Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014 Ran by Krzysztof (administrator) on KRIS on 20-12-2014 12:09:16 Running from D:\Leczenie\Nowy folder Loaded Profile: Krzysztof (Available profiles: Krzysztof & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Arcai.com) C:\Program Files\netcut\services\aips.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\PopupTV\ExpressTV.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Freemake) C:\Documents and Settings\All Users\Dane aplikacji\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (IVONA Software Sp. z o.o.) C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (Edimax Technology Co., Ltd) C:\Program Files\EDIMAX\Common\RaUI.exe (Renier Crause) C:\Program Files\PopTray\PopTray.exe (Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe (HP) C:\WINDOWS\system32\HPZipm12.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.) HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [POPUPTV] => C:\Program Files\ASUS\PopupTV\ExpressTV.exe [692224 2010-03-19] (ASUSTeK Computer Inc.) HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2005-09-25] (Ahead Software Gmbh) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software) HKU\S-1-5-21-796845957-1677128483-725345543-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [94208 2005-09-25] (Nero AG) HKU\S-1-5-21-796845957-1677128483-725345543-1003\...\Run: [IVONA ControlCenter] => C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe [2168768 2012-08-30] (IVONA Software Sp. z o.o.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Monitor Apache Servers.lnk ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TMMonitor.lnk ShortcutTarget: TMMonitor.lnk -> C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wireless Utility.lnk ShortcutTarget: Wireless Utility.lnk -> C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd) Startup: C:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\PopTray.lnk ShortcutTarget: PopTray.lnk -> C:\Program Files\PopTray\PopTray.exe (Renier Crause) SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Tcpip\Parameters: [DhcpNameServer] 198.168.2.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Krzysztof\Dane aplikacji\Mozilla\Firefox\Profiles\7bg5q7uc.default-1419073354343 FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-17] Chrome: ======= CHR StartupUrls: Default -> "" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll () CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-20] CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-20] CHR Extension: (Dysk Google) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-20] CHR Extension: (YouTube) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-20] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-20] CHR Extension: (Arkusze Google) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-20] CHR Extension: (Płatności CashBill) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jjanjdilnfpabehknfcjabmljfebpecf [2013-11-21] CHR Extension: (Google Wallet) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-20] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2012-06-24] (Adobe Systems) [File not signed] R2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed] R2 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software) R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2008-04-23] (FirebirdSQL Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2015232 2008-04-23] (FirebirdSQL Project) [File not signed] R2 Freemake Improver; C:\Documents and Settings\All Users\Dane aplikacji\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-02-10] (Freemake) [File not signed] R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation) R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [9073 2013-05-03] () [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-03] (HP) [File not signed] R2 Skype C2C Service; C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation) S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation) R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed] R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2012-03-17] (Cisco Systems, Inc.) [File not signed] R3 AF9035BDA; C:\WINDOWS\System32\Drivers\AF9035BDA.sys [462952 2009-07-16] (AfaTech ) R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-06-18] (Advanced Micro Devices) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-04] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-04] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-04] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-04] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-04] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-04] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-04] () S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [11264 2005-10-20] (ASUSTeK Computer Inc.) