Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014 Ran by Administrator (administrator) on BAIT on 04-12-2014 15:21:49 Running from C:\Documents and Settings\Administrator\Pulpit Loaded Profile: Administrator (Available profiles: Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (HP) C:\WINDOWS\system32\HPSIsvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe () C:\WINDOWS\system32\svhost.exe (Flux Software LLC) C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-05-20] () HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Winlogon\Notify\WBSrv: C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation) HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Run: [svhost] => C:\WINDOWS\System32\svhost.exe [444416 2007-04-09] () HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-06-23] (TrueCrypt Foundation) HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Run: [f.lux] => C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-1491950412-2009852829-4049741679-500\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-18\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1 AppInit_DLLs: wbsys.dll => C:\WINDOWS\system32\wbsys.dll [42672 2008-04-26] (Stardock.Net, Inc) Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\AutorunsDisabled () BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1491950412-2009852829-4049741679-500\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKU\S-1-5-21-1491950412-2009852829-4049741679-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKU\S-1-5-21-1491950412-2009852829-4049741679-500\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{D4CD8EC2-2AA4-46C8-BEFE-3F6159F57F87}: [NameServer] 156.154.70.25,156.154.71.25 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1491950412-2009852829-4049741679-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-1491950412-2009852829-4049741679-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-1491950412-2009852829-4049741679-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1491950412-2009852829-4049741679-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\plugins\npo1d.dll (Google) FF Extension: LastPass - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\support@lastpass.com [2014-03-31] FF Extension: SeoQuake - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-03] FF Extension: DownloadHelper - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\azhang@cloudacl.com.xpi [2014-09-08] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\firebug@software.joehewitt.com.xpi [2014-06-23] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\firefox@mega.co.nz.xpi [2014-06-23] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\toolbar@seomoz.org.xpi [2014-06-29] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\unseen@tangrs.xpi [2014-06-23] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2014-06-23] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2014-06-23] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-23] FF Extension: No Name - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\tmaw22zk.default-1396274136437\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi [2014-06-23] FF Extension: No Name - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [Not Found] FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found] Chrome: ======= CHR Profile: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-23] CHR Extension: (Dysk Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-23] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-23] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-23] CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-23] CHR HKLM\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files\AdTrustMedia\PrivDog\PrivDog_chrome.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-23] (Oracle Corporation) S4 MSDTC; C:\WINDOWS\system32\msdtc.exe [30720 2009-02-27] (Microsoft Corporation) [File not signed] R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation) R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [350720 2009-02-27] (Microsoft Corporation) [File not signed] R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) S3 androidusb; C:\WINDOWS\System32\Drivers\androidusb.sys [25728 2011-02-11] (Google Inc) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15704 2014-04-16] (COMODO) R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [607448 2014-04-16] (COMODO) R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [29912 2014-04-16] (COMODO) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-10-13] (Disc