Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 Ran by Andrzej Dratwa (administrator) on DEMEX-1 on 26-02-2014 11:03:38 Running from C:\Documents and Settings\Andrzej Dratwa\Moje dokumenty\Downloads Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe () C:\Program Files\PLAY ONLINE\UIExec.exe (Hewlett-Packard) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe () C:\Program Files\SocialSafe\SocialSafe files\native-helpers\SocialSafe.Helper.exe () C:\Program Files\DvrTimeServer\DvrTimeSvr.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files\PLAY ONLINE\AssistantServices.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [UIExec] - C:\Program Files\PLAY ONLINE\UIExec.exe [132608 2009-05-16] () HKLM\...\Run: [] - [X] HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1618488 2013-10-31] (Bitdefender) HKU\S-1-5-21-1547161642-484763869-1801674531-1004\...\Run: [SocialSafe.Helper] - C:\Program Files\SocialSafe\SocialSafe files\native-helpers\SocialSafe.Helper.exe [439616 2014-02-05] () HKU\S-1-5-21-1547161642-484763869-1801674531-1004\...\MountPoints2: {07b62355-fe57-11e1-86d4-001fd01ad94b} - F:\Startme.exe HKU\S-1-5-21-1547161642-484763869-1801674531-1004\...\MountPoints2: {60bf5b7d-d4b5-11e0-856d-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MWriOy.exE HKU\S-1-5-21-1547161642-484763869-1801674531-1004\...\MountPoints2: {8b2049a8-4282-11e1-85fc-001fd01ad94b} - F:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-1547161642-484763869-1801674531-1004\...\MountPoints2: {b7420bf4-21b1-11e1-85d6-001fd01ad94b} - F:\AutoRun.exe HKU\S-1-5-21-1547161642-484763869-1801674531-1004\...\MountPoints2: {b7420bf7-21b1-11e1-85d6-001fd01ad94b} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {7282BAC3-5ADC-4F9F-BB90-D3C4763B05B8} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/components/SignActivXPEKAO.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Andrzej Dratwa\Dane aplikacji\Mozilla\Firefox\Profiles\fsis0ukt.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Extension: PEKAO S.A. Sign Plugin - C:\Documents and Settings\Andrzej Dratwa\Dane aplikacji\Mozilla\Firefox\Profiles\fsis0ukt.default\Extensions\SignPlugin@pekao.pl [2012-12-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-10-21] Chrome: ======= CHR HomePage: CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll () CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation) CHR Extension: (Dysk Google) - C:\Documents and Settings\Andrzej Dratwa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-09] CHR Extension: (YouTube) - C:\Documents and Settings\Andrzej Dratwa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-09] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Andrzej Dratwa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-09] CHR Extension: (Google Wallet) - C:\Documents and Settings\Andrzej Dratwa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Documents and Settings\Andrzej Dratwa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-09] ========================== Services (Whitelisted) ================= S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-10-31] (Bitdefender) R2 DvrTimeServer; C:\Program Files\DvrTimeServer\DvrTimeSvr.exe [49152 2008-08-06] () R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-06-26] (Oracle Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) R2 MSSQL$BIZNESMENPRO; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation) R2 MSSQL$WHOKNA4; C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-08-15] (Puran Software) S4 SQLAgent$WHOKNA4; C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation) R2 UI Assistant Service; C:\Program Files\PLAY ONLINE\AssistantServices.exe [241664 2009-05-16] () R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-10-31] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-10-31] (Bitdefender) ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-09-05] (Cisco Systems, Inc.) R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [640560 2013-10-31] (BitDefender) R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender) R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [490144 2013-10-31] (BitDefender) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-05-21] (AVG Technologies) R3 Bdfndisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [116560 2013-10-31] (BitDefender LLC) R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC) S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [66832 2013-10-31] (BitDefender SRL) R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [135600 2013-10-31] (BitDefender LLC) S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2011-08-29] (Windows (R) 2000 DDK provider) R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [165744 2013-10-31] (BitDefender LLC) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-30] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-30] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-30] (HP) S4 RsFx0150; C:\WINDOWS\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [360376 2013-10-31] (BitDefender S.R.L.) