Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014 Ran by Administrator (administrator) on XP on 15-04-2014 18:04:27 Running from C:\Documents and Settings\Administrator\Pulpit\scan Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Atheros) C:\WINDOWS\system32\acs.exe () C:\WINDOWS\system32\crypserv.exe () C:\Program Files\Sony\PlayMemories Home\dfs.exe (HP) C:\WINDOWS\system32\HPSIsvc.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Volkswagen AG) C:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) C:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) C:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) C:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) C:\ElsaWin\bin\LcSvrSaz.exe (ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ATK) C:\Program Files\ASUS\Splendid\ACMON.exe (Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (ASUSTeK) C:\WINDOWS\system32\ACEngSvr.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Volkswagen AG) C:\ElsaWin\bin\LcSvrAuf.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (GG Network S.A.) C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (GG Network S.A.) C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe (GG Network S.A.) C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe (GG Network S.A.) C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [53248 2006-06-08] (ASUSTeK Computer INC.) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [7561216 2006-04-27] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2006-04-27] (NVIDIA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [786521 2012-03-25] (Synaptics, Inc.) HKLM\...\Run: [ACMON] => C:\Program Files\ASUS\Splendid\ACMON.exe [811008 2006-05-30] (ATK) HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [376921 2007-05-03] (Atheros Communications, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [Power_Gear] => C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [90112 2006-07-26] (ASUSTeK Computer Inc.) HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-18] (Sony Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-31] (AVAST Software) HKU\S-1-5-21-776561741-573735546-1177238915-500\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-776561741-573735546-1177238915-500\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia) HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {0161464f-6439-11e3-b424-0022151f373e} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {10a0fa52-7838-11e1-85d2-0015af2dba26} - G:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {10a0fa55-7838-11e1-85d2-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {1c5855e0-326b-11e3-b400-0022151f373e} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {4eba1a0e-6354-11e3-b422-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {8334ca6d-7bda-11e1-85da-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {cf422aee-a92a-11e3-b448-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {cf422af0-a92a-11e3-b448-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {cf422b00-a92a-11e3-b448-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {cf422b02-a92a-11e3-b448-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {cf422b05-a92a-11e3-b448-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {cf422b07-a92a-11e3-b448-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {d19610fa-124b-11e2-863f-0015af2dba26} - E:\SISetup.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {d8e08110-c34f-11e1-8611-0015af2dba26} - G:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {f6d28c5d-634b-11e3-b420-0015af2dba26} - E:\AutoRun.exe HKU\S-1-5-21-776561741-573735546-1177238915-500\...\MountPoints2: {f6d28c5f-634b-11e3-b420-0015af2dba26} - E:\AutoRun.exe AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [264480 2013-12-16] (Jaksta Technologies Pty Ltd) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3310393&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0644A65E-6154-4A2C-8C9A-6341E29A9808&q={searchTerms} SearchScopes: HKCU - {0AE77082-C853-4442-AFD5-0326A2303FC4} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^PL&apn_uid=92a055e0-03bd-4c14-8ab3-958776057ec6&apn_sauid=D7BB6017-0AAD-432C-A891-FD76E860A84A BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiProt.dll (TODO: ) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default FF user.js: detected! => C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default\user.js FF Homepage: www.google.pl FF NetworkProxy: "backup.ftp", "178.48.2.237" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "178.48.2.237" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "178.48.2.237" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "178.48.2.237" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "178.48.2.237" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "178.48.2.237" FF NetworkProxy: "ssl_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npVividasPlayer.dll ( ) FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default\searchplugins\dodatki-dla-firefox.xml FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default\searchplugins\qrzcom.xml FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default\searchplugins\wyszukiwarka-filmw-w-youtube.