Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014 Ran by xxx (administrator) on MS-D on 04-02-2014 01:19:50 Running from F:\ Microsoft Windows XP Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ATTENTION: If processes are not listed WMI should be repaired. ==================== Processes (Whitelisted) =================== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.) HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [159744 2007-05-07] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [WOOWATCH] - C:\Program Files\Neostrada TP\Watch.exe [20480 2003-10-16] (France Télécom R&D) HKLM\...\Run: [WOOTASKBARICON] - C:\Program Files\Neostrada TP\TaskBarIcon.exe [53248 2003-10-16] (France Télécom R&D) HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2004-02-12] (Hewlett-Packard Company) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [159744 2004-08-03] (Microsoft Corporation) HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\Program Files\NbrCLiBd\xtqqeeyo.exe Winlogon\Notify\Antiwpa: C:\WINDOWS\system32\antiwpa.dll () Winlogon\Notify\WgaLogon: WgaLogon.dll [X] HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [376912 2003-09-01] (Microsoft Corporation) HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\Run: [ctfmon.exe] - C:\DOCUME~1\ALLUSE~1\DANEAP~1\rundll32.exe c:\docume~1\alluse~1\daneap~1\lwigto.dat,FG00 <===== ATTENTION HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000 HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\MountPoints2: D - D:\setupSNK.exe HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\MountPoints2: {13d27d98-63db-11e1-bf47-001a73ae4b01} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-7-8-46-4257740867-8547071284-227317622-6721\ynjBNQlN.exe HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\MountPoints2: {41d29baa-26b8-11e3-8048-001a73ae4b01} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-0-6-62-1205103830-1076225053-361133240-1517\DwVpOxJM.exe HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\MountPoints2: {5136b8ef-f1f0-11dd-b5ce-001a73ae4b01} - pook.com HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\MountPoints2: {7d90cf2d-ac41-11de-b796-001a73ae4b01} - F:\m9ma.exe HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\MountPoints2: {899376fa-52ab-11e3-805d-001a73ae4b01} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-2-4-10-1886805623-4401758574-752238163-2365\vDMTctxL.exe HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\MountPoints2: {8a54db9e-3d50-11e2-bfe0-001a73ae4b01} - H:\iStudio.exe HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\MountPoints2: {9a37a206-f164-11dd-b5cb-001a73ae4b01} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com j: HKU\S-1-5-21-1644491937-2147091713-839522115-1004\...\MountPoints2: {ca7787d6-05b1-11de-b607-001a73ae4b01} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KapEF.exe Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\xtqqeeyo.exe (Avira GmbH) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\svchost.exe () Startup: C:\Documents and Settings\xxx\Menu Start\Programy\Autostart\msconfig.lnk ShortcutTarget: msconfig.lnk -> C:\Documents and Settings\All Users\Dane aplikacji\lwigto.dat () Startup: C:\Documents and Settings\xxx\Menu Start\Programy\Autostart\xtqqeeyo.exe (Avira GmbH) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=APN10260&gct=hp&apn_ptnrs=^AGR&apn_dtid=^YYYYYY^YY^PL&p2=^AGR^YYYYYY^YY^PL&tpid=ARS3&apn_dbr=ff_20.0&apn_uid=E0C4FB24-43BA-4CD7-ABEB-E96A0F0934A0&itbv=11.8.1.222&doi=2013-04-06 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.) URLSearchHook: HKCU - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll () URLSearchHook: HKCU - ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.) SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://asksearch.ask.com/redirect?client=ie&src=crm&tb=ARS3&itbv=11.8.1.222&o=APN10260&locale=en_US&apn_uid=E0C4FB24-43BA-4CD7-ABEB-E96A0F0934A0&apn_ptnrs=^AGR&apn_dtid=^YYYYYY^YY^PL&apn_dbr=ff_20.0&doi=2013-04-06&q={searchTerms}& SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://asksearch.ask.com/redirect?client=ie&src=crm&tb=ARS3&itbv=11.8.1.222&o=APN10260&locale=en_US&apn_uid=E0C4FB24-43BA-4CD7-ABEB-E96A0F0934A0&apn_ptnrs=^AGR&apn_dtid=^YYYYYY^YY^PL&apn_dbr=ff_20.0&doi=2013-04-06&q={searchTerms}& SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1708250 BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC) BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) BHO: Ask Toolbar - {41525333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ARS3\Passport.dll (APN LLC.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC) Toolbar: HKLM - My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) Toolbar: HKLM - ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.) Toolbar: HKLM - Ask Toolbar - {41525333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ARS3\Passport.dll (APN LLC.