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-05-16] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-05-16] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP) S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation) S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105344 2006-08-14] (NVIDIA Corporation) R2 nvcap; C:\WINDOWS\System32\DRIVERS\nvcap.sys [141246 2005-02-01] (NVIDIA Corporation) [File not signed] R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation) R2 NVXBAR; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [16176 2005-02-01] (NVIDIA Corporation) [File not signed] S3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [490752 2008-01-16] (Ralink Technology, Corp.) [File not signed] R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura) R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed] R1 tidnet; C:\WINDOWS\System32\DRIVERS\tidnet.sys [26008 2010-12-01] (Telefónica I+D) R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2012-04-06] (Acronis) S1 ccnfd_1_10_0_4; system32\drivers\ccnfd_1_10_0_4.sys [X] S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 12:02 - 2014-12-20 12:02 - 00000000 ____D () C:\Documents and Settings\Krzysztof\Pulpit\Stare dane programu Firefox 2014-12-20 11:59 - 2014-12-20 11:59 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-12-20 11:59 - 2014-12-20 11:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$ 2014-12-20 11:59 - 2014-12-20 11:59 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell 2014-12-20 11:59 - 2014-12-20 11:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Windows PowerShell 1.0 2014-12-20 11:58 - 2014-12-20 11:59 - 00030676 _____ () C:\WINDOWS\KB926139-v2.log 2014-12-20 11:58 - 2014-12-20 11:58 - 00000000 ____D () C:\WINDOWS\LastGood 2014-12-20 08:51 - 2014-12-20 08:51 - 00000109 _____ () C:\WINDOWS\nmp.log 2014-12-20 08:48 - 2014-12-20 08:48 - 00000000 __SHD () C:\WINDOWS\system32\AI_RecycleBin 2014-12-19 19:11 - 2014-12-20 12:09 - 00000000 ____D () C:\FRST 2014-12-17 22:16 - 2014-12-17 22:16 - 00000000 ____D () C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\PCHealth 2014-12-11 21:36 - 2014-12-11 21:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini121114-01.dmp 2014-12-09 17:51 - 2014-12-20 11:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-03 16:29 - 2014-12-03 16:50 - 00000000 ____D () C:\Documents and Settings\Krzysztof\Pulpit\lis_gru_2014 2014-11-30 10:22 - 2014-11-30 10:22 - 00001783 _____ () C:\Documents and Settings\All Users\Pulpit\COREL.COM.LNK 2014-11-30 10:22 - 2014-11-30 10:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CorelDRAW 9 2014-11-30 10:22 - 1999-07-22 12:47 - 00000032 ____N () C:\WINDOWS\barcode.ini 2014-11-30 10:22 - 1999-02-17 12:49 - 01039360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSJET35.DLL 2014-11-30 10:22 - 1999-02-17 12:49 - 00368912 ____N (Microsoft Corporation) C:\WINDOWS\system32\VBAR332.DLL 2014-11-30 10:22 - 1998-09-25 12:18 - 00607744 ____N (Digital Equipment Corp.) C:\WINDOWS\system32\Decslib.dll 2014-11-30 10:21 - 1999-08-09 10:35 - 00225280 ____N (Corel Corporation) C:\WINDOWS\system32\Scint91.dll 2014-11-30 10:21 - 1999-08-09 10:35 - 00110592 ____N (Corel Corporation) C:\WINDOWS\system32\Sccres91.dll 2014-11-30 10:21 - 1999-07-22 12:47 - 00909824 ____N (Apple Computer Inc.) C:\WINDOWS\system32\qd3d.dll 2014-11-30 10:21 - 1999-07-22 12:47 - 00211456 ____N (Apple Computer, Inc.) C:\WINDOWS\system32\qd3d_ir2.q3x 2014-11-30 10:21 - 1999-07-21 20:14 - 00245760 ____N (Corel Corporation) C:\WINDOWS\system32\Sccomp91.dll 2014-11-30 10:21 - 1999-03-21 09:49 - 00100864 ____N (Corel Corporation Limited) C:\WINDOWS\system32\awpe.dll 2014-11-30 10:21 - 1999-03-08 07:53 - 00028252 ____N () C:\WINDOWS\corelpf.lrs 2014-11-30 10:21 - 1998-12-10 08:42 - 00168448 ____N (WexTech Systems, Inc.) C:\WINDOWS\system32\Awrtl30.dll 2014-11-30 10:21 - 1998-11-03 11:10 - 00112688 ____N () C:\WINDOWS\system32\shw32.dll 2014-11-30 10:21 - 1997-07-30 15:58 - 00070656 ____N (Apple Computer, Inc.) C:\WINDOWS\system32\3dviewer.dll 2014-11-30 10:21 - 1997-07-30 15:21 - 00553984 ____N (Apple Computer, Inc.) C:\WINDOWS\system32\rave.dll 2014-11-30 10:21 - 1996-12-10 13:21 - 00039095 ____N () C:\WINDOWS\iccsigs.dat 2014-11-30 10:20 - 2014-11-30 10:20 - 00000000 ____D () C:\Windows\Profiles\Krzysztof 2014-11-30 10:19 - 2014-11-30 10:26 - 00000000 ____D () C:\WINDOWS\Corel 2014-11-29 19:34 - 2014-12-17 22:30 - 00001387 _____ () C:\Documents and Settings\Krzysztof\Pulpit\sony.txt 2014-11-21 16:29 - 2014-11-21 16:29 - 00000041 _____ () C:\Documents and Settings\Krzysztof\Pulpit\dywan.