Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01 Ran by Piotr (administrator) on PJ on 04-05-2015 22:38:12 Running from C:\Documents and Settings\Piotr\Pulpit Loaded Profiles: Piotr (Available profiles: Piotr & Gość) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Baidu Inc.) C:\Program Files\Baidu Cleaner\BCleanerSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BavTray.exe (Flux Software LLC) C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe (Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BAVSvc.exe (Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BHipsSvc.exe (Mozilla Corporation) C:\Program Files\Old Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BavTray.exe [1988080 2015-04-20] (Baidu, Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-07-02] (ATI Technologies Inc.) HKU\S-1-5-21-220523388-1078081533-839522115-1004\...\Run: [f.lux] => C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-220523388-1078081533-839522115-1004\...\Run: [Spotify Web Helper] => C:\SpotifyWebHelper.exe [2020920 2015-05-02] (Spotify Ltd) HKU\S-1-5-21-220523388-1078081533-839522115-1004\...\MountPoints2: {1125bfdc-4b67-11e2-bdb5-000c768f679d} - I:\iStudio.exe Startup: C:\Documents and Settings\Piotr\Menu Start\Programy\Autostart\AutorunsDisabled [2012-01-18] () ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BavShx.dll [2015-04-20] (Baidu, Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-220523388-1078081533-839522115-1004] => :0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-220523388-1078081533-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ HKU\S-1-5-21-220523388-1078081533-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> ${searchCLSID} URL = http://startsear.ch/?aff=1&src=sp&cf=56ef9ecc-3725-11e1-b1f5-000c768f679d&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-839522115-1004 -> {4556E1F9-5EB1-474C-A9E5-86ADAB27D39C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-839522115-1004 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.pl/search?q={searchTerms} Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{0E37B914-79AB-4101-9840-13CE0F874175}: [NameServer] 194.204.152.34,194.204.159.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000 FF SelectedSearchEngine: Google2 FF Homepage: hxxp://www.onet.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-08-11] (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\searchplugins\allegropl.xml [2015-05-02] FF SearchPlugin: C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\searchplugins\youtube.xml [2015-05-03] FF Extension: Add to Search Bar - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\add-to-searchbox@maltekraus.de.xpi [2014-09-05] FF Extension: FoxFilter - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\foxfilter@inspiredeffect.net.xpi [2014-09-11] FF Extension: FoxyScrobbler - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\foxyscrobbler@baluvaithinathan.com.xpi [2014-10-08] FF Extension: YouTube mp3 - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\info@youtube-mp3.org.xpi [2014-10-25] FF Extension: Facebook™ Disconnect - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi [2015-05-01] FF Extension: Facebook Secret Emoticons - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi [2014-09-02] FF Extension: web2pdf - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\jid1-Y5yNCPQbxaTICw@jetpack.xpi [2015-05-04] FF Extension: PageRank - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\PageRank@addonfactory.in.xpi [2014-09-02] FF Extension: Flagfox - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-09-02] FF Extension: Facebook Messenger - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\{249b4e45-4fb9-4f6b-9754-7c0c1e605d44}.xpi [2015-05-01] FF Extension: Download Status Bar - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-09-03] FF Extension: Google Image Search - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2014-09-05] FF Extension: NoScript - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-02] FF Extension: Video DownloadHelper - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15] FF Extension: Adblock Plus - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-02] FF Extension: Greasemonkey - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\i9dra9ge.default-1409666055000\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-11-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-21] Chrome: ======= CHR Profile: C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Unfriend Notify for Facebook) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2014-03-12] CHR Extension: (Google Docs) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06] CHR Extension: (Google Drive) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06] CHR Extension: (YouTube) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06] CHR Extension: (Adblock Plus) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-19] CHR Extension: (Google Search) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06] CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24] CHR Extension: (Google Wallet) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06] CHR Extension: (Gmail) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed] R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BavSvc.exe [2572928 2015-04-20] (Baidu, Inc.) R2 BCleanerSvc; C:\Program Files\Baidu Cleaner\BCleanerSvc.exe [1697896 2015-04-27] (Baidu Inc.) S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BdSandboxSrv.exe [391200 2015-03-05] (Baidu, Inc.) R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BHipsSvc.exe [531232 2015-04-20] (Baidu, Inc.) S3 BsrSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3396968 2015-03-30] (Baidu, Inc.) S4 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2005-03-07] (Macromedia) [File not signed] S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S2 SparkSvc; C:\Program Files\baidu\Baidu Browser\sparkservice.exe [86840 2015-04-28] (Baidu Inc.) S3 usprserv; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-08-21] (Cisco Systems, Inc.) [File not signed] S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391680 2003-11-13] (Sensaura Ltd) R3 ALCXWDM; C:\WINDOWS\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.) U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BdApiUtil.sys [101448 2015-04-20] (Baidu, Inc.) R3 bdark; C:\WINDOWS\system32\drivers\bdark.sys [82376 2015-04-20] () U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BdCameraProtect.sys [21384 2015-04-20] (Baidu, Inc.) S3 BdSandbox; C:\WINDOWS\System32\drivers\BdSandbox.sys [197624 2015-03-05] (Baidu, Inc.) R1 Bfilter; C:\WINDOWS\System32\drivers\Bfilter.sys [51144 2015-04-20] (Baidu, Inc.) R1 Bfmon; C:\WINDOWS\System32\drivers\Bfmon.sys [31176 2015-04-20] (Baidu, Inc.) R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [74888 2015-04-20] (Baidu, Inc.) R3 BHipsEx; C:\WINDOWS\System32\drivers\BHipsEx.sys [138184 2015-04-20] (Baidu, Inc.) R1 Bnbase; C:\WINDOWS\System32\drivers\bnbase.sys [52136 2015-04-20] (Baidu, Inc.) R1 Bndef; C:\WINDOWS\System32\drivers\bndef.sys [461192 2015-04-20] (Baidu, Inc.) R3 Bnmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.118812.0\Bnmon.sys [84936 2015-04-20] (Baidu, Inc.) R1 Bprotect; C:\WINDOWS\System32\drivers\Bprotect.sys [195528 2015-04-20] (Baidu, Inc.) R1 BprotectEx; C:\WINDOWS\System32\drivers\BprotectEx.sys [114960 2015-03-31] (Baidu, Inc.