Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03 Ran by Administrator (administrator) on MAIN-DELL on 25-08-2014 16:59:20 Running from G:\docs\download Platform: Microsoft(R) Windows(R) Server 2003, Enterprise Edition Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NotebookHardwareControl] => C:\Program Files\Notebook Hardware Control\nhc.exe [2629632 2007-05-04] (http://www.pbus-167.com) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2383160 2012-11-06] (Synaptics Incorporated) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe [313440 2012-03-07] (Kaspersky Lab ZAO) HKLM\...\Winlogon: [UIHost] %SystemRoot%\system32\logonui.exe [x ] () Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) Winlogon\Notify\OdysseyClient: C:\WINDOWS\system32\odyEvent.dll (Funk Software, Inc.) HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess? HKLM\...\Policies\Explorer: [ShowSuperHidden] 1 HKU\.DEFAULT\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Run: [OscarEditor] => C:\Program Files\GXStandard16-in-1\GXStandard16in1.exe [3343360 2011-09-02] () HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Run: [Desktop Notes] => G:\programy\view\DesktopNotes\DesktopNotes.exe [2621440 2011-11-05] () HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Policies\Explorer: [NoSMMyDocs] 0x01000000 HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Policies\Explorer: [NoSMMyPictures] 0x01000000 HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Policies\Explorer: [NoSMHelp] 0x01000000 HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Policies\Explorer: [NoLogoff] 0x01000000 HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000 HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\Policies\Explorer: [NoRecentDocsHistory] 0x01000000 HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {0bea7008-3414-11e2-875a-d608f1dfd19e} - I:\AutoRun.exe HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {24c97769-6c9e-11e3-97e5-fb3e67e59480} - I:\AutoRun.exe HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {2da66981-29a6-11e3-97dc-8484eac5bd89} - I:\AutoRun.exe HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {35764dbb-4c19-11e2-9438-0019d24d9b15} - I:\AutoRun.exe /s HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {725a90b5-525f-11e2-9016-0019d24d9b15} - I:\AutoRun.exe HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {725a9a27-525f-11e2-9016-0019d24d9b15} - I:\AutoRun.exe HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {807138ee-340f-11e2-8fa2-9c5f4295a43a} - I:\AutoRun.exe HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {80ccec02-29a7-11e3-bd1d-d9da70091fba} - I:\AutoRun.exe HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {aaeb7d21-a05c-11e2-a27d-f56acfb516c6} - I:\AutoRun.exe HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {baf010f9-4c1d-11e2-9df8-fea0f8d023e7} - I:\AutoRun.exe /s HKU\S-1-5-21-3162662143-1847251711-2802006096-500\...\MountPoints2: {d5c185f1-4c1b-11e2-b1eb-e7efd4ce71eb} - I:\AutoRun.exe /s Lsa: [Notification Packages] RASSFM KDCSVC WDIGEST scecli Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\batch.lnk ShortcutTarget: batch.lnk -> G:\programy\safe\batch.bat () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\FreeCommander.lnk ShortcutTarget: FreeCommander.lnk -> C:\Program Files\FreeCommander\FreeCommander.exe (Marek Jasinski - www.FreeCommander.com) BootExecute: autocheck autochk * OODBS ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = SearchScopes: HKCU - DefaultScope {D9CF094D-6588-417F-817A-E8A04CF1A700} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKCU - {D9CF094D-6588-417F-817A-E8A04CF1A700} URL = http://www.google.com/search?hl=pl&q={searchTerms} Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - Łą&cza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\h7cuzg6b.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin HKCU: @torrentstream.net/tsplugin,version=1.0.6 -> C:\Documents and Settings\Administrator\Dane aplikacji\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology) FF Extension: iMacros for Firefox - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\h7cuzg6b.