Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 Ran by 1 (administrator) on MONIKA on 01-06-2014 16:10:55 Running from G:\ Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Atheros) C:\WINDOWS\system32\acs.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Syntek America Inc.) C:\WINDOWS\system32\StkCSrv.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe () G:\qszgjhqt.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) HKLM\...\Policies\Explorer: [NoInternetIcon] 〰〰 HKU\.DEFAULT\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\.DEFAULT\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-19\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-19\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-19\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-20\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-861567501-484061587-1417001333-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-861567501-484061587-1417001333-1003\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-861567501-484061587-1417001333-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {3D49A57F-1F01-429C-A5F3-EBBAF9EC71B0} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} SearchScopes: HKCU - 4AF4C494FA0A4761B2986B969BE9AD8A URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {3D49A57F-1F01-429C-A5F3-EBBAF9EC71B0} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: V9BHOLoader - {4DE0953E-490E-4D6F-BDDA-0516C372F3AF} - C:\WINDOWS\system32\v9loader.dll (Beijing Elex Technology Co., Ltd) BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - V9-ToolBar - {742E70CF-7770-412d-86CB-230B322E807C} - C:\WINDOWS\system32\v9-toolbar.dll (FOF_SILENT Beijing Elex Technology Co., Ltd) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - V9-ToolBar - {742E70CF-7770-412D-86CB-230B322E807C} - C:\WINDOWS\system32\v9-toolbar.dll (FOF_SILENT Beijing Elex Technology Co., Ltd) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Documents and Settings\1\Dane aplikacji\Mozilla\Firefox\Profiles\iixd70zx.default-1401366845390 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-05-30] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-30] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-05-30] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-05-30] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-05-30] Chrome: ======= CHR HomePage: CHR DefaultSearchKeyword: sweet-page CHR DefaultSearchProvider: sweet-page CHR DefaultSearchURL: http://www.sweet-page.com/web/?type=ds&ts=1400669169&from=cor&uid=HitachiXHTS541612J9SA00_SB2D41E4CT4HUECT4HUEX&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-05-31] CHR Extension: (Bezpieczne pieniądze) - C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-05-31] CHR Extension: (Blokowanie niebezpiecznych stron internetowych) - C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-05-31] CHR Extension: (Klawiatura wirtualna) - C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-05-31] CHR Extension: (Google Wallet) - C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19] CHR Extension: (Blokowanie banerów) - C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-05-31] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-16] ========================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-05-29] (Emsisoft GmbH) R2 ACS; C:\WINDOWS\system32\acs.exe [360533 2006-11-17] (Atheros) R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit) S4 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1342024 2012-12-10] (AVG Technologies CZ, s.r.o.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-16] (Kaspersky Lab ZAO) R2 Skype C2C Service; C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) R2 StkSSrv; C:\WINDOWS\System32\StkCSrv.exe [24576 2007-02-07] (Syntek America Inc.) ==================== Drivers (Whitelisted) ==================== R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-29] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2014-05-29] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2014-05-29] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-29] (Emsisoft GmbH) R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [529344 2006-12-05] (Atheros Communications, Inc.) S3 ASNDIS5; C:\WINDOWS\ATK0100\ASNDIS5.SYS [16269 2004-05-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-03-07] (AVG Technologies) S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2014-05-29] (Emsisoft GmbH) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-05-31] (Kaspersky Lab ZAO) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [576096 2014-05-31] (Kaspersky Lab