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\__google.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default\Extensions\artur.dubovoy@gmail.com [2014-03-20] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default\Extensions\fsonlinescanner@f-secure(2).com [2013-06-02] FF Extension: Przelewy24 - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default\Extensions\p24ext@przelewy24.pl.xpi [2013-06-07] FF Extension: Google Translator for Firefox - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default\Extensions\translator@zoli.bod.xpi [2013-12-29] FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6l66kk6x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-02] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2012-10-09] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-25] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-21] Chrome: ======= CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-26] CHR Extension: (Dysk Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-26] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-26] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-26] CHR Extension: (avast! Online Security) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-05] CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-26] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-31] ========================== Services (Whitelisted) ================= R2 ACS; C:\WINDOWS\system32\acs.exe [364629 2007-05-03] (Atheros) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-31] (AVAST Software) R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [50176 1997-04-09] () R2 DeviceFinderService; C:\Program Files\Sony\PlayMemories Home\dfs.exe [149528 2014-01-18] () R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [264704 2010-11-16] () R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) R2 LcSvrAdm; C:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-01-26] (Volkswagen AG) R3 LcSvrAuf; C:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-01-26] (Volkswagen AG) R2 LcSvrDba; C:\ElsaWin\bin\LcSvrDba.exe [392704 2011-01-26] (Volkswagen AG) R2 LcSvrHis; C:\ElsaWin\bin\LcSvrHis.exe [335360 2011-01-26] (Volkswagen AG) R2 LcSvrPAS; C:\ElsaWin\bin\LcSvrPas.exe [477696 2011-01-26] (Volkswagen AG) R2 LcSvrSaz; C:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-01-26] (Volkswagen AG) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-18] (Sony Corporation) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== S3 AF15BDA; C:\WINDOWS\System32\DRIVERS\AF15BDA.sys [483200 2012-07-30] (ITETech ) R2 altio; C:\Program Files\Altium Designer S09 Viewer\System\Drivers\altio.sys [3200 2008-06-02] (Altium Limited) R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [546976 2007-05-02] (Atheros Communications, Inc.) S3 ASNDIS5; C:\WINDOWS\ATK0100\ASNDIS5.SYS [16269 2004-05-28] (Printing Communications Assoc., Inc. (PCAUSA)) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-03-31] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-03-31] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-03-31] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-03-31] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-03-31] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-03-31] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-03-31] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180760 2014-03-31] () R0 BtHidBus; C:\WINDOWS\System32\Drivers\BtHidBus.sys [21600 2011-12-21] (IVT Corporation.) S3 btnetBUs; C:\WINDOWS\System32\Drivers\btnetBus.sys [27744 2011-12-21] (IVT Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 CommSBEP; C:\WINDOWS\system32\Drivers\CommSBEP.sys [36864 1999-09-27] (Motorola) S3 EGXFilter; C:\WINDOWS\System32\drivers\egxfilter.sys [80896 2005-06-23] () R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-05] () S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [85248 2010-11-04] (Huawei Technologies Co., Ltd.) R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2012-04-16] (Logix4u) S3 IvtBtBUs; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [23048 2010-04-06] (IVT Corporation.) S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5632 2005-02-17] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [20768 1997-04-09] () R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R2 NSHE; C:\WINDOWS\system32\Drivers\NSHE.SYS [97792 2008-11-23] (T0r0 2008) S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-10] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-10] (NVIDIA Corporation) S3 SMIGrabber3C; C:\WINDOWS\System32\Drivers\SmiUsbGrabber3C.sys [805632 2011-01-26] (Windows (R) Win 7 DDK provider) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2012-10-10] () R3 SynMini; C:\WINDOWS\System32\Drivers\SynMini.sys [1116544 2006-08-09] () R3 SynScan; C:\WINDOWS\System32\Drivers\SynScan.sys [7808 2006-08-09] () S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [104064 2003-09-01] (Microsoft Corporation) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57024 2007-03-28] (Atheros Communications, Inc.) S3 xTouch; C:\WINDOWS\System32\DRIVERS\xtouch.sys [67968 2005-07-05] () U3 asqcygsl; C:\WINDOWS\system32\Drivers\asqcygsl.sys [0 ] (Microsoft Corporation) S3 BT; system32\DRIVERS\btnetdrv.sys [X] S3 BTCOM; system32\DRIVERS\btcomport.sys [X] S3 BTCOMBUS; System32\Drivers\btcombus.sys [X] S3 Btcsrusb; System32\Drivers\btcusb.sys [X] S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X] S4 IntelIde; No ImagePath S3 UnlockerDriver5; \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\RarSFX0\UnlockerDriver4.sys [X] S3 VHidMinidrv; system32\drivers\VHIDMini.