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-20 12:09 - 2012-03-17 16:30 - 00000000 ____D () C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Temp 2014-12-20 12:02 - 2012-03-17 16:30 - 00000000 ____D () C:\Documents and Settings\Krzysztof\Pulpit 2014-12-20 12:01 - 2014-05-08 15:26 - 00000470 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{8724E323-26EF-4690-A86F-BDE0805CE37A}.job 2014-12-20 12:01 - 2012-03-17 16:30 - 00032520 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-20 11:59 - 2012-03-17 21:47 - 00084699 _____ () C:\WINDOWS\spupdsvc.log 2014-12-20 11:59 - 2012-03-17 17:11 - 01957898 _____ () C:\WINDOWS\FaxSetup.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00951247 _____ () C:\WINDOWS\ocgen.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00903361 _____ () C:\WINDOWS\tsoc.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00626012 _____ () C:\WINDOWS\msmqinst.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00547531 _____ () C:\WINDOWS\comsetup.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00350525 _____ () C:\WINDOWS\iis6.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00343604 _____ () C:\WINDOWS\netfxocm.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00330503 _____ () C:\WINDOWS\ntdtcsetup.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00136928 _____ () C:\WINDOWS\MedCtrOC.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00101624 _____ () C:\WINDOWS\tabletoc.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00100405 _____ () C:\WINDOWS\ocmsn.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00098303 _____ () C:\WINDOWS\msgsocm.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00001393 _____ () C:\WINDOWS\imsins.log 2014-12-20 11:59 - 2012-03-17 17:11 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-12-20 11:59 - 2012-03-17 17:02 - 00000000 ____D () C:\WINDOWS\system32\inetsrv 2014-12-20 11:59 - 2012-03-17 16:30 - 00000000 __RHD () C:\Documents and Settings\Krzysztof\Dane aplikacji 2014-12-20 11:57 - 2012-07-28 17:04 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-12-20 11:54 - 2012-03-17 16:26 - 01242543 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-20 11:54 - 2007-10-29 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-20 11:52 - 2012-03-17 17:14 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-20 11:52 - 2012-03-17 17:14 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-20 11:51 - 2014-03-09 15:38 - 00000230 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-12-20 11:51 - 2012-03-17 17:06 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-20 11:51 - 2012-03-17 16:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-20 11:51 - 2012-03-17 16:30 - 00000000 __SHD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2014-12-20 11:51 - 2012-03-17 16:30 - 00000000 __SHD () C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Historia 2014-12-20 11:51 - 2012-03-17 16:29 - 00000000 __SHD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2014-12-20 11:49 - 2012-03-17 16:30 - 00000188 ___SH () C:\Documents and Settings\Krzysztof\ntuser.ini 2014-12-20 11:47 - 2012-11-15 17:35 - 00000000 __SHD () C:\Documents and Settings\Administrator.MROCZEK-D6D4E65\Ustawienia lokalne\Historia 2014-12-20 11:47 - 2012-11-15 17:35 - 00000000 ____D () C:\Documents and Settings\Administrator.MROCZEK-D6D4E65\Ustawienia lokalne\Temp 2014-12-20 11:47 - 2012-03-17 18:42 - 00000000 ___HD () C:\Documents and Settings\UpdatusUser\Ustawienia lokalne\Historia 2014-12-20 11:46 - 2012-03-17 17:06 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-20 11:45 - 2012-03-17 17:11 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2014-12-20 11:45 - 2012-03-17 17:09 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-12-20 11:45 - 2012-03-17 16:30 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2014-12-20 11:36 - 2012-11-15 17:35 - 00000188 ___SH () C:\Documents and Settings\Administrator.MROCZEK-D6D4E65\ntuser.ini 2014-12-20 08:52 - 2012-03-17 16:34 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-12-19 20:41 - 2012-03-17 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-12-19 