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2012-11-25] FF Extension: XPath Checker - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\h7cuzg6b.default\Extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537}.xpi [2013-06-16] FF Extension: iMacros for Firefox - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\pg38r8pf.Fx_Last_Version\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-12-29] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-02] FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Documents and Settings\Administrator\Dane aplikacji\TorrentStream\extensions\firefox\magicplayer@torrentstream.org FF Extension: TS Magic Player - C:\Documents and Settings\Administrator\Dane aplikacji\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2012-11-03] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox Last Version\firefox.exe Chrome: ======= CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Torrent Stream P2P Multimedia Plug-in) - C:\Documents and Settings\Administrator\Dane aplikacji\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology) CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.94) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Citrix\Plugins\94\npappdetector.dll (Citrix Online) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-10] CHR Extension: (Dysk Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-10] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-10] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-10] CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-10] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-10] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe [313440 2012-03-07] (Kaspersky Lab ZAO) S3 Dfs; C:\WINDOWS\system32\Dfssvc.exe [164864 2007-02-17] (Microsoft Corporation) S4 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S4 IsmServ; C:\WINDOWS\System32\ismserv.exe [40448 2007-02-17] (Microsoft Corporation) S4 kdc; C:\WINDOWS\System32\lsass.exe [16384 2003-12-05] (Microsoft Corporation) S4 LicenseService; C:\WINDOWS\System32\llssrv.exe [94720 2007-02-18] (Microsoft Corporation) S4 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] () S3 NtFrs; C:\WINDOWS\system32\ntfrs.exe [792576 2007-02-17] (Microsoft Corporation) S3 O&O Defrag; C:\WINDOWS\system32\oodag.exe [1406208 2009-08-22] (O&O Software GmbH) R2 odClientService; C:\Program Files\Funk Software\Odyssey Client\odClientService.exe [126976 2004-07-02] (Funk Software, Inc.) [File not signed] S3 RSoPProv; C:\WINDOWS\system32\RSoPProv.exe [67072 2007-02-17] (Microsoft Corporation) S3 sacsvr; C:\WINDOWS\system32\sacsvr.dll [12288 2003-12-05] (Microsoft Corporation) R2 ToolTipFixer; C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [61952 2008-10-14] (NeoSmart Technologies) [File not signed] S4 TrkSvr; C:\WINDOWS\system32\trksvr.dll [50688 2003-12-05] (Microsoft Corporation) S4 Tssdis; C:\WINDOWS\System32\tssdis.exe [71168 2007-02-17] (Microsoft Corporation) R2 UPHClean; C:\Program Files\UPHClean\uphclean.dll [276480 2008-10-31] (Windows (R) Codename Longhorn DDK provider) [File not signed] S3 wifimansvc; C:\Program Files\Mobile Partner\eap\wifimansvc.exe [605696 2012-11-10] () [File not signed] R2 Eventlog; [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [16877 2002-07-17] (Adaptec) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17408 2007-02-17] (Microsoft Corporation) S4 ClusDisk; C:\WINDOWS\System32\DRIVERS\ClusDisk.sys [69120 2007-02-17] (Microsoft Corporation) R0 DfsDriver; C:\WINDOWS\System32\drivers\Dfs.sys [34816 2007-02-17] (Microsoft Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-13] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP) R1 kl1; C:\WINDOWS\system32\drivers\kl1.sys [136024 2014-08-22] (Kaspersky Lab ZAO) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [238936 2014-08-22] (Kaspersky Lab) S3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-01-19] (Labtec Inc.) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [11776 2007-02-17] (Microsoft Corporation) S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation) S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4203392 2009-05-29] (Intel Corporation) R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6607744 2010-08-16] (Intel Corporation) R3 nhcDriverDevice; C:\WINDOWS\system32\drivers\nhcDriver.sys [22528 2014-08-25] (pBUS-167 Software - http://www.pbus-167.com) [File not signed] R3 odysseyIM3; C:\WINDOWS\System32\DRIVERS\odysseyIM3.sys [62865 2004-07-02] (Funk Software, Inc.) [File not signed] R0 phylock; C:\WINDOWS\System32\drivers\phylock.sys [18848 2006-12-18] (TeraByte, Inc.) S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.) [File not signed] R0 R592; C:\WINDOWS\System32\DRIVERS\R592.sys [54912 2004-01-18] (REDC) S3 sfng32; C:\WINDOWS\System32\drivers\sfng32.sys [41728 2005-12-02] (Sonic Focus, Inc) [File not signed] R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [97248 2008-01-28] (Acronis) [File not signed] R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [715248 2008-01-28] () [File not signed] R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) S4 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project) [File not signed] S4 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2011-05-25] (AnchorFree Inc) S4 VNA; C:\WINDOWS\System32\DRIVERS\vna.sys [129304 2013-07-25] (Check Point Software Technologies) S3 WLBS; C:\WINDOWS\System32\DRIVERS\wlbs.sys [179712 2007-02-17] (Microsoft Corporation) S4 adpu320; No ImagePath S4 afcnt; No ImagePath S4 AmdIde; No ImagePath S4 arc; No ImagePath S4 cpqarry2; No ImagePath S4 cpqcissm; No ImagePath S4 cpqfcalm; No ImagePath S4 dellcerc; No ImagePath S4 elxstor; No ImagePath S4 hpcisss; No ImagePath S4 hpt3xx; No ImagePath S4 iirsp; No ImagePath S4 IntelIde; No ImagePath S4 ipsraidn; No ImagePath S4 lp6nds35; No ImagePath S4 nfrd960; No ImagePath S4 ql2100; No ImagePath S4 ql2200; No ImagePath S4 ql2300; No ImagePath U5 sacdrv; C:\Windows\System32\Drivers\sacdrv.sys [74240 2007-02-17] (Microsoft Corporation) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [105472 2007-02-17] (Microsoft Corporation) S4 symmpi; No ImagePath U1 WS2IFSL; No ImagePath U4 wscsvc; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) NETSVC: Sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) NETSVC: TrkSvr -> C:\Windows\system32\trksvr.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 00:16 - 2014-08-25 16:59 - 00000000 ____D () C:\FRST 2014-08-24 23:33 - 2014-08-24 23:33 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-08-24 23:32 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-24 23:32 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-08-22 23:12 - 2014-08-22 23:19 - 00238936 _____ (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys 2014-08-22 23:12 - 2014-08-22 23:12 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-08-22 23:12 - 2014-08-22 23:12 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Anti-Virus 6.0 for Windows Servers MP4 2014-08-22 18:26 - 2014-08-22 18:26 - 00000000 ____H () C:\Documents and Settings\Administrator\NTUSER.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\Documents and Settings\NetworkService\NTUSER.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\Documents and Settings\LocalService\NTUSER.tmp.LOG 2014-08-22 17:13 - 2014-08-22 17:13 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-09 10:52 - 2014-08-09 10:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Skype 2014-08-09 08:32 - 2014-08-09 08:32 - 00000811 _____ () C:\Documents and Settings\Administrator\Menu Start\Firefox_4.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 16:59 - 2014-08-25 00:16 - 00000000 ____D () C:\FRST 2014-08-25 16:59 - 2007-09-27 12:35 - 00000000 __SHD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-08-25 16:59 - 2007-09-27 12:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2014-08-25 16:51 - 2013-09-29 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2014-08-25 16:49 - 2012-08-26 11:49 - 00283226 _____ () C:\WINDOWS\PFRO.log 2014-08-25 16:49 - 2012-08-25 14:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-25 16:49 - 2009-11-11 18:22 - 04862816 _____ () C:\WINDOWS\system32\oodbs.lor 2014-08-25 16:49 - 2007-09-28 18:39 - 00022528 _____ (pBUS-167 Software - http://www.pbus-167.com) C:\WINDOWS\system32\Drivers\nhcDriver.sys 2014-08-25 16:49 - 2007-09-27 20:50 - 00000159 _____ () C:\Documents and Settings\LocalService\wiadebug.log 2014-08-25 16:49 - 2003-12-05 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-25 16:48 - 2012-08-26 11:49 - 01408708 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-25 16:48 - 2007-09-27 12:35 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-08-25 16:48 - 2007-09-27 12:34 - 00032570 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt 2014-08-25 16:48 - 2007-09-27 12:34 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2014-08-25 16:48 - 2007-09-27 12:34 