Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014 Ran by Pc (administrator) on A-96B92B01A7D94 on 02-05-2014 12:06:12 Running from C:\Documents and Settings\Pc\Pulpit\PC Rec Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Ralink Technology, Corp.) C:\Program Files\Tenda\Common\RaRegistry.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - &Tłumaczenie - {2F7DB8D7-9BE7-4666-901E-F380555BCAC7} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll (Techland) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Pc\Dane aplikacji\Mozilla\Firefox\Profiles\jxa0o6zb.default-1382092116828 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Extension: NetVideoHunter - C:\Documents and Settings\Pc\Dane aplikacji\Mozilla\Firefox\Profiles\jxa0o6zb.default-1382092116828\Extensions\netvideohunter@netvideohunter.com [2014-01-18] FF Extension: MEGA EXTENSION - C:\Documents and Settings\Pc\Dane aplikacji\Mozilla\Firefox\Profiles\jxa0o6zb.default-1382092116828\Extensions\firefox@mega.co.nz.xpi [2014-01-05] FF Extension: Adblock Plus - C:\Documents and Settings\Pc\Dane aplikacji\Mozilla\Firefox\Profiles\jxa0o6zb.default-1382092116828\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-18] FF Extension: QuickJava - C:\Documents and Settings\Pc\Dane aplikacji\Mozilla\Firefox\Profiles\jxa0o6zb.default-1382092116828\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-11-22] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-01] CHR Extension: (Dysk Google) - C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-01] CHR Extension: (YouTube) - C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01] CHR Extension: (Google Wallet) - C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Gmail) - C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01] ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) S4 Hamachi2Svc; C:\Program Files\Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.) S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-08-15] (Puran Software) R2 RalinkRegistryWriter; C:\Program Files\Tenda\Common\RaRegistry.exe [193888 2010-06-28] (Ralink Technology, Corp.) S4 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG) R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [754560 2003-10-17] (C-Media Inc) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-08] (DT Soft Ltd) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [41984 2003-11-11] (VIA Technologies, Inc. ) R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation) R2 Gem98; C:\WINDOWS\system32\Drivers\Gem98.sys [3664 1999-12-27] (Microsoft Corporation) R3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-08-14] (Malwarebytes Corporation) S3 NTSIM; C:\WINDOWS\system32\ntsim.sys [7040 2003-07-17] (VIA Networking Technologies, Inc. ) R3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [1663456 2010-10-18] (Ralink Technology, Corp.) R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2013-01-31] (MCCI) S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2013-01-31] (MCCI Corporation) S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2013-01-31] (MCCI Corporation) S3 ss_bserd; C:\WINDOWS\System32\DRIVERS\ss_bserd.sys [100224 2013-01-31] (MCCI Corporation) R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.) R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation) S4 IntelIde; No ImagePath U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\FRST 2014-05-02 11:48 - 2014-05-02 11:48 - 00000000 _____ () C:\Documents and Settings\Pc\defogger_reenable 2014-05-02 11:47 - 2014-05-02 11:47 - 00000847 _____ () C:\WINDOWS\setupapi.log 2014-05-02 11:42 - 2014-05-02 12:06 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit\PC Rec 2014-05-01 10:56 - 2014-05-01 10:57 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit\Wasiaak 2014-05-01 10:56 - 2014-05-01 10:56 - 00018362 _____ () C:\Documents and Settings\Pc\.recently-used.xbel 2014-04-30 21:33 - 2013-12-23 23:41 - 00001004 _____ () C:\Documents and Settings\Pc\Pulpit\GameRanger.lnk 2014-04-22 10:32 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-22 10:32 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-22 10:31 - 2014-04-22 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-22 10:31 - 2014-04-22 10:31 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log 2014-04-22 10:31 