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 CommSBEP; C:\WINDOWS\system32\Drivers\CommSBEP.sys [24476 2000-04-27] (Motorola) [File not signed] R1 FileDisk; C:\WINDOWS\system32\Drivers\FileDisk.sys [12928 2013-04-23] (Bo Brantén) [File not signed] S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-01-08] () [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-03-18] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-02-26] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-03-18] (HP) R1 HWiNFO32; C:\Program Files\HWiNFO32\HWiNFO32.SYS [21624 2011-12-19] (REALiX(tm)) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [50704 2009-11-16] (CACE Technologies, Inc.) S3 QCDonner; C:\WINDOWS\System32\DRIVERS\OVCD.sys [28032 2001-08-17] (Microsoft Corporation) R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation ) S3 s116bus; C:\WINDOWS\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation) S3 s116mdfl; C:\WINDOWS\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation) S3 s116mdm; C:\WINDOWS\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation) S3 s116mgmt; C:\WINDOWS\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation) S3 s116nd5; C:\WINDOWS\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation) S3 s116obex; C:\WINDOWS\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation) S3 s116unic; C:\WINDOWS\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation) S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) U5 PCFasterSvc_{PCFaster_6.0.0.0}; C:\Program Files\Baidu Cleaner\BCleanerSvc.exe [1697896 2015-04-27] (Baidu Inc.) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== Three Months Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-04 22:38 - 2015-05-04 22:39 - 00019022 _____ () C:\Documents and Settings\Piotr\Pulpit\FRST.txt 2015-05-04 21:51 - 2015-05-04 21:51 - 00000712 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2015-05-04 21:51 - 2015-05-04 21:51 - 00000706 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2015-05-04 21:51 - 2015-05-04 21:51 - 00000000 ____D () C:\Program Files\Old Firefox 2015-05-04 00:23 - 2015-05-04 00:23 - 00024249 _____ () C:\Documents and Settings\Piotr\Pulpit\Report.txt 2015-05-02 17:15 - 2015-05-02 17:15 - 00000000 ____D () C:\pdf.dll 2015-05-02 15:41 - 2015-05-02 15:41 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-05-02 15:41 - 2015-05-02 15:41 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-05-02 02:04 - 2015-05-03 01:11 - 00000407 _____ () C:\Documents and Settings\Piotr\Pulpit\zestawy.txt 2015-05-01 21:28 - 2015-05-03 01:33 - 00004565 _____ () C:\WINDOWS\setupapi.log 2015-05-01 17:16 - 2015-05-01 17:16 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\iterate_GmbH 2015-05-01 15:56 - 2015-05-03 01:12 - 00000372 _____ () C:\WINDOWS\wiadebug.log 2015-05-01 15:56 - 2015-05-02 15:13 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-05-01 15:56 - 2015-05-01 15:56 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log 2015-05-01 15:38 - 2015-05-03 23:03 - 00000000 __SHD () C:\Documents and Settings\Piotr\wc 2015-05-01 15:38 - 2015-05-03 23:02 - 00122376 _____ () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-05-01 15:38 - 2015-05-01 15:38 - 00000000 __SHD () C:\Documents and Settings\Piotr\Dane aplikacji\wyUpdate AU 2015-05-01 15:38 - 2015-05-01 15:38 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Cyberduck 2015-04-30 19:12 - 2015-05-04 22:38 - 00000000 ____D () C:\FRST 2015-04-30 19:11 - 2015-04-30 19:11 - 01140736 _____ (Farbar) C:\Documents and Settings\Piotr\Pulpit\FRST.exe 2015-04-30 18:32 - 2015-04-30 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\BsrSvc_exe 2015-04-30 