ZAO) R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO) R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24672 2014-05-31] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-10-16] (Kaspersky Lab ZAO) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [144992 2014-05-31] (Kaspersky Lab ZAO) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5632 2005-02-17] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation) R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [62208 2008-08-09] (Silicon Image, Inc.) R3 StkCMini; C:\WINDOWS\System32\Drivers\StkCMini.sys [1245056 2007-02-13] (Syntek) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [54432 2006-07-20] (Atheros Communications, Inc.) S4 IntelIde; No ImagePath U5 klflt; C:\Windows\System32\Drivers\klflt.sys [93792 2014-05-31] (Kaspersky Lab ZAO) U2 WinDefend; U1 WS2IFSL; U3 uwtdypod; \??\C:\DOCUME~1\1\USTAWI~1\Temp\uwtdypod.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-01 16:10 - 2014-06-01 16:11 - 00000000 ___DC () C:\FRST 2014-06-01 12:40 - 2014-06-01 12:45 - 00060630 _____ () C:\WINDOWS\ie8_main.log 2014-06-01 12:40 - 2014-06-01 12:44 - 00029729 _____ () C:\WINDOWS\updspapi.log 2014-06-01 12:40 - 2014-06-01 12:44 - 00027238 _____ () C:\WINDOWS\ie8Uninst.log 2014-06-01 12:40 - 2014-06-01 12:40 - 00000134 _____ () C:\Documents and Settings\1\Pulpit\Rozwiązywanie problemów z programem Internet Explorer.url 2014-06-01 10:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll 2014-05-31 13:33 - 2014-05-31 13:33 - 00001078 ____C () C:\EamClean.log 2014-05-31 12:54 - 2014-05-31 12:55 - 00001024 ____H () C:\WINDOWS\system32\config\elam.LOG 2014-05-31 12:54 - 2014-05-31 12:54 - 00262144 _____ () C:\WINDOWS\system32\config\elam 2014-05-31 12:53 - 2014-05-31 12:56 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Muvy 2014-05-31 12:53 - 2014-05-31 12:53 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Novida 2014-05-30 22:07 - 2014-05-31 13:35 - 00001971 _____ () C:\Documents and Settings\1\Pulpit\Bezpieczne pieniądze.lnk 2014-05-30 22:06 - 2014-05-30 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Internet Security 2014-05-30 22:06 - 2014-05-30 22:05 - 00000861 _____ () C:\Documents and Settings\All Users\Pulpit\Kaspersky Internet Security.lnk 2014-05-30 22:05 - 2014-06-01 11:46 - 00017820 _____ () C:\WINDOWS\setupapi.log 2014-05-30 22:03 - 2014-06-01 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2014-05-30 22:03 - 2014-05-31 13:18 - 00576096 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys 2014-05-30 22:03 - 2014-05-31 13:18 - 00093792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys 2014-05-30 22:03 - 2014-05-30 22:03 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-05-30 20:51 - 2014-06-01 13:37 - 00053862 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-30 20:47 - 2014-06-01 13:43 - 00000000 ___DC () C:\AdwCleaner 2014-05-29 16:06 - 2014-06-01 13:40 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-05-29 16:06 - 2014-05-31 00:49 - 00000000 ____D () C:\Documents and Settings\1\Moje dokumenty\Anti-Malware 2014-05-29 15:17 - 2014-05-29 15:18 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\DropboxMaster 2014-05-29 15:17 - 2014-05-29 15:17 - 00000000 ____D () C:\Program Files\Dropbox 2014-05-29 15:17 - 2014-05-29 15:17 - 00000000 ____D () C:\Documents and Settings\1\Menu Start\Programy\Dropbox 2014-05-29 15:15 - 2014-05-29 15:18 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Dropbox 2014-05-29 11:11 - 2014-05-29 13:53 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Poax 2014-05-29 11:11 - 2014-05-29 13:28 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Okaxu 2014-05-29 09:54 - 2014-05-29 09:55 - 00000000 ____D () C:\Documents and Settings\1\Pulpit\Stare dane programu Firefox 2014-05-27 12:48 - 2014-05-30 18:45 - 00000000 ____D () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\OpenFM 2014-05-27 12:48 - 2014-05-27 12:48 - 00001151 _____ () C:\Documents and Settings\1\Pulpit\OpenFM.lnk 2014-05-25 15:42 - 2014-05-25 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\XnView 2014-05-25 13:14 - 2014-05-25 15:41 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\XnView(2) 2014-05-25 13:00 - 2014-06-01 15:26 - 00000218 _____ () C:\WINDOWS\Tasks\Opera D7.job 2014-05-23 16:16 - 2014-05-23 16:16 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-05-10 10:06 - 2014-05-30 21:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-06-01 16:11 - 2014-06-01 16:10 - 00000000 ___DC () C:\FRST 2014-06-01 16:11 - 2011-10-05 15:52 - 00000000 ____D () C:\Documents and Settings\1\Ustawienia lokalne\Temp 2014-06-01 15:26 - 2014-05-25 13:00 - 00000218 _____ () C:\WINDOWS\Tasks\Opera D7.job 2014-06-01 13:43 - 