Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014 Ran by Admin (administrator) on TNCPARTNER on 05-09-2014 16:06:20 Running from C:\Documents and Settings\Admin\Pulpit Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Atheros) C:\WINDOWS\system32\acs.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (COMARCH S.A.) C:\WINDOWS\system32\HASPSrv.exe (HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Oki Data Corporation) C:\Program Files\Okidata\Print Control\oklogsvc.exe (Oki Data Corporation) C:\Program Files\Okidata\Print Control\okwchsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe () C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Google Inc.) C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [pdfw] => C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe [32768 2004-03-25] (Bastea, Inc.) HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [561263 2010-05-21] () HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET) HKU\.DEFAULT\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-21-57989841-1897051121-682003330-1004\...\MountPoints2: {da2a7fad-c55f-11df-8474-00241d3e46f0} - H:\ArcaVirMenu.exe HKU\S-1-5-21-57989841-1897051121-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {da2a7fad-c55f-11df-8474-00241d3e46f0} - H:\ArcaVirMenu.exe HKU\S-1-5-21-57989841-1897051121-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [136176 2010-12-02] (Google Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:23012 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x698D5EA02127CA01 URLSearchHook: HKCU - DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) SearchScopes: HKCU - {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} URL = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1 BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/components/SignActivXPEKAO.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 217.8.168.244 217.17.34.10 Tcpip\..\Interfaces\{09EE56F4-15C8-4C35-BD78-D8CD67521496}: [NameServer] 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9sj084s7.default FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=128 FF SelectedSearchEngine: - FF SearchEngineOrder.1: prefs.js FF Keyword.URL: user_pref("keyword.URL", ""); FF NewTab: user_pref("browser.newtab.url", ""); FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9sj084s7.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-11-09] FF Extension: Firebug - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9sj084s7.default\Extensions\firebug@software.joehewitt.com.xpi [2012-01-09] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-07] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-02-28] Chrome: ======= CHR HomePage: Default -> CHR DefaultSearchKeyword: Default -> B2D33EAD4283D62D7C9CB756CEDFDB8E12FEFA9C89E5C331BAAFD86C5A7BE6BB CHR DefaultSearchURL: Default -> D8129C47331086933987770374F36C1401D08C10F833B914440EEF9398EAE3D5 CHR CustomProfile: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29] CHR Extension: (Dysk Google) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-18] CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2010-05-21] (Atheros) [File not signed] R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET) R2 HASPSrv; C:\WINDOWS\system32\HASPSrv.exe [696320 2010-02-08] (COMARCH S.A.) [File not signed] R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2010-03-03] (HP) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-01-29] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-22] (Oracle Corporation) S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-08-26] () [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed] R2 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-05-01] (NVIDIA Corporation) [File not signed] R2 OkiJaSvc; C:\Program Files\Okidata\Print Control\oklogsvc.exe [184320 2007-07-17] (Oki Data Corporation) [File not signed] R2 OkiWchSvc; C:\Program Files\Okidata\Print Control\okwchsvc.exe [49152 2003-10-22] (Oki Data Corporation) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed] S3 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1714176 2010-01-05] (Atheros Communications, Inc.) R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118768 