Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03 Ran by L01 (administrator) on XXX-74837414E5A on 18-01-2014 20:08:01 Running from C:\Documents and Settings\L01\Pulpit\Moje ściągnięte pliki Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Mobile Leader Co.,Ltd.) C:\WINDOWS\system32\LGScsiCommandService.exe () C:\Program Files\Mobogenie\MgAssist.exe () C:\WINDOWS\system32\PnkBstrA.exe () C:\WINDOWS\system32\PnkBstrB.exe () C:\Program Files\LinkSwift\updateLinkSwift.exe () C:\Program Files\Mobogenie\DaemonProcess.exe () C:\Program Files\LinkSwift\bin\utilLinkSwift.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN LLC.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\VNT\vntldr.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [13750272 2009-04-15] (NVIDIA Corporation) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [766656 2014-01-10] () HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1757648 2014-01-06] (APN) HKLM\...\Run: [VNT] - C:\Program Files\VNT\vntldr.exe [195536 2014-01-06] (APN LLC.) HKCU\...\Run: [Google Update] - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [136176 2011-04-01] (Google Inc.) HKCU\...\Run: [NextLive] - C:\Documents and Settings\L01\Dane aplikacji\newnext.me\nengine.dll [1283584 2013-12-09] (NewNextDotMe) HKCU\...\Run: [ChomikBox] - C:\Program Files\ChomikBox\ChomikBox.exe [5979648 2012-11-15] ( ) HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [138096 2014-01-18] (Facebook Inc.) MountPoints2: G - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs MountPoints2: {20cdb51c-9249-11e2-b9f8-e0cb4e36a944} - F:\AutoRun.exe MountPoints2: {3a9ed525-746d-11e2-b994-e0cb4e36a944} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs MountPoints2: {3a9ed526-746d-11e2-b994-e0cb4e36a944} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs MountPoints2: {3ad5be44-ac96-11df-ae73-e0cb4e36a944} - F:\AutoRun.exe MountPoints2: {3b404554-1bda-11df-ac5e-e0cb4e36a944} - F:\AutoRun.exe MountPoints2: {4e0a0701-7b47-11e1-b6a0-e0cb4e36a944} - F:\LGAutoRun.exe MountPoints2: {550f9cd4-e52c-11df-af25-e0cb4e36a944} - I:\LGAutoRun.exe MountPoints2: {6c98f9a2-bab3-11df-ae98-e0cb4e36a944} - F:\AutoRun.exe MountPoints2: {7e026062-e429-11df-af21-e0cb4e36a944} - lpl.exe MountPoints2: {9c8081ac-32bb-11e3-bbaf-e0cb4e36a944} - F:\uxkl0apt.bat MountPoints2: {a797eb95-1bdf-11df-ac63-e0cb4e36a944} - F:\AutoRun.exe MountPoints2: {d2ca1f74-c428-11e0-b38b-e0cb4e36a944} - I:\uxkl0apt.bat MountPoints2: {f0a997d2-70f3-11e0-b1bc-e0cb4e36a944} - F:\AutoRun.exe MountPoints2: {f6fa9b30-923f-11e2-b9f5-e0cb4e36a944} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387475398&from=cor&uid=ST9250315AS_5VCCCKLSXXXX5VCCCKLS&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387475398&from=cor&uid=ST9250315AS_5VCCCKLSXXXX5VCCCKLS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387475398&from=cor&uid=ST9250315AS_5VCCCKLSXXXX5VCCCKLS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387475398&from=cor&uid=ST9250315AS_5VCCCKLSXXXX5VCCCKLS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: LinkSwift - {323420b6-65e5-4657-8106-a27392d4d4aa} - C:\Program Files\LinkSwift\LinkSwiftBHO.dll (LinkSwift) BHO: Lyrmix - {804efe7d-a8d7-4351-a6df-014d1ed7c6fc} - C:\Program Files\Lyrmix\133.dll () BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) BHO: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 FireFox: ======== FF ProfilePath: C:\Documents and Settings\L01\Dane aplikacji\Mozilla\Firefox\Profiles\jrzjcfem.default FF user.js: detected! => C:\Documents and Settings\L01\Dane aplikacji\Mozilla\Firefox\Profiles\jrzjcfem.default\user.js FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Documents and Settings\L01\Dane aplikacji\Mozilla\Firefox\Profiles\jrzjcfem.default\searchplugins\daemon-search.xml FF Extension: DAEMON Tools Toolbar - C:\Documents and Settings\L01\Dane aplikacji\Mozilla\Firefox\Profiles\jrzjcfem.default\Extensions\DTToolbar@toolbarnet.com [2010-05-04] FF Extension: Iplex to ALLPlayer - C:\Documents and Settings\L01\Dane aplikacji\Mozilla\Firefox\Profiles\jrzjcfem.default\Extensions\IplextoALL@ALLPlayer.org [2013-10-06] FF Extension: No Name - C:\Documents and Settings\L01\Dane aplikacji\Mozilla\Firefox\Profiles\jrzjcfem.default\Extensions\staged [2013-12-01] FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\L01\Dane aplikacji\Mozilla\Firefox\Profiles\jrzjcfem.