2014-05-30 20:47 - 00000000 ___DC () C:\AdwCleaner 2014-06-01 13:40 - 2014-05-30 22:03 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2014-06-01 13:40 - 2014-05-29 16:06 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-06-01 13:40 - 2014-03-12 19:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-06-01 13:39 - 2014-03-12 19:21 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-06-01 13:39 - 2012-12-25 16:25 - 00000079 ____C () C:\WINDOWS\Boottime.ini 2014-06-01 13:39 - 2011-10-05 15:52 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT 2014-06-01 13:37 - 2014-05-30 20:51 - 00053862 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-01 13:37 - 2012-03-04 16:17 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-01 13:37 - 2012-01-15 02:27 - 01872198 ____C () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-861567501-484061587-1417001333-1003-0.dat 2014-06-01 13:37 - 2012-01-15 02:27 - 00197078 ____C () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2014-06-01 13:37 - 2011-10-05 17:37 - 00000211 ___SH () C:\boot.ini 2014-06-01 13:37 - 2011-10-05 15:53 - 00000188 __SHC () C:\Documents and Settings\1\ntuser.ini 2014-06-01 13:37 - 2011-10-05 15:52 - 00000000 ____D () C:\Documents and Settings\1 2014-06-01 13:37 - 2008-04-15 14:00 - 00000000 ____C () C:\WINDOWS\win.ini 2014-06-01 13:37 - 2008-04-15 14:00 - 00000000 ____C () C:\WINDOWS\system.ini 2014-06-01 12:45 - 2014-06-01 12:40 - 00060630 _____ () C:\WINDOWS\ie8_main.log 2014-06-01 12:44 - 2014-06-01 12:40 - 00029729 _____ () C:\WINDOWS\updspapi.log 2014-06-01 12:44 - 2014-06-01 12:40 - 00027238 _____ () C:\WINDOWS\ie8Uninst.log 2014-06-01 12:40 - 2014-06-01 12:40 - 00000134 _____ () C:\Documents and Settings\1\Pulpit\Rozwiązywanie problemów z programem Internet Explorer.url 2014-06-01 12:40 - 2011-10-05 15:52 - 00000000 ____D () C:\Documents and Settings\1\Pulpit 2014-06-01 11:46 - 2014-05-30 22:05 - 00017820 _____ () C:\WINDOWS\setupapi.log 2014-06-01 10:40 - 2011-10-05 17:38 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-06-01 10:40 - 2011-10-05 15:52 - 00000000 __RHD () C:\Documents and Settings\1\Dane aplikacji 2014-05-31 22:29 - 2013-05-01 14:59 - 00157952 ____C () C:\WINDOWS\system32\FNTCACHE.DAT 2014-05-31 13:49 - 2011-10-05 17:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-05-31 13:49 - 2011-10-05 17:38 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-05-31 13:35 - 2014-05-30 22:07 - 00001971 _____ () C:\Documents and Settings\1\Pulpit\Bezpieczne pieniądze.lnk 2014-05-31 13:33 - 2014-05-31 13:33 - 00001078 ____C () C:\EamClean.log 2014-05-31 13:18 - 2014-05-30 22:03 - 00576096 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys 2014-05-31 13:18 - 2014-05-30 22:03 - 00093792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys 2014-05-31 13:18 - 2013-10-16 02:39 - 00135776 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys 2014-05-31 13:18 - 2013-10-16 02:39 - 00024672 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys 2014-05-31 13:18 - 2013-06-06 17:38 - 00144992 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys 2014-05-31 12:56 - 2014-05-31 12:53 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Muvy 2014-05-31 12:55 - 2014-05-31 12:54 - 00001024 ____H () C:\WINDOWS\system32\config\elam.LOG 2014-05-31 12:54 - 2014-05-31 12:54 - 00262144 _____ () C:\WINDOWS\system32\config\elam 2014-05-31 12:53 - 2014-05-31 12:53 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Novida 2014-05-31 12:47 - 2013-03-29 19:16 - 00000000 ____D () C:\Program Files\Google 2014-05-31 10:56 - 2011-10-05 15:52 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-05-31 10:56 - 2011-10-05 15:51 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-05-31 10:56 - 2011-10-05 15:45 - 00000000 ____D () C:\WINDOWS\Registration 2014-05-31 10:52 - 2011-10-05 19:07 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Skype 2014-05-31 09:59 - 2011-10-05 15:52 - 00000000 ___HD () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji 2014-05-31 08:17 - 2012-12-23 14:55 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2014-05-31 00:54 - 2012-01-07 18:46 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-05-31 00:49 - 2014-05-29 16:06 - 00000000 ____D () C:\Documents and Settings\1\Moje dokumenty\Anti-Malware 2014-05-30 22:06 - 2014-05-30 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Internet Security 2014-05-30 22:05 - 2014-05-30 22:06 - 00000861 _____ () C:\Documents and Settings\All Users\Pulpit\Kaspersky Internet Security.lnk 2014-05-30 22:03 - 2014-05-30 22:03 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-05-30 22:01 - 2013-02-11 19:52 