01:34 - 2015-04-30 01:35 - 32768992 _____ (Ashampoo GmbH & Co. KG ) C:\Documents and Settings\Piotr\Pulpit\ashampoo_burning_studio_free_1.14.5_sm.exe 2015-04-30 01:22 - 2015-04-30 01:22 - 00000107 _____ () C:\Documents and Settings\Piotr\Pulpit\FTP.txt 2015-04-30 01:20 - 2015-04-30 01:20 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Cyberduck 2015-04-30 01:16 - 2015-04-30 01:20 - 00000000 ____D () C:\Program Files\Cyberduck 2015-04-30 00:25 - 2015-04-30 00:25 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\LibreOffice 2015-04-30 00:16 - 2015-05-03 19:18 - 00439736 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-04-30 00:08 - 2015-04-30 00:09 - 00000000 ___SD () C:\Documents and Settings\All Users\Menu Start\LibreOffice 4.4 2015-04-30 00:08 - 2015-04-30 00:08 - 00000835 _____ () C:\Documents and Settings\All Users\Pulpit\LibreOffice 4.4.lnk 2015-04-30 00:05 - 2015-04-30 00:08 - 00000000 ____D () C:\Program Files\LibreOffice 4 2015-04-28 18:46 - 2015-04-28 18:46 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\BAVData 2015-04-28 18:45 - 2015-04-20 13:05 - 00075400 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bnbasex.sys 2015-04-27 02:08 - 2015-04-27 02:09 - 00001835 _____ () C:\Documents and Settings\Piotr\Pulpit\proline_koszyk_15-04-27-1-54.xls 2015-04-26 21:30 - 2015-04-26 21:30 - 00000000 ____D () C:\Documents and Settings\Piotr\Pulpit\Bubble Volley 2015-04-26 21:24 - 2015-05-01 16:16 - 00000000 ____D () C:\Documents and Settings\Piotr\Pulpit\Z Pulpitu 2015-04-26 20:11 - 2015-04-26 20:11 - 00001721 _____ () C:\Documents and Settings\Piotr\Pulpit\Process Hacker 2.lnk 2015-04-26 14:48 - 2015-04-26 14:48 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Baidu 2015-04-25 16:58 - 2015-05-01 16:51 - 00078848 ___SH () C:\Documents and Settings\Piotr\Pulpit\Thumbs.db 2015-04-25 00:52 - 2015-05-04 22:37 - 00000394 _____ () C:\WINDOWS\Tasks\SparkUpdater.job 2015-04-25 00:52 - 2015-04-25 00:52 - 00001844 _____ () C:\Documents and Settings\All Users\Pulpit\Facebook.lnk 2015-04-25 00:52 - 2015-04-25 00:52 - 00001828 _____ () C:\Documents and Settings\All Users\Pulpit\Google.lnk 2015-04-25 00:52 - 2015-04-25 00:52 - 00001796 _____ () C:\Documents and Settings\All Users\Pulpit\Baidu Browser.lnk 2015-04-25 00:52 - 2015-04-25 00:52 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Baidu Browser 2015-04-25 00:51 - 2015-04-25 00:51 - 00000000 ____D () C:\Program Files\baidu 2015-04-25 00:50 - 2015-04-25 00:50 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\MiniService 2015-04-25 00:12 - 2015-05-04 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Baidu Cleaner 2015-04-25 00:12 - 2015-04-27 22:04 - 00000000 ____D () C:\Documents and Settings\LocalService\Menu Start\Programy\Baidu Cleaner 2015-04-25 00:12 - 2015-04-25 00:14 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Baidu Cleaner 2015-04-25 00:12 - 2015-04-25 00:12 - 00014501 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Duplicaterecord.js 2015-04-25 00:12 - 2015-04-25 00:12 - 00000767 _____ () C:\Documents and Settings\Piotr\Pulpit\Baidu Cleaner.lnk 2015-04-25 00:12 - 2015-04-25 00:12 - 00000000 ____D () C:\Documents and Settings\Piotr\Menu Start\Programy\Baidu Cleaner 2015-04-25 00:12 - 2015-03-31 08:14 - 00114960 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\BprotectEx.sys 2015-04-25 00:11 - 2015-05-04 18:54 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\RpData 2015-04-25 00:11 - 2015-05-03 01:19 - 00000000 ____D () C:\Program Files\Baidu Cleaner 2015-04-25 00:11 - 2015-04-27 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Baidu Cleaner 2015-04-24 23:31 - 2015-04-24 23:32 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-04-24 