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-12] FF Extension: uTorrentControl_v6 - C:\Documents and Settings\L01\Dane aplikacji\Mozilla\Firefox\Profiles\jrzjcfem.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2013-12-01] FF Extension: BonanzaDeals - C:\Documents and Settings\L01\Dane aplikacji\Mozilla\Firefox\Profiles\jrzjcfem.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} [2013-12-01] FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-06-22] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-10-01] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-10-01] FF HKCU\...\Firefox\Extensions: [{dde15e35-c9b3-4c30-b055-730c5f4a45d3}] - C:\Program Files\Lyrmix\133.xpi FF Extension: Lyrmix - C:\Program Files\Lyrmix\133.xpi [2013-10-29] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://aartemis.com/?type=sc&ts=1387475398&from=cor&uid=ST9250315AS_5VCCCKLSXXXX5VCCCKLS Chrome: ======= CHR HomePage: hxxp://www.google.pl/ CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Unity Player) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (BonanzaDealsLive Update) - C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () CHR Extension: (Ask Toolbar) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aaaailpifkkekipiachodfkfmgmiapmp [2013-12-19] CHR Extension: (YouTube) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-22] CHR Extension: (Adblock Plus) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-22] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-22] CHR Extension: (BonanzaDeals) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-12-01] CHR Extension: (WebSite Recommendation) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jopdpbolklklaiookikgmdinfbooiipj [2013-12-01] CHR Extension: (Lyrmix) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\kidmhllhjmmmnpbiaihafgchacpmokof [2013-10-29] CHR Extension: (Skype Extension) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-07] CHR Extension: (Google Wallet) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR Extension: (LinkSwift) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\odpccdgkmiicgocepijnaeihjnjnomca [2013-10-29] CHR Extension: (Gmail) - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-22] CHR HKLM\...\Chrome\Extension: [aaaailpifkkekipiachodfkfmgmiapmp] - C:\Documents and Settings\All Users\Dane aplikacji\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx [2014-01-06] CHR HKLM\...\Chrome\Extension: [kidmhllhjmmmnpbiaihafgchacpmokof] - C:\Program Files\Lyrmix\133.crx [2013-09-11] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-05-16] CHR HKLM\...\Chrome\Extension: [odpccdgkmiicgocepijnaeihjnjnomca] - C:\Program Files\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx [2013-10-17] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] (APN LLC.) S3 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] () S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-12-01] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-12-01] (BonanzaDeals) S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-09-15] (Sun Microsystems, Inc.) R2 LGScsiCommandService; C:\WINDOWS\system32\LGScsiCommandService.exe [47616 2010-04-12] (Mobile Leader Co.,Ltd.) R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [63168 2014-01-10] () R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2010-05-04] () R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [107832 2010-05-04] () R2 Update LinkSwift; C:\Program Files\LinkSwift\updateLinkSwift.exe [97056 2014-01-16] () R2 