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Winamp Toolbar - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC) Toolbar: HKCU - ToggleEN Toolbar - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) Toolbar: HKCU - Ask Toolbar - {41525333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ARS3\Passport.dll (APN LLC.) DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) Winsock: Catalog5 04 c:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\1ltcdqd0.default FF DefaultSearchEngine: Ask Search FF SearchEngineOrder.1: Ask Search FF SelectedSearchEngine: Ask Search FF Homepage: hxxp://www.search.ask.com/?p2=%5EAGR%5EYYYYYY%5EYY%5EPL&gct=hp&o=APN10260&apn_ptnrs=%5EAGR&apn_dtid=%5EYYYYYY%5EYY%5EPL&tpid=ARS3&apn_dbr=ff_20.0&trgb=&apn_uid=E0C4FB24-43BA-4CD7-ABEB-E96A0F0934A0&itbv=11.8.1.222&doi=2013-04-06&psv= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @macromedia.com/FlashPlayer10 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin HKCU: @macromedia.com/FlashPlayer10 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPMyGlSh.dll (My Global Search) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\1ltcdqd0.default\searchplugins\ask-search.xml FF SearchPlugin: C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\1ltcdqd0.default\searchplugins\conduit.xml FF Extension: Conduit Engine - C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\1ltcdqd0.default\Extensions\engine@conduit.com [2011-05-14] FF Extension: ToggleEN - C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\1ltcdqd0.default\Extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b} [2013-12-30] FF Extension: Free Lunch Design Toolbar - C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\1ltcdqd0.default\Extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2011-01-06] FF Extension: Ask Toolbar - C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\1ltcdqd0.default\Extensions\toolbar_ARS3@apn.ask.com.xpi [2013-08-23] FF Extension: FoxTab - C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\1ltcdqd0.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2011-05-12] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-05-30] ========================== Services (Whitelisted) ================= S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-05] (APN LLC.) R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-07-17] (Sun Microsystems, Inc.) S4 KMService; C:\WINDOWS\system32\srvany.exe [8192 2012-09-20] () S4 winmgmt; C:\Documents and Settings\All Users\Dane aplikacji\lwigto.dat [131072 2013-04-02] () ==================== Drivers (Whitelisted) ==================== R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2009-02-05] (Oak Technology Inc.) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2012-02-29] (Broadcom Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-21] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-21] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-21] (HP) R1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [51744 2003-09-06] (Protection Technology) R0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [62656 2003-09-06] (Protection Technology) R0 prosync1; C:\WINDOWS\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) R0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-09-06] (Protection Technology) S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [104064 2003-09-01] (Microsoft Corporation) U1 eabfiltr; S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation) S1 sfvpxojw; \??\C:\WINDOWS\system32\drivers\sfvpxojw.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-04 01:19 - 2014-02-04 01:19 - 00000000 ____D () C:\FRST 2014-02-04 00:15 - 2014-02-04 00:15 - 00000718 _____ () C:\WINDOWS\setupapi.log 2014-02-04 00:02 - 2014-02-04 00:55 - 00003133 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-03 23:55 - 2014-02-03 23:55 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-03 23:55 - 2014-02-03 23:55 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-02-03 23:42 - 2014-02-03 23:42 - 00000000 _____ () C:\Documents and Settings\xxx\Pulpit\Nowy Dokument tekstowy.txt 2014-02-03 19:06 - 2014-02-03 19:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla 2014-02-03 19:06 - 2014-02-03 19:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla 2014-02-03 18:33 - 2014-02-03 23:15 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-02-03 18:33 - 2014-02-03 18:33 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2014-02-03 18:33 - 2014-02-03 18:33 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-02-03 18:33 - 2014-02-03 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-02-03 18:33 - 2007-10-26 20:09 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2014-02-03 18:33 - 2007-10-26 20:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start 2014-02-03 18:33 - 2007-10-26 20:09 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-02-03 18:33 - 2007-10-26 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione 2014-02-03 18:33 - 2007-10-26 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-02-03 18:33 - 2007-10-26 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty 2014-02-03 18:33 - 2007-10-26 19:26 - 00001599 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk 2014-02-03 18:33 - 2007-10-26 19:26 - 00000792 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk 2014-02-03 18:33 - 2007-10-26 19:26 - 00000000 ___SD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-02-03 18:33 - 2007-10-26 19:26 