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2014-08-25 00:45 - 2013-06-17 23:44 - 00383125 _____ () C:\WINDOWS\setupapi.log 2014-08-25 00:11 - 2007-09-27 12:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-08-24 23:49 - 2007-09-27 12:35 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-08-24 23:33 - 2014-08-24 23:33 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-08-24 23:32 - 2007-09-28 01:16 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-08-22 23:19 - 2014-08-22 23:12 - 00238936 _____ (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys 2014-08-22 23:19 - 2009-11-12 17:49 - 00136024 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys 2014-08-22 23:12 - 2014-08-22 23:12 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2014-08-22 23:12 - 2014-08-22 23:12 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Anti-Virus 6.0 for Windows Servers MP4 2014-08-22 18:26 - 2014-08-22 18:26 - 00000000 ____H () C:\Documents and Settings\Administrator\NTUSER.tmp.LOG 2014-08-22 18:26 - 2007-09-27 13:06 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak 2014-08-22 18:26 - 2007-09-27 13:06 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak 2014-08-22 18:26 - 2007-09-27 13:05 - 30408704 _____ () C:\WINDOWS\system32\config\software.bak 2014-08-22 18:26 - 2007-09-27 13:05 - 07602176 _____ () C:\WINDOWS\system32\config\system.bak 2014-08-22 18:26 - 2007-09-27 13:05 - 00253952 _____ () C:\WINDOWS\system32\config\default.bak 2014-08-22 18:26 - 2007-09-27 12:35 - 06815744 _____ () C:\Documents and Settings\Administrator\NTUSER.bak 2014-08-22 18:26 - 2007-09-27 12:34 - 00225280 _____ () C:\Documents and Settings\NetworkService\NTUSER.bak 2014-08-22 18:26 - 2007-09-27 12:34 - 00225280 _____ () C:\Documents and Settings\LocalService\NTUSER.bak 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\Documents and Settings\NetworkService\NTUSER.tmp.LOG 2014-08-22 18:25 - 2014-08-22 18:25 - 00000000 ____H () C:\Documents and Settings\LocalService\NTUSER.tmp.LOG 2014-08-22 18:25 - 2007-09-27 12:34 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-08-22 18:25 - 2007-09-27 12:34 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-08-22 18:20 - 2013-12-29 18:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox Last Version 2014-08-22 18:20 - 2012-09-04 18:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\NapiProjekt 2014-08-22 18:17 - 2007-09-28 13:57 - 00000000 ____D () C:\Program Files\FlashGet 2014-08-22 18:17 - 2007-09-27 12:35 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-08-22 18:15 - 2010-04-06 13:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2014-08-22 18:15 - 2007-09-28 12:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic 2014-08-22 18:15 - 2007-09-28 10:42 - 00000000 ____D () C:\Program Files\uTorrent 2014-08-22 17:13 - 2014-08-22 17:13 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-08-21 22:36 - 2007-09-27 12:58 - 00000000 ____D () C:\WINDOWS\security 2014-08-21 22:36 - 2007-09-27 12:58 - 00000000 ____D () C:\WINDOWS\Provisioning 2014-08-19 07:32 - 2008-02-21 00:49 - 00000325 _____ () C:\WINDOWS\hpbafd.ini 2014-08-18 23:44 - 2007-09-28 11:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\foobar2000 2014-08-17 13:57 - 2013-02-16 10:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Spotify 2014-08-16 10:14 - 2013-02-16 10:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Spotify 2014-08-15 17:06 - 2007-09-28 11:15 - 00000000 ____D () C:\Program Files\The Bat! 2014-08-10 12:27 - 2009-01-23 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Soulseek 2014-08-09 11:17 - 2007-09-28 13:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Skype 2014-08-09 11:14 - 2008-02-22 13:34 - 00000000 ___RD () C:\Program Files\Skype 2014-08-09 11:14 - 2008-02-22 13:33 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2014-08-09 10:54 - 2014-08-09 10:54 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-09 10:52 - 2014-08-09 10:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Skype 2014-08-09 10:52 - 2007-09-27 12:35 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-08-09 08:32 - 2014-08-09 08:32 - 00000811 _____ () C:\Documents and Settings\Administrator\Menu Start\Firefox_4.lnk 2014-08-09 08:32 - 2007-09-27 12:35 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!. ==================== End Of Log ============================