Util LinkSwift; C:\Program Files\LinkSwift\bin\utilLinkSwift.exe [97056 2014-01-16] () R2 Wpm; C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe [499856 2013-12-19] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1503840 2009-02-13] (Atheros Communications, Inc.) R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] () S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation) S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [6656 2008-04-07] (Generic) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [89856 2009-04-21] (ELAN Microelectronic Corp.) S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [5760 2007-08-24] () S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation) R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2009-09-03] (Padus, Inc.) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [16472 2010-04-09] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [11104 2010-04-09] () S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-04] () R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [61424 2008-05-15] (Cyberlink Corp.) U3 ah0ffe9b; C:\Windows\System32\Drivers\ah0ffe9b.sys [0 ] (Microsoft Corporation) S4 IntelIde; No ImagePath S3 massfilter; system32\drivers\massfilter.sys [x] S3 usbbus; system32\DRIVERS\lgusbbus.sys [x] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x] S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [x] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-18 18:57 - 2014-01-18 18:57 - 00000000 ____D C:\FRST 2014-01-18 18:50 - 2014-01-18 18:55 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1580818891-725345543-1003UA.job 2014-01-18 18:50 - 2014-01-18 18:55 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1580818891-725345543-1003Core.job 2014-01-18 14:25 - 2014-01-18 14:25 - 00050089 _____ C:\Documents and Settings\L01\Pulpit\łóżko.jpeg 2014-01-17 21:28 - 2014-01-17 21:28 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TemphQ3504.html 2014-01-15 19:58 - 2014-01-15 20:59 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempOW4020.html 2014-01-12 19:16 - 2014-01-12 19:17 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\Temphc2496.html 2014-01-11 20:54 - 2014-01-11 20:55 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\Temppa3572.html 2014-01-10 17:14 - 2014-01-10 18:03 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempTq3256.html 2014-01-07 22:33 - 2014-01-07 22:33 - 00000000 ____D C:\Documents and Settings\L01\Dane aplikacji\NapiProjekt 2014-01-06 14:23 - 2014-01-06 14:23 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TemphQ2572.html 2014-01-05 15:05 - 2014-01-05 15:44 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempjQ3892.html 2014-01-04 19:05 - 2014-01-04 20:12 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempcP2116.html 2014-01-02 15:09 - 2014-01-02 15:10 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempNp3948.html 2014-01-01 21:24 - 2014-01-01 22:17 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempPrP192.html 2013-12-31 16:45 - 2014-01-03 18:15 - 00000005 _____ C:\Documents and Settings\NetworkService\Dane aplikacji\WBPU-Q5-TTL.DAT 2013-12-29 17:23 - 2013-12-29 18:46 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\Tempdj2788.html 2013-12-27 21:04 - 2013-12-27 21:05 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempmP3888.html 2013-12-26 20:33 - 2014-01-18 18:47 - 00000000 ____D C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\ChomikBox 2013-12-26 20:33 - 2013-12-26 20:33 - 00000000 ____D C:\Program Files\ChomikBox 2013-12-26 20:33 - 2013-12-26 20:33 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Chomikuj.pl 2013-12-25 01:07 - 2013-12-25 01:08 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempVs3284.html 2013-12-23 21:51 - 2013-12-23 21:52 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempRB3804.html 2013-12-20 21:37 - 2013-12-20 21:38 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempBs1456.html 