Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014 Ran by Admin (administrator) on SP-050B971C8B5A on 28-08-2014 10:29:12 Running from F:\ Platform: Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (CyberLink) C:\Program Files\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink Corp.) C:\Program Files\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink) C:\Program Files\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) C:\Program Files\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (SMART Technologies Inc.) C:\Program Files\SMART Board Software\SMARTBoardTools.exe (SMART Technologies Inc.) C:\Program Files\SMART Board Software\Aware.exe (SMART Technologies Inc.) C:\Program Files\SMART Board Software\Marker.exe (Sun Microsystems, Inc.) C:\Program Files\Java\JRE6\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (SMART Technologies Inc.) C:\Program Files\SMART Board Software\SMARTBoardService.exe (SMART Technologies Inc.) C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe (Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe () C:\Documents and Settings\Admin\xeaya.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17616384 2006-03-14] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [700416 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [110592 2005-12-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [LXDBCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll,_RunDLLEntry@16 (the data entry has 59 more characters). HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [PowerDVD12DMREngine] => C:\Program Files\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-07-05] (CyberLink) HKLM\...\Run: [PowerDVD12Agent] => C:\Program Files\PowerDVD12\PowerDVD12Agent.exe [374560 2012-07-05] (CyberLink Corp.) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-1229272821-113007714-725345543-1003\...\Run: [xeaya] => C:\Documents and Settings\Admin\xeaya.exe [176128 2014-08-28] () HKU\S-1-5-21-1229272821-113007714-725345543-1003\...\MountPoints2: {03c665da-f8f0-11dd-b0dc-0016ce727a71} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs HKU\S-1-5-21-1229272821-113007714-725345543-1003\...\MountPoints2: {089f82fa-4f65-11de-b103-0016ce727a71} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe HKU\S-1-5-21-1229272821-113007714-725345543-1003\...\MountPoints2: {247ac744-1844-11de-b0f4-0016ce727a71} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mwrIoy.eXE HKU\S-1-5-21-1229272821-113007714-725345543-1003\...\MountPoints2: {485fface-46da-11df-b11e-0016ce727a71} - F:\kmj.exe HKU\S-1-5-21-1229272821-113007714-725345543-1003\...\MountPoints2: {60a063c0-198e-11e1-b1b5-0016ce727a71} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NUoIV.EXe HKU\S-1-5-21-1229272821-113007714-725345543-1003\...\MountPoints2: {d0560b3e-6332-11df-b127-0016ce727a71} - F:\1thes92p.exe HKU\S-1-5-21-1229272821-113007714-725345543-1003\...\MountPoints2: {d72d80fe-6394-11e1-b1cf-0016ce727a71} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL dieFiOJ.eXE Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Narzędzia SMART Board.lnk ShortcutTarget: Narzędzia SMART Board.lnk -> C:\Program Files\SMART Board Software\SMARTBoardTools.exe (SMART Technologies Inc.) AlternateShell: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. BHO: CIEDownload Object -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Board Software\NotebookPlugin.dll (SMART Technologies Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\imv0slmp.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npImagine.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011-09-12] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-09-12] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR DefaultSearchURL: Default -> {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll () CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Imagine Plugin) - C:\Program Files\Mozilla Firefox\plugins\npImagine.dll () CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR CustomProfile: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-20] CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-20] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CLHNServiceForPowerDVD12; C:\Program Files\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-05] (CyberLink Corp.) R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-05] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-05] (CyberLink) R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-09-12] (Sun Microsystems, Inc.) S4 lxdb_device; C:\WINDOWS\system32\LXDBcoms.exe [495616 2006-07-10] ( ) R2 SMART Board Service; C:\Program Files\SMART Board Software\SMARTBoardService.exe [1003520 2006-11-24] (SMART Technologies Inc.) [File not signed] S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [488448 2006-01-25] (Atheros Communications, Inc.) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [218496 2005-10-24] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.) R2 ntk_PowerDVD12; C:\Program Files\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [121208 2012-06-20] (Cyberlink Corp.) R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files\PowerDVD12\Common\NavFilter\000.fcl [88312 2012-07-05] (CyberLink Corp.) S4 IntelIde; No ImagePath R3 WMI_MFC_TPSHOKER_80; \??\C:\WINDOWS\system32\drivers\gmsmsn.