2013-09-17] (ESET) S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57672 2009-02-17] (FTDI Ltd.) S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2014-08-06] (Windows (R) 2000 DDK provider) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2011-04-06] (Aladdin Knowledge Systems) [File not signed] R3 HPFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [17432 2010-05-18] (Hewlett Packard) R3 HPFXFAX; C:\WINDOWS\System32\drivers\hpfxfax.sys [20504 2007-07-16] (Hewlett Packard) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-05] (Malwarebytes Corporation) R2 Opaplpt; C:\WINDOWS\System32\DRIVERS\Opaplpt.sys [36896 2005-11-15] (Oki Data Corporation) [File not signed] S3 RT73; C:\WINDOWS\System32\DRIVERS\Dr71WU.sys [245504 2005-11-03] (Ralink Technology, Corp.) R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2010-05-21] (Atheros Communications, Inc.) [File not signed] S3 Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS [X] S3 catchme; \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys [X] S3 cglptnt; \??\C:\Progam Files\totalcmd\cglptnt.sys [X] S4 IntelIde; No ImagePath U3 TlntSvr; No ImagePath U1 WS2IFSL; No ImagePath S2 zumbus; system32\DRIVERS\zumbus.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-05 16:06 - 2014-09-05 16:06 - 00014637 _____ () C:\Documents and Settings\Admin\Pulpit\FRST.txt 2014-09-05 16:05 - 2014-09-05 16:06 - 00000000 ____D () C:\FRST 2014-09-05 16:03 - 2014-09-05 16:03 - 01096704 _____ (Farbar) C:\Documents and Settings\Admin\Pulpit\FRST.exe 2014-09-05 15:59 - 2014-09-05 16:00 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 15:59 - 2014-09-05 15:59 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2014-09-05 15:59 - 2014-09-05 15:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-05 15:59 - 2014-09-05 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-09-05 15:59 - 2014-09-05 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-09-05 15:59 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-05 15:59 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-05 15:57 - 2014-09-05 15:58 - 00000000 ____D () C:\Program Files\SpeedFan 2014-09-05 15:57 - 2014-09-05 15:57 - 00000682 _____ () C:\Documents and Settings\Admin\Pulpit\SpeedFan.lnk 2014-09-05 15:57 - 2014-09-05 15:57 - 00000045 _____ () C:\WINDOWS\system32\initdebug.nfo 2014-09-05 15:57 - 2014-09-05 15:57 - 00000000 ____D () C:\Documents and Settings\Admin\Menu Start\Programy\SpeedFan 2014-09-05 15:10 - 2014-09-05 15:11 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\New Folder 2014-09-02 17:26 - 2014-09-02 17:27 - 00000000 ____D () C:\AdwCleaner 2014-09-02 17:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll 2014-09-02 17:25 - 2014-09-02 17:25 - 00000204 _____ () C:\Documents and Settings\Admin\Moje dokumenty\cc_20140902_172513.reg 2014-09-02 17:24 - 2014-09-02 17:24 - 00283602 _____ () C:\Documents and Settings\Admin\Moje dokumenty\cc_20140902_172433.reg 2014-09-02 17:24 - 2014-09-02 17:24 - 00002284 _____ () C:\Documents and Settings\Admin\Moje dokumenty\cc_20140902_172456.reg 2014-09-02 17:23 - 2014-09-02 17:23 - 00000682 _____ () C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk 2014-09-02 17:23 - 2014-09-02 17:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-09-02 17:18 - 2014-09-02 17:18 - 00000000 ____D () C:\Documents and Settings\Admin\Dane aplikacji\TeamViewer 2014-09-02 12:34 - 2014-09-03 12:50 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\magda 2014-09-02 12:22 - 2014-09-03 11:47 - 00024576 _____ () C:\Documents and Settings\Admin\Pulpit\rozliczenia kont prywatnych.xls 2014-08-26 13:54 - 2014-08-26 13:54 - 00017920 _____ () C:\Documents and Settings\Admin\Pulpit\oferta_wybory.xls 2014-08-26 13:32 - 2014-08-26 13:39 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\POKL 2014-08-25 16:52 - 2014-08-25 16:52 - 00000778 _____ () C:\Documents and Settings\Admin\Pulpit\Artisteer 4.lnk 2014-08-25 16:52 - 2014-08-25 16:52 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Artisteer 4 2014-08-25 16:51 - 2014-08-25 16:51 - 00000000 ____D () C:\Program Files\Artisteer 4 2014-08-23 16:02 - 2014-08-23 16:02 