2013-12-19 20:57 - 2013-12-19 21:26 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\Tempsm2180.html 2013-12-19 18:52 - 2014-01-06 22:33 - 00000000 ____D C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\VNT 2013-12-19 18:52 - 2014-01-06 17:46 - 00000000 ____D C:\Program Files\VNT 2013-12-19 18:52 - 2013-12-20 20:19 - 00000000 ____D C:\Documents and Settings\L01\Dane aplikacji\Nico Mak Computing 2013-12-19 18:52 - 2013-12-19 18:52 - 00000000 ____D C:\Program Files\AskPartnerNetwork 2013-12-19 18:52 - 2013-12-19 18:52 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\YTD Video Downloader 2013-12-19 18:52 - 2013-12-19 18:52 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AskPartnerNetwork 2013-12-19 18:52 - 2013-12-19 18:52 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\APN 2013-12-19 18:50 - 2013-12-20 20:12 - 00000000 ____D C:\Documents and Settings\L01\Dane aplikacji\aartemis 2013-12-19 18:50 - 2013-12-19 18:52 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\YTD Video Downloader 2013-12-19 18:50 - 2013-12-19 18:50 - 00000000 ____D C:\Program Files\GreenTree Applications 2013-12-19 18:50 - 2013-12-19 18:50 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\WPM ==================== One Month Modified Files and Folders ======= 2014-01-18 20:08 - 2011-12-10 11:34 - 00000000 ____D C:\Documents and Settings\L01\Pulpit\Moje ściągnięte pliki 2014-01-18 20:01 - 2013-09-29 18:01 - 00000422 _____ C:\WINDOWS\Tasks\At1.job 2014-01-18 19:51 - 2013-12-01 18:46 - 00000908 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2014-01-18 19:25 - 2009-09-03 19:51 - 00000000 ____D C:\Documents and Settings\L01\Pulpit 2014-01-18 19:10 - 2011-04-01 19:22 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1580818891-725345543-1003UA.job 2014-01-18 18:57 - 2014-01-18 18:57 - 00000000 ____D C:\FRST 2014-01-18 18:55 - 2014-01-18 18:50 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1580818891-725345543-1003UA.job 2014-01-18 18:55 - 2014-01-18 18:50 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1580818891-725345543-1003Core.job 2014-01-18 18:55 - 2009-09-03 19:50 - 00032586 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-18 18:51 - 2013-12-01 18:46 - 00000904 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2014-01-18 18:51 - 2009-09-03 19:51 - 00000000 ___HD C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji 2014-01-18 18:49 - 2013-09-07 20:15 - 00000000 ____D C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Facebook 2014-01-18 18:47 - 2013-12-26 20:33 - 00000000 ____D C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\ChomikBox 2014-01-18 18:47 - 2010-07-21 17:16 - 00000000 ____D C:\Documents and Settings\L01\.gstreamer-0.10 2014-01-18 18:46 - 2013-12-10 22:04 - 00000000 ____D C:\Documents and Settings\L01\Dane aplikacji\newnext.me 2014-01-18 18:46 - 2013-10-29 23:36 - 00000334 _____ C:\WINDOWS\Tasks\Lyrmix Update.job 2014-01-18 18:46 - 2013-09-29 18:04 - 00000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2014-01-18 18:46 - 2009-09-03 21:41 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-18 18:46 - 2009-09-03 21:41 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-18 18:46 - 2009-04-15 20:42 - 00229048 _____ C:\WINDOWS\system32\NvApps.xml 2014-01-18 18:46 - 2003-04-16 11:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-18 18:45 - 2012-12-30 16:00 - 00764805 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-18 18:45 - 2009-09-03 19:51 - 00000292 ___SH C:\Documents and Settings\L01\ntuser.ini 2014-01-18 18:45 - 2009-09-03 19:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-18 18:44 - 2010-03-25 20:17 - 00000000 ____D C:\WINDOWS\Minidump 2014-01-18 18:44 - 2010-02-18 11:24 - 00000000 ____D C:\Documents and Settings\L01\Dane aplikacji\Media Player Classic 2014-01-18 18:44 - 2009-09-03 19:51 - 00000000 ____D C:\Documents and Settings\L01 2014-01-18 18:34 - 2009-09-03 21:37 - 00000211 ___SH C:\boot.ini 2014-01-18 