\Mozilla\Firefox\Profiles\mtw2zvuy.default-1386795345218 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\testlog.txt FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahootc.xml FF Extension: Epuap Sign Plugin - C:\Documents and Settings\Joanna\Dane aplikacji\Mozilla\Firefox\Profiles\mtw2zvuy.default-1386795345218\Extensions\SignPlugin@epuap.com [2013-12-14] FF Extension: Adblock Plus - C:\Documents and Settings\Joanna\Dane aplikacji\Mozilla\Firefox\Profiles\mtw2zvuy.default-1386795345218\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-16] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-04-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-05-03] () R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-13] (AVAST Software) R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [765952 2005-11-23] (Diskeeper Corporation) R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [763480 2014-01-15] (Webroot) S2 ZuneBusEnum; "C:\Program Files\Zune\ZuneBusEnum.exe" [x] ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2297664 2004-11-17] (Realtek Semiconductor Corp.) R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-12-13] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-12-13] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-13] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-13] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-12-13] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-12-13] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-13] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-13] () S3 e4usbaw; C:\Windows\System32\DRIVERS\e4usbaw.sys [114616 2006-05-04] (Analog Devices Inc.) R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) S2 IKANLOADER2; C:\Windows\System32\Drivers\e4ldr.sys [63555 2006-03-02] (Analog Deivces) S3 MSIRCOMM; C:\Windows\System32\DRIVERS\MSIRCOMM.sys [22016 2008-04-13] (Microsoft Corporation) R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation) R0 nvatabus; C:\Windows\System32\DRIVERS\nvatabus.sys [88960 2005-01-20] (NVIDIA Corporation) R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation) S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation) S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation) S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation) S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation) S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation) S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [118240 2014-01-15] (Webroot) R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation) S3 ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys [x] S4 InCDFs; system32\drivers\InCDFs.sys [x] S1 InCDPass; system32\drivers\InCDPass.sys [x] S1 InCDRm; system32\drivers\InCDRm.sys [x] S4 IntelIde; No ImagePath S3 ntportio; \??\C:\Documents and Settings\Joanna\Pulpit\Nowy folder (2)\ntportio.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-17 15:47 - 2014-01-17 15:47 - 00000000 ____D C:\FRST 2014-01-17 14:47 - 2014-01-05 00:31 - 00451698 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20140117-144706.backup 2014-01-16 23:08 - 2014-01-16 23:08 - 00000000 ____D C:\ba6c0bedb91ec5f1c4a130 2014-01-16 23:07 - 2014-01-17 14:21 - 00000000 ____D C:\SYSTEMOWE 2014-01-16 13:31 - 2014-01-16 13:31 - 00000000 ____D C:\WINDOWS\system32\CatRoot_bak 2014-01-16 13:09 - 2014-01-16 13:09 - 00000803 _____ C:\Documents and Settings\Joanna\Menu Start\Programy\Internet Explorer.lnk 2014-01-16 13:02 - 2014-01-16 13:03 - 00000000 __HDC C:\WINDOWS\ie8 2014-01-16 13:02 - 2014-01-16 13:03 - 00000000 ____D C:\WINDOWS\system32\pl-PL 2014-01-16 11:42 - 2014-01-17 15:47 - 00000000 ____D C:\Documents and Settings\Joanna\Moje dokumenty\Pobieranie 2014-01-16 11:42 - 2014-01-16 11:42 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Joanna\Pulpit\TFC.exe 2014-01-15 23:03 - 2014-01-17 15:33 - 00281389 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-15 23:02 - 2014-01-17 15:31 - 00032372 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-15 18:11 - 2014-01-17 14:43 - 00000000 ____D C:\AdwCleaner 2014-01-15 18:10 - 2014-01-15 18:10 - 01236282 _____ C:\Documents and Settings\Joanna\Pulpit\AdwCleaner.pl 3.017.exe 2014-01-15 14:22 - 2014-01-15 14:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-11 12:34 - 2014-01-16 11:59 - 00000300 _____ C:\Documents and Settings\Joanna\Pulpit\Nowy Dokument tekstowy.txt 2014-01-09 15:27 - 2014-01-16 14:29 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\Nowy folder (3) 2014-01-08 13:42 - 2014-01-17 14:23 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\dziadki 2014-01-07 14:20 - 2014-01-14 