Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015 01 Ran by Administrator (administrator) on DOMPC on 20-04-2015 16:36:40 Running from E:\programy\FRST Loaded Profiles: Administrator (Available profiles: Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe () C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe () E:\programy\Unlocker\UnlockerAssistant.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Pay By Ads LTD) C:\Program Files\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrlte.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe () C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe () C:\Program Files\Round World\bin\utilRoundWorld.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (AIMP DevTeam) E:\programy\AIMP3\AIMP3.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe () C:\Program Files\Round World\updateRoundWorld.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe () C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe () C:\Program Files\Round World\bin\RoundWorld.BrowserAdapter.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243864 2015-01-30] (COMODO) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [UnlockerAssistant] => E:\programy\Unlocker\UnlockerAssistant.exe [17408 2015-03-02] () Winlogon\Notify\Antiwpa: C:\WINDOWS\system32\antiwpa.dll [2010-10-19] () Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25] (ATI Technologies Inc.) Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2012-07-12] (Microsoft Corporation) Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Microsoft Corporation) HKU\S-1-5-21-1801674531-1647877149-1606980848-500\...\Run: [DAEMON Tools Lite] => E:\programy\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1801674531-1647877149-1606980848-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-1801674531-1647877149-1606980848-500\...\Run: [Yahoo! Search] => C:\Program Files\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrlte.exe [644352 2015-04-13] (Pay By Ads LTD) HKU\S-1-5-21-1801674531-1647877149-1606980848-500\...\MountPoints2: {264bec66-b81c-11e4-86fa-001d0fb93e8c} - D:\Autorun.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2015-03-15] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk [2015-02-17] ShortcutTarget: TL-WN321G Wireless Utility.lnk -> C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150219 HKU\S-1-5-21-1801674531-1647877149-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=hp-ddc-bd&type=616_pr__alt__ddc_dsssyc_bd_com HKU\S-1-5-21-1801674531-1647877149-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://q.search-simple.com/?m=tab&affID=na" <======= ATTENTION SearchScopes: HKU\S-1-5-21-1801674531-1647877149-1606980848-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=pr_378592e5-7eef-4407-b0be-e1db2e810c3d&q={searchTerms} SearchScopes: HKU\S-1-5-21-1801674531-1647877149-1606980848-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=pr_378592e5-7eef-4407-b0be-e1db2e810c3d&q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-19] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{87549FF5-9D20-4F9A-A9B2-E9DBED06F02D}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9mxa5nk6.default FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=616_pr__alt__ddc_dsssyctab_bd_com FF DefaultSearchEngine: Yahoo! Search FF SelectedSearchEngine: Yahoo! Search FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=616_pr__alt__ddc_dsssyc_bd_com FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=616_pr__alt__ddc_dss_bd_com&p= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-02] () FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation) FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9mxa5nk6.default\searchplugins\dsrlte1.xml [2015-04-13] FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9mxa5nk6.default\searchplugins\search-simple.xml [2015-04-13] FF Extension: Round World 1.0.1 - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9mxa5nk6.default\Extensions\{237a87b5-881c-4fd8-b80a-c3b471ff75d7}.xpi [2015-04-19] FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9mxa5nk6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-27] FF Extension: QuickJava - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9mxa5nk6.