18:34 - 2003-04-16 11:00 - 00000573 _____ C:\WINDOWS\win.ini 2014-01-18 18:34 - 2003-04-16 11:00 - 00000227 _____ C:\WINDOWS\system.ini 2014-01-18 17:39 - 2010-08-21 08:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959426$ 2014-01-18 14:25 - 2014-01-18 14:25 - 00050089 _____ C:\Documents and Settings\L01\Pulpit\łóżko.jpeg 2014-01-18 12:14 - 2009-09-03 21:13 - 00000069 _____ C:\WINDOWS\NeroDigital.ini 2014-01-18 09:10 - 2011-04-01 19:22 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1580818891-725345543-1003Core.job 2014-01-18 00:01 - 2013-09-30 19:01 - 00000110 _____ C:\Documents and Settings\NetworkService\Dane aplikacji\WB.CFG 2014-01-18 00:01 - 2013-09-30 19:01 - 00000005 _____ C:\Documents and Settings\NetworkService\Dane aplikacji\WBPU-TTL.DAT 2014-01-17 21:28 - 2014-01-17 21:28 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TemphQ3504.html 2014-01-17 21:28 - 2009-09-03 19:51 - 00000000 ___HD C:\Documents and Settings\L01\Ustawienia lokalne 2014-01-17 13:31 - 2010-02-18 11:30 - 00013824 _____ C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-15 20:59 - 2014-01-15 19:58 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempOW4020.html 2014-01-13 15:41 - 2013-12-01 18:46 - 00000000 ____D C:\Documents and Settings\L01\Dane aplikacji\uTorrent 2014-01-13 09:05 - 2009-09-03 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2014-01-12 19:17 - 2014-01-12 19:16 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\Temphc2496.html 2014-01-12 14:21 - 2013-12-10 22:04 - 00000000 ____D C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\genienext 2014-01-12 14:21 - 2013-12-01 18:45 - 00000000 ____D C:\Program Files\Mobogenie 2014-01-12 14:21 - 2013-12-01 18:45 - 00000000 ____D C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\Mobogenie 2014-01-12 14:21 - 2010-08-16 21:02 - 00000000 ____D C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\cache 2014-01-12 14:15 - 2011-01-16 16:38 - 00072704 ___SH C:\Documents and Settings\L01\Pulpit\Thumbs.db 2014-01-11 20:55 - 2014-01-11 20:54 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\Temppa3572.html 2014-01-10 18:03 - 2014-01-10 17:14 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempTq3256.html 2014-01-09 20:05 - 2013-12-01 18:45 - 00003934 _____ C:\Documents and Settings\L01\daemonprocess.txt 2014-01-09 11:53 - 2013-10-06 17:51 - 00000000 ____D C:\Documents and Settings\L01\Pulpit\Wetlina 6.10.2013 2014-01-07 22:33 - 2014-01-07 22:33 - 00000000 ____D C:\Documents and Settings\L01\Dane aplikacji\NapiProjekt 2014-01-07 22:33 - 2009-09-03 19:51 - 00000000 __RHD C:\Documents and Settings\L01\Dane aplikacji 2014-01-06 22:33 - 2013-12-19 18:52 - 00000000 ____D C:\Documents and Settings\L01\Ustawienia lokalne\Dane aplikacji\VNT 2014-01-06 17:46 - 2013-12-19 18:52 - 00000000 ____D C:\Program Files\VNT 2014-01-06 14:23 - 2014-01-06 14:23 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TemphQ2572.html 2014-01-05 18:00 - 2013-11-17 19:37 - 00000000 ___RD C:\Documents and Settings\L01\Pulpit\[TORRENTCITY.PL] The.Call.2013.PL-BIDA [AgusiQ] 2014-01-05 18:00 - 2013-11-13 21:22 - 00000000 ___RD C:\Documents and Settings\L01\Pulpit\W interesie narodu.2012.PL [AgusiQ] 2014-01-05 18:00 - 2013-11-01 23:20 - 00000000 ____D C:\Documents and Settings\L01\Pulpit\Jedzenie ma znaczenie 2014-01-05 18:00 - 2013-11-01 20:53 - 00000000 ____D C:\Documents and Settings\L01\Pulpit\Cud Terapii Gersona 2014-01-05 15:44 - 2014-01-05 15:05 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempjQ3892.html 2014-01-04 20:12 - 2014-01-04 19:05 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempcP2116.html 2014-01-03 18:15 - 2013-12-31 16:45 - 00000005 _____ C:\Documents and Settings\NetworkService\Dane aplikacji\WBPU-Q5-TTL.DAT 2014-01-02 15:10 - 2014-01-02 15:09 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempNp3948.html 2014-01-01 22:17 - 2014-01-01 21:24 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempPrP192.html 