Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014 Ran by user (administrator) on LAPTOP on 20-05-2014 21:03:49 Running from C:\Documents and Settings\user\Pulpit Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Corporation) C:\WINDOWS\system32\accelerometerST.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-20] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated) HKLM\...\Run: [AccelerometerSysTrayApplet] => c:\WINDOWS\System32\accelerometerST.exe [82488 2009-01-22] (Hewlett-Packard Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3873704 2014-04-18] (AVAST Software) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247728 2011-03-09] (TomTom) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [1961984 2005-07-14] (Ahead Software AG) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\MountPoints2: {29fe55f8-3aca-11e2-b2f8-18a90599487c} - G:\urDrive.exe HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\MountPoints2: {8e82c340-60ce-11e2-81e1-806d6172696f} - G:\Starter.exe HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\MountPoints2: {b591830d-5999-11e1-b0e8-18a90599487c} - H:\Nokia_Ovi_Suite_3_0_0_291_ALL.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stacjebenzynowe.pl/index.php HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\28cuebbk.default-1399320238078 FF Homepage: poczta.fm FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flashblock - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\28cuebbk.default-1399320238078\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-06] FF Extension: Adblock Plus - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\28cuebbk.default-1399320238078\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-06] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-12] ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-04-18] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) R2 yksvc; C:\WINDOWS\System32\yk51x86.dll [282624 2009-06-04] (Marvell) ==================== Drivers (Whitelisted) ==================== R3 5U876UVC; C:\WINDOWS\System32\DRIVERS\5U876.sys [118656 2009-06-30] (Ricoh co.,Ltd.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-18] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-18] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-18] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-18] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-18] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-18] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-18] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-18] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1735296 2010-01-13] (Broadcom Corporation) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.) R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-01-14] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-01-17] (Duplex Secure Ltd.) R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [10144 2003-05-14] (Logitech Inc.) S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [21216 2003-05-14] (Logitech Inc.) S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [13920 2003-05-14] (Logitech Inc.) S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [5728 2003-05-14] (Logitech Inc.) R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [44288 2003-05-14] (Logitech Inc.) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [297728 2009-06-04] (Marvell) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; U3 uxtdapow; \??\C:\DOCUME~1\user\USTAWI~1\Temp\uxtdapow.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-20 21:03 - 2014-05-20 21:04 - 00011991 _____ () C:\Documents and Settings\user\Pulpit\FRST.txt 2014-05-20 21:02 - 2014-05-20 21:03 - 00000000 ____D () C:\FRST 2014-05-20 21:01 - 2014-05-20 21:01 - 01056768 _____ (Farbar) C:\Documents and Settings\user\Pulpit\FRST.exe 2014-05-20 05:38 - 2014-05-20 05:38 - 00064192 _____ () C:\Documents and Settings\user\Pulpit\OTL.Txt 2014-05-20 05:38 - 2014-05-20 05:38 - 00032384 _____ () C:\Documents and Settings\user\Pulpit\Extras.Txt 2014-05-20 05:29 - 2014-05-20 05:29 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\user\Pulpit\OTL.exe 2014-05-20 05:28 - 2014-05-20 05:28 - 00053358 _____ () C:\Documents and Settings\user\Pulpit\GMER.txt 2014-05-19 21:50 - 2014-05-19 21:50 - 00380416 _____ () C:\Documents and Settings\user\Pulpit\5vlniyvk.exe 2014-05-18 21:58 - 2014-05-18 21:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-11 15:36 - 2014-05-11 15:36 - 00699392 _____ () C:\Documents and