Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01 Ran by dalewa (administrator) on USERXP-1CBA67F5 on 29-04-2015 09:37:53 Running from E:\diag Loaded Profiles: dalewa (Available profiles: dalewa & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 7 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Google) C:\Program Files\Google\Google Talk\googletalk.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe ( ) C:\Program Files\ChomikBox\chomikbox.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\windows\RTHDCPL.EXE [18702336 2009-08-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-839522115-1788223648-725345543-1004\...\Run: [ChomikBox] => C:\Program Files\ChomikBox\ChomikBox.exe [6033408 2014-03-11] ( ) HKU\S-1-5-21-839522115-1788223648-725345543-1004\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [2765256 2014-11-03] (ALLPlayer Group Ltd.) HKU\S-1-5-21-839522115-1788223648-725345543-1004\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5182896 2014-07-23] (ALLPlayer Group Ltd.) HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe [961200 2015-03-22] (Adobe Systems Incorporated) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk [2012-02-24] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.) Startup: C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.HTML [2015-03-30] () Startup: C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.PNG [2015-03-30] () Startup: C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.TXT [2015-03-30] () InternetURL: C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/17g4owx GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-839522115-1788223648-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1427638586&from=cor&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-839522115-1788223648-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1427638586&from=cor&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070 HKU\S-1-5-21-839522115-1788223648-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1427638586&from=cor&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1427638586&from=cor&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070&q={searchTerms} SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1423476616&from=zbd1&uid=wdcxwd2500bevt-22a23t0_wd-wxj0ac90207002070&q={searchTerms} SearchScopes: HKU\S-1-5-21-839522115-1788223648-725345543-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1427638586&from=cor&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070&q={searchTerms} SearchScopes: HKU\S-1-5-21-839522115-1788223648-725345543-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EPL&gct=sb&itbv=12.15.1.20&apn_uid=B04B0846-1775-486D-8156-DA320052D89F&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EPL&apn_dbr=Opera.exe_0_12.17.1863.0&doi=2014-07-16&trgb=IE&q={searchTerms}&psv=&pt=tb SearchScopes: HKU\S-1-5-21-839522115-1788223648-725345543-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1427638586&from=cor&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070&q={searchTerms} SearchScopes: HKU\S-1-5-21-839522115-1788223648-725345543-1004 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1423476616&from=zbd1&uid=wdcxwd2500bevt-22a23t0_wd-wxj0ac90207002070&q={searchTerms} SearchScopes: HKU\S-1-5-21-839522115-1788223648-725345543-1004 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PQOoxgrZm&loc=skw&search={searchTerms}&i=26 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-13] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-13] (Oracle Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\windows\system32\urlmon.dll [2014-02-26] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\windows\system32\urlmon.dll [2014-02-26] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default FF NewTab: hxxp://www.sweet-page.com/newtab/?type=nt&ts=1427638586&from=cor&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070 FF DefaultSearchEngine: sweet-page FF SearchEngineOrder.1: V9 FF SelectedSearchEngine: sweet-page FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1427638586&from=cor&uid=WDCXWD2500BEVT-22A23T0_WD-WXJ0AC90207002070 