2013-12-29 18:46 - 2013-12-29 17:23 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\Tempdj2788.html 2013-12-28 14:32 - 2012-06-27 16:04 - 00033792 ____H C:\Documents and Settings\L01\Pulpit\photothumb.db 2013-12-27 21:05 - 2013-12-27 21:04 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempmP3888.html 2013-12-26 20:33 - 2013-12-26 20:33 - 00000000 ____D C:\Program Files\ChomikBox 2013-12-26 20:33 - 2013-12-26 20:33 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Chomikuj.pl 2013-12-26 20:33 - 2009-09-03 21:38 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2013-12-25 01:08 - 2013-12-25 01:07 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempVs3284.html 2013-12-23 21:52 - 2013-12-23 21:51 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempRB3804.html 2013-12-20 21:38 - 2013-12-20 21:37 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\TempBs1456.html 2013-12-20 20:19 - 2013-12-19 18:52 - 00000000 ____D C:\Documents and Settings\L01\Dane aplikacji\Nico Mak Computing 2013-12-20 20:12 - 2013-12-19 18:50 - 00000000 ____D C:\Documents and Settings\L01\Dane aplikacji\aartemis 2013-12-20 20:12 - 2011-04-01 19:50 - 00002286 _____ C:\Documents and Settings\L01\Pulpit\internet.lnk 2013-12-20 20:12 - 2009-09-03 20:15 - 00001602 _____ C:\Documents and Settings\L01\Pulpit\Mozilla Firefox.lnk 2013-12-20 20:12 - 2009-09-03 19:51 - 00000767 _____ C:\Documents and Settings\L01\Menu Start\Programy\Internet Explorer.lnk 2013-12-19 21:26 - 2013-12-19 20:57 - 00002432 _____ C:\Documents and Settings\L01\Ustawienia lokalne\Tempsm2180.html 2013-12-19 20:55 - 2009-09-03 19:51 - 00000000 ___RD C:\Documents and Settings\L01\Moje dokumenty 2013-12-19 20:53 - 2010-10-31 21:21 - 00000000 ____D C:\Program Files\LG Electronics 2013-12-19 20:53 - 2009-09-03 20:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-12-19 18:52 - 2013-12-19 18:52 - 00000000 ____D C:\Program Files\AskPartnerNetwork 2013-12-19 18:52 - 2013-12-19 18:52 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\YTD Video Downloader 2013-12-19 18:52 - 2013-12-19 18:52 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AskPartnerNetwork 2013-12-19 18:52 - 2013-12-19 18:52 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\APN 2013-12-19 18:52 - 2013-12-19 18:50 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\YTD Video Downloader 2013-12-19 18:52 - 2009-09-03 21:38 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2013-12-19 18:50 - 2013-12-19 18:50 - 00000000 ____D C:\Program Files\GreenTree Applications 2013-12-19 18:50 - 2013-12-19 18:50 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\WPM Files to move or delete: ==================== C:\Documents and Settings\L01\jagex_runescape_preferences.dat C:\Windows\Tasks\At1.job ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-03 22:44] - [2004-08-03 22:44] - 1033728 ____A (Microsoft Corporation) 379098a96e6c165b659de7e4328010ea C:\Windows\System32\winlogon.exe [2004-08-03 22:44] - [2004-08-03 22:44] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0 C:\Windows\System32\svchost.exe [2004-08-03 22:44] - [2004-08-03 22:44] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e C:\Windows\System32\services.exe [2004-08-03 22:44] - [2009-02-09 11:10] - 0111104 ____A (Microsoft Corporation) ed4e5391100287b9eabf8f2cf4b42235 C:\Windows\System32\User32.dll [2004-08-03 22:44] - [2004-08-03 22:44] - 0578560 ____A (Microsoft Corporation) 0c81764f50f32d376e6e4b9e9f4b01a0 C:\Windows\System32\userinit.exe [2004-08-03 22:44] - [2004-08-03 22:44] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396 C:\Windows\System32\rpcss.dll [2004-08-03 22:44] - [2009-02-09 11:22] - 0399360 ____A (Microsoft Corporation) b5d78596effbeb82f3b86d9a002538e1 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2004-08-03 22:36] - [2004-08-03 22:36] - 0052864 ____A (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36 ==================== End Of Log ============================