23:30 - 2015-04-24 23:30 - 00000787 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2015-04-24 23:30 - 2015-04-24 23:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-04-24 23:30 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-04-24 23:30 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-04-24 13:19 - 2015-04-24 13:19 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\VSRevoGroup 2015-04-24 13:08 - 2015-04-25 00:54 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Baidu 2015-04-24 12:47 - 2015-04-20 13:05 - 00082376 _____ () C:\WINDOWS\system32\Drivers\bdark.sys 2015-04-24 12:34 - 2015-03-05 07:12 - 00332320 _____ (Baidu, Inc.) C:\WINDOWS\system32\BdSandboxDll32.dll 2015-04-24 12:34 - 2015-03-05 07:12 - 00197624 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\BdSandbox.sys 2015-04-24 12:33 - 2015-05-04 18:34 - 00001870 _____ () C:\WINDOWS\system32\HWLook.log 2015-04-24 12:33 - 2015-04-25 00:52 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Baidu 2015-04-24 12:33 - 2015-04-24 12:33 - 00000685 _____ () C:\Documents and Settings\All Users\Pulpit\Baidu Antivirus.lnk 2015-04-24 12:33 - 2015-04-24 12:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\BAVData 2015-04-24 12:33 - 2015-04-24 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Baidu Security 2015-04-24 12:33 - 2015-04-20 13:05 - 00461192 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bndef.sys 2015-04-24 12:33 - 2015-04-20 13:05 - 00195528 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bprotect.sys 2015-04-24 12:33 - 2015-04-20 13:05 - 00138184 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\BHipsEx.sys 2015-04-24 12:33 - 2015-04-20 13:05 - 00074888 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bhbase.sys 2015-04-24 12:33 - 2015-04-20 13:05 - 00052136 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bnbase.sys 2015-04-24 12:33 - 2015-04-20 13:05 - 00051144 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bfilter.sys 2015-04-24 12:33 - 2015-04-20 13:05 - 00031176 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bfmon.sys 2015-04-24 12:31 - 2015-04-24 12:31 - 00000000 ____D () C:\Program Files\Baidu Security 2015-04-24 01:24 - 2015-04-24 14:05 - 00206176 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2015-04-24 00:39 - 2015-04-24 00:39 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\LavasoftStatistics 2015-04-24 00:38 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll 2015-04-24 00:32 - 2015-04-24 00:32 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2015-04-24 00:25 - 2015-04-24 13:00 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Lavasoft 2015-04-23 22:43 - 2015-05-02 17:15 - 40518200 _____ () C:\libcef.dll 2015-04-23 22:43 - 2015-05-02 17:15 - 10490576 _____ () C:\icudtl.dat 2015-04-23 22:43 - 2015-05-02 17:15 - 07168568 _____ (Spotify Ltd) C:\Spotify.exe 2015-04-23 22:43 - 2015-05-02 17:15 - 05066068 _____ () C:\devtools_resources.pak 2015-04-23 22:43 - 2015-05-02 17:15 - 03457592 _____ (Microsoft Corporation) C:\d3dcompiler_47.dll 2015-04-23 22:43 - 2015-05-02 17:15 - 02106424 _____ (Microsoft Corporation) C:\d3dcompiler_43.dll 2015-04-23 22:43 - 2015-05-02 17:15 - 02020920 _____ (Spotify Ltd) C:\SpotifyWebHelper.exe 2015-04-23 22:43 - 2015-05-02 17:15 - 01894102 _____ () C:\cef.pak 2015-04-23 22:43 - 2015-05-02 17:15 - 01365560 _____ () C:\libGLESv2.dll 2015-04-23 22:43 - 2015-05-02 17:15 - 00990776 _____ () C:\ffmpegsumo.dll 2015-04-23 22:43 - 2015-05-02 17:15 - 00778808 _____ (Spotify Ltd) C:\SpotifyCrashService.exe 2015-04-23 22:43 - 2015-05-02 17:15 - 00544454 _____ () C:\cef_200_percent.pak 2015-04-23 22:43 - 2015-05-02 17:15 - 00392015 _____ () C:\cef_100_percent.pak 2015-04-23 