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-13] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-11-18] (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-18] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-18] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2015-02-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2015-02-15] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2006-06-02] (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2006-06-02] (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-02-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-02-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-02-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-02-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-02-15] (Apple Inc.) FF SearchPlugin: C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\searchplugins\V9.xml [2015-03-29] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\sweet-page.xml [2015-03-29] FF Extension: Fast Start - C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\Extensions\istart_ffnt@gmail.com [2015-03-29] FF Extension: 1-Click YouTube Video Downloader - C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-08-15] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-09] FF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\extensions\detgdp@gmail.com FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Documents and Settings\dalewa\Dane aplikacji\Mozilla\Firefox\Profiles\069lv5xw.default\extensions\istart_ffnt@gmail.com FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2014-08-28] <==== ATTENTION Chrome: ======= CHR Profile: C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14] CHR Extension: (Google Drive) - C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14] CHR Extension: (YouTube) - C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-24] CHR Extension: (Google Search) - C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-24] CHR Extension: (Google Wallet) - C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-23] CHR Extension: (Gmail) - C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-24] CHR HKLM\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\System32\jmdp\pnte.crx [Not Found] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-01-13] (Oracle Corporation) S4 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) S3 CCDECODE; C:\windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [41984 2006-06-12] (Samsung Electronics Co., Ltd.) [File not signed] S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2015-04-14] () S3 Monfilt; C:\windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 NdisIP; C:\windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R1 netfilter; C:\windows\System32\drivers\netfilter.sys [47488 2014-07-08] (NetFilterSDK.com) [File not signed] R3 RT80x86; C:\windows\System32\DRIVERS\RT2860.sys [1334240 2010-06-28] (Ralink Technology, Corp.) R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2011-08-01] () [File not signed] S3 catchme; \??\C:\DOCUME~1\dalewa\USTAWI~1\Temp\catchme.sys [X] S3 FTDIBUS; system32\drivers\ftdibus.sys [X] S3 FTSER2K; system32\drivers\ftser2k.sys [X] S4 IntelIde; No ImagePath S3 MGHwCtrl; \??\U:\RESCUE\MGHwCtrl.sys [X] S1 netfilter2; system32\drivers\netfilter2.sys [X] S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X] U5 ScsiPort; C:\windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S2 SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys [X] S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-29 09:37 - 2015-04-29 09:37 - 00000000 ____D () C:\FRST 2015-04-14 10:24 - 2015-04-29 09:38 - 00000000 ____D () C:\Documents and Settings\dalewa\Ustawienia lokalne\temp 2015-04-14 10:24 - 2015-04-14 10:24 - 00064395 _____ () C:\ComboFix.txt 2015-04-14 10:24 - 2015-04-14 10:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp 2015-04-14 10:24 - 2015-04-14 10:24 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\temp 2015-04-14 10:24 - 2015-04-14 10:24 - 00000000 ____D () C:\Documents and Settings\Default User\Ustawienia lokalne\temp 2015-04-14 10:24 - 2015-04-14 10:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\temp 2015-04-14 10:01 - 2015-04-14 10:24 - 00000000 ____D () C:\ComboFix 2015-04-14 09:47 - 2015-04-14 09:47 - 02572334 _____ () C:\Documents and Settings\All Users\Dane aplikacji\SMRResults430.dat 2015-04-14 09:47 - 2015-04-14 09:47 - 00000000 ____D () C:\Program Files\Common Files\system 2015-04-14 08:23 - 2015-04-14 09:27 - 00000000 ____D () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\NPE 