Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2014 01 Ran by Tomek (administrator) on PC on 20-04-2014 20:42:26 Running from C:\Documents and Settings\Tomek\Pulpit Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvraidservice.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE () C:\Program Files\Winamp\Winampa.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NVRaidService] => C:\WINDOWS\system32\nvraidservice.exe [83968 2004-06-11] (NVIDIA Corporation) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [12288 2003-04-02] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\d98ly6hc.default-1392497978812 FF Homepage: hxxp://www.wp.pl/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Extension: Adblock Plus - C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\d98ly6hc.default-1392497978812\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-16] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-15] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== S3 adusbnet; C:\WINDOWS\System32\DRIVERS\adusbnet.sys [129024 2010-12-20] (QUALCOMM Incorporated) S3 adusbser; C:\WINDOWS\System32\DRIVERS\adusbser.sys [107776 2010-12-20] (QUALCOMM Incorporated) R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-03] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33024 2004-07-29] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-07-29] (NVIDIA Corporation) R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation) S4 IntelIde; No ImagePath U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () <===== ATTENTION Necurs Rootkit? U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-20 20:42 - 2014-04-20 20:42 - 00007759 _____ () C:\Documents and Settings\Tomek\Pulpit\FRST.txt 2014-04-20 20:42 - 2014-04-20 20:42 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit\FRST-OlderVersion 2014-04-20 20:34 - 2014-04-20 20:34 - 00380416 _____ () C:\Documents and Settings\Tomek\Pulpit\csfzcopy.exe 2014-04-20 20:33 - 2014-04-20 20:34 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Tomek\Pulpit\TFC.exe 2014-04-18 22:44 - 2014-04-18 22:44 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Tomek\Pulpit\OTL(1).exe 2014-04-18 22:42 - 2014-04-20 20:42 - 01043968 _____ (Farbar) C:\Documents and Settings\Tomek\Pulpit\FRST.exe 2014-04-18 22:35 - 2014-04-18 22:35 - 00000000 ___RD () C:\Documents and Settings\Tomek\Menu Start\Programy\Narzędzia administracyjne 2014-04-18 22:29 - 2014-04-18 22:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041814-01.dmp 2014-04-18 22:29 - 2014-04-18 22:29 - 00000000 ____D () C:\WINDOWS\Minidump 2014-04-16 22:18 - 2014-04-16 22:21 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2014-04-14 22:54 - 2014-04-14 22:54 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-04-14 22:40 - 1998-09-30 12:24 - 00242448 _____ (Microsoft Corporation) C:\WINDOWS\system32\scedll.dll 2014-04-14 22:40 - 1998-03-31 16:37 - 00029968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Rshx32_5.dll 2014-04-10 06:41 - 2014-04-10 06:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-10 06:35 - 2014-04-10 06:36 - 00010060 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-04-10 06:26 - 2014-04-10 06:42 - 00011667 _____ () C:\WINDOWS\KB2922229.log 2014-04-01 08:34 - 2014-04-01 08:34 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\AVG 2014-04-01 00:52 - 2014-04-01 00:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-01 00:47 - 2014-04-01 22:56 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt 2014-04-01 00:47 - 2014-04-01 00:47 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\AVG 2014-04-01 00:47 - 2014-04-01 00:47 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\AVG 2014-04-01 00:45 - 2014-04-01 01:02 - 00000000 __SHD () C:\Documents and Settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-04-01 00:45 - 2014-04-01 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVG 2014-03-28 20:32 - 2014-04-14 19:29 - 00000095 _____ () C:\WINDOWS\winamp.ini 2014-03-28 20:32 - 2014-03-28 20:32 - 00000000 ____D () C:\Program Files\Winamp 2014-03-28 20:32 - 2014-03-28 20:32 - 00000000 ____D () C:\Documents and Settings\Tomek\Menu Start\Programy\Winamp 2014-03-28 15:30 - 2014-03-28 15:30 - 00000000 ____D () C:\Documents and Settings\Default User\Dane aplikacji\TuneUp Software 2014-03-27 21:32 - 2014-04-20 20:40 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-03-27 21:32 - 2014-04-08 15:00 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-03-27 15:37 - 2014-03-27 15:38 - 00004040 _____ () C:\WINDOWS\KB2934207.log 2014-03-27 15:37 - 2014-03-27 15:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-26 