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S4 IntelIde; No ImagePath S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X] S1 trjjvtvo; \??\C:\WINDOWS\system32\drivers\trjjvtvo.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-26 11:02 - 2014-02-26 11:03 - 00000000 ____D () C:\FRST 2014-02-25 17:46 - 2014-02-25 19:03 - 00000000 ____D () C:\Program Files\Puran Defrag 2014-02-25 17:46 - 2014-02-25 17:46 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Puran Defrag 2014-02-25 17:46 - 2013-08-15 16:39 - 01136512 _____ (Puran Software) C:\WINDOWS\system32\PuranFD.exe 2014-02-25 17:46 - 2013-08-15 16:39 - 00260992 _____ (Puran Software) C:\WINDOWS\system32\PuranDefragS.exe 2014-02-25 17:46 - 2013-08-15 16:39 - 00257408 _____ (Puran Software) C:\WINDOWS\system32\PuranDC.exe 2014-02-25 17:46 - 2013-08-15 16:39 - 00219520 _____ (Puran Software) C:\WINDOWS\system32\PuranDefrag.dll 2014-02-25 17:46 - 2013-08-15 16:39 - 00109952 _____ (Puran Software) C:\WINDOWS\system32\PuranDefragBT.exe 2014-02-22 10:46 - 2014-02-22 10:46 - 00000849 _____ () C:\Documents and Settings\Andrzej Dratwa\Pulpit\µTorrent.lnk 2014-02-22 10:46 - 2014-02-22 10:46 - 00000849 _____ () C:\Documents and Settings\Andrzej Dratwa\Menu Start\µTorrent.lnk 2014-02-17 15:20 - 2014-02-17 15:20 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf2beb63e54534.job 2014-02-11 15:28 - 2014-02-11 15:37 - 00000000 ____D () C:\Program Files\DvrPlayer 2014-02-11 15:28 - 2014-02-11 15:28 - 00001564 _____ () C:\Documents and Settings\Andrzej Dratwa\Pulpit\DvrPlayer.lnk 2014-02-11 15:28 - 2014-02-11 15:28 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Menu Start\Programy\DvrPlayer 2014-02-11 15:24 - 2014-02-11 15:24 - 00000000 ____D () C:\Program Files\DvrTimeServer 2014-02-11 15:24 - 2014-02-11 15:24 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Menu Start\Programy\DVR TIME SYNC 2014-02-11 15:23 - 2014-02-11 15:23 - 00000000 ____D () C:\Program Files\HDD Calculator 2014-02-11 15:23 - 2014-02-11 15:23 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Menu Start\Programy\HDD Calculator 2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Program Files\CMS Lite 2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Menu Start\Programy\CMS Lite 2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\CMS Lite 2014-02-08 12:31 - 2014-02-08 12:31 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-02-08 12:30 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2014-02-08 12:30 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2014-02-08 12:30 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2014-02-08 12:30 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2014-02-08 12:29 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2014-02-08 12:24 - 2014-02-26 11:03 - 07280729 _____ () C:\Documents and Settings\Andrzej Dratwa\Ustawienia lokalne\Dane aplikacji\SocialSafe-Helper.log 2014-02-08 12:23 - 2014-02-08 12:23 - 00001783 _____ () C:\Documents and Settings\Andrzej Dratwa\Pulpit\SocialSafe.lnk 2014-02-08 12:23 - 2014-02-08 12:23 - 00000000 ____D () C:\Program Files\SocialSafe 2014-02-08 12:23 - 2014-02-08 12:23 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Dane aplikacji\com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1 2014-02-08 12:23 - 2014-02-08 12:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\SocialSafe ==================== One Month Modified Files and Folders ======= 2014-02-26 11:03 - 2014-02-26 11:02 - 00000000 ____D () C:\FRST 2014-02-26 11:03 - 2014-02-08 12:24 - 07280729 _____ () C:\Documents and Settings\Andrzej Dratwa\Ustawienia lokalne\Dane aplikacji\SocialSafe-Helper.log 2014-02-26 10:40 - 2013-08-14 10:18 - 00000000 ____D () C:\AdwCleaner 2014-02-26 10:40 - 2012-09-03 15:55 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Dane aplikacji\uTorrent 2014-02-26 10:07 - 2011-08-29 14:37 - 00000240 _____ () C:\WINDOWS\wiadebug.log 2014-02-26 09:58 - 2011-08-29 12:45 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Pulpit 