12:09 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\Nowy folder (2) 2014-01-06 16:38 - 2014-01-17 15:46 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\WRData 2014-01-06 16:38 - 2014-01-15 14:55 - 00154760 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll 2014-01-06 16:38 - 2014-01-15 14:55 - 00118240 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys 2014-01-06 16:38 - 2014-01-07 11:09 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Webroot SecureAnywhere 2014-01-06 16:38 - 2014-01-06 16:38 - 00000000 ____D C:\Program Files\Webroot 2014-01-05 00:31 - 2013-12-17 21:50 - 00451698 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20140105-003157.backup 2013-12-29 13:18 - 2013-12-29 13:18 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\AVAST Software 2013-12-29 13:18 - 2013-12-29 13:18 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\Adobe 2013-12-20 18:36 - 2014-01-13 19:50 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-01-17 15:47 - 2014-01-17 15:47 - 00000000 ____D C:\FRST 2014-01-17 15:47 - 2014-01-16 11:42 - 00000000 ____D C:\Documents and Settings\Joanna\Moje dokumenty\Pobieranie 2014-01-17 15:46 - 2014-01-06 16:38 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\WRData 2014-01-17 15:43 - 2013-11-13 17:37 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-17 15:37 - 2012-07-08 21:25 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-01-17 15:33 - 2014-01-15 23:03 - 00281389 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-17 15:32 - 2013-11-12 14:43 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-17 15:32 - 2013-11-12 14:43 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-17 15:32 - 2007-05-28 06:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-17 15:31 - 2014-01-15 23:02 - 00032372 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-17 15:31 - 2007-05-28 06:40 - 00000292 ___SH C:\Documents and Settings\Joanna\ntuser.ini 2014-01-17 15:31 - 2007-05-28 01:54 - 00144424 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2014-01-17 15:21 - 2007-05-28 07:51 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2014-01-17 15:21 - 2007-05-28 06:40 - 00000000 ____D C:\Documents and Settings\Joanna 2014-01-17 15:18 - 2007-05-28 06:40 - 00000000 ___RD C:\Documents and Settings\Joanna\Moje dokumenty\Moje obrazy 2014-01-17 14:43 - 2014-01-15 18:11 - 00000000 ____D C:\AdwCleaner 2014-01-17 14:23 - 2014-01-08 13:42 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\dziadki 2014-01-17 14:21 - 2014-01-16 23:07 - 00000000 ____D C:\SYSTEMOWE 2014-01-17 13:04 - 2007-05-28 01:05 - 00000188 ___SH C:\Documents and Settings\NetworkService\ntuser.ini 2014-01-17 12:46 - 2007-05-28 06:40 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit 2014-01-17 11:17 - 2007-05-28 18:06 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2014-01-16 23:08 - 2014-01-16 23:08 - 00000000 ____D C:\ba6c0bedb91ec5f1c4a130 2014-01-16 21:31 - 2007-05-31 00:31 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2014-01-16 21:26 - 2008-02-20 22:41 - 00000000 ____D C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji\Adobe 2014-01-16 20:55 - 2013-06-02 18:41 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\FILMY LEKTOR 2014-01-16 20:55 - 2007-06-14 07:22 - 00034304 _____ C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-16 19:04 - 2007-05-28 18:22 - 00024416 _____ C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-01-16 18:46 - 2012-12-25 03:28 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-01-16 18:46 - 2012-12-25 03:28 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-01-16 14:29 - 2014-01-09 15:27 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\Nowy folder (3) 2014-01-16 13:31 - 2014-01-16 13:31 - 00000000 ____D C:\WINDOWS\system32\CatRoot_bak 2014-01-16 13:09 - 2014-01-16 13:09 - 00000803 _____ C:\Documents and Settings\Joanna\Menu Start\Programy\Internet Explorer.lnk 2014-01-16 13:09 - 2007-05-28 06:40 - 00000000 ___RD C:\Documents and Settings\Joanna\Menu Start\Programy 2014-01-16 13:08 - 2007-05-28 06:40 - 00000000 ___RD C:\Documents and Settings\Joanna\Moje dokumenty\Moja muzyka 2014-01-16 13:08 - 2007-05-28 06:40 - 00000000 ___RD C:\Documents and Settings\Joanna\Moje dokumenty 2014-01-16 13:07 - 2007-05-28 01:50 - 00000000 ____D C:\WINDOWS\Help 2014-01-16 13:06 - 2010-07-06 22:14 - 00000000 ____D C:\WINDOWS\ie8updates 2014-01-16 13:03 - 2014-01-16 13:02 - 00000000 __HDC C:\WINDOWS\ie8 2014-01-16 13:03 - 2014-01-16 13:02 - 00000000 ____D C:\WINDOWS\system32\pl-PL 2014-01-16 13:03 - 2007-05-28 01:50 - 00000000 ____D C:\WINDOWS\Media 2014-01-16 12:44 - 2007-05-28 01:00 - 00000000 ____D C:\WINDOWS\system32\Restore 2014-01-16 11:59 - 2014-01-11 12:34 - 00000300 _____ C:\Documents and Settings\Joanna\Pulpit\Nowy Dokument tekstowy.txt 2014-01-16 11:42 - 2014-01-16 11:42 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Joanna\Pulpit\TFC.exe 2014-01-16 10:40 - 2007-10-25 17:59 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\Nieużywane skróty pulpitu 2014-01-16 01:01 - 2013-07-15 07:45 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-16 00:57 - 2007-05-28 14:05 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-15 23:55 - 2008-08-26 07:32 - 00000000 ____D C:\Program Files\Adobe 2014-01-15 23:19 - 2010-07-24 11:42 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Sun 2014-01-15 23:18 - 2007-05-28 01:55 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2014-01-15 23:01 - 2010-08-23 22:18 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\Pobieranie 2014-01-15 21:38 - 2011-02-02 19:30 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\FILMY NAPISY 2014-01-15 18:13 - 2007-05-28 06:40 - 00000000 ___HD C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji 2014-01-15 18:10 - 2014-01-15 18:10 - 01236282 _____ C:\Documents and Settings\Joanna\Pulpit\AdwCleaner.pl 3.017.exe 2014-01-15 17:51 - 2007-05-28 01:57 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2014-01-15 17:46 - 2007-05-28 07:57 - 00000000 ____D C:\Documents and Settings\Administrator 2014-01-15 17:46 - 2007-05-28 06:39 - 00000000 __SHD C:\Documents and Settings\LocalService 2014-01-15 17:46 - 2007-05-28 01:05 - 00000000 __SHD C:\Documents and Settings\NetworkService 2014-01-15 17:45 - 2007-05-28 06:39 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji 2014-01-15 17:45 - 2007-05-28 00:59 - 00000000 ____D C:\WINDOWS\Registration 2014-01-15 17:27 - 2007-05-28 06:40 - 00000000 ___RD C:\Documents and Settings\Joanna\Menu Start 2014-01-15 14:55 - 2014-01-06 16:38 - 00154760 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll 2014-01-15 14:55 - 2014-01-06 16:38 - 00118240 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys 2014-01-15 14:22 - 2014-01-15 14:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-14 12:09 - 2014-01-07 14:20 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\Nowy folder (2) 2014-01-13 19:50 - 2013-12-20 18:36 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-01-12 16:39 - 2007-07-27 19:48 - 00000229 _____ C:\WINDOWS\NeroDigital.ini 2014-01-09 13:32 - 2013-12-16 11:40 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit\PREZENCIARNIA Dziuni 2014-01-07 11:09 - 2014-01-06 16:38 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Webroot SecureAnywhere 2014-01-06 18:39 - 2007-05-28 01:57 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty 2014-01-06 18:26 - 2007-05-28 06:40 - 00000000 __RHD C:\Documents and Settings\Joanna\Dane aplikacji 2014-01-06 16:38 - 2014-01-06 16:38 - 00000000 ____D C:\Program Files\Webroot 2014-01-06 15:37 - 2009-12-26 21:40 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2014-01-06 15:37 - 2008-03-18 00:07 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Diskeeper Corporation 2014-01-06 15:36 - 2002-09-28 23:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-05 13:24 - 2013-06-14 18:05 - 00000874 _____ C:\WINDOWS\campeps.ini 2014-01-05 13:21 - 2007-05-28 01:57 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2014-01-05 00:31 - 2014-01-17 14:47 - 00451698 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20140117-144706.backup 2013-12-29 13:18 - 2013-12-29 13:18 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\AVAST Software 2013-12-29 13:18 - 2013-12-29 13:18 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\Adobe 2013-12-24 13:24 - 2013-07-28 11:47 - 00000117 _____ C:\Documents and Settings\Joanna\default.pls 2013-12-21 10:06 - 2012-05-03 09:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-20 10:16 - 2007-09-02 11:26 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 00:44] - [2008-04-14 18:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2004-08-04 00:44] - [2008-04-14 18:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2004-08-04 00:44] - [2008-04-14 18:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2004-08-04 00:44] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2004-08-04 00:44] - [2008-04-14 18:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2004-08-04 00:44] - [2008-04-14 18:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\rpcss.dll [2004-08-04 00:44] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 00:36] - [2008-04-14 17:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================