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun 2014-08-22 09:50 - 2014-08-22 09:50 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-08-22 09:50 - 2014-08-22 09:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-08-22 09:50 - 2014-08-22 09:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-08-22 09:50 - 2014-08-22 09:50 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-08-22 09:50 - 2014-08-22 09:50 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-08-22 09:50 - 2014-08-22 09:50 - 00000000 ____D () C:\Program Files\Java 2014-08-22 09:50 - 2014-08-22 09:50 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-22 09:50 - 2014-08-22 09:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-08-17 22:28 - 2014-08-22 09:45 - 00000000 ____D () C:\Documents and Settings\Admin\Dane aplikacji\Skype 2014-08-17 22:28 - 2014-08-17 22:28 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Skype 2014-08-17 22:27 - 2014-08-22 09:45 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2014-08-16 20:13 - 2014-08-16 20:20 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\wakacje 2014 od oli 2014-08-13 22:03 - 2014-08-13 22:03 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\xLS 2014-08-10 13:07 - 2014-07-05 23:57 - 00519680 _____ () C:\Documents and Settings\Admin\Pulpit\Rozliczenie_ignis_konta_2013.xls 2014-08-06 16:10 - 2014-08-06 16:10 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start\Programy\Narzędzia administracyjne ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-05 16:06 - 2014-09-05 16:06 - 00014637 _____ () C:\Documents and Settings\Admin\Pulpit\FRST.txt 2014-09-05 16:06 - 2014-09-05 16:05 - 00000000 ____D () C:\FRST 2014-09-05 16:06 - 2010-12-02 21:39 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\temp 2014-09-05 16:06 - 2009-07-10 08:48 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit 2014-09-05 16:06 - 2009-07-10 08:44 - 01480778 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-05 16:03 - 2014-09-05 16:03 - 01096704 _____ (Farbar) C:\Documents and Settings\Admin\Pulpit\FRST.exe 2014-09-05 16:01 - 2012-04-11 07:32 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-05 16:00 - 2014-09-05 15:59 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 15:59 - 2014-09-05 15:59 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2014-09-05 15:59 - 2014-09-05 15:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-05 15:59 - 2014-09-05 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-09-05 15:59 - 2014-09-05 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-09-05 15:59 - 2009-07-10 10:37 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-09-05 15:59 - 2009-07-10 10:37 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-09-05 15:59 - 2009-07-10 10:37 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2014-09-05 15:58 - 2014-09-05 15:57 - 00000000 ____D () C:\Program Files\SpeedFan 2014-09-05 15:58 - 2009-07-20 09:50 - 00000462 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{2B5DE488-D9F4-4F1E-B76A-11BE90B29304}.job 2014-09-05 15:57 - 2014-09-05 15:57 - 00000682 _____ () C:\Documents and Settings\Admin\Pulpit\SpeedFan.lnk 2014-09-05 15:57 - 2014-09-05 15:57 - 00000045 _____ () C:\WINDOWS\system32\initdebug.nfo 2014-09-05 15:57 - 2014-09-05 15:57 - 00000000 ____D () C:\Documents and Settings\Admin\Menu Start\Programy\SpeedFan 2014-09-05 15:57 - 2009-07-10 08:48 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start\Programy 2014-09-05 15:56 - 2009-07-10 10:39 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-05 15:56 - 2009-07-10 10:39 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-09-05 15:56 - 2009-07-10 08:47 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-05 15:56 - 2009-05-01 00:30 - 00230240 _____ () C:\WINDOWS\system32\NvApps.xml 2014-09-05 15:20 - 2012-12-20 19:20 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt 2014-09-05 15:20 - 2009-07-10 08:48 - 00000292 ___SH () C:\Documents and Settings\Admin\ntuser.ini 2014-09-05 15:20 - 2009-07-10 08:47 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-05 15:16 - 2010-12-14 18:29 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1897051121-682003330-1004UA.job 2014-09-05 15:12 - 2009-08-19 