20:41 - 2012-03-17 16:30 - 00000000 ___RD () C:\Documents and Settings\Krzysztof\Moje dokumenty 2014-12-19 19:02 - 2014-03-15 13:41 - 00095780 _____ () C:\WINDOWS\setupapi.log 2014-12-17 22:16 - 2012-03-17 16:30 - 00000000 ___HD () C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji 2014-12-17 21:45 - 2012-03-17 17:06 - 00001733 _____ () C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk 2014-12-17 21:38 - 2014-02-13 22:58 - 02382082 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-18-0.dat 2014-12-17 21:37 - 2012-08-30 21:37 - 00596426 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2014-12-17 18:53 - 2012-03-17 16:30 - 00000000 ____D () C:\Documents and Settings\Krzysztof 2014-12-17 18:50 - 2013-10-27 10:07 - 00000000 ____D () C:\AdwCleaner 2014-12-16 20:25 - 2012-11-27 18:35 - 00002562 _____ () C:\WINDOWS\diagwrn.xml 2014-12-16 20:25 - 2012-11-27 18:35 - 00001908 _____ () C:\WINDOWS\diagerr.xml 2014-12-16 20:25 - 2012-03-17 17:08 - 00000917 _____ () C:\WINDOWS\setupact.log 2014-12-16 20:25 - 2012-03-17 17:08 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-12-16 19:39 - 2012-03-17 17:11 - 01443236 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-16 19:39 - 2007-10-29 13:00 - 00621702 _____ () C:\WINDOWS\system32\perfh015.dat 2014-12-16 19:39 - 2007-10-29 13:00 - 00133788 _____ () C:\WINDOWS\system32\perfc015.dat 2014-12-15 19:20 - 2012-03-17 16:30 - 00000000 ___RD () C:\Documents and Settings\Krzysztof\Menu Start\Programy 2014-12-14 17:44 - 2012-03-18 16:26 - 00000000 ____D () C:\Program Files\FTP Commander 2014-12-14 15:04 - 2013-03-22 20:02 - 00000923 _____ () C:\Documents and Settings\Krzysztof\Pulpit\Google Chrome.lnk 2014-12-14 15:04 - 2012-03-20 19:33 - 00000644 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk 2014-12-14 15:04 - 2012-03-20 19:33 - 00000638 _____ () C:\Documents and Settings\All Users\Pulpit\Opera.lnk 2014-12-14 15:04 - 2012-03-17 18:36 - 00000730 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2014-12-14 15:04 - 2012-03-17 18:36 - 00000724 _____ () C:\Documents and Settings\Krzysztof\Pulpit\Mozilla Firefox.lnk 2014-12-14 15:04 - 2012-03-17 18:36 - 00000724 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2014-12-14 15:04 - 2012-03-17 17:07 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome 2014-12-14 15:04 - 2012-03-17 16:31 - 00000753 _____ () C:\Documents and Settings\Krzysztof\Menu Start\Programy\Internet Explorer.lnk 2014-12-14 00:05 - 2012-03-17 16:30 - 00000000 ___RD () C:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart 2014-12-11 21:36 - 2012-04-18 16:31 - 00000000 ____D () C:\WINDOWS\Minidump 2014-12-11 18:23 - 2012-08-30 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2014-12-11 18:20 - 2013-07-15 14:29 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-11 18:13 - 2012-03-17 22:10 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-09 23:07 - 2012-10-27 09:31 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt 2014-12-09 19:38 - 2012-04-25 19:35 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-05 14:55 - 2012-06-24 14:56 - 00002331 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Acrobat Distiller 7.0.lnk 2014-12-03 16:46 - 2012-04-07 18:25 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-12-01 23:00 - 2012-08-30 21:37 - 08392714 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-796845957-1677128483-725345543-1003-0.dat 2014-12-01 17:37 - 2012-03-18 21:53 - 00047616 _____ () C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-30 13:49 - 2012-03-17 21:58 - 00254744 _____ () C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-11-30 10:32 - 2012-03-20 17:37 - 00000000 ____D () C:\Documents and Settings\Krzysztof\Dane aplikacji\Corel 2014-11-30 10:24 - 2012-03-17 17:08 - 00971464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-30 10:22 - 2012-03-17 16:30 - 00000000 ___RD () C:\Documents and Settings\Krzysztof\Ulubione 2014-11-30 10:21 - 2012-04-03 19:10 - 00000000 ____D () C:\Program Files\Corel 2014-11-28 16:49 - 2012-12-10 18:44 - 00002535 _____ () C:\Documents and Settings\Krzysztof\Pulpit\CorelDRAW X6.lnk 2014-11-27 19:35 - 2012-05-31 17:07 - 00138196 _____ () C:\WINDOWS\FontData.fdb 2014-11-27 18:58 - 2012-03-20 17:32 - 00000000 ____D () C:\Documents and Settings\Krzysztof\Dane aplikacji\OpenOffice.org2 2014-11-26 21:47 - 2013-03-22 20:02 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2014-11-22 08:33 - 2012-03-17 17:06 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================