Soft Ltd) R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [104920 2014-04-16] (COMODO) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2014-05-11] (Marvell Semiconductor Inc.) R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2014-05-11] (Marvell Semiconductor Inc.) [File not signed] R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2014-05-11] (Marvell Semiconductor Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 qcusbnet; C:\WINDOWS\System32\DRIVERS\innosusbnet.sys [425984 2012-10-26] (QUALCOMM Incorporated) S3 qcusbser; C:\WINDOWS\System32\DRIVERS\innosusbser.sys [311936 2012-10-26] (QUALCOMM Incorporated) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-10-13] (Duplex Secure Ltd.) R0 SscRdBus; C:\WINDOWS\System32\DRIVERS\SscRdBus.sys [129096 2013-08-01] (SuperSpeed LLC) R0 SscRdCls; C:\WINDOWS\System32\DRIVERS\SscRdCls.sys [37504 2007-11-16] (SuperSpeed LLC) R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2014-05-10] (Microsoft Corporation) [File not signed] U4 ALG; No ImagePath S4 IntelIde; No ImagePath U4 srservice; No ImagePath U4 swprv; No ImagePath U4 TlntSvr; No ImagePath U4 VSS; No ImagePath U4 WinRM; No ImagePath U1 WS2IFSL; No ImagePath U3 alwsi8ef; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 15:21 - 2014-12-04 15:22 - 00016101 _____ () C:\Documents and Settings\Administrator\Pulpit\FRST.txt 2014-12-04 14:30 - 2014-12-04 14:40 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-12-04 11:58 - 2014-12-04 11:05 - 01110016 _____ (Farbar) C:\Documents and Settings\Administrator\Pulpit\FRST.exe 2014-12-04 11:21 - 2014-06-24 06:57 - 00000352 _____ () C:\Documents and Settings\Administrator\Pulpit\Utorrent.lnk 2014-12-04 11:21 - 2014-06-24 06:56 - 00000331 _____ () C:\Documents and Settings\Administrator\Pulpit\Art.lnk 2014-12-04 11:20 - 2014-12-04 15:10 - 00001181 _____ () C:\Documents and Settings\Administrator\Pulpit\ .lnk 2014-12-04 11:19 - 2014-06-24 06:57 - 00000370 _____ () C:\Documents and Settings\Administrator\Pulpit\Moje Dokumenty.lnk 2014-12-04 11:19 - 2014-06-24 06:57 - 00000323 _____ () C:\Documents and Settings\Administrator\Pulpit\M.lnk 2014-12-04 11:19 - 2014-06-24 06:56 - 00000361 _____ () C:\Documents and Settings\Administrator\Pulpit\FF Download.lnk 2014-12-04 11:11 - 2014-12-04 15:21 - 00000000 ____D () C:\FRST 2014-12-04 10:49 - 2014-12-04 15:21 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job 2014-12-04 10:49 - 2014-12-04 15:21 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job 2014-12-04 10:49 - 2014-12-04 15:21 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job 2014-12-04 10:49 - 2014-12-04 15:21 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job 2014-12-04 10:46 - 2014-12-04 15:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2014-12-04 10:18 - 2014-12-04 10:18 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-04 00:45 - 2014-12-04 15:21 - 00002684 _____ () C:\WINDOWS\system322014-12-04.cfg 2014-12-03 06:07 - 2014-12-03 23:56 - 00331795 _____ () C:\WINDOWS\system322014-12-03.cfg 2014-12-02 00:01 - 2014-12-02 23:48 - 00290123 _____ () C:\WINDOWS\system322014-12-02.cfg 2014-12-01 20:06 - 2014-12-04 10:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-01 00:00 - 2014-12-01 23:56 - 00253676 _____ () C:\WINDOWS\system322014-12-01.cfg 2014-11-30 10:59 - 2014-11-30 23:57 - 00223755 _____ () C:\WINDOWS\system322014-11-30.cfg 2014-11-29 17:17 - 2014-12-03 06:07 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty\Dropbox 2014-11-29 17:17 - 2014-11-29 17:17 - 00001018 _____ () C:\Documents and Settings\Administrator\Pulpit\Dropbox.lnk 2014-11-29 17:16 - 2014-11-29 17:16 - 00000000 ____D () C:\Program Files\Dropbox 2014-11-29 17:15 - 2014-11-29 17:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Menu Start\Programy\Dropbox 2014-11-29 17:14 - 2014-12-03 06:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Dropbox 2014-11-29 00:38 - 2014-11-29 19:58 - 00202846 _____ () C:\WINDOWS\system322014-11-29.cfg 2014-11-28 00:01 - 2014-11-28 19:27 - 00184044 _____ () C:\WINDOWS\system322014-11-28.cfg 2014-11-27 19:18 - 2014-11-27 19:18 - 00000852 _____ () C:\Documents and Settings\Administrator\Menu Start\µTorrent.lnk 2014-11-27 00:24 - 2014-11-27 23:54 - 00170713 _____ () C:\WINDOWS\system322014-11-27.cfg 2014-11-26 15:31 - 2014-11-26 15:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\M2 2014-11-26 15:26 - 2014-12-02 10:37 - 00094539 _____ () C:\Documents and Settings\Administrator\Pulpit\30 dni kurs.txt 2014-11-26 00:00 - 2014-11-26 23:36 - 00156049 _____ () C:\WINDOWS\system322014-11-26.cfg 2014-11-25 00:05 - 2014-11-25 23:57 - 00080862 _____ () C:\WINDOWS\system322014-11-25.cfg 2014-11-24 00:30 - 2014-11-24 23:58 - 00042487 _____ () C:\WINDOWS\system322014-11-24.cfg 2014-11-23 00:40 - 2014-11-23 23:39 - 00030543 _____ () C:\WINDOWS\system322014-11-23.cfg 2014-11-22 00:00 - 2014-11-22 22:26 - 00024124 _____ () C:\WINDOWS\system322014-11-22.cfg 2014-11-21 00:23 - 2014-11-21 23:59 - 00267425 _____ () C:\WINDOWS\system322014-11-21.cfg 2014-11-20 00:27 - 2014-11-20 17:51 - 00255670 _____ () C:\WINDOWS\system322014-11-20.cfg 2014-11-19 00:08 - 2014-11-19 23:39 - 00249621 _____ () C:\WINDOWS\system322014-11-19.cfg 2014-11-18 00:12 - 2014-11-18 23:47 - 00231417 _____ () C:\WINDOWS\system322014-11-18.cfg 2014-11-17 08:47 - 2014-11-17 23:41 - 00216973 _____ () C:\WINDOWS\system322014-11-17.cfg 2014-11-16 14:28 - 2014-11-16 14:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\h3 2014-11-16 10:22 - 2014-11-16 23:46 - 00191407 _____ () C:\WINDOWS\system322014-11-16.cfg 2014-11-15 00:00 - 2014-11-15 20:10 - 00161085 _____ () C:\WINDOWS\system322014-11-15.cfg 2014-11-14 00:23 - 2014-11-14 23:59 - 00149348 _____ () C:\WINDOWS\system322014-11-14.cfg 2014-11-13 06:08 - 2014-11-13 23:54 - 00199577 _____ () C:\WINDOWS\system322014-11-13.cfg 2014-11-12 08:36 - 2014-11-12 23:40 - 00183016 _____ () C:\WINDOWS\system322014-11-12.cfg 2014-11-11 10:34 - 2014-11-11 23:58 - 00156879 _____ () C:\WINDOWS\system322014-11-11.cfg 2014-11-10 00:00 - 2014-11-10 21:05 - 00130165 _____ () C:\WINDOWS\system322014-11-10.cfg 2014-11-09 11:03 - 2014-11-09 23:47 - 00123785 _____ () C:\WINDOWS\system322014-11-09.cfg 2014-11-08 00:00 - 2014-11-08 20:43 - 00108763 _____ () C:\WINDOWS\system322014-11-08.cfg 2014-11-07 10:02 - 2014-11-07 10:02 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\IsolatedStorage 2014-11-07 10:02 - 2014-11-07 10:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\IsolatedStorage 2014-11-07 07:58 - 2014-11-07 23:56 - 00080439 _____ () C:\WINDOWS\system322014-11-07.cfg 2014-11-06 06:19 - 2014-11-06 23:47 - 00055057 _____ () C:\WINDOWS\system322014-11-06.cfg 2014-11-05 00:01 - 2014-11-05 23:30 - 00042120 _____ () C:\WINDOWS\system322014-11-05.cfg 2014-11-04 07:43 - 2014-11-04 07:43 - 00000022 _____ () C:\WINDOWS\system32\nvModes.dat 2014-11-04 00:00 - 2014-11-04 23:59 - 00016106 _____ () C:\WINDOWS\system322014-11-04.cfg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 15:22 - 2014-06-23 20:50 - 00002684 _____ () C:\WINDOWS\system32\svchost.html 2014-12-04 15:21 - 2014-06-23 17:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-12-04 15:20 - 2014-06-23 20:36 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat 2014-12-04 15:20 - 2014-06-23 17:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-04 15:20 - 2014-06-23 17:29 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-04 15:20 - 2014-06-23 17:24 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-04 15:20 - 2014-06-23 17:24 - 00000000 __SHD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-12-04 15:19 - 2014-06-23 19:59 - 00000000 __SHD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2014-12-04 15:19 - 2014-06-23 17:24 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-12-04 15:19 - 2014-06-23 17:24 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2014-12-04 15:19 - 2014-06-23 17:24 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2014-12-04 15:19 - 2014-06-23 17:24 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-12-04 15:14 - 2014-06-23 19:59 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt 2014-12-04 15:14 - 2014-06-23 17:50 - 00017052 _____ () C:\WINDOWS\system32\nvAppTimestamps 2014-12-04 15:14 - 2014-06-23 17:24 - 00032334 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-04 15:14 - 2014-06-23 17:24 - 00000188 ___SH () C:\Documents and Settings\LocalService\ntuser.ini 2014-12-04 15:14 - 2014-06-23 17:24 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-12-04 15:08 - 2014-06-23 19:05 - 01210956 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-04 15:08 - 2008-04-15 17:00 - 00540154 _____ () C:\WINDOWS\system32\perfh015.dat 2014-12-04 15:08 - 2008-04-15 17:00 - 00098524 _____ () C:\WINDOWS\system32\perfc015.dat 2014-12-04 15:05 - 2014-06-23 19:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\LastPass 2014-12-04 14:49 - 2014-06-23 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-12-04 12:43 - 2014-06-23 17:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\NetSpeedMonitor 