13:16 - 01410588 ___SH () C:\Documents and Settings\Admin\Pulpit\Thumbs.db 2014-09-05 15:11 - 2014-09-05 15:10 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\New Folder 2014-09-04 19:26 - 2012-02-02 16:56 - 00000000 ____D () C:\jzk2012 2014-09-04 18:18 - 2010-12-02 19:13 - 00001112 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1897051121-682003330-500Core.job 2014-09-04 17:44 - 2011-06-16 17:28 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\CutePDF Writer 2014-09-04 10:34 - 2009-07-30 15:43 - 00002549 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Excel.lnk 2014-09-04 00:11 - 2014-07-14 23:10 - 00294912 _____ () C:\Documents and Settings\Admin\Pulpit\kosztorys_domu_OW_Magda_Darek.xls 2014-09-03 23:16 - 2010-12-14 18:29 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1897051121-682003330-1004Core.job 2014-09-03 15:39 - 2014-07-13 12:47 - 00024576 _____ () C:\Documents and Settings\Admin\Pulpit\2014.xls 2014-09-03 12:50 - 2014-09-02 12:34 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\magda 2014-09-03 12:19 - 2013-09-06 16:35 - 00002308 _____ () C:\Documents and Settings\Admin\Pulpit\Google Chrome.lnk 2014-09-03 11:47 - 2014-09-02 12:22 - 00024576 _____ () C:\Documents and Settings\Admin\Pulpit\rozliczenia kont prywatnych.xls 2014-09-02 17:32 - 2009-07-10 10:36 - 00000281 __RSH () C:\boot.ini 2014-09-02 17:32 - 2001-10-30 14:00 - 00000733 _____ () C:\WINDOWS\win.ini 2014-09-02 17:32 - 2001-10-30 14:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-09-02 17:27 - 2014-09-02 17:26 - 00000000 ____D () C:\AdwCleaner 2014-09-02 17:27 - 2009-07-10 08:48 - 00000000 __RHD () C:\Documents and Settings\Admin\Dane aplikacji 2014-09-02 17:25 - 2014-09-02 17:25 - 00000204 _____ () C:\Documents and Settings\Admin\Moje dokumenty\cc_20140902_172513.reg 2014-09-02 17:25 - 2009-07-10 08:48 - 00000000 ___RD () C:\Documents and Settings\Admin\Moje dokumenty 2014-09-02 17:24 - 2014-09-02 17:24 - 00283602 _____ () C:\Documents and Settings\Admin\Moje dokumenty\cc_20140902_172433.reg 2014-09-02 17:24 - 2014-09-02 17:24 - 00002284 _____ () C:\Documents and Settings\Admin\Moje dokumenty\cc_20140902_172456.reg 2014-09-02 17:23 - 2014-09-02 17:23 - 00000682 _____ () C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk 2014-09-02 17:23 - 2014-09-02 17:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-09-02 17:23 - 2009-09-07 15:54 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-02 17:23 - 2009-09-07 15:54 - 00000000 ____D () C:\Documents and Settings\Admin\Menu Start\Programy\CCleaner 2014-09-02 17:23 - 2009-07-10 08:48 - 00000000 ____D () C:\Documents and Settings\Admin 2014-09-02 17:18 - 2014-09-02 17:18 - 00000000 ____D () C:\Documents and Settings\Admin\Dane aplikacji\TeamViewer 2014-09-02 15:45 - 2001-10-30 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-02 12:47 - 2011-01-24 12:17 - 00008192 ___SH () C:\WINDOWS\Thumbs.db 2014-09-02 12:37 - 2014-07-06 21:31 - 03268096 _____ () C:\Documents and Settings\Admin\Pulpit\123.xls 2014-09-01 18:13 - 2009-07-31 12:21 - 00005294 _____ () C:\WINDOWS\wincmd.ini 2014-09-01 17:13 - 2009-07-31 12:34 - 00010761 _____ () C:\WINDOWS\wcx_ftp.ini 2014-09-01 15:56 - 2009-07-30 15:43 - 00002531 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Word.lnk 2014-08-29 13:23 - 2012-01-09 23:06 - 00000000 ____D () C:\Documents and Settings\Admin\Moje dokumenty\FAKTURY W PDF 2014-08-29 12:49 - 2010-01-25 17:42 - 00034304 _____ () C:\Documents and Settings\Admin\Moje dokumenty\MONITY_2010.xls 2014-08-26 13:54 - 2014-08-26 13:54 - 00017920 _____ () C:\Documents and Settings\Admin\Pulpit\oferta_wybory.xls 2014-08-26 13:39 - 2014-08-26 13:32 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\POKL 2014-08-25 16:52 - 2014-08-25 16:52 - 00000778 _____ () C:\Documents and Settings\Admin\Pulpit\Artisteer 4.lnk 2014-08-25 16:52 - 2014-08-25 16:52 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Artisteer 4 2014-08-25 16:51 - 2014-08-25 16:51 - 00000000 ____D () C:\Program Files\Artisteer 4 2014-08-25 08:34 - 2012-02-02 16:56 - 00000552 _____ () C:\Documents and Settings\Admin\Pulpit\Druczek PRO.lnk 2014-08-23 16:02 - 2014-08-23 16:02 