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-04-19] FF HKU\S-1-5-21-1801674531-1647877149-1606980848-500\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] () [File not signed] R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2015-01-30] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2015-01-30] (COMODO) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-04-19] (Oracle Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2015-03-15] (McAfee, Inc.) R2 RalinkRegistryWriter; C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe [69632 2009-01-05] () [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-31] (TeamViewer GmbH) R2 Update Round World; C:\Program Files\Round World\updateRoundWorld.exe [402672 2015-04-20] () R2 Util Round World; C:\Program Files\Round World\bin\utilRoundWorld.exe [402672 2015-04-20] () R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1795864 2014-12-10] (UltraVNC) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2015-02-17] (Cisco Systems, Inc.) [File not signed] R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15576 2015-01-30] (COMODO) R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [620120 2015-01-30] (COMODO) R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [754560 2003-10-17] (C-Media Inc) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2015-02-19] (Disc Soft Ltd) R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation) R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [465152 2008-10-21] (Ralink Technology, Corp.) [File not signed] R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [69168 2012-07-14] (Silicon Image, Inc.) S0 Si3114r5; C:\WINDOWS\system32\Drivers\Si3114r5.sys [211496 2012-07-14] (Silicon Image, Inc) R0 Si3124; C:\WINDOWS\system32\Drivers\Si3124.sys [69248 2012-07-14] (Silicon Image, Inc.) [File not signed] R0 Si3132; C:\WINDOWS\system32\Drivers\Si3132.sys [80424 2012-07-14] (Silicon Image, Inc) R0 Si3132r5; C:\WINDOWS\system32\Drivers\Si3132r5.sys [217128 2012-07-14] (Silicon Image, Inc) R0 Si3531; C:\WINDOWS\system32\Drivers\Si3531.sys [210736 2012-07-14] (Silicon Image, Inc) R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32256 2002-07-11] (SiS Corporation) R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [117248 2012-07-14] (VIA Technologies inc,.ltd) R1 {237a87b5-881c-4fd8-b80a-c3b471ff75d7}t; C:\WINDOWS\System32\drivers\{237a87b5-881c-4fd8-b80a-c3b471ff75d7}t.sys [55824 2015-03-26] () [File not signed] R1 {3788502c-c1e8-40a8-8914-655def81ee5b}Gt; C:\WINDOWS\System32\drivers\{3788502c-c1e8-40a8-8914-655def81ee5b}Gt.sys [55824 2015-02-19] () [File not signed] R1 {72502b1b-b916-4994-814e-c516f9f681b2}Gt; C:\WINDOWS\System32\drivers\{72502b1b-b916-4994-814e-c516f9f681b2}Gt.sys [55824 2015-02-28] () [File not signed] R1 {8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}Gt; C:\WINDOWS\System32\drivers\{8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}Gt.sys [55824 2015-02-22] () [File not signed] R1 {8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gt; C:\WINDOWS\System32\drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gt.sys [55824 2015-03-08] () [File not signed] R1 {97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gt; C:\WINDOWS\System32\drivers\{97a224e4-fe41-4078-b1ef-069fe8cd6d9f}Gt.sys [55824 2015-03-02] () [File not signed] R1 {b4e11afe-4c35-4044-965f-6641cc18f62e}Gt; C:\WINDOWS\System32\drivers\{b4e11afe-4c35-4044-965f-6641cc18f62e}Gt.sys [55824 2015-02-19] () [File not signed] S4 IntelIde; No ImagePath U5 UnlockerDriver5; E:\programy\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 16:34 - 2015-04-20 16:36 - 00000000 ____D () C:\FRST 2015-04-20 16:06 - 2015-04-20 16:17 - 00000000 ____D () C:\WINDOWS\LastGood 2015-04-20 16:05 - 2015-04-20 16:05 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-04-20 15:54 - 2015-04-20 16:22 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2015-04-20 15:54 - 2015-04-20 15:54 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2015-04-19 19:03 - 2015-04-19 19:02 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2015-04-19 19:03 - 2015-04-19 19:02 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2015-04-19 19:02 - 2015-04-19 19:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2015-04-19 19:02 - 2015-04-19 19:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2015-04-19 19:02 - 2015-04-19 19:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-04-19 19:02 - 2015-04-19 19:02 - 00000000 ____D () C:\Program Files\Java 2015-04-19 19:02 - 2015-04-19 19:02 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2015-04-19 18:31 - 2015-04-19 18:31 - 00000000 ____D () C:\WINDOWS\Sun 2015-04-19 18:29 - 2015-04-19 18:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Sun 2015-04-19 18:29 - 2015-04-19 18:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Oracle 2015-04-19 18:28 - 2015-04-19 18:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Sun 2015-04-19 18:27 - 2015-04-19 18:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Oracle 2015-04-19 18:26 - 2015-04-19 18:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Sun 2015-04-13 16:37 - 2015-04-13 16:37 - 00000000 ____D () C:\Program Files\Pay-By-Ads 2015-04-08 16:18 - 2015-04-08 16:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-07 12:17 - 2015-04-11 18:00 - 00009216 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-31 20:51 - 2015-03-31 20:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 10 2015-03-31 19:30 - 2015-03-31 19:32 - 00000000 _____ () C:\Documents and Settings\Administrator\Pulpit\SIV11.tmp 2015-03-27 18:29 - 2015-03-27 18:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Arka Noego (Petarda) ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 16:41 - 2015-02-17 21:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2015-04-20 16:38 - 2015-02-28 20:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\AIMP3 2015-04-20 16:35 - 2015-02-17 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Pobrane 2015-04-20 16:31 - 2015-02-17 22:36 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat 2015-04-20 16:25 - 2015-02-17 21:39 - 01177216 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-20 16:23 - 2015-02-17 21:46 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2015-04-20 16:23 - 2015-02-17 21:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2015-04-20 16:17 - 2015-02-17 22:23 - 00612497 _____ () C:\WINDOWS\setupapi.log 2015-04-20 15:44 - 2015-02-28 20:15 - 00000000 ____D () C:\Program Files\Round World 2015-04-20 15:41 - 2015-02-17 22:36 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job 2015-04-20 15:00 - 2015-02-17 22:36 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job 2015-04-20 14:55 - 2015-02-17 22:36 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job 2015-04-20 14:55 - 2015-02-17 22:36 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job 2015-04-20 14:55 - 2008-04-15 13:00 - 00000609 _____ () C:\WINDOWS\win.ini 2015-04-20 14:46 - 2015-02-17 22:24 - 00984960 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-20 14:46 - 2008-04-15 13:00 - 00448004 _____ () C:\WINDOWS\system32\perfh015.dat 2015-04-20 14:46 - 2008-04-15 13:00 - 00074230 _____ () C:\WINDOWS\system32\perfc015.dat 2015-04-20 14:42 - 2015-02-19 14:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Skype 2015-04-20 14:41 - 2015-02-17 21:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-19 19:02 - 2015-02-17 22:23 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-04-19 18:29 - 2015-02-17 22:23 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-04-19 18:29 - 2015-02-17 21:46 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2015-04-19 18:28 - 2015-02-17 21:46 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2015-04-19 18:04 - 2008-04-15 13:00 - 00002300 _____ () C:\WINDOWS\system32\wpa.dbl 2015-04-17 17:07 - 2015-02-22 19:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\vlc 2015-04-11 17:34 - 2015-02-17 22:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-09 14:43 - 2015-02-19 14:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2015-04-08 15:13 - 2015-02-17 21:46 - 00032572 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-31 21:11 - 2015-02-17 23:34 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2015-03-31 21:11 - 2015-02-17 21:46 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2015-03-31 20:52 - 2015-02-24 19:36 - 00000000 ____D () C:\Program Files\TeamViewer 2015-03-31 20:51 - 2015-02-24 19:36 - 00000706 _____ () C:\Documents and Settings\All Users\Pulpit\TeamViewer 10.lnk 2015-03-31 20:51 - 2015-02-17 22:23 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit ==================== Files in the root of some directories ======= 2015-04-07 12:17 - 2015-04-11 18:00 - 0009216 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\amt_mystartsearch.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\bitool.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\chrome.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ICReinstall_SubEditPlayer(12488)-dp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\installerdll8993125.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\installerdll9058953.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\peverify.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\rootsupd.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\Setup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\SHSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\utt1DA.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\utt1DF.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\vcredist_x64.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\vcredist_x86.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\WindowsInstaller-KB893803-v2-x86.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================