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-28 10:29 - 2014-08-28 10:29 - 00000000 ____D () C:\FRST 2014-08-28 10:26 - 2014-08-28 10:26 - 00176128 __RSH () C:\Documents and Settings\Admin\xeaya.exe 2014-08-28 09:51 - 2014-08-28 09:51 - 00000000 ____D () C:\Program Files\SkanerOnline 2014-08-28 09:46 - 2014-08-28 09:33 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-02.dmp 2014-08-28 09:33 - 2014-08-28 09:33 - 00000000 __SHD () C:\FOUND.007 2014-08-28 09:33 - 2014-08-28 09:20 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-01.dmp 2014-08-28 09:15 - 2014-08-28 09:15 - 00001980 _____ () C:\Documents and Settings\Admin\Pulpit\HiJackThis.lnk 2014-08-28 09:15 - 2014-08-28 09:15 - 00000000 ____D () C:\Program Files\Trend Micro 2014-08-28 09:15 - 2014-08-28 09:15 - 00000000 ____D () C:\Documents and Settings\Admin\Menu Start\Programy\HiJackThis ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-28 10:29 - 2014-08-28 10:29 - 00000000 ____D () C:\FRST 2014-08-28 10:26 - 2014-08-28 10:26 - 00176128 __RSH () C:\Documents and Settings\Admin\xeaya.exe 2014-08-28 10:08 - 2013-03-20 10:34 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-28 09:53 - 2009-01-05 11:37 - 00318773 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-28 09:51 - 2014-08-28 09:51 - 00000000 ____D () C:\Program Files\SkanerOnline 2014-08-28 09:51 - 2009-01-05 11:26 - 01000208 _____ () C:\WINDOWS\setupapi.log 2014-08-28 09:46 - 2013-03-20 10:34 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-28 09:46 - 2009-02-26 10:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-28 09:33 - 2014-08-28 09:46 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-02.dmp 2014-08-28 09:33 - 2014-08-28 09:33 - 00000000 __SHD () C:\FOUND.007 2014-08-28 09:20 - 2014-08-28 09:33 - 00094208 _____ () C:\WINDOWS\Minidump\Mini082814-01.dmp 2014-08-28 09:20 - 2009-11-20 10:31 - 00045675 _____ () C:\lxdb.log 2014-08-28 09:20 - 2009-01-05 12:38 - 00000188 ___SH () C:\Documents and Settings\Admin\ntuser.ini 2014-08-28 09:20 - 2009-01-05 12:37 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-28 09:15 - 2014-08-28 09:15 - 00001980 _____ () C:\Documents and Settings\Admin\Pulpit\HiJackThis.lnk 2014-08-28 09:15 - 2014-08-28 09:15 - 00000000 ____D () C:\Program Files\Trend Micro 2014-08-28 09:15 - 2014-08-28 09:15 - 00000000 ____D () C:\Documents and Settings\Admin\Menu Start\Programy\HiJackThis 2014-08-28 08:19 - 2001-07-21 22:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl Files to move or delete: ==================== C:\Documents and Settings\Admin\diefioj.exe C:\Documents and Settings\Admin\xeaya.exe C:\Documents and Settings\Ewa\ciedeih.exe Some content of TEMP: ==================== C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ose00000.exe C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\8umve8kp.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\bnws5fbj.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\vixutou8.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\s8p4kvho.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\uhwsh3wj.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\0t8jv0z2.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\an80mroc.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\nh9elgl_.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\8uh7bp09.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\2rquc9vm.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\tkhoeyxg.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\z7cii8un.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\nwf7zo2p.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\xegmom7s.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\t6kq99l6.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\guwdkb-b.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\qz42m0lx.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\xv2fhgp1.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\yw08rpbv.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\rwbyklsa.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\h_prl07g.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\pzzxgpui.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\8up6pjek.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\6cdnkgls.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\n9khloh1.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\p7kmyie2.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\zvfmsng9.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\qjlqlg3q.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\uvsfeldf.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ivvgy50a.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\j3zrkfxk.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\munhdfif.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\-2imroq4.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\0lnk0gxp.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ju4sgfb0.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\rhonop7h.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\k3zeafci.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ee13q2bn.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\knu26vyo.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\bzhuqomk.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\bqenwrog.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\gccp_lc4.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\w6uokxna.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\dbo20qtl.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\pmdtucuu.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ap6fhrr0.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\64ntbq4c.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\woa0ih2s.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ebrm4k0-.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\0iu9bwol.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\r2h9ium2.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\nlg1apic.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\czhzzjgb.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\rzleeowe.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\41lsehkp.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\muq6hh05.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\6rdaelqd.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\gpqgfvwk.