Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by x (administrator) on X-36393E143B544 on 17-09-2014 16:31:21 Running from C:\Documents and Settings\x\Moje dokumenty\Pobrane Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe () C:\Program Files\VIA\RAID\raid_tool.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\mixer.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\Program Files\VIA\RAID\vialogsv.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TaskTray] => [X] HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [CmPCIaudio] => RunDll32 CMICNFG3.cpl,CMICtrlWnd HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [VIARaidUtl] => C:\Program Files\VIA\RAID\raid_tool.exe [4918936 2009-02-19] () HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.) HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2006-09-28] (SlySoft, Inc.) HKLM\...\Run: [C-Media Mixer] => Mixer.exe /startup HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION! HKU\S-1-5-21-1960408961-920026266-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1960408961-920026266-1417001333-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-10-23] (Nero AG) HKU\S-1-5-21-1960408961-920026266-1417001333-1003\...\MountPoints2: {01a7ac08-ebcd-11e2-a056-000d87b43969} - I:\Startme.exe HKU\S-1-5-21-1960408961-920026266-1417001333-1003\...\MountPoints2: {3c327001-e32d-11e3-a3a1-000d87b43969} - H:\Install.exe HKU\S-1-5-21-1960408961-920026266-1417001333-1003\...\MountPoints2: {3cf73a45-cd3d-11e3-a370-000d87b43969} - I:\autoplay.exe HKU\S-1-5-21-1960408961-920026266-1417001333-1003\...\MountPoints2: {9dd23563-20e0-11d7-9ddf-000d87b43969} - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe HKU\S-1-5-21-1960408961-920026266-1417001333-1003\...\MountPoints2: {bd2f2f80-fd3f-11e3-a3d5-000d87b43969} - H:\autorun\Autorun.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plemiona.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp2 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 100.64.0.64 FireFox: ======== FF ProfilePath: C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\b9ejpobi.default-1410963299296 FF Homepage: hxxp://onet.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-07] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-05-01] (Nitro PDF Software) R2 VRAID Log Service; C:\Program Files\VIA\RAID\vialogsv.exe [52888 2008-09-24] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) R3 cmpci; C:\WINDOWS\System32\drivers\cmaudio.sys [377358 2002-11-18] (C-Media Inc) S3 cmuda3; C:\WINDOWS\System32\drivers\cmudax3.sys [1512960 2009-03-18] (C-Media Inc) R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2006-12-26] (SlySoft, Inc.) R2 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [15440 2006-12-26] (Elaborate Bytes AG) R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [46592 2011-02-10] (VIA Technologies, Inc. ) S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed] R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-17] (Malwarebytes Corporation) R1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [51744 2003-09-06] (Protection Technology) [File not signed] R0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [62656 2003-09-06] (Protection Technology) [File not signed] R0 prosync1; C:\WINDOWS\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed] R0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-09-06] (Protection Technology) [File not signed] S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [117248 2008-07-09] (VIA Technologies inc,.ltd) R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2009-05-05] (VIA Technologies, Inc.) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IntelIde; No ImagePath S4 sptd; System32\Drivers\sptd.