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria 2014-02-03 18:33 - 2007-10-26 19:26 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2014-02-03 18:33 - 2007-10-26 19:23 - 00000000 ___HD () C:\Documents and Settings\Administrator\Szablony 2014-02-02 22:46 - 2014-02-02 22:46 - 00000000 __SHD () C:\WINDOWS\CSC 2014-01-28 00:17 - 2007-08-24 10:03 - 00180224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll ==================== One Month Modified Files and Folders ======= 2014-02-04 01:19 - 2014-02-04 01:19 - 00000000 ____D () C:\FRST 2014-02-04 01:18 - 2013-04-02 18:21 - 95023320 ___CT () C:\Documents and Settings\All Users\Dane aplikacji\otgiwl.pad 2014-02-04 00:55 - 2014-02-04 00:02 - 00003133 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-04 00:55 - 2008-11-09 13:29 - 00000188 ___SH () C:\Documents and Settings\xxx\ntuser.ini 2014-02-04 00:54 - 2011-05-06 07:28 - 00000000 ____D () C:\Documents and Settings\xxx\Dane aplikacji\PriceGong 2014-02-04 00:41 - 2008-11-09 13:29 - 00000000 ___RD () C:\Documents and Settings\xxx\Menu Start\Programy\Autostart 2014-02-04 00:36 - 2010-01-21 21:35 - 00000000 ____D () C:\WINDOWS\pss 2014-02-04 00:36 - 2007-10-26 21:07 - 00000211 __RSH () C:\boot.ini 2014-02-04 00:36 - 2001-10-30 13:00 - 00000487 _____ () C:\WINDOWS\win.ini 2014-02-04 00:36 - 2001-10-30 13:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-02-04 00:30 - 2007-10-26 19:24 - 00000000 ____D () C:\WINDOWS\system32\Restore 2014-02-04 00:18 - 2007-10-27 09:54 - 00002549 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Excel.lnk 2014-02-04 00:15 - 2014-02-04 00:15 - 00000718 _____ () C:\WINDOWS\setupapi.log 2014-02-04 00:03 - 2007-10-26 20:08 - 01442832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-02-04 00:00 - 2012-11-28 08:53 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-02-03 23:57 - 2009-01-22 17:20 - 00000000 ____D () C:\Documents and Settings\xxx\Dane aplikacji\Media Player Classic 2014-02-03 23:57 - 2008-01-31 01:23 - 00000000 ____D () C:\Program Files\Winamp 2014-02-03 23:56 - 2008-11-09 13:29 - 00000000 ____D () C:\Documents and Settings\xxx 2014-02-03 23:56 - 2008-03-02 16:13 - 00000000 ____D () C:\WINDOWS\Minidump 2014-02-03 23:55 - 2014-02-03 23:55 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-03 23:55 - 2014-02-03 23:55 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-02-03 23:55 - 2007-10-26 20:09 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-02-03 23:42 - 2014-02-03 23:42 - 00000000 _____ () C:\Documents and Settings\xxx\Pulpit\Nowy Dokument tekstowy.txt 2014-02-03 23:42 - 2008-11-09 13:29 - 00000000 ____D () C:\Documents and Settings\xxx\Pulpit 2014-02-03 23:15 - 2014-02-03 18:33 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-02-03 22:03 - 2008-07-19 18:38 - 00000000 ____D () C:\Program Files\Neostrada TP 2014-02-03 19:06 - 2014-02-03 19:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla 2014-02-03 19:06 - 2014-02-03 19:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla 2014-02-03 18:33 - 2014-02-03 18:33 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2014-02-03 18:33 - 2014-02-03 18:33 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-02-03 18:33 - 2014-02-03 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-02-02 23:49 - 2007-10-26 19:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-02-02 22:46 - 2014-02-02 22:46 - 00000000 __SHD () C:\WINDOWS\CSC 2014-02-02 14:39 - 2001-10-30 13:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl 2014-01-31 16:39 - 2007-10-26 20:09 - 01025780 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-31 16:39 - 2001-10-30 13:00 - 00463910 _____ () C:\WINDOWS\system32\perfh015.dat 2014-01-31 16:39 - 2001-10-30 13:00 - 00081256 _____ () C:\WINDOWS\system32\perfc015.dat 2014-01-27 23:45 - 2010-02-11 19:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-01-14 18:52 - 2008-11-09 13:29 - 00000000 ___RD () C:\Documents and Settings\xxx\Moje dokumenty Files to move or delete: ==================== C:\Documents and Settings\xxx\duedue.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2002-09-20 18:05] - [2007-06-13 14:23] - 1034752 ____A (Microsoft Corporation) 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\winlogon.exe [2002-09-20 18:05] - [2004-08-03 23:44] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\svchost.exe [2001-10-30 13:00] - [2004-08-03 23:44] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\services.exe [2001-10-30 13:00] - [2009-02-09 11:10] - 0111104 ____A (Microsoft Corporation) ed4e5391100287b9eabf8f2cf4b42235 C:\WINDOWS\system32\User32.dll [2002-09-20 18:04] - [2007-03-08 16:38] - 0579072 ____A (Microsoft Corporation) a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\userinit.exe [2002-09-20 18:05] - [2004-08-03 23:44] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396 C:\WINDOWS\system32\rpcss.dll [2002-09-20 18:04] - [2009-02-09 11:22] - 0399360 ____A (Microsoft Corporation) b5d78596effbeb82f3b86d9a002538e1 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2001-10-30 13:00] - [2004-08-03 23:36] - 0052864 ___AC (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36 ==================== End Of Log ============================