00:44 - 2014-03-28 22:11 - 00036352 ___SH () C:\Documents and Settings\Tomek\Pulpit\Thumbs.db ==================== One Month Modified Files and Folders ======= 2014-04-20 20:42 - 2014-04-20 20:42 - 00007759 _____ () C:\Documents and Settings\Tomek\Pulpit\FRST.txt 2014-04-20 20:42 - 2014-04-20 20:42 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit\FRST-OlderVersion 2014-04-20 20:42 - 2014-04-18 22:42 - 01043968 _____ (Farbar) C:\Documents and Settings\Tomek\Pulpit\FRST.exe 2014-04-20 20:42 - 2014-01-02 12:07 - 00000000 ____D () C:\FRST 2014-04-20 20:42 - 2013-12-31 18:02 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit 2014-04-20 20:41 - 2013-12-31 17:56 - 01756080 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-20 20:40 - 2014-03-27 21:32 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-04-20 20:40 - 2013-12-31 18:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-20 20:37 - 2014-01-02 11:38 - 00000000 ____D () C:\Documents and Settings\Tomek\Moje dokumenty\Pobieranie 2014-04-20 20:35 - 2014-02-16 00:15 - 00000000 ___HD () C:\RealtekSoundDriver 2014-04-20 20:35 - 2013-12-31 18:02 - 00000000 __RHD () C:\Documents and Settings\Tomek\Dane aplikacji 2014-04-20 20:34 - 2014-04-20 20:34 - 00380416 _____ () C:\Documents and Settings\Tomek\Pulpit\csfzcopy.exe 2014-04-20 20:34 - 2014-04-20 20:33 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Tomek\Pulpit\TFC.exe 2014-04-20 20:30 - 2014-01-08 10:32 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-20 20:19 - 2001-07-21 21:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-19 15:28 - 2013-12-31 18:48 - 00000216 _____ () C:\WINDOWS\wiadebug.log 2014-04-19 15:28 - 2013-12-31 18:48 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-04-19 15:28 - 2013-12-31 18:02 - 00000188 ___SH () C:\Documents and Settings\Tomek\ntuser.ini 2014-04-19 15:28 - 2013-12-31 18:01 - 00032604 _____ () C:\WINDOWS\SchedLgU.Txt 2014-04-19 15:27 - 2013-12-31 18:02 - 00000000 ____D () C:\Documents and Settings\Tomek 2014-04-18 22:44 - 2014-04-18 22:44 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Tomek\Pulpit\OTL(1).exe 2014-04-18 22:41 - 2013-12-31 18:39 - 00000000 ____D () C:\WINDOWS\security 2014-04-18 22:35 - 2014-04-18 22:35 - 00000000 ___RD () C:\Documents and Settings\Tomek\Menu Start\Programy\Narzędzia administracyjne 2014-04-18 22:35 - 2013-12-31 18:02 - 00000000 ___RD () C:\Documents and Settings\Tomek\Menu Start\Programy 2014-04-18 22:29 - 2014-04-18 22:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041814-01.dmp 2014-04-18 22:29 - 2014-04-18 22:29 - 00000000 ____D () C:\WINDOWS\Minidump 2014-04-18 22:08 - 2013-12-31 17:54 - 00000000 ____D () C:\WINDOWS\system32\Restore 2014-04-16 22:21 - 2014-04-16 22:18 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2014-04-15 22:22 - 2014-01-03 00:00 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Adobe 2014-04-15 22:17 - 2014-01-02 10:07 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2014-04-14 22:54 - 2014-04-14 22:54 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-04-14 22:40 - 2013-12-31 18:43 - 00782182 _____ () C:\WINDOWS\setupapi.log 2014-04-14 22:40 - 2013-12-31 18:39 - 00000000 ____D () C:\WINDOWS\Help 2014-04-14 19:29 - 2014-03-28 20:32 - 00000095 _____ () C:\WINDOWS\winamp.ini 2014-04-10 06:42 - 2014-04-10 06:26 - 00011667 _____ () C:\WINDOWS\KB2922229.log 2014-04-10 06:42 - 2013-12-31 18:46 - 01009663 _____ () C:\WINDOWS\iis6.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00926641 _____ () C:\WINDOWS\FaxSetup.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00481077 _____ () C:\WINDOWS\ocgen.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00429604 _____ () C:\WINDOWS\tsoc.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00320238 _____ () C:\WINDOWS\comsetup.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00292618 _____ () C:\WINDOWS\msmqinst.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00192304 _____ () C:\WINDOWS\ntdtcsetup.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00163074 _____ () C:\WINDOWS\netfxocm.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00064387 _____ () C:\WINDOWS\MedCtrOC.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00058013 _____ () C:\WINDOWS\ocmsn.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00048472 _____ () C:\WINDOWS\tabletoc.