Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 01 Ran by ja sam (administrator) on ANONIM-E21ED28F on 25-05-2014 19:13:11 Running from C:\FRST\FRST-OlderVersion Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Nikon Corporation) C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-28] (AVAST Software) HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-07-21] (Hewlett-Packard) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [upt4pc_en_3.exe] => C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Dane aplikacji\t4pc_en_3\upt4pc_en_3.exe -runhelper Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\NkbMonitor.exe.lnk ShortcutTarget: NkbMonitor.exe.lnk -> C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\NkbMonitor.exe.lnk ShortcutTarget: NkbMonitor.exe.lnk -> C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1382565418750 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{F384A567-8FE2-4BBD-98C4-347DE6403466}: [NameServer]192.168.1.1,194.204.159.1 Tcpip\..\Interfaces\{FABFB3DE-BFE5-4B19-9A8A-9AC084441E81}: [NameServer]192.168.1.1,194.204.195.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Dane aplikacji\Mozilla\Firefox\Profiles\38t7tn1s.default-1400843091312 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-23] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-28] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-28] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation) R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.) R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-28] () R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-03-31] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-28] (AVAST Software) R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-02-02] (ALWIL Software) R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252464 2014-04-28] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-28] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software) S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35272 2013-10-23] (The OpenVPN Project) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-28] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-28] () R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.) R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation) S3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation) R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-23 13:39 - 2014-05-23 13:39 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\TFC.exe 2014-05-22 20:04 - 2014-05-25 19:13 - 00000000 ____D () C:\FRST 2014-05-22 19:53 - 2014-05-22 19:53 - 00380416 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\92rimh2n.exe 2014-05-22 18:50 - 2014-05-24 07:07 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\cos-dziwnego 2014-05-22 18:21 - 2014-05-22 18:21 - 00602112 _____ (OldTimer Tools) C:\OTL.exe 2014-05-22 14:32 - 2014-05-22 14:32 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\dell 2014-05-21 19:00 - 2014-05-21 19:00 - 00000719 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\VLC media player.lnk 2014-05-21 19:00 - 2014-05-21 19:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\VideoLAN 2014-05-21 19:00 - 2014-05-21 19:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\VideoLAN 2014-05-21 18:55 - 2014-05-21 18:55 - 00000000 ____D () C:\Program Files\VideoLAN 2014-05-21 18:52 - 2014-05-21 18:53 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\vlc 2014-05-06 22:18 - 2014-05-06 22:18 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS\Ustawienia lokalne\Dane aplikacji\Google 2014-05-05 20:49 - 2014-05-05 20:49 - 00000000 __SHD () C:\WINDOWS\ftpcache 2014-05-05 18:53 - 2014-05-05 18:53 - 00000745 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Edytor postaci.lnk 2014-05-05 18:53 - 2014-05-05 18:53 - 00000740 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Logomocja Imagine.lnk 2014-05-05 18:53 - 2014-05-05 18:53 - 00000000 ____D () C:\Program Files\Logomocja 2014-05-05 18:53 - 2014-05-05 18:53 - 00000000 ____D () C:\Program Files\Common Files\Imagine 2014-05-05 18:53 - 2014-05-05 18:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Logomocja-Imagine 2014-05-05 18:53 - 2014-05-05 18:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Logomocja-Imagine 2014-05-05 18:53 - 2003-01-31 03:31 - 02311168 _____ () C:\WINDOWS\system32\exeImagine.IMD 2014-05-05 18:53 - 2002-09-16 17:32 - 00398336 _____ () C:\WINDOWS\system32\nxImagine.ocx 2014-05-05 18:52 - 2014-05-05 18:52 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Menu Start\Programy\WinRAR 2014-05-05 18:52 - 2014-05-05 18:52 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Dane aplikacji\WinRAR 2014-05-05 18:52 - 2014-05-05 18:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\WinRAR 2014-05-05 18:52 - 2014-05-05 18:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\WinRAR 2014-05-05 18:51 - 2014-05-05 18:52 - 00000000 ____D () C:\Program Files\WinRAR 2014-05-05 18:51 - 2014-05-05 18:51 - 01929720 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\wrar501pl.exe 2014-05-05 15:57 - 2014-05-05 15:57 - 00000814 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\WM Converter.lnk 2014-05-05 15:57 - 2014-05-05 15:57 - 00000638 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\WM Recorder 12.1.lnk 2014-05-05 15:57 - 2014-05-05 15:57 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Menu Start\Programy\WM Recorder 12.1 2014-05-05 15:56 - 2014-05-05 15:58 - 00000000 ____D () C:\Program Files\WMR11 2014-05-03 18:59 - 2014-05-03 19:00 - 00005487 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-04-28 