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 16:30 - 2014-09-17 16:30 - 00000000 ____D () C:\Documents and Settings\x\Pulpit\nowe logi 2014-09-17 16:21 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:15 - 2014-09-17 16:15 - 00000000 ____D () C:\Documents and Settings\x\Pulpit\Stare dane programu Firefox 2014-09-17 10:23 - 2014-09-17 10:26 - 00000000 ____D () C:\Documents and Settings\x\Pulpit\logi 2014-09-17 10:21 - 2014-09-17 16:31 - 00000000 ____D () C:\FRST 2014-09-17 08:28 - 2014-09-17 08:28 - 00019626 _____ () C:\Documents and Settings\x\Moje dokumenty\cc_20140917_082807.reg 2014-09-16 20:24 - 2014-09-17 10:28 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-16 20:24 - 2014-09-16 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-09-16 20:23 - 2014-09-16 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-16 20:23 - 2014-09-16 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-09-16 20:23 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-16 20:23 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-16 20:18 - 2014-09-16 20:18 - 00001864 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Nitro Reader 3.lnk 2014-09-16 20:18 - 2014-09-16 20:18 - 00001728 _____ () C:\Documents and Settings\All Users\Pulpit\Nitro Reader.lnk 2014-09-16 20:18 - 2014-09-16 20:18 - 00000000 ____D () C:\Program Files\Nitro 2014-09-16 20:18 - 2014-09-16 20:18 - 00000000 ____D () C:\Program Files\Common Files\Nitro 2014-09-16 20:18 - 2014-09-16 20:18 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Nitro 2014-09-16 20:18 - 2013-05-01 07:14 - 00027152 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalmon2.dll 2014-09-16 20:18 - 2013-05-01 07:14 - 00018448 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalui2.dll 2014-09-16 20:17 - 2014-09-16 20:17 - 00000000 ____D () C:\Documents and Settings\x\Dane aplikacji\Downloaded Installations 2014-09-16 20:16 - 2014-09-16 20:16 - 01679544 _____ (Solid State Networks) C:\Documents and Settings\x\Pulpit\nitro_pdf_reader_32_dlm.exe 2014-09-15 19:17 - 2014-09-16 19:24 - 00000806 _____ () C:\WINDOWS\wmsetup.log 2014-09-13 23:53 - 2014-09-13 23:53 - 00224560 _____ () C:\Documents and Settings\x\Moje dokumenty\cc_20140913_235305.reg 2014-09-12 23:34 - 2014-09-12 23:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-12 23:30 - 2014-09-12 23:30 - 00043408 _____ () C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-09-11 21:36 - 2014-09-11 21:36 - 00001703 _____ () C:\Documents and Settings\x\Pulpit\przydatne-linki-plemiona.txt 2014-09-10 12:14 - 2014-09-10 12:14 - 00000060 _____ () C:\WINDOWS\setupact.log 2014-09-10 12:14 - 2014-09-10 12:14 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-09-08 23:35 - 2014-09-08 23:35 - 00199344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-08 22:53 - 2014-09-08 22:55 - 00000000 ____D () C:\WINDOWS\pss 2014-09-08 22:21 - 2014-09-08 22:21 - 00117500 _____ () C:\Documents and Settings\x\Moje dokumenty\cc_20140908_222112.reg 2014-09-08 22:10 - 2014-09-08 22:10 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-08 22:10 - 2014-09-08 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-09-08 18:31 - 2014-09-08 18:31 - 00000212 _____ () C:\Documents and Settings\x\Pulpit\kod serwisowy avila nowe.txt 2014-09-08 13:00 - 2010-04-27 04:25 - 00123648 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ss_bmdm.sys 2014-09-08 13:00 - 2010-04-27 04:25 - 00098432 _____ (MCCI) C:\WINDOWS\system32\Drivers\ss_bbus.sys 2014-09-08 13:00 - 2010-04-27 04:25 - 00014848 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ss_bmdfl.sys 2014-09-08 13:00 - 2010-04-27 04:25 - 00012416 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ss_bcmnt.sys 2014-09-08 13:00 - 2010-04-27 04:25 - 00012288 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ss_bwhnt.sys 2014-09-08 11:25 - 2014-09-08 11:25 - 00000000 ____D () C:\Documents and Settings\x\Moje dokumenty\My NPS Files 2014-09-08 11:04 - 2014-09-16 20:44 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ICSharpCode.net 2014-09-02 10:09 - 2014-09-02 10:09 - 00000802 _____ () C:\Documents and Settings\x\Pulpit\µTorrent.lnk 2014-08-22 22:53 - 2014-08-22 22:53 - 00000000 ____D () C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Adobe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 16:31 - 2014-09-17 10:21 - 00000000 ____D () C:\FRST 2014-09-17 16:31 - 2014-06-20 17:55 - 00000000 ____D () C:\Documents and Settings\x\Moje dokumenty\Pobrane 2014-09-17 16:31 - 2003-01-05 00:41 - 00000000 ____D () C:\Documents and Settings\x\Ustawienia lokalne\Temp 2014-09-17 16:30 - 2014-09-17 16:30 - 00000000 ____D () C:\Documents and Settings\x\Pulpit\nowe logi 2014-09-17 16:30 - 2003-01-05 00:41 - 00000000 ____D () C:\Documents and Settings\x\Pulpit 2014-09-17 16:26 - 2003-01-05 00:28 - 01066644 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-17 16:25 - 2013-01-31 18:54 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job 2014-09-17 16:25 - 2003-01-05 01:46 - 00088566 _____ () C:\WINDOWS\system32\nvapps.xml 2014-09-17 16:25 - 2003-01-05 01:22 - 00000259 _____ () C:\WINDOWS\wiadebug.log 2014-09-17 16:25 - 2003-01-05 01:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-09-17 16:25 - 2003-01-05 00:37 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-17 16:24 - 2003-01-05 00:41 - 00000292 ___SH () C:\Documents and Settings\x\ntuser.ini 2014-09-17 16:24 - 2003-01-05 00:37 - 00032572 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-17 16:23 - 2014-09-17 16:21 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2003-01-05 01:18 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-09-17 16:23 - 2003-01-05 00:41 - 00000000 __RHD () C:\Documents and Settings\x\Dane aplikacji 2014-09-17 16:23 - 2003-01-05 00:41 - 00000000 ___HD () C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji 2014-09-17 16:15 - 2014-09-17 16:15 - 00000000 ____D () C:\Documents and Settings\x\Pulpit\Stare dane programu Firefox 2014-09-17 15:25 - 2014-08-10 17:38 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-17 15:20 - 2003-01-05 22:49 - 00000114 _____ () C:\WINDOWS\system32\_WKERNEL.SYL 2014-09-17 15:20 - 2003-01-05 01:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-09-17 15:20 - 2003-01-05 01:19 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-09-17 15:20 - 2003-01-05 00:29 - 00002596 _____ () C:\WINDOWS\system32\CONFIG.NT 2014-09-17 15:17 - 2003-01-05 00:41 - 00000000 ____D () C:\Documents and Settings\x 2014-09-17 11:17 - 2003-01-05 22:47 - 00065536 _____ () C:\WINDOWS\system32\config\Antivirus.Evt 2014-09-17 10:28 - 2014-09-16 20:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 10:26 - 2014-09-17 10:23 - 00000000 ____D () C:\Documents and Settings\x\Pulpit\logi 2014-09-17 08:28 - 2014-09-17 08:28 - 00019626 _____ () C:\Documents and Settings\x\Moje dokumenty\cc_20140917_082807.reg 2014-09-17 08:28 - 2003-01-05 00:41 - 00000000 ___RD () C:\Documents and Settings\x\Moje dokumenty 2014-09-17 08:16 - 2003-01-04 23:59 - 00000000 ____D () C:\WINDOWS\java 2014-09-16 21:20 - 2013-01-31 20:00 - 00000000 ____D () C:\Documents and Settings\x\Moje dokumenty\Pobieranie 2014-09-16 20:45 - 2003-01-05 00:25 - 00000000 ____D () C:\WINDOWS\Registration 2014-09-16 20:44 - 2014-09-08 11:04 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ICSharpCode.net 2014-09-16 20:24 - 2014-09-16 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-09-16 20:24 - 2014-09-16 20:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-16 20:23 - 2014-09-16 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-09-16 20:18 - 2014-09-16 20:18 - 00001864 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Nitro Reader 3.lnk 2014-09-16 20:18 - 2014-09-16 20:18 - 00001728 _____ () C:\Documents and Settings\All Users\Pulpit\Nitro Reader.lnk 2014-09-16 20:18 - 2014-09-16 20:18 - 00000000 ____D () C:\Program Files\Nitro 2014-09-16 20:18 - 2014-09-16 20:18 - 00000000 ____D () C:\Program Files\Common Files\Nitro 2014-09-16 20:18 - 2014-09-16 20:18 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Nitro 2014-09-16 20:17 - 2014-09-16 20:17 - 00000000 ____D () C:\Documents and Settings\x\Dane aplikacji\Downloaded Installations 2014-09-16 20:16 - 2014-09-16 20:16 - 01679544 _____ (Solid State Networks) C:\Documents and Settings\x\Pulpit\nitro_pdf_reader_32_dlm.exe 2014-09-16 19:40 - 2014-08-10 16:53 - 00001298 _____ () C:\Documents and Settings\x\Pulpit\Wyczyść rejestr za darmo!.lnk 2014-09-16 19:24 - 2014-09-15 19:17 - 00000806 _____ () C:\WINDOWS\wmsetup.log 2014-09-16 15:17 - 2014-01-12 17:43 - 00000000 ____D () C:\Program Files\Adobe 2014-09-16 15:17 - 2003-01-05 22:34 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2014-09-16 15:15 - 2013-07-13 17:01 - 00000000 ____D () C:\Program Files\Sony 2014-09-16 15:15 - 2013-07-13 17:01 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Sony 2014-09-16 15:15 - 2013-01-31 22:50 - 00000000 ____D () C:\Program Files\Samsung 2014-09-16 15:15 - 2003-01-05 01:48 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-09-16 