22:43 - 2015-05-02 17:15 - 00219192 _____ () C:\libEGL.dll 2015-04-23 22:43 - 2015-05-02 17:15 - 00124472 _____ (Spotify Ltd) C:\SpotifyLauncher.exe 2015-04-23 22:43 - 2015-05-02 17:15 - 00073272 _____ () C:\wow_helper.exe 2015-04-23 22:43 - 2015-05-02 17:15 - 00000020 _____ () C:\inst_ver.dat 2015-04-23 22:43 - 2015-05-02 17:15 - 00000000 ____D () C:\locales 2015-04-23 22:43 - 2015-05-01 14:44 - 00219192 _____ () C:\~TMP_4868_139~ 2015-04-21 19:25 - 2015-05-04 21:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-18 22:27 - 2015-04-24 22:47 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Opera Software 2015-04-18 22:27 - 2015-04-24 22:47 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Opera Software 2015-04-14 01:52 - 2015-04-26 20:08 - 00000000 ____D () C:\Documents and Settings\Piotr\Moje dokumenty\Tumblr 2015-04-12 00:49 - 2015-04-12 00:49 - 00907302 _____ () C:\Documents and Settings\Piotr\.recently-used.xbel 2015-04-03 15:19 - 2015-04-04 02:05 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\gtk-2.0 2015-03-29 23:44 - 2015-03-29 23:44 - 00000000 ____D () C:\Documents and Settings\Piotr\.thumbnails 2015-03-26 00:09 - 2015-03-26 00:09 - 00000724 _____ () C:\Documents and Settings\Piotr\Pulpit\TOR.lnk 2015-03-21 17:17 - 2015-03-21 17:17 - 00000566 _____ () C:\Documents and Settings\All Users\Pulpit\VPN-US.lnk 2015-03-20 22:43 - 2015-04-29 21:49 - 00000000 ____D () C:\Program Files\CCleaner 2015-03-20 22:43 - 2015-03-20 22:43 - 00000692 _____ () C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk 2015-03-20 00:20 - 2015-03-20 00:20 - 00000476 _____ () C:\Documents and Settings\Piotr\Pulpit\RBT.exe.lnk 2015-03-20 00:19 - 2015-03-20 00:20 - 00000000 ____D () C:\RBTray 2015-03-17 01:00 - 2015-03-17 01:00 - 00000000 ____D () C:\Documents and Settings\Piotr\Moje dokumenty\Notesy programu OneNote 2015-03-06 23:13 - 2015-03-06 23:13 - 00000562 _____ () C:\Documents and Settings\All Users\Pulpit\VPN-SWE.lnk 2015-03-05 01:09 - 2015-03-05 01:09 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Geckofx 2015-03-05 01:06 - 2015-03-07 20:14 - 00000000 ____D () C:\Program Files\CyberGhost 5 2015-02-23 21:56 - 2015-04-13 23:39 - 00000000 ____D () C:\Documents and Settings\Piotr\Pulpit\SKŁADANKA 2015-02-23 02:38 - 2015-04-17 16:23 - 00000000 ____D () C:\Program Files\Tor Browser 2015-02-17 17:04 - 2015-02-17 17:04 - 01202848 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL 2015-02-15 22:32 - 2015-02-15 22:32 - 00000000 ____D () C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP 2015-02-15 22:12 - 2013-04-23 16:09 - 00012928 _____ (Bo Brantén) C:\WINDOWS\system32\Drivers\filedisk.sys 2015-02-15 05:11 - 2015-02-15 05:11 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Nero 2015-02-15 04:38 - 2015-03-22 15:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Nero ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-04 22:39 - 2004-05-28 21:40 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Temp 2015-05-04 22:38 - 2004-05-28 21:40 - 00000000 ____D () C:\Documents and Settings\Piotr\Pulpit 2015-05-04 21:51 - 2012-04-25 14:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-04 21:51 - 2004-05-28 22:22 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-05-04 21:51 - 2004-05-28 22:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2015-05-04 21:39 - 2005-01-21 20:16 - 00000754 ____C () C:\WINDOWS\wininit.ini 2015-05-04 20:56 - 2014-07-08 12:17 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Adobe 2015-05-04 18:36 - 2004-08-06 23:58 - 01501824 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-04 18:35 - 2003-04-16 14:00 - 00013768 _____ () C:\WINDOWS\system32\wpa.dbl 2015-05-04 18:34 - 2014-03-27 15:52 