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 18:03 - 2014-04-15 18:04 - 00000000 ____D () C:\FRST 2014-04-15 16:56 - 2014-04-15 18:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\scan 2014-04-13 19:53 - 2014-04-13 19:53 - 00000000 ____D () C:\Program Files\ESET 2014-04-13 19:52 - 2014-04-13 19:52 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Pulpit\esetsmartinstaller_plk.exe 2014-04-10 20:52 - 2014-04-10 20:59 - 149481512 _____ () C:\Documents and Settings\Administrator\Pulpit\LJP1100_P1560_P1600_Full_Solution.exe 2014-04-09 22:36 - 2014-04-09 22:37 - 00000000 ____D () C:\@golf 2014-04-09 15:33 - 2014-04-09 15:34 - 00145075 _____ () C:\WINDOWS\KB2922229.log 2014-04-02 10:56 - 2014-04-02 10:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\kd2006 2014-04-01 23:34 - 2014-04-01 23:34 - 03783193 _____ () C:\Documents and Settings\Administrator\Pulpit\xyz.rar 2014-04-01 23:34 - 2014-04-01 23:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\xyz 2014-04-01 09:04 - 2014-04-01 09:04 - 00001485 _____ () C:\Documents and Settings\Administrator\Pulpit\VDCInfo.lnk 2014-04-01 09:04 - 2014-04-01 09:04 - 00001392 _____ () C:\Documents and Settings\Administrator\Pulpit\VAGdashCAN.lnk 2014-04-01 09:04 - 2014-04-01 09:04 - 00000000 ____D () C:\VAGdashCAN 2014-04-01 09:04 - 2014-04-01 09:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Menu Start\Programy\VAGdashCAN 2014-04-01 09:03 - 2014-04-10 11:10 - 00000000 ____D () C:\@audi 2014-03-31 08:45 - 2014-03-31 08:45 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-03-29 23:44 - 2014-03-30 00:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\seo perfect 2014-03-29 20:26 - 2014-03-29 21:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\ogłoszenie 2014-03-29 17:04 - 2014-03-29 20:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\golf iv 2014-03-29 12:54 - 2014-03-29 12:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-28 11:00 - 2014-03-28 11:00 - 00000000 ____D () C:\VW 2014-03-28 10:53 - 2014-03-28 10:53 - 00001416 _____ () C:\Documents and Settings\All Users\Pulpit\ElsaWin.lnk 2014-03-28 10:53 - 2014-03-28 10:53 - 00001416 _____ () C:\Documents and Settings\All Users\Pulpit\ElsaWin Administration.lnk 2014-03-28 10:53 - 2014-03-28 10:53 - 00000571 _____ () C:\WINDOWS\ODBC.INI 2014-03-28 10:53 - 2014-03-28 10:53 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\ElsaWin 2014-03-28 10:52 - 2011-01-26 11:57 - 00686592 _____ (Volkswagen AG) C:\WINDOWS\system32\ElsaCfg.cpl 2014-03-28 10:51 - 2014-03-28 11:00 - 00000000 ____D () C:\ElsaWin 2014-03-28 10:51 - 2014-03-28 10:51 - 00000000 ____D () C:\Program Files\Diagnose-BK 2014-03-28 10:50 - 1996-11-06 13:05 - 00302592 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\unin0407.exe 2014-03-26 20:48 - 2014-03-26 20:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\p.Marta 2014-03-24 20:36 - 2014-03-24 20:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 9 2014-03-24 19:52 - 2014-03-25 22:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Prezentacja nr 3 2014-03-24 19:51 - 2014-03-24 19:51 - 16114118 _____ () C:\Documents and Settings\Administrator\Pulpit\Prezentacja nr 3.rar 2014-03-21 18:56 - 2014-03-21 20:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\z pena 2014-03-19 22:08 - 2014-03-19 22:08 - 00000042 _____ () C:\WINDOWS\system32\AK083E209605E394C.lie 2014-03-19 22:04 - 2014-03-19 22:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Perfect.Uninstaller.v6.3.3.9-LAXiTY 2014-03-19 22:03 - 2014-03-19 22:04 - 02759803 _____ () C:\Documents and Settings\Administrator\Pulpit\Perfect.Uninstaller.v6.3.3.9-LAXiTY.rar 2014-03-19 13:01 - 2014-03-20 11:16 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= 2014-04-15 18:04 - 2014-04-15 18:03 - 00000000 ____D () C:\FRST 2014-04-15 18:04 - 2014-04-15 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\scan 2014-04-15 17:54 - 2012-03-25 20:03 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Skype 2014-04-15 17:53 - 2012-03-30 19:18 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-15 17:52 - 2013-06-28 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\GG 2014-04-15 17:09 - 2013-11-18 01:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\poczta.telvinet.pl 2014-04-15 16:56 - 2012-03-25 19:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-04-15 16:22 - 2014-02-26 08:10 - 00001050 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-15 16:19 - 2012-07-07 20:42 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-04-15 16:16 - 2012-03-25 19:10 - 00000157 _____ () C:\WINDOWS\wiadebug.log 2014-04-15 16:15 - 2012-12-24 23:19 - 00872279 _____ () C:\WINDOWS\setupapi.log 