15:14 - 2013-01-31 22:51 - 00000000 ____D () C:\Documents and Settings\x\Dane aplikacji\Samsung 2014-09-16 15:10 - 2003-01-05 22:49 - 00000000 ____D () C:\Program Files\WinUtilities 2014-09-16 11:48 - 2014-03-04 15:11 - 00000000 ____D () C:\Documents and Settings\x\Dane aplikacji\uTorrent 2014-09-14 06:21 - 2013-01-31 19:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-13 23:53 - 2014-09-13 23:53 - 00224560 _____ () C:\Documents and Settings\x\Moje dokumenty\cc_20140913_235305.reg 2014-09-13 18:36 - 2003-01-05 00:41 - 00000000 ____D () C:\Documents and Settings\x\Menu Start\Programy 2014-09-12 23:35 - 2014-09-12 23:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-12 23:30 - 2014-09-12 23:30 - 00043408 _____ () C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-09-11 21:36 - 2014-09-11 21:36 - 00001703 _____ () C:\Documents and Settings\x\Pulpit\przydatne-linki-plemiona.txt 2014-09-10 12:14 - 2014-09-10 12:14 - 00000060 _____ () C:\WINDOWS\setupact.log 2014-09-10 12:14 - 2014-09-10 12:14 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-09-09 21:18 - 2008-04-15 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-08 23:38 - 2008-04-15 14:00 - 00000726 _____ () C:\WINDOWS\win.ini 2014-09-08 23:38 - 2008-04-15 14:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-09-08 23:38 - 2003-01-05 00:04 - 00000211 ___SH () C:\boot.ini 2014-09-08 23:35 - 2014-09-08 23:35 - 00199344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-08 23:34 - 2003-01-05 00:30 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt 2014-09-08 22:55 - 2014-09-08 22:53 - 00000000 ____D () C:\WINDOWS\pss 2014-09-08 22:21 - 2014-09-08 22:21 - 00117500 _____ () C:\Documents and Settings\x\Moje dokumenty\cc_20140908_222112.reg 2014-09-08 22:20 - 2014-04-05 19:22 - 00000000 ____D () C:\Documents and Settings\x\Dane aplikacji\DAEMON Tools Lite 2014-09-08 22:19 - 2013-04-05 11:21 - 00000000 ____D () C:\WINDOWS\Minidump 2014-09-08 22:19 - 2003-01-05 00:41 - 00000000 ___RD () C:\Documents and Settings\x\Menu Start\Programy\Autostart 2014-09-08 22:10 - 2014-09-08 22:10 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-08 22:10 - 2014-09-08 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-09-08 22:01 - 2008-04-15 14:00 - 00493928 _____ () C:\WINDOWS\system32\perfh015.dat 2014-09-08 22:01 - 2008-04-15 14:00 - 00085344 _____ () C:\WINDOWS\system32\perfc015.dat 2014-09-08 22:01 - 2003-01-05 01:20 - 01097904 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-09-08 18:31 - 2014-09-08 18:31 - 00000212 _____ () C:\Documents and Settings\x\Pulpit\kod serwisowy avila nowe.txt 2014-09-08 15:00 - 2014-03-27 12:26 - 00000208 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-09-08 11:25 - 2014-09-08 11:25 - 00000000 ____D () C:\Documents and Settings\x\Moje dokumenty\My NPS Files 2014-09-08 11:04 - 2003-01-05 00:37 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2014-09-08 11:00 - 2013-01-31 22:51 - 00000000 ____D () C:\Documents and Settings\x\Moje dokumenty\Samsung 2014-09-08 10:46 - 2014-05-24 12:28 - 00000000 ____D () C:\Program Files\Rockstar Games 2014-09-02 10:09 - 2014-09-02 10:09 - 00000802 _____ () C:\Documents and Settings\x\Pulpit\µTorrent.lnk 2014-09-02 10:09 - 2014-07-01 21:13 - 00000802 _____ () C:\Documents and Settings\x\Menu Start\µTorrent.lnk 2014-08-30 11:57 - 2013-05-15 12:07 - 00209920 ___SH () C:\Documents and Settings\x\Pulpit\Thumbs.db 2014-08-22 22:53 - 2014-08-22 22:53 - 00000000 ____D () C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Adobe 2014-08-18 10:51 - 2014-08-10 17:38 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-08-18 10:51 - 2014-08-10 17:38 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Documents and Settings\x\Ustawienia lokalne\Temp\GdiPlus.dll C:\Documents and Settings\x\Ustawienia lokalne\Temp\InstallerMessageBox.exe C:\Documents and Settings\x\Ustawienia lokalne\Temp\nitro_reader3.exe C:\Documents and Settings\x\Ustawienia lokalne\Temp\NPSInstallerProxy.exe C:\Documents and Settings\x\Ustawienia lokalne\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Documents and Settings\x\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\x\Ustawienia lokalne\Temp\silent-1-.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================