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-05-04 18:34 - 2004-05-28 21:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-04 01:52 - 2004-05-28 21:36 - 00032590 _____ () C:\WINDOWS\SchedLgU.Txt 2015-05-04 00:23 - 2006-08-02 16:00 - 00000000 ____D () C:\Program Files\AIDA32 - Enterprise System Information 2015-05-03 01:53 - 2006-12-31 16:30 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\foobar2000 2015-05-03 01:33 - 2003-04-16 14:00 - 00000289 _____ () C:\WINDOWS\system.ini 2015-05-03 01:27 - 2004-05-28 21:40 - 00000000 ___RD () C:\Documents and Settings\Piotr\Menu Start\Programy\Autostart 2015-05-02 23:05 - 2013-02-11 22:19 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Spotify 2015-05-02 19:07 - 2004-05-28 22:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start 2015-05-02 19:06 - 2004-05-28 21:40 - 00000000 ___RD () C:\Documents and Settings\Piotr\Menu Start\Programy 2015-05-02 17:16 - 2013-02-11 22:20 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Spotify 2015-05-01 17:16 - 2004-05-28 21:40 - 00000000 __RHD () C:\Documents and Settings\Piotr\Dane aplikacji 2015-05-01 15:38 - 2004-05-28 21:40 - 00000000 ___HD () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji 2015-05-01 15:38 - 2004-05-28 21:40 - 00000000 ____D () C:\Documents and Settings\Piotr 2015-05-01 13:48 - 2004-05-28 21:40 - 00000000 ___RD () C:\Documents and Settings\Piotr\Moje dokumenty 2015-05-01 02:01 - 2013-03-15 04:19 - 00000000 ____D () C:\Program Files\WebSite-Watcher 2015-04-30 22:06 - 2006-01-17 01:08 - 00000000 ___RD () C:\Documents and Settings\Piotr\Pulpit\FastIcon 2015-04-30 21:48 - 2004-05-28 21:31 - 00000000 ____D () C:\WINDOWS\system32\Restore 2015-04-30 20:07 - 2004-05-28 21:36 - 00000000 __SHD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2015-04-30 20:06 - 2004-05-28 21:40 - 00000000 __SHD () C:\Documents and Settings\Piotr\Ustawienia lokalne\Historia 2015-04-30 20:06 - 2004-05-28 21:36 - 00000000 __SHD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2015-04-30 20:01 - 2004-06-10 08:39 - 00000000 __SHD () C:\Documents and Settings\Gość\Ustawienia lokalne\Historia 2015-04-30 20:01 - 2004-05-28 22:22 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-04-30 20:01 - 2004-05-28 21:36 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2015-04-30 19:10 - 2004-05-28 22:22 - 00000000 ___HD () C:\Documents and Settings\All Users\Dane aplikacji 2015-04-30 01:57 - 2012-08-16 21:43 - 00000000 ____D () C:\Documents and Settings\Piotr\.gstreamer-0.10 2015-04-30 01:57 - 2012-02-03 23:26 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Temp 2015-04-30 01:57 - 2011-05-12 17:48 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\ChomikBox 2015-04-30 01:49 - 2004-05-28 22:00 - 00000000 ____D () C:\Program Files\Ahead 2015-04-30 00:46 - 2008-01-03 21:39 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2015-04-30 00:45 - 2004-05-28 22:22 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-04-30 00:33 - 2004-05-28 21:31 - 00000000 ____D () C:\Program Files\Common Files\System 2015-04-30 00:33 - 2003-04-16 14:00 - 00000667 _____ () C:\WINDOWS\win.ini 2015-04-29 19:58 - 2007-02-18 01:57 - 00000000 ____D () C:\WINDOWS\system32\LogFiles 2015-04-26 20:11 - 2012-09-12 23:06 - 00000000 ____D () C:\Program Files\Process Hacker 2 2015-04-26 20:04 - 2014-07-18 00:14 - 00000000 ____D () C:\Documents and Settings\Piotr\Moje dokumenty\Pobrane 2015-04-26 19:59 - 2014-08-18 21:50 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Notepad++ 2015-04-26 19:59 - 2005-06-21 14:38 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\XnView 2015-04-26 19:58 - 2014-08-15 18:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$ 2015-04-26 19:58 - 