2014-04-15 16:12 - 2014-02-26 08:10 - 00001046 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-15 16:12 - 2013-04-18 11:54 - 00095590 _____ () C:\error.log 2014-04-15 16:12 - 2012-03-25 19:10 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-04-15 16:12 - 2012-03-25 19:06 - 00050868 _____ () C:\WINDOWS\system32\nvapps.xml 2014-04-15 16:12 - 2012-03-25 18:59 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-15 10:37 - 2012-03-25 18:59 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt 2014-04-15 08:40 - 2001-07-22 00:17 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-15 08:38 - 2012-03-25 19:00 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-04-15 08:38 - 2012-03-25 19:00 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-04-13 19:53 - 2014-04-13 19:53 - 00000000 ____D () C:\Program Files\ESET 2014-04-13 19:52 - 2014-04-13 19:52 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Pulpit\esetsmartinstaller_plk.exe 2014-04-12 10:13 - 2012-03-30 19:17 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-04-12 10:13 - 2012-03-30 19:17 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-04-11 23:40 - 2014-02-26 08:14 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2014-04-11 18:06 - 2012-03-25 19:00 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty 2014-04-10 22:41 - 2012-03-25 19:05 - 00000211 ___SH () C:\boot.ini 2014-04-10 20:59 - 2014-04-10 20:52 - 149481512 _____ () C:\Documents and Settings\Administrator\Pulpit\LJP1100_P1560_P1600_Full_Solution.exe 2014-04-10 11:10 - 2014-04-01 09:03 - 00000000 ____D () C:\@audi 2014-04-10 11:09 - 2001-07-22 00:15 - 00000227 _____ () C:\WINDOWS\system.ini 2014-04-09 23:44 - 2013-03-29 15:30 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-04-09 22:37 - 2014-04-09 22:36 - 00000000 ____D () C:\@golf 2014-04-09 21:30 - 2013-12-13 23:48 - 00000000 ____D () C:\@passat 2014-04-09 21:22 - 2013-06-28 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GG 2014-04-09 21:20 - 2012-03-25 19:00 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2014-04-09 15:34 - 2014-04-09 15:33 - 00145075 _____ () C:\WINDOWS\KB2922229.log 2014-04-09 15:30 - 2012-03-25 17:14 - 01345631 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-03 20:56 - 2013-11-20 20:54 - 00000000 ____D () C:\ETKA 2014-04-02 10:56 - 2014-04-02 10:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\kd2006 2014-04-01 23:34 - 2014-04-01 23:34 - 03783193 _____ () C:\Documents and Settings\Administrator\Pulpit\xyz.rar 2014-04-01 23:34 - 2014-04-01 23:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\xyz 2014-04-01 09:04 - 2014-04-01 09:04 - 00001485 _____ () C:\Documents and Settings\Administrator\Pulpit\VDCInfo.lnk 2014-04-01 09:04 - 2014-04-01 09:04 - 00001392 _____ () C:\Documents and Settings\Administrator\Pulpit\VAGdashCAN.lnk 2014-04-01 09:04 - 2014-04-01 09:04 - 00000000 ____D () C:\VAGdashCAN 2014-04-01 09:04 - 2014-04-01 09:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Menu Start\Programy\VAGdashCAN 2014-04-01 08:15 - 2013-05-01 22:16 - 00000000 ____D () C:\!tst 2014-04-01 08:08 - 2012-09-14 22:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\MPlayer 2014-03-31 08:45 - 2014-03-31 08:45 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-03-31 08:45 - 2013-06-02 21:29 - 00001731 _____ () C:\Documents and Settings\All Users\Pulpit\avast! Pro Antivirus.lnk 2014-03-31 08:45 - 2013-03-06 13:26 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-03-31 08:45 - 2013-03-06 13:26 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-03-31 08:45 - 2013-03-06 13:26 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-03-31 08:45 - 2012-03-25 19:13 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-03-31 08:45 - 2012-03-25 19:13 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-03-31 08:45 - 2012-03-25 19:13 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-03-31 08:45 - 2012-03-25 19:13 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-03-31 08:45 - 2012-03-25 19:13 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-03-31 08:44 - 2013-04-05 18:38 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2014-03-30 05:27 - 2012-03-25 19:07 - 01258032 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-30 05:27 - 2001-10-26 18:15 - 00556670 _____ () C:\WINDOWS\system32\perfh015.dat 2014-03-30 05:27 - 2001-10-26 18:15 - 00105662 _____ () C:\WINDOWS\system32\perfc015.dat 2014-03-30 00:55 - 2014-03-29 23:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\seo perfect 2014-03-29 21:51 - 2014-03-29 20:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\ogłoszenie 2014-03-29 20:23 - 2014-03-29 17:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\golf iv 2014-03-29 16:54 - 2012-05-21 20:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-29 12:55 - 2014-03-29 12:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-29 11:36 - 2012-03-30 14:47 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-03-28 11:10 - 2013-12-14 20:13 - 00000000 ____D () C:\ADCDA2 2014-03-28 11:09 - 2013-12-14 20:16 - 00001343 _____ () C:\Documents and Settings\All Users\Pulpit\Autodata 3.38.lnk 2014-03-28 11:00 - 2014-03-28 11:00 - 00000000 ____D () C:\VW 2014-03-28 11:00 - 2014-03-28 10:51 - 00000000 ____D () C:\ElsaWin 2014-03-28 10:53 - 2014-03-28 10:53 - 00001416 _____ () C:\Documents and Settings\All Users\Pulpit\ElsaWin.lnk 2014-03-28 10:53 - 2014-03-28 10:53 - 00001416 _____ () C:\Documents and Settings\All Users\Pulpit\ElsaWin Administration.lnk 2014-03-28 10:53 - 2014-03-28 10:53 - 00000571 _____ () C:\WINDOWS\ODBC.INI 2014-03-28 10:53 - 2014-03-28 10:53 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\ElsaWin 2014-03-28 10:53 - 2012-03-25 19:07 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-03-28 10:53 - 2012-03-25 19:07 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-03-28 10:51 - 2014-03-28 10:51 - 00000000 ____D () C:\Program Files\Diagnose-BK 2014-03-27 05:53 - 2012-12-24 22:15 - 00000412 _____ () C:\WINDOWS\Tasks\SpeedyPC Pro.job 2014-03-26 20:56 - 2014-03-26 20:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\p.Marta 2014-03-25 22:18 - 2014-03-24 19:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Prezentacja nr 3 2014-03-25 22:16 - 2012-11-19 12:08 - 00383298 ____H () C:\treeinfo.wc 2014-03-24 20:36 - 2014-03-24 20:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 9 2014-03-24 20:36 - 2013-12-08 00:01 - 00000815 _____ () C:\Documents and Settings\All Users\Pulpit\TeamViewer 9.lnk 2014-03-24 20:20 - 2012-05-18 18:58 - 00053760 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-24 19:51 - 2014-03-24 19:51 - 16114118 _____ () C:\Documents and Settings\Administrator\Pulpit\Prezentacja nr 3.rar 2014-03-24 16:41 - 2012-11-14 11:46 - 00000000 ____D () C:\Documents and Settings\Administrator\.dvdcss 2014-03-21 20:19 - 2014-03-21 18:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\z pena 2014-03-20 11:16 - 2014-03-19 13:01 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-20 01:03 - 2012-11-19 16:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\mIRC 2014-03-19 22:08 - 2014-03-19 22:08 - 00000042 _____ () C:\WINDOWS\system32\AK083E209605E394C.lie 2014-03-19 22:04 - 2014-03-19 22:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Perfect.Uninstaller.v6.3.3.9-LAXiTY 2014-03-19 22:04 - 2014-03-19 22:03 - 02759803 _____ () C:\Documents and Settings\Administrator\Pulpit\Perfect.Uninstaller.v6.3.3.9-LAXiTY.rar 2014-03-16 22:01 - 2012-11-19 16:18 - 00000000 ____D () C:\Program Files\mIRC Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\106C.tmpcrt.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\106D.tmpcrt.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\AskPIP_FF_.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\bassmod.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\CS_Hlp.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\DataCard_Setup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\FreemakeVideoConverter_4.0.3.0.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\gg10.upgr.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ggdrive-menu.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ggdrive-overlay.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\hdinst_x64.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ICReinstall_Microsoft.Silverlight_5.0.61118.0 (18264).exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ICReinstall_Silverlight 5 Beta 5.0.60401.0_isdmgr.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\installstats.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\jna3403610739326960735.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\jna5981645176229743519.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\jna746111221681286868.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\jre-7u25-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\jre-7u51-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\NEventMessages.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\NOSEventMessages.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nsc19C.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nsj1A8.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nsu19F.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nsz15.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nsz1AB.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ResetDevice.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\setup_cd.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\SkypeSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_ir_sf_temp_0RCATSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_ir_sf_temp_0RCSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_ir_sf_temp_0RMSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_ir_sf_temp_0RMSSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_ir_sf_temp_0RRADSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_ir_sf_temp_0RVCSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_ir_sf_temp_0VPLSetup.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-14 22:51] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-14 22:50] - [2008-04-14 22:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-14 22:50] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-14 21:31] - [2008-04-14 21:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================