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-22 10:31 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-22 10:31 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-21 11:19 - 2013-03-13 11:52 - 00000716 _____ () C:\Documents and Settings\Pc\Pulpit\Słownik RP.lnk 2014-04-19 17:38 - 2014-05-02 10:36 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit\forum 2014-04-14 19:50 - 2014-04-14 21:57 - 00000000 ____D () C:\Documents and Settings\Pc\Dane aplikacji\Skype 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ___RD () C:\Program Files\Skype 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ____D () C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Skype 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Skype 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2014-04-12 09:14 - 2014-04-26 16:41 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit\Język rosyjski, matury 2014-04-09 17:46 - 2014-04-09 17:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-08 11:08 - 2014-04-08 11:08 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2014-04-06 12:00 - 2014-04-06 12:00 - 00000000 ____D () C:\Documents and Settings\Pc\Moje dokumenty\EA Games Saves ==================== One Month Modified Files and Folders ======= 2014-05-02 12:06 - 2014-05-02 12:06 - 00000000 ____D () C:\FRST 2014-05-02 12:06 - 2014-05-02 11:42 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit\PC Rec 2014-05-02 12:06 - 2004-07-19 02:28 - 01445878 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-02 12:05 - 2013-03-11 19:02 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job 2014-05-02 12:04 - 2014-03-15 01:37 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-05-02 12:04 - 2014-03-01 15:38 - 00001024 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-02 12:04 - 2004-07-19 03:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-02 12:02 - 2004-07-19 03:16 - 00000188 ___SH () C:\Documents and Settings\Pc\ntuser.ini 2014-05-02 12:02 - 2004-07-19 03:16 - 00000000 ____D () C:\Documents and Settings\Pc 2014-05-02 12:02 - 2004-07-19 03:15 - 00032422 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-02 11:49 - 2014-03-01 15:38 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-02 11:48 - 2014-05-02 11:48 - 00000000 _____ () C:\Documents and Settings\Pc\defogger_reenable 2014-05-02 11:47 - 2014-05-02 11:47 - 00000847 _____ () C:\WINDOWS\setupapi.log 2014-05-02 11:42 - 2004-07-19 03:16 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit 2014-05-02 11:36 - 2013-07-25 20:08 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2014-05-02 11:22 - 2013-04-10 12:29 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-02 10:40 - 2004-07-19 02:24 - 00000000 ____D () C:\WINDOWS\Registration 2014-05-02 10:37 - 2013-09-16 14:30 - 00000000 ___RD () C:\Documents and Settings\Pc\Moje dokumenty\Moje dokumenty 2014-05-02 10:36 - 2014-04-19 17:38 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit\forum 2014-05-02 10:34 - 2013-09-09 23:58 - 00000000 ____D () C:\Program Files\Puran Defrag 2014-05-01 23:00 - 2013-03-13 22:44 - 00000000 ____D () C:\WINDOWS\Minidump 2014-05-01 22:44 - 2013-03-08 12:40 - 00000000 ____D () C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\ChomikBox 2014-05-01 22:06 - 2004-07-19 03:16 - 00000000 ___RD () C:\Documents and Settings\Pc\Moje dokumenty\Moje obrazy 2014-05-01 21:08 - 2013-03-08 12:40 - 00000000 ___HD () C:\Documents and Settings\Pc\.gstreamer-0.10 2014-05-01 21:05 - 2013-03-08 00:26 - 00003133 _____ () C:\WINDOWS\VPlayer.INI 2014-05-01 21:05 - 2013-03-08 00:26 - 00000079 _____ () C:\WINDOWS\VplayerINI.vpl 2014-05-01 20:18 - 2004-07-19 23:51 - 00000000 ___RD () C:\Documents and Settings\Pc\Moje dokumenty\Moje pobrania 2014-05-01 10:57 - 2014-05-01 10:56 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit\Wasiaak 2014-05-01 10:56 - 2014-05-01 10:56 - 00018362 _____ () C:\Documents and Settings\Pc\.recently-used.xbel 2014-05-01 10:56 - 2013-03-15 18:09 - 00000000 ____D () C:\Documents and Settings\Pc\.gimp-2.6 2014-05-01 10:56 - 2013-03-13 11:14 - 00000000 ____D () C:\Documents and Settings\Pc\Dane aplikacji\gtk-2.0 2014-04-30 18:19 - 2001-07-21 23:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-26 16:41 - 2014-04-12 09:14 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit\Język rosyjski, matury 