2014-08-15 18:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$ 2015-04-26 19:58 - 2012-01-30 16:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01007$ 2015-04-26 19:58 - 2010-11-11 19:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWIC$ 2015-04-26 19:58 - 2007-02-18 02:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallMSCompPackV1$ 2015-04-26 19:58 - 2007-02-18 02:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwmp11$ 2015-04-26 19:58 - 2007-02-18 01:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWMFDist11$ 2015-04-26 19:58 - 2007-02-18 01:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWudf01000$ 2015-04-25 16:58 - 2014-12-07 21:25 - 00000000 ____D () C:\Documents and Settings\Piotr\Pulpit\PRZ 2015-04-25 00:49 - 2008-06-17 22:27 - 00000000 ____D () C:\Documents and Settings\Piotr\.gimp-2.4 2015-04-25 00:49 - 2006-07-31 20:06 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Skype 2015-04-25 00:49 - 2005-08-03 23:16 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2015-04-25 00:47 - 2012-09-23 23:54 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-25 00:47 - 2010-12-16 02:48 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-25 00:12 - 2004-10-07 14:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Menu Start\Programy 2015-04-25 00:11 - 2004-05-28 22:22 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2015-04-24 14:05 - 2004-05-28 21:40 - 00000292 ___SH () C:\Documents and Settings\Piotr\ntuser.ini 2015-04-24 14:05 - 2004-05-28 21:36 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2015-04-24 13:16 - 2014-07-26 19:56 - 00000000 ___RD () C:\Documents and Settings\Piotr\Moje dokumenty\Moje obrazy 2015-04-24 13:16 - 2013-06-08 02:47 - 00000000 ____D () C:\Program Files\Steam 2015-04-24 13:16 - 2009-01-09 17:12 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\gctmp 2015-04-24 13:16 - 2007-02-18 02:00 - 00000000 ____D () C:\Program Files\Windows Media Connect 2 2015-04-24 13:16 - 2006-01-11 22:12 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan 2015-04-24 13:16 - 2005-03-10 19:07 - 00000000 ___RD () C:\Documents and Settings\Piotr\Moje dokumenty\gfx 2015-04-24 13:16 - 2004-05-28 21:50 - 00000000 ____D () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Help 2015-04-19 01:03 - 2012-08-23 09:36 - 00000074 _____ () C:\WINDOWS\system32\khackmon.dll.log 2015-04-15 00:13 - 2013-08-15 03:15 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-14 23:58 - 2005-05-11 16:32 - 125832184 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-14 23:37 - 2014-12-13 19:47 - 00000000 ____D () C:\Documents and Settings\Piotr\Moje dokumenty\Adresy 2015-04-13 23:51 - 2014-01-07 19:41 - 00000000 ____D () C:\Documents and Settings\Piotr\Dane aplikacji\Audacity ==================== Files in the root of some directories ======= 2009-05-25 02:43 - 2009-05-25 02:43 - 0002528 _____ () C:\Documents and Settings\Piotr\Dane aplikacji\$_hpcst$.hpc 2004-05-29 19:27 - 2014-04-24 15:30 - 0221184 _____ () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-09-30 14:59 - 2012-04-23 01:34 - 0000600 _____ () C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\PUTTY.RND 2005-11-22 00:50 - 2007-03-09 21:19 - 0001743 ____C () C:\Documents and Settings\All Users\Nokia Connectivity Cable Driver 1.00.150.6.LOG 2005-11-22 00:49 - 2005-11-24 23:09 - 0001728 _____ () C:\Documents and Settings\All Users\Nokia PC Suite 6.60.18.LOG 2005-11-24 21:21 - 2005-11-24 21:21 - 0000382 _____ () C:\Documents and Settings\All Users\Nokia PC Suite6.60.18.LOG Some content of TEMP: ==================== C:\Documents and Settings\Piotr\Ustawienia lokalne\Temp\wtw-update.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================