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2014-05-30 21:42 - 2011-10-05 15:52 - 00000000 ___RD () C:\Documents and Settings\1\Menu Start\Programy 2014-05-30 21:03 - 2014-05-10 10:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-30 20:51 - 2011-10-05 15:52 - 00000188 __SHC () C:\Documents and Settings\LocalService\ntuser.ini 2014-05-30 18:45 - 2014-05-27 12:48 - 00000000 ____D () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\OpenFM 2014-05-30 18:45 - 2011-10-05 22:06 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\OpenFM 2014-05-30 18:24 - 2012-01-07 20:44 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Winamp 2014-05-30 18:23 - 2011-10-05 16:25 - 00000000 __SHD () C:\Documents and Settings\1\UserData 2014-05-30 15:54 - 2012-02-19 16:21 - 00000000 ___RD () C:\Documents and Settings\1\Moje dokumenty\Pobieranie 2014-05-30 15:46 - 2014-01-11 12:46 - 00000000 ____D () C:\Program Files\Opera 2014-05-30 11:57 - 2011-10-05 17:29 - 00000000 ____D () C:\WINDOWS\repair 2014-05-30 11:41 - 2012-01-16 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2014-05-30 11:35 - 2011-10-05 15:52 - 00000000 ___RD () C:\Documents and Settings\1\Moje dokumenty 2014-05-29 15:24 - 2011-10-10 17:15 - 00000000 ____D () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Temp 2014-05-29 15:18 - 2014-05-29 15:17 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\DropboxMaster 2014-05-29 15:18 - 2014-05-29 15:15 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Dropbox 2014-05-29 15:17 - 2014-05-29 15:17 - 00000000 ____D () C:\Program Files\Dropbox 2014-05-29 15:17 - 2014-05-29 15:17 - 00000000 ____D () C:\Documents and Settings\1\Menu Start\Programy\Dropbox 2014-05-29 13:53 - 2014-05-29 11:11 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Poax 2014-05-29 13:28 - 2014-05-29 11:11 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Okaxu 2014-05-29 09:55 - 2014-05-29 09:54 - 00000000 ____D () C:\Documents and Settings\1\Pulpit\Stare dane programu Firefox 2014-05-29 09:33 - 2012-03-06 17:11 - 00000000 ____D () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\GG 2014-05-29 09:27 - 2012-03-06 17:11 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\GG 2014-05-29 09:23 - 2008-04-15 14:00 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl 2014-05-27 12:48 - 2014-05-27 12:48 - 00001151 _____ () C:\Documents and Settings\1\Pulpit\OpenFM.lnk 2014-05-26 23:39 - 2011-11-11 17:33 - 00000000 ____D () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Paint.NET 2014-05-25 15:42 - 2014-05-25 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\XnView 2014-05-25 15:42 - 2012-10-01 17:44 - 00000000 ____D () C:\Program Files\XnView 2014-05-25 15:41 - 2014-05-25 13:14 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\XnView(2) 2014-05-25 15:41 - 2014-01-11 12:47 - 00000000 ____D () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\Opera Software 2014-05-25 15:41 - 2014-01-11 12:47 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\Opera Software 2014-05-25 15:28 - 2011-10-06 13:24 - 00000000 ____D () C:\Documents and Settings\1\Dane aplikacji\XnView 2014-05-25 13:59 - 2012-01-30 11:10 - 00196608 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-05-24 21:00 - 2011-10-05 15:53 - 00000000 ___RD () C:\Documents and Settings\1\Moje dokumenty\Moja muzyka 2014-05-23 16:16 - 2014-05-23 16:16 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-05-23 16:16 - 2012-01-16 13:09 - 00000000 ___RD () C:\Program Files\Skype 2014-05-14 09:50 - 2013-08-15 00:51 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-05-14 09:47 - 2011-10-06 14:09 - 90547776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-11 17:45 - 2013-05-02 09:07 - 00032480 ____C () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-05-11 17:45 - 2011-12-31 14:28 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-05-03 20:53 - 2013-05-02 12:31 - 00010752 ____C () C:\Documents and Settings\1\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\Documents and Settings\All Users\Dane aplikacji\Ts_infos.ini C:\Documents and Settings\1\aimp_3.00.976.exe C:\Documents and Settings\1\jxpiinstall.exe C:\Documents and Settings\1\rtb.exe C:\Documents and Settings\1\shoutcast-dsp-1-9-0-windows.exe C:\Documents and Settings\1\XnView-win-full.exe C:\Documents and Settings\1\[Animazione] Un grazioso gattino che gira sul desktop.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-15 14:00] - [2008-04-15 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0026624 ___AC (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 14:00] - [2008-04-15 14:00] - 0052864 ___AC (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================