10:19 - 2014-04-28 10:19 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-28 10:19 - 2014-04-28 10:19 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys ==================== One Month Modified Files and Folders ======= 2014-05-25 19:13 - 2014-05-22 20:04 - 00000000 ____D () C:\FRST 2014-05-25 19:12 - 2013-10-19 18:38 - 01172988 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-25 18:56 - 2013-10-23 21:49 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-05-25 18:55 - 2013-11-17 20:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-05-25 18:55 - 2013-11-17 20:51 - 00000000 _____ () C:\WINDOWS\wiaservc.log 2014-05-25 18:54 - 2014-03-19 13:35 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-05-25 18:54 - 2013-11-06 16:09 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-25 18:54 - 2013-10-19 18:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-25 18:50 - 2013-10-19 18:43 - 00000292 ___SH () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\ntuser.ini 2014-05-25 18:50 - 2013-10-19 18:42 - 00032574 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-25 18:43 - 2008-04-15 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-24 07:07 - 2014-05-22 18:50 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\cos-dziwnego 2014-05-24 06:41 - 2013-11-06 16:09 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-24 06:16 - 2013-11-14 10:44 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-23 14:38 - 2013-10-19 18:43 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit 2014-05-23 14:17 - 2013-12-20 16:39 - 00000000 ____D () C:\Program Files\Applian Technologies 2014-05-23 13:39 - 2014-05-23 13:39 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\TFC.exe 2014-05-23 13:17 - 2013-11-06 16:09 - 00000000 ____D () C:\Program Files\Google 2014-05-23 13:16 - 2013-11-06 16:09 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Dane aplikacji\Google 2014-05-23 13:16 - 2013-10-19 20:29 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2014-05-23 13:16 - 2013-10-19 20:29 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2014-05-23 13:16 - 2013-10-19 20:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Pulpit 2014-05-23 12:43 - 2013-10-19 18:43 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F 2014-05-23 12:42 - 2013-10-19 20:29 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji 2014-05-23 12:42 - 2013-10-19 18:43 - 00000000 __RHD () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Dane aplikacji 2014-05-23 12:42 - 2013-10-19 18:43 - 00000000 ___RD () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty 2014-05-23 12:42 - 2013-10-19 18:43 - 00000000 ___HD () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Dane aplikacji 2014-05-23 12:36 - 2013-10-24 15:52 - 00000000 ____D () C:\Program Files\Opera 2014-05-23 10:07 - 2013-10-19 18:43 - 00000000 ___RD () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Menu Start\Programy 2014-05-23 09:34 - 2013-10-19 20:29 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart 2014-05-23 09:34 - 2013-10-19 20:29 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart 2014-05-23 09:14 - 2014-04-09 22:56 - 00043552 _____ () C:\WINDOWS\setupapi.log 2014-05-23 09:14 - 2014-04-09 22:56 - 00025338 _____ () C:\WINDOWS\FaxSetup.log 2014-05-23 09:14 - 2014-04-09 22:56 - 00014637 _____ () C:\WINDOWS\ocgen.log 2014-05-23 09:14 - 2014-04-09 22:56 - 00011033 _____ () C:\WINDOWS\tsoc.log 2014-05-23 09:14 - 2014-04-09 22:56 - 00008449 _____ () C:\WINDOWS\comsetup.log 2014-05-23 09:14 - 2014-04-09 22:56 - 00005317 _____ () C:\WINDOWS\ntdtcsetup.log 2014-05-23 09:14 - 2014-04-09 22:56 - 00003885 _____ () C:\WINDOWS\iis6.log 2014-05-23 09:14 - 2014-04-09 22:56 - 00001917 _____ () C:\WINDOWS\imsins.log 2014-05-23 09:14 - 2014-04-09 22:56 - 00001627 _____ () C:\WINDOWS\ocmsn.log 2014-05-23 09:14 - 2014-04-09 22:56 - 00001406 _____ () C:\WINDOWS\msgsocm.log 2014-05-22 19:53 - 2014-05-22 19:53 - 00380416 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\92rimh2n.exe 2014-05-22 18:21 - 2014-05-22 18:21 - 00602112 _____ (OldTimer Tools) C:\OTL.exe 2014-05-22 14:38 - 2013-10-19 18:43 - 00000000 ___RD () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\Moje obrazy 2014-05-22 14:32 - 2014-05-22 14:32 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\dell 2014-05-21 19:50 - 2013-10-19 18:43 - 00000000 ___RD () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Menu Start\Programy\Autostart 2014-05-21 19:00 - 2014-05-21 19:00 - 00000719 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\VLC media player.lnk 2014-05-21 19:00 - 2014-05-21 19:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\VideoLAN 2014-05-21 19:00 - 2014-05-21 19:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\VideoLAN 2014-05-21 18:55 - 2014-05-21 18:55 - 00000000 ____D () C:\Program Files\VideoLAN 2014-05-21 18:53 - 2014-05-21 18:52 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\vlc 2014-05-21 14:04 - 2013-11-02 16:51 - 00000919 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\intlname.ols 2014-05-15 11:10 - 2013-10-23 21:50 - 00777488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-05-15 11:10 - 2013-10-23 21:50 - 00411680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-05-15 11:10 - 2013-10-23 21:50 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys 2014-05-14 19:17 - 2013-10-23 22:08 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-05-14 19:17 - 2013-10-23 22:08 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-05-14 14:39 - 2013-10-24 21:03 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-05-14 