2014-02-26 09:49 - 2013-06-11 10:03 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Pulpit\PolskiDea439_ 2014-02-26 09:24 - 2011-08-29 14:37 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-02-26 09:23 - 2008-04-15 13:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl 2014-02-25 19:03 - 2014-02-25 17:46 - 00000000 ____D () C:\Program Files\Puran Defrag 2014-02-25 19:03 - 2011-08-29 12:45 - 00000188 ___SH () C:\Documents and Settings\Andrzej Dratwa\ntuser.ini 2014-02-25 19:03 - 2011-08-29 12:42 - 01582730 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-25 17:46 - 2014-02-25 17:46 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Puran Defrag 2014-02-25 17:46 - 2013-03-20 12:12 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Moje dokumenty\Pobieranie 2014-02-25 17:46 - 2011-08-29 14:34 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-02-25 17:30 - 2011-08-29 14:34 - 00184558 _____ () C:\WINDOWS\setupact.log 2014-02-24 16:38 - 2011-08-29 12:45 - 00000000 ___RD () C:\Documents and Settings\Andrzej Dratwa\Moje dokumenty 2014-02-24 09:33 - 2012-10-30 11:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-22 10:50 - 2013-12-20 12:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-22 10:46 - 2014-02-22 10:46 - 00000849 _____ () C:\Documents and Settings\Andrzej Dratwa\Pulpit\µTorrent.lnk 2014-02-22 10:46 - 2014-02-22 10:46 - 00000849 _____ () C:\Documents and Settings\Andrzej Dratwa\Menu Start\µTorrent.lnk 2014-02-22 10:46 - 2011-08-29 12:45 - 00000000 ___RD () C:\Documents and Settings\Andrzej Dratwa\Menu Start 2014-02-19 17:46 - 2012-09-25 14:16 - 00000000 ____D () C:\Program Files\BiznesmenPRO 2014-02-17 15:20 - 2014-02-17 15:20 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf2beb63e54534.job 2014-02-13 16:38 - 2012-08-28 10:11 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Pulpit\dokumenty OKAN 2014-02-11 15:37 - 2014-02-11 15:28 - 00000000 ____D () C:\Program Files\DvrPlayer 2014-02-11 15:28 - 2014-02-11 15:28 - 00001564 _____ () C:\Documents and Settings\Andrzej Dratwa\Pulpit\DvrPlayer.lnk 2014-02-11 15:28 - 2014-02-11 15:28 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Menu Start\Programy\DvrPlayer 2014-02-11 15:28 - 2011-08-29 12:45 - 00000000 ___RD () C:\Documents and Settings\Andrzej Dratwa\Menu Start\Programy 2014-02-11 15:24 - 2014-02-11 15:24 - 00000000 ____D () C:\Program Files\DvrTimeServer 2014-02-11 15:24 - 2014-02-11 15:24 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Menu Start\Programy\DVR TIME SYNC 2014-02-11 15:23 - 2014-02-11 15:23 - 00000000 ____D () C:\Program Files\HDD Calculator 2014-02-11 15:23 - 2014-02-11 15:23 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Menu Start\Programy\HDD Calculator 2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Program Files\CMS Lite 2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Menu Start\Programy\CMS Lite 2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\CMS Lite 2014-02-11 15:14 - 2011-08-29 14:34 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-02-08 12:31 - 2014-02-08 12:31 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-02-08 12:30 - 2012-05-17 10:58 - 00285264 _____ () C:\WINDOWS\setupapi.log 2014-02-08 12:30 - 2011-08-29 12:41 - 00000000 ____D () C:\WINDOWS\system32\DirectX 2014-02-08 12:24 - 2011-08-29 12:45 - 00000000 ___HD () C:\Documents and Settings\Andrzej Dratwa\Ustawienia lokalne\Dane aplikacji 2014-02-08 12:23 - 2014-02-08 12:23 - 00001783 _____ () C:\Documents and Settings\Andrzej Dratwa\Pulpit\SocialSafe.lnk 2014-02-08 12:23 - 2014-02-08 12:23 - 00000000 ____D () C:\Program Files\SocialSafe 2014-02-08 12:23 - 2014-02-08 12:23 - 00000000 ____D () C:\Documents and Settings\Andrzej Dratwa\Dane aplikacji\com.1minus1.socialsafe.D675411CF670AA3EFAC13BDD847989BEDE2115E2.1 2014-02-08 12:23 - 2014-02-08 12:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\SocialSafe 2014-02-08 12:23 - 2011-08-29 12:45 - 00000000 __RHD () C:\Documents and Settings\Andrzej Dratwa\Dane aplikacji 2014-02-03 16:08 - 2011-08-29 12:45 - 00000000 ___RD () C:\Documents and Settings\Andrzej Dratwa\Moje dokumenty\Moje obrazy 2014-02-03 12:29 - 2011-08-29 12:45 - 00000000 ___RD () C:\Documents and Settings\Andrzej Dratwa\Ulubione Some content of TEMP: ==================== C:\Documents and Settings\Andrzej Dratwa\Ustawienia lokalne\Temp\utt176.tmp.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____N (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ___AC (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================