2014-12-04 12:03 - 2014-10-13 10:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite 2014-12-04 12:03 - 2014-06-25 17:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2014-12-04 12:03 - 2014-06-24 15:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\AIMP3 2014-12-04 11:34 - 2013-01-07 23:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\UO 2014-12-04 11:30 - 2014-06-23 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2014-12-04 11:26 - 2012-12-18 03:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Programy 2014-12-04 10:46 - 2014-06-23 18:06 - 00000000 ____D () C:\WINDOWS\system32\config\Newsid Backup 2014-12-04 10:46 - 2014-06-23 17:24 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-12-04 10:37 - 2014-09-29 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Clavier+ 2014-12-04 10:37 - 2014-09-07 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Notepad++ 2014-12-04 10:37 - 2014-06-29 16:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\TeraCopy 2014-12-04 10:37 - 2014-06-25 18:13 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\NapiProjekt 2014-12-04 10:37 - 2014-06-23 17:24 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2014-12-04 08:32 - 2014-05-28 20:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\fullrecalldb 2014-12-03 22:21 - 2014-06-23 17:45 - 01154792 _____ () C:\WINDOWS\system32\nvdrsdb0.bin 2014-12-03 22:21 - 2014-06-23 17:45 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin 2014-12-03 15:33 - 2014-06-23 21:58 - 00003221 _____ () C:\WINDOWS\WINCMD.INI 2014-12-03 06:08 - 2014-06-23 19:00 - 00000211 ___SH () C:\boot.ini 2014-12-03 06:08 - 2014-06-23 17:24 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2014-12-03 06:08 - 2008-04-15 17:00 - 00000582 _____ () C:\WINDOWS\win.ini 2014-12-03 06:08 - 2008-04-15 17:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-12-03 06:07 - 2012-12-24 20:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Skype 2014-12-03 06:06 - 2014-06-23 17:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-02 19:53 - 2014-06-23 17:45 - 01154792 _____ () C:\WINDOWS\system32\nvdrsdb1.bin 2014-12-02 19:30 - 2008-04-15 17:00 - 00002184 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-02 10:21 - 2014-06-23 23:09 - 00002509 _____ () C:\WINDOWS\wcx_ftp.ini 2014-12-02 10:20 - 2013-12-25 18:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\30dk 2014-12-02 00:52 - 2014-06-23 19:40 - 00000966 _____ () C:\Documents and Settings\Administrator\Pulpit\video.txt 2014-12-01 22:52 - 2014-06-23 19:42 - 00003592 _____ () C:\Documents and Settings\Administrator\Pulpit\kkkk.txt 2014-12-01 22:38 - 2013-10-06 01:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Pic 2014-11-30 21:54 - 2014-06-23 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2014-11-29 17:45 - 2012-12-18 03:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\TXT 2014-11-29 17:17 - 2014-06-23 17:24 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty 2014-11-27 21:31 - 2012-12-18 03:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Ultralight 2014-11-27 19:22 - 2014-06-23 20:15 - 00056832 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-27 19:18 - 2014-06-23 17:24 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start 2014-11-26 19:05 - 2014-07-31 22:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\kurs 2014-11-26 15:28 - 2013-03-23 13:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Other 2014-11-26 15:02 - 2014-08-01 06:45 - 00096736 ____H () C:\treeinfo.wc 2014-11-17 19:34 - 2014-09-21 19:29 - 00002505 _____ () C:\m.txt 2014-11-08 15:45 - 2014-08-25 12:20 - 00002395 _____ () C:\Documents and Settings\Administrator\Pulpit\ty na sprz.txt 2014-11-07 10:02 - 2014-06-23 19:02 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-11-06 23:29 - 2014-09-29 18:24 - 00021446 _____ () C:\Documents and Settings\Administrator\Pulpit\top 100bez_pl.xlsx 2014-11-05 23:32 - 2014-06-23 17:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2011-07-31 22:09] - [2011-07-26 23:10] - 2549760 ____A (Microsoft Corporation) dca5a6ef20d7ac2b0214c1d7fd4aae5f C:\WINDOWS\system32\winlogon.exe [2009-02-27 15:15] - [2009-02-27 15:15] - 0559616 ____A (Microsoft Corporation) cef41b7f252c18d841769d72ea33d086 C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll [2009-05-20 19:25] - [2009-05-20 19:25] - 0631296 ____A (Microsoft Corporation) eff0eb33111c9cb9ee5244a6b270f856 C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!. ==================== End Of Log ============================