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\86nhxnwp.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\vvzhbv8n.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\vc7fso5j.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\zkwkk5xq.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\tgmirtrp.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\tlj2dd5p.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\dxuahhzk.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\0nwcfq_p.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\g-5ewqxn.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\wcjoyjl0.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\piqz1qqd.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\lwj3xyi_.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\4l93mdao.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\vxo8zfg5.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\llcfetm-.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\vtoqu1rt.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\mzuzxmpt.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\63bi62jh.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\7nxhf2or.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\oexjnfsy.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\hmcleo6j.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\syc1tkv3.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\w4tuu9bg.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\grh3tsmi.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\8ze74wrw.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\h1ekc1wr.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\qlyrug-z.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\iffkwfyt.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\uutydqmr.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\yyge9-ds.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\57lcwzry.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\jbscsivk.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\mx7l4i2z.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\pchuo9b_.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ixyiorag.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\l7k_tvt6.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\slisp93y.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\kcnpwjhj.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\2nffe_oe.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\_kcxfh_3.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\jooiwtt8.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\r5vzzl37.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\pxvuzlxc.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\b2bd3djg.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\q_qjyw0w.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\tbio_iou.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\gbbml_cg.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\hwtpfy5f.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\gp4d474f.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\eso3g25g.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\5a5xpf9e.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\qhokuxqx.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\salkemgf.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\znqcmnfh.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ehhtpnvh.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\j2akta6h.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\pxidy0em.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\__qodqxw.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\-nymgexb.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\jagea125.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\onrauxkt.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\pzz0mk8u.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ne8gtzpc.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\o2qfnazo.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\hhkqut2a.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\s3t5zo0k.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\rqfhqcad.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\dvjhvevq.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\39ns2c0l.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\boyoadlz.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\jd4m_tqv.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\yvwpr7zr.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\tne05n_m.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\2ngxmvmk.dll C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{D19612F5-2C89-4A5F-87B6-5A9401D62EDA}-GoogleUpdateSetup.exe C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{0C189CB2-E6E1-41C5-8876-377386842A1B}-GoogleUpdateSetup.exe C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{AB38D267-446F-473B-9C2F-D5C739E8C37A}-GoogleUpdateSetup.exe C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{34D91A47-4C45-4C82-8771-2ED23E7FF1A6}-29.0.1547.66_chrome_installer.exe C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{27AA0E49-535C-4A94-8E3F-D14096BF7CF9}-GoogleUpdateSetup.exe C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{44251132-C2A4-49F2-B404-53F454CEC6C2}-GoogleUpdateSetup.exe C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{001C95B2-4125-416C-88D3-F0913B4DE32E}-GoogleUpdateSetup.exe C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{131DC126-2AB9-4880-B362-9C53599210F0}-GoogleUpdateSetup.exe C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\{7D71E065-020E-46C8-81C5-E121015C6332}-GoogleUpdateSetup.exe C:\Documents and Settings\Ewa\Ustawienia lokalne\Temp\{9F52102B-B690-4F98-A200-7E6B8F37FB31}-GoogleUpdateSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================