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun 2014-08-23 16:02 - 2009-07-10 08:48 - 00000000 ___HD () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji 2014-08-22 09:50 - 2014-08-22 09:50 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-08-22 09:50 - 2014-08-22 09:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-08-22 09:50 - 2014-08-22 09:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-08-22 09:50 - 2014-08-22 09:50 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-08-22 09:50 - 2014-08-22 09:50 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-08-22 09:50 - 2014-08-22 09:50 - 00000000 ____D () C:\Program Files\Java 2014-08-22 09:50 - 2014-08-22 09:50 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-22 09:50 - 2014-08-22 09:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-08-22 09:47 - 2012-07-03 18:03 - 00000000 ____D () C:\WINDOWS\Minidump 2014-08-22 09:45 - 2014-08-17 22:28 - 00000000 ____D () C:\Documents and Settings\Admin\Dane aplikacji\Skype 2014-08-22 09:45 - 2014-08-17 22:27 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2014-08-18 16:42 - 2010-12-14 18:30 - 00000000 ____D () C:\Documents and Settings\Admin\Menu Start\Programy\Google Chrome 2014-08-17 22:28 - 2014-08-17 22:28 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Skype 2014-08-16 20:20 - 2014-08-16 20:13 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\wakacje 2014 od oli 2014-08-13 23:51 - 2009-07-20 09:35 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-08-13 22:03 - 2014-08-13 22:03 - 00000000 ____D () C:\Documents and Settings\Admin\Pulpit\xLS 2014-08-11 15:11 - 2013-05-27 12:17 - 00000000 ____D () C:\Documents and Settings\Admin\Moje dokumenty\My Scans 2014-08-10 13:58 - 2009-07-30 15:43 - 00002487 _____ () C:\Documents and Settings\All Users\Menu Start\Nowy dokument Office.lnk 2014-08-08 15:40 - 2009-07-10 08:48 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start 2014-08-06 18:51 - 2009-07-10 09:04 - 00000000 ____D () C:\Program Files\Gigabyte 2014-08-06 17:28 - 2012-01-04 19:57 - 06571929 _____ () C:\service.log 2014-08-06 16:10 - 2014-08-06 16:10 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start\Programy\Narzędzia administracyjne 2014-08-06 07:58 - 2014-03-01 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Western Digital 2014-08-06 07:52 - 2009-11-04 20:44 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-08-06 07:44 - 2010-06-10 09:19 - 00000000 ____D () C:\Program Files\Paint.NET 2014-08-06 07:40 - 2009-07-10 09:04 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-08-06 07:40 - 2009-07-10 09:04 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GIGABYTE 2014-08-06 07:39 - 2009-10-14 10:16 - 00000000 ____D () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google 2014-08-06 07:39 - 2009-10-13 13:21 - 00000000 ____D () C:\Program Files\Google 2014-08-06 07:39 - 2009-10-13 13:21 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Google 2014-08-06 07:38 - 2009-11-24 12:43 - 00000000 ____D () C:\Program Files\Okidata 2014-08-06 07:38 - 2009-11-24 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Okidata 2014-08-06 07:36 - 2014-07-18 12:52 - 00008192 _____ () C:\WINDOWS\system32\WDPABKP.dat 2014-08-06 07:34 - 2009-07-10 09:03 - 00016608 _____ (Windows (R) 2000 DDK provider) C:\WINDOWS\gdrv.sys 2014-08-06 07:33 - 2009-09-07 16:19 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2014-08-06 07:32 - 2009-07-10 10:34 - 00000000 ____D () C:\WINDOWS\system 2014-08-06 07:31 - 2009-09-07 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2014-08-06 07:29 - 2009-07-29 10:08 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-08-06 07:26 - 2009-07-10 08:48 - 00000000 ___RD () C:\Documents and Settings\Admin\Menu Start\Programy\Autostart 2014-08-06 07:23 - 2013-05-22 16:23 - 00000000 ____D () C:\Documents and Settings\Admin\Dane aplikacji\stickies Some content of TEMP: ==================== C:\Documents and Settings\Admin\Ustawienia lokalne\temp\Quarantine.exe C:\Documents and Settings\Admin\Ustawienia lokalne\temp\sfamcc00001.dll C:\Documents and Settings\Admin\Ustawienia lokalne\temp\sfextra.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================