2015-04-14 08:16 - 2015-04-14 08:16 - 00019984 _____ () C:\windows\system32\Drivers\EsgScanner.sys 2015-04-06 12:32 - 2015-04-06 12:32 - 00008598 _____ () C:\HELP_DECRYPT.HTML 2015-04-06 12:32 - 2015-04-06 12:32 - 00004242 _____ () C:\HELP_DECRYPT.TXT 2015-04-06 12:32 - 2015-04-06 12:32 - 00000280 _____ () C:\HELP_DECRYPT.URL 2015-03-31 20:50 - 2015-03-31 20:50 - 00000000 ____D () C:\Program Files\astrojargon.net 2015-03-31 20:50 - 2015-03-31 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\astrojargon.net 2015-03-31 04:47 - 2015-03-31 04:47 - 00000664 _____ () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\d3d9caps.dat ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-29 09:34 - 2013-09-02 22:15 - 00000000 ____D () C:\Documents and Settings\dalewa\.gstreamer-0.10 2015-04-29 09:34 - 2011-06-24 21:05 - 01068202 _____ () C:\windows\WindowsUpdate.log 2015-04-29 09:33 - 2015-02-15 13:10 - 00001032 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-29 09:33 - 2015-02-15 12:37 - 00000444 _____ () C:\windows\Tasks\Opera scheduled Autoupdate 1423996644.job 2015-04-29 09:33 - 2014-03-09 14:22 - 00000224 _____ () C:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-04-29 09:33 - 2013-08-29 18:10 - 00000280 _____ () C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-839522115-1788223648-725345543-1004.job 2015-04-29 09:33 - 2012-03-30 15:52 - 00000280 _____ () C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1788223648-725345543-1004.job 2015-04-29 09:33 - 2012-02-24 09:24 - 00000000 ____D () C:\Program Files\Opera 2015-04-29 09:33 - 2011-06-24 22:58 - 00000159 _____ () C:\windows\wiadebug.log 2015-04-29 09:33 - 2011-06-24 22:58 - 00000050 _____ () C:\windows\wiaservc.log 2015-04-29 09:33 - 2011-06-24 21:09 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-29 09:33 - 2011-06-24 20:34 - 00002206 _____ () C:\windows\system32\wpa.dbl 2015-04-18 15:04 - 2012-02-24 09:07 - 00000188 ___SH () C:\Documents and Settings\dalewa\ntuser.ini 2015-04-18 15:04 - 2011-06-24 21:09 - 00032596 _____ () C:\windows\SchedLgU.Txt 2015-04-18 15:01 - 2012-12-21 22:17 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-04-18 15:01 - 2012-10-19 19:59 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2015-04-18 15:01 - 2011-06-25 20:25 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2015-04-18 14:57 - 2015-03-22 13:00 - 00000892 _____ () C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-04-18 14:37 - 2012-12-21 22:20 - 00000288 _____ () C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-839522115-1788223648-725345543-1004.job 2015-04-14 11:07 - 2012-12-11 20:25 - 00000000 ____D () C:\Documents and Settings\dalewa\Dane aplikacji\foobar2000 2015-04-14 11:07 - 2012-02-24 09:07 - 00000000 ____D () C:\Documents and Settings\dalewa\Pulpit 2015-04-14 10:24 - 2012-11-19 10:40 - 00000000 ____D () C:\Qoobox 2015-04-14 10:24 - 2012-02-24 09:07 - 00000000 ___HD () C:\Documents and Settings\dalewa\Ustawienia lokalne 2015-04-14 10:24 - 2011-06-24 22:56 - 00000000 __RHD () C:\Documents and Settings\Default User\Ustawienia lokalne 2015-04-14 10:24 - 2011-06-24 21:10 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2015-04-14 10:24 - 2011-06-24 21:09 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne 2015-04-14 10:24 - 2011-06-24 21:09 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne 2015-04-14 10:22 - 2011-06-24 20:32 - 00000227 _____ () C:\windows\system.ini 2015-04-14 10:13 - 2012-02-24 10:11 - 00000000 ____D () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\Temp 2015-04-14 10:08 - 2012-02-24 09:07 - 00000000 __RHD () C:\Documents and Settings\dalewa\Dane aplikacji 2015-04-14 09:47 - 2015-01-13 11:05 - 00000000 ____D () C:\Program Files\Elex-tech 2015-04-14 09:47 - 2011-06-24 22:56 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-04-14 09:47 - 2011-06-24 22:55 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-04-14 09:45 - 2012-02-24 09:07 - 00000000 ____D () C:\Documents and Settings\dalewa 2015-04-14 09:15 - 2015-02-15 13:10 - 00001036 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-14 08:48 - 2012-02-24 09:07 - 00000000 ___RD () C:\Documents and Settings\dalewa\Menu Start\Programy\Autostart 2015-04-14 08:47 - 2011-11-14 23:23 - 00000664 _____ () C:\windows\system32\d3d9caps.dat 2015-04-14 08:23 - 2012-02-24 