Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01 Ran by admin (administrator) on ADMIN-323364731 on 01-07-2015 22:55:45 Running from C:\Documents and Settings\admin\Pulpit Loaded Profiles: admin & UpdatusUser (Available Profiles: admin & UpdatusUser) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe (Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbService.exe (Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe (SoftPerfect Research) C:\Program Files\SoftPerfect RAM Disk\ramdiskws.exe (Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe (Dyzmond Software) C:\WINDOWS\system32\ossm\img_serwer.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe () C:\Program Files\USB TV\EM28XX\BDARemote.exe (Apache Friends) C:\xampp\xampp-control.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe () C:\xampp\mysql\bin\mysqld.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Google) C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\SwReporter\3.21.0\software_reporter_tool.exe (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) C:\WINDOWS\system32\ping.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RAMDiskForWorkstations] => C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [2282704 2014-02-05] (SoftPerfect Research) HKLM\...\Run: [Cobian Backup 11 interface] => C:\Program Files\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft) HKLM\...\Run: [img_serwer] => C:\WINDOWS\system32\ossm\img_serwer.exe [640512 2005-01-24] (Dyzmond Software) HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3257640 2014-05-12] (O&O Software GmbH) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-04-28] (ATI Technologies Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BDARemote.lnk [2015-06-12] ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-861567501-963894560-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-861567501-963894560-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-861567501-963894560-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-861567501-963894560-839522115-1006] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-861567501-963894560-839522115-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{0E55ADF8-F2D7-445F-9EF6-1069319DD7B4}: [NameServer] 192.168.1.1,194.204.159.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\kspbym2s.default FF Homepage: hxxp://publiker/pub/administrator/index.php?gsPath=cronPanel/jobList FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] () FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Extension: NoDoFollow - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\kspbym2s.default\Extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi [2015-04-20] FF Extension: Adblock Plus - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\kspbym2s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-27] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-22] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR Profile: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Wallet) - C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed] R2 CobianBackup11; C:\Program Files\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed] R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2370240 2015-03-11] (Comodo Security Solutions, Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET) S2 MBAMService; d:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1387816 2014-05-12] (O&O Software GmbH) S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R0 amdide; C:\WINDOWS\System32\DRIVERS\amdide.sys [11944 2012-12-04] (Advanced Micro Devices Inc.) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [193464 2015-02-23] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135808 2015-02-23] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [120304 2015-02-23] (ESET) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-01] (Malwarebytes Corporation) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 serenum; C:\WINDOWS\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows (R) Win 7 DDK provider) R3 Serial; C:\WINDOWS\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.) R1 SPVDPort; C:\WINDOWS\System32\DRIVERS\spvdbus.sys [74232 2014-02-03] () R1 SPVVEngine; C:\WINDOWS\system32\Drivers\spvve.sys [282104 2014-02-03] () S3 catchme; \??\C:\DOCUME~1\admin\USTAWI~1\Temp\catchme.sys [X] S3 cpuz137; \??\C:\DOCUME~1\admin\USTAWI~1\Temp\cpuz137\cpuz137_x32.sys [X] S4 IntelIde; No ImagePath U3 RAMDiskXP; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U3 TlntSvr; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-01 22:55 - 2015-07-01 22:56 - 00010299 _____ C:\Documents and Settings\admin\Pulpit\FRST.txt 2015-07-01 22:55 - 2015-07-01 22:55 - 00000000 ____D C:\FRST 2015-07-01 22:54 - 2015-07-01 22:51 - 00380416 _____ C:\Documents and Settings\admin\Pulpit\cpr6g9ol.exe 2015-07-01 22:54 - 2015-07-01 22:49 - 01636352 _____ (Farbar) C:\Documents and Settings\admin\Pulpit\FRST.exe 2015-07-01 02:47 - 2015-07-01 12:08 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2015-06-30