Settings\user\Pulpit\Poster_Żaneta_Broniowska.ppt 2014-05-11 11:32 - 2014-05-11 11:23 - 02033664 _____ () C:\Documents and Settings\user\Pulpit\poster- irena.ppt-2.ppt 2014-05-11 11:32 - 2014-05-11 11:23 - 01088313 _____ () C:\Documents and Settings\user\Pulpit\poster- irena.pptx-2.pptx 2014-05-06 20:43 - 2014-05-06 20:43 - 00000385 _____ () C:\DelFix.txt 2014-04-29 22:38 - 2014-04-29 22:38 - 00509178 _____ () C:\Documents and Settings\user\Pulpit\PIT ASKA.rar 2014-04-29 22:37 - 2014-04-29 22:38 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\PIT ASKA 2014-04-26 11:33 - 2014-04-26 11:33 - 04539051 _____ () C:\Documents and Settings\user\Pulpit\BABCIA PIT.rar 2014-04-26 11:33 - 2014-04-26 11:33 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\BABCIA PIT 2014-04-26 11:26 - 2014-04-26 11:26 - 00707504 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.exe 2014-04-25 15:50 - 2014-04-25 15:50 - 00030462 _____ () C:\Documents and Settings\user\hs_err_pid2716.log 2014-04-25 15:42 - 2014-04-25 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-25 15:42 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-25 15:42 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-25 15:42 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-25 15:42 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-25 15:42 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-25 15:38 - 2014-04-25 15:42 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log 2014-04-25 15:16 - 2014-04-25 15:02 - 00000426 _____ () C:\AVScanner.ini 2014-04-25 00:02 - 2014-05-18 22:22 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2014-04-24 21:59 - 2014-04-24 21:59 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\Nowy folder 2014-04-24 13:00 - 2014-04-24 13:00 - 00030460 _____ () C:\Documents and Settings\user\hs_err_pid2512.log ==================== One Month Modified Files and Folders ======= 2014-05-20 21:04 - 2014-05-20 21:03 - 00011991 _____ () C:\Documents and Settings\user\Pulpit\FRST.txt 2014-05-20 21:03 - 2014-05-20 21:02 - 00000000 ____D () C:\FRST 2014-05-20 21:03 - 2010-01-13 13:18 - 00000000 ____D () C:\Documents and Settings\user\Pulpit 2014-05-20 21:01 - 2014-05-20 21:01 - 01056768 _____ (Farbar) C:\Documents and Settings\user\Pulpit\FRST.exe 2014-05-20 20:30 - 2011-04-18 22:20 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-20 20:27 - 2012-07-01 17:22 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-20 11:30 - 2010-01-13 13:17 - 00032506 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-20 10:16 - 2012-07-02 22:31 - 00000318 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-05-20 05:38 - 2014-05-20 05:38 - 00064192 _____ () C:\Documents and Settings\user\Pulpit\OTL.Txt 2014-05-20 05:38 - 2014-05-20 05:38 - 00032384 _____ () C:\Documents and Settings\user\Pulpit\Extras.Txt 2014-05-20 05:29 - 2014-05-20 05:29 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\user\Pulpit\OTL.exe 2014-05-20 05:28 - 2014-05-20 05:28 - 00053358 _____ () C:\Documents and Settings\user\Pulpit\GMER.txt 2014-05-19 22:30 - 2011-04-18 22:20 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-19 21:50 - 2014-05-19 21:50 - 00380416 _____ () C:\Documents and Settings\user\Pulpit\5vlniyvk.exe 2014-05-19 21:50 - 2010-01-13 13:11 - 00377230 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-19 21:43 - 2010-01-13 14:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-05-19 21:43 - 2010-01-13 14:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-05-19 21:43 - 2010-01-13 13:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-19 21:42 - 2009-02-04 01:13 - 00121808 _____ () C:\WINDOWS\system32\ativvaxx.cap 2014-05-19 09:46 - 2010-01-13 13:18 - 00000188 ___SH () C:\Documents and Settings\user\ntuser.ini 2014-05-18 22:22 - 2014-04-25 00:02 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2014-05-18 22:22 - 2010-01-13 14:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-05-18 22:18 - 2010-01-13 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-05-18 22:12 - 2011-05-12 07:54 - 00777488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-05-18 22:12 - 2010-11-17 22:12 - 00411680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-05-18 22:12 - 2010-11-17 22:11 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys 2014-05-18 22:10 - 2001-07-22 02:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-18 22:06 - 2010-01-13 13:17 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-05-18 22:06 - 2010-01-13 13:17 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-05-18 22:05 - 2010-01-13 13:08 - 00000000 ____D () C:\WINDOWS\Registration 2014-05-18 21:59 - 2014-05-18 21:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-18 21:57 - 2012-04-25 15:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-18 21:57 - 2010-03-09 01:08 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\uTorrent 2014-05-18 10:15 - 2013-01-15 15:58 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\vlc 2014-05-15 18:35 - 2010-01-18 00:34 - 00000000 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\FnF4.txt 2014-05-11 15:36 - 2014-05-11 15:36 - 00699392 _____ () C:\Documents and Settings\user\Pulpit\Poster_Żaneta_Broniowska.ppt 2014-05-11 11:23 - 2014-05-11 11:32 - 02033664 _____ () C:\Documents and Settings\user\Pulpit\poster- irena.ppt-2.ppt 2014-05-11 11:23 - 2014-05-11 11:32 - 01088313 _____ () C:\Documents and Settings\user\Pulpit\poster- irena.pptx-2.pptx 2014-05-10 16:50 - 2010-01-15 22:04 - 03672054 _____ () C:\WINDOWS\ACD Wallpaper.bmp 2014-05-08 20:33 - 2013-01-31 16:55 - 00005632 ___SH () C:\Documents and Settings\All Users\Menu Start\Programy\Thumbs.db 2014-05-06 20:49 - 2010-01-13 13:09 - 00000000 ____D () C:\WINDOWS\system32\Restore 2014-05-06 20:43 - 2014-05-06 20:43 - 00000385 _____ () C:\DelFix.txt 2014-05-05 22:11 - 2010-01-13 13:18 - 00000000 ___RD () C:\Documents and Settings\user\Moje dokumenty 2014-05-05 21:42 - 2010-01-13 13:18 - 00000000 __RHD () C:\Documents and Settings\user\Dane aplikacji 2014-05-05 21:42 - 2010-01-13 13:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji 2014-05-04 17:41 - 2013-04-02 12:56 - 00143801 _____ () C:\WINDOWS\setupapi.log 2014-05-03 13:30 - 2013-12-29 22:10 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\ZDJĘCIA NA ŚCIANĘ 2014-04-30 20:51 - 2013-04-13 13:57 - 00030565 _____ () C:\Documents and Settings\user\hs_err_pid3292.log 2014-04-29 22:38 - 2014-04-29 22:38 - 00509178 _____ () C:\Documents and Settings\user\Pulpit\PIT ASKA.rar 2014-04-29 22:38 - 2014-04-29 22:37 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\PIT ASKA 2014-04-27 17:16 - 2010-01-17 11:40 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Adobe 2014-04-27 16:19 - 2012-04-10 17:12 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-04-27 16:19 - 2011-05-18 21:18 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-04-26 11:33 - 2014-04-26 11:33 - 04539051 _____ () C:\Documents and Settings\user\Pulpit\BABCIA PIT.rar 2014-04-26 11:33 - 2014-04-26 11:33 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\BABCIA PIT 2014-04-26 11:26 - 2014-04-26 11:26 - 00707504 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.exe 2014-04-26 11:26 - 2014-04-15 18:13 - 00011761 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.msg 2014-04-26 11:26 - 2014-04-15 18:13 - 00005899 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.dat 2014-04-26 11:26 - 2010-01-13 13:18 - 00000000 ___HD () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji 2014-04-25 15:50 - 2014-04-25 15:50 - 00030462 _____ () C:\Documents and Settings\user\hs_err_pid2716.log 2014-04-25 15:42 - 2014-04-25 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-25 15:42 - 2014-04-25 15:38 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log 2014-04-25 15:42 - 2011-04-03 13:25 - 00000000 ____D () C:\Program Files\Java 2014-04-25 15:37 - 2010-01-13 14:03 - 01087636 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-25 15:37 - 2001-10-26 20:15 - 00490866 _____ () C:\WINDOWS\system32\perfh015.dat 2014-04-25 15:37 - 2001-10-26 20:15 - 00084078 _____ () C:\WINDOWS\system32\perfc015.dat 2014-04-25 15:16 - 2010-01-13 14:02 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-04-25 15:16 - 2010-01-13 14:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2014-04-25 15:02 - 2014-04-25 15:16 - 00000426 _____ () C:\AVScanner.ini 2014-04-25 00:01 - 2010-11-30 19:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-24 21:59 - 2014-04-24 21:59 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\Nowy folder 2014-04-24 13:00 - 2014-04-24 13:00 - 00030460 _____ () C:\Documents and Settings\user\hs_err_pid2512.log ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea C:\WINDOWS\system32\User32.dll [2004-08-04 00:44] - [2008-04-14 23:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2004-08-04 00:44] - [2008-04-14 23:50] - 0399360 ____A (Microsoft Corporation) 02396dab9dd407b06539981f477f3fec ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2004-08-04 00:36] - [2008-04-14 22:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================