09:07 - 00000000 ___HD () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji 2015-04-14 08:23 - 2011-11-05 18:47 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Norton 2015-04-14 08:16 - 2012-02-24 10:41 - 00585048 _____ () C:\windows\setupapi.log 2015-04-08 17:58 - 2012-02-25 19:28 - 00078848 _____ () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-08 17:58 - 2012-02-25 16:59 - 00000000 ____D () C:\Program Files\The KMPlayer 2015-04-08 15:00 - 2014-03-09 14:22 - 00000218 _____ () C:\windows\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2015-04-02 21:12 - 2011-06-24 22:56 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2015-03-31 22:17 - 2011-06-24 22:56 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-03-31 20:43 - 2011-06-24 22:55 - 00299084 _____ () C:\windows\setupact.log 2015-03-30 11:09 - 2014-09-13 18:49 - 00000000 _____ () C:\Documents and Settings\dalewa\TempWmicBatchFile.bat 2015-03-30 11:09 - 2012-02-24 09:07 - 00000000 ___RD () C:\Documents and Settings\dalewa\Menu Start\Programy ==================== Files in the root of some directories ======= 2012-09-01 20:22 - 2012-09-01 20:22 - 6955968 ____C (Microsoft Corporation) C:\Program Files\Silverlight.exe 2011-01-12 02:00 - 2011-01-12 02:00 - 0146944 _____ () C:\Program Files\Common Files\dsfFLACDecoder.dll 2011-01-12 02:00 - 2011-01-12 02:00 - 0221184 _____ () C:\Program Files\Common Files\dsfFLACEncoder.dll 2011-01-12 02:00 - 2011-01-12 02:00 - 0204800 _____ () C:\Program Files\Common Files\dsfNativeFLACSource.dll 2012-05-11 14:16 - 2012-05-11 14:16 - 0171520 _____ () C:\Program Files\Common Files\dsfOggDemux2.dll 2011-01-12 02:00 - 2011-01-12 02:00 - 0240128 _____ () C:\Program Files\Common Files\dsfVorbisDecoder.dll 2009-07-11 23:08 - 2009-07-11 23:08 - 0001860 _____ () C:\Program Files\Common Files\Microsoft.VC90.CRT.manifest 2011-04-18 22:51 - 2011-04-18 22:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCP90.dll 2011-04-18 22:51 - 2011-04-18 22:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCR90.dll 2010-12-16 21:39 - 2010-12-16 21:39 - 0412672 _____ (Google) C:\Program Files\Common Files\vp8decoder.dll 2010-12-16 21:39 - 2010-12-16 21:39 - 0701440 _____ (Google) C:\Program Files\Common Files\vp8encoder.dll 2010-12-16 21:39 - 2010-12-16 21:39 - 0302592 _____ (Google) C:\Program Files\Common Files\webmmux.dll 2010-12-16 21:39 - 2010-12-16 21:39 - 0292352 _____ (Google) C:\Program Files\Common Files\webmsplit.dll 2011-01-12 02:00 - 2011-01-12 02:00 - 0030208 _____ () C:\Program Files\Common Files\wmpinfo.dll 2015-03-29 18:16 - 2015-03-29 18:16 - 0008598 _____ () C:\Documents and Settings\dalewa\Dane aplikacji\HELP_DECRYPT.HTML 2015-03-29 18:16 - 2015-03-29 18:16 - 0045589 _____ () C:\Documents and Settings\dalewa\Dane aplikacji\HELP_DECRYPT.PNG 2015-03-29 18:16 - 2015-03-29 18:16 - 0004242 _____ () C:\Documents and Settings\dalewa\Dane aplikacji\HELP_DECRYPT.TXT 2015-03-29 18:16 - 2015-03-29 18:16 - 0000280 _____ () C:\Documents and Settings\dalewa\Dane aplikacji\HELP_DECRYPT.URL 2015-03-31 04:47 - 2015-03-31 04:47 - 0000664 _____ () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\d3d9caps.dat 2012-02-25 19:28 - 2015-04-08 17:58 - 0078848 _____ () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-29 18:43 - 2015-03-29 18:43 - 0008598 _____ () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\HELP_DECRYPT.HTML 2015-03-29 18:43 - 2015-03-29 18:43 - 0045589 _____ () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\HELP_DECRYPT.PNG 2015-03-29 18:43 - 2015-03-29 18:43 - 0004242 _____ () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\HELP_DECRYPT.TXT 2015-03-29 18:43 - 2015-03-29 18:43 - 0000280 _____ () C:\Documents and Settings\dalewa\Ustawienia lokalne\Dane aplikacji\HELP_DECRYPT.URL 2015-03-29 17:13 - 2015-03-29 17:13 - 0008598 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML 2015-03-29 17:13 - 2015-03-29 17:13 - 0045575 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG 2015-03-29 17:13 - 2015-03-29 17:13 - 0004242 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT 2015-03-29 17:13 - 2015-03-29 17:13 - 0000280 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL Files to move or delete: ==================== C:\Documents and Settings\dalewa\TempWmicBatchFile.bat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================