14:38 - 2014-03-26 21:41 - 00002347 _____ () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Adobe Reader XI.lnk 2014-05-14 14:38 - 2014-03-26 21:41 - 00002347 _____ () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Adobe Reader XI.lnk 2014-05-14 14:34 - 2013-10-24 21:03 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-13 20:21 - 2013-12-20 15:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-08 15:00 - 2014-03-19 13:35 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-05-06 22:18 - 2014-05-06 22:18 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS\Ustawienia lokalne\Dane aplikacji\Google 2014-05-06 22:18 - 2014-04-02 12:42 - 00001767 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Google Slides.lnk 2014-05-06 22:18 - 2014-04-02 12:42 - 00001765 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Google Sheets.lnk 2014-05-06 22:18 - 2014-04-02 12:42 - 00001755 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Google Docs.lnk 2014-05-06 22:18 - 2014-04-02 12:42 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Google Drive 2014-05-06 22:18 - 2014-04-02 12:42 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Google Drive 2014-05-06 22:18 - 2013-10-19 20:29 - 00000000 ___HD () C:\Documents and Settings\Default User.WINDOWS\Ustawienia lokalne\Dane aplikacji 2014-05-05 20:49 - 2014-05-05 20:49 - 00000000 __SHD () C:\WINDOWS\ftpcache 2014-05-05 18:53 - 2014-05-05 18:53 - 00000745 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Edytor postaci.lnk 2014-05-05 18:53 - 2014-05-05 18:53 - 00000740 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Logomocja Imagine.lnk 2014-05-05 18:53 - 2014-05-05 18:53 - 00000000 ____D () C:\Program Files\Logomocja 2014-05-05 18:53 - 2014-05-05 18:53 - 00000000 ____D () C:\Program Files\Common Files\Imagine 2014-05-05 18:53 - 2014-05-05 18:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Logomocja-Imagine 2014-05-05 18:53 - 2014-05-05 18:53 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Logomocja-Imagine 2014-05-05 18:52 - 2014-05-05 18:52 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Menu Start\Programy\WinRAR 2014-05-05 18:52 - 2014-05-05 18:52 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Dane aplikacji\WinRAR 2014-05-05 18:52 - 2014-05-05 18:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\WinRAR 2014-05-05 18:52 - 2014-05-05 18:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\WinRAR 2014-05-05 18:52 - 2014-05-05 18:51 - 00000000 ____D () C:\Program Files\WinRAR 2014-05-05 18:51 - 2014-05-05 18:51 - 01929720 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\wrar501pl.exe 2014-05-05 18:19 - 2013-12-20 16:50 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Dane aplikacji\Applian FLV and Media Player 2014-05-05 17:08 - 2013-12-10 15:54 - 00005632 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-05 15:58 - 2014-05-05 15:56 - 00000000 ____D () C:\Program Files\WMR11 2014-05-05 15:57 - 2014-05-05 15:57 - 00000814 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\WM Converter.lnk 2014-05-05 15:57 - 2014-05-05 15:57 - 00000638 _____ () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Pulpit\WM Recorder 12.1.lnk 2014-05-05 15:57 - 2014-05-05 15:57 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Menu Start\Programy\WM Recorder 12.1 2014-05-05 12:54 - 2013-12-20 15:40 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\dwhelper 2014-05-04 20:56 - 2014-01-16 14:42 - 00000000 ____D () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\Pobieranie 2014-05-03 19:00 - 2014-05-03 18:59 - 00005487 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-05-03 19:00 - 2014-04-09 22:56 - 00003625 _____ () C:\WINDOWS\updspapi.log 2014-05-03 19:00 - 2014-04-09 22:56 - 00001355 _____ () C:\WINDOWS\imsins.BAK 2014-05-03 18:59 - 2013-10-24 20:57 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-04-30 10:12 - 2008-04-15 14:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-04-30 10:12 - 2008-04-15 14:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-04-28 12:24 - 2013-11-05 13:40 - 00000000 ____D () C:\WINDOWS\system32\cache 2014-04-28 10:20 - 2014-02-02 13:46 - 00001719 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\avast! Premier.lnk 2014-04-28 10:19 - 2014-04-28 10:19 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-28 10:19 - 2014-04-28 10:19 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-04-28 10:19 - 2013-10-23 21:50 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1400145027125 2014-04-28 10:19 - 2013-10-23 21:50 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-04-28 10:19 - 2013-10-23 21:50 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-04-28 10:19 - 2013-10-23 21:50 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-04-28 10:19 - 2013-10-23 21:50 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1400145027125 2014-04-28 10:19 - 2013-10-23 21:50 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-04-28 10:19 - 2013-10-23 21:49 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-04-28 10:18 - 2014-02-02 13:45 - 00252464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys 2014-04-26 17:21 - 2014-04-09 22:56 - 00000041 _____ () C:\WINDOWS\setupact.log 2014-04-25 19:01 - 2014-04-02 12:43 - 00010240 ____H () C:\Documents and Settings\ja sam.ANONIM-E21ED28F\Moje dokumenty\photothumb.db ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-15 14:00] - [2008-04-15 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 14:00] - [2008-04-15 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================