2014-04-26 12:29 - 2004-07-19 03:16 - 00000000 ___RD () C:\Documents and Settings\Pc\Moje dokumenty\Moja muzyka 2014-04-22 14:14 - 2001-07-21 23:16 - 00001065 _____ () C:\WINDOWS\win.ini 2014-04-22 12:49 - 2004-07-19 04:16 - 00000211 ___SH () C:\boot.ini 2014-04-22 12:49 - 2001-07-21 23:15 - 00000259 _____ () C:\WINDOWS\system.ini 2014-04-22 10:32 - 2014-04-22 10:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-22 10:31 - 2014-04-22 10:31 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log 2014-04-22 10:31 - 2013-03-21 13:31 - 00000000 ____D () C:\Program Files\Java 2014-04-22 10:31 - 2004-07-19 04:17 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-04-21 15:44 - 2013-09-16 16:51 - 00000000 ____D () C:\Documents and Settings\Pc\Pulpit\Programy 2014-04-19 08:46 - 2004-07-19 04:17 - 00149200 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-16 14:17 - 2013-05-03 23:40 - 00936974 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1957994488-813497703-1417001333-1003-0.dat 2014-04-16 14:16 - 2013-05-03 23:40 - 00149878 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2014-04-16 13:57 - 2014-02-20 11:37 - 00000000 ____D () C:\Program Files\Yivosoft Easy Sync 2014-04-15 10:44 - 2014-02-18 21:13 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-04-14 21:57 - 2014-04-14 19:50 - 00000000 ____D () C:\Documents and Settings\Pc\Dane aplikacji\Skype 2014-04-14 20:13 - 2014-04-22 10:31 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-14 20:05 - 2014-04-22 10:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-14 20:05 - 2014-04-22 10:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-14 20:04 - 2014-04-22 10:31 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ___RD () C:\Program Files\Skype 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ____D () C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Skype 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Skype 2014-04-14 19:50 - 2014-04-14 19:50 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2014-04-14 19:50 - 2004-07-19 04:17 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-04-14 19:50 - 2004-07-19 03:16 - 00000000 __RHD () C:\Documents and Settings\Pc\Dane aplikacji 2014-04-14 19:50 - 2004-07-19 03:16 - 00000000 ___HD () C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji 2014-04-14 19:47 - 2014-04-22 10:32 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-14 13:05 - 2013-03-08 17:01 - 00000000 ____D () C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Adobe 2014-04-14 13:03 - 2013-03-07 22:35 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-04-14 13:03 - 2013-03-07 22:35 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-04-09 17:46 - 2014-04-09 17:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-09 17:46 - 2013-08-14 20:48 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-09 17:42 - 2013-03-08 00:43 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-09 17:41 - 2013-03-08 00:48 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-04-09 00:05 - 2004-07-19 04:18 - 01284022 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-09 00:05 - 2001-10-26 17:15 - 00565028 _____ () C:\WINDOWS\system32\perfh015.dat 2014-04-09 00:05 - 2001-10-26 17:15 - 00110114 _____ () C:\WINDOWS\system32\perfc015.dat 2014-04-08 15:53 - 2014-03-15 01:36 - 00000210 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-04-08 11:08 - 2014-04-08 11:08 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2014-04-06 12:00 - 2014-04-06 12:00 - 00000000 ____D () C:\Documents and Settings\Pc\Moje dokumenty\EA Games Saves 2014-04-04 07:55 - 2013-05-26 19:43 - 00002892 ____H () C:\Documents and Settings\Pc\photorec.cfg 2014-04-03 18:35 - 2013-05-20 17:36 - 00000000 ____D () C:\Documents and Settings\Pc\Dane aplikacji\uTorrent Some content of TEMP: ==================== C:\Documents and Settings\Pc\Ustawienia lokalne\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-14 22:51] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-14 22:50] - [2008-04-14 22:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-14 22:51] - [2008-04-14 22:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-14 22:50] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-14 21:31] - [2008-04-14 21:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================