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00046603 _____ () C:\WINDOWS\msgsocm.log 2014-04-10 06:42 - 2013-12-31 18:46 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-04-10 06:41 - 2014-04-10 06:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-10 06:40 - 2014-02-01 22:46 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-10 06:36 - 2014-04-10 06:35 - 00010060 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-04-10 06:36 - 2014-02-01 22:46 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-10 06:36 - 2013-12-31 18:46 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-04-10 06:35 - 2014-02-01 23:13 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-04-10 06:35 - 2014-02-01 22:45 - 00087963 _____ () C:\WINDOWS\updspapi.log 2014-04-08 15:00 - 2014-03-27 21:32 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-04-02 22:48 - 2013-12-31 18:45 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-04-01 22:56 - 2014-04-01 00:47 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt 2014-04-01 22:49 - 2014-03-12 00:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Mirillis 2014-04-01 22:49 - 2014-03-12 00:23 - 00000000 ____D () C:\Program Files\Mirillis 2014-04-01 22:49 - 2014-02-02 23:18 - 00000000 ____D () C:\Program Files\Ahead 2014-04-01 22:49 - 2013-12-31 18:45 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-04-01 22:48 - 2014-01-02 10:08 - 00000000 ____D () C:\Program Files\AVG 2014-04-01 12:41 - 2013-12-31 18:46 - 01117242 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-01 12:41 - 2001-10-26 15:15 - 00500386 _____ () C:\WINDOWS\system32\perfh015.dat 2014-04-01 12:41 - 2001-10-26 15:15 - 00089046 _____ () C:\WINDOWS\system32\perfc015.dat 2014-04-01 08:34 - 2014-04-01 08:34 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\AVG 2014-04-01 01:02 - 2014-04-01 00:45 - 00000000 __SHD () C:\Documents and Settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-04-01 01:02 - 2014-02-01 22:21 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java Development Kit 2014-04-01 01:02 - 2013-12-31 18:02 - 00000000 ___RD () C:\Documents and Settings\Tomek\Menu Start 2014-04-01 00:53 - 2014-04-01 00:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-01 00:47 - 2014-04-01 00:47 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\AVG 2014-04-01 00:47 - 2014-04-01 00:47 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\AVG 2014-04-01 00:47 - 2014-04-01 00:45 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVG 2014-04-01 00:47 - 2013-12-31 18:02 - 00000000 ___HD () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji 2014-04-01 00:45 - 2013-12-31 18:43 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-03-31 13:35 - 2014-03-11 14:36 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit\Nowy folder 2014-03-31 13:30 - 2014-02-01 21:26 - 00051662 _____ () C:\WINDOWS\KB975025.log 2014-03-29 09:33 - 2013-12-31 18:02 - 00001599 _____ () C:\Documents and Settings\Tomek\Menu Start\Programy\Pomoc zdalna.lnk 2014-03-29 09:33 - 2013-12-31 17:57 - 00001607 _____ () C:\Documents and Settings\All Users\Menu Start\Określ dostęp do programów i ich ustawienia domyślne.lnk 2014-03-29 09:33 - 2013-12-31 17:57 - 00001507 _____ () C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk 2014-03-28 22:39 - 2014-01-20 21:14 - 00041472 _____ () C:\Documents and Settings\Tomek\Moje dokumenty\Wydatki 2014.xls 2014-03-28 22:39 - 2013-12-31 18:02 - 00000000 ___RD () C:\Documents and Settings\Tomek\Moje dokumenty 2014-03-28 22:19 - 2014-02-01 16:09 - 00015872 _____ () C:\Documents and Settings\Tomek\Moje dokumenty\Opłaty stałe.xls 2014-03-28 22:11 - 2014-03-26 00:44 - 00036352 ___SH () C:\Documents and Settings\Tomek\Pulpit\Thumbs.db 2014-03-28 21:58 - 2014-01-08 00:26 - 00023040 _____ () C:\Documents and Settings\Tomek\Moje dokumenty\Remont domu.xls 2014-03-28 20:32 - 2014-03-28 20:32 - 00000000 ____D () C:\Program Files\Winamp 2014-03-28 20:32 - 2014-03-28 20:32 - 00000000 ____D () C:\Documents and Settings\Tomek\Menu Start\Programy\Winamp 2014-03-28 15:30 - 2014-03-28 15:30 - 00000000 ____D () C:\Documents and Settings\Default User\Dane aplikacji\TuneUp Software 2014-03-28 15:30 - 2013-12-31 18:43 - 00000000 __RHD () C:\Documents and Settings\Default User\Dane aplikacji 2014-03-27 15:38 - 2014-03-27 15:37 - 00004040 _____ () C:\WINDOWS\KB2934207.log 2014-03-27 15:37 - 2014-03-27 15:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-22 01:10 - 2014-01-09 10:48 - 00000000 ____D () C:\Program Files\Microsoft Office ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-14 22:51] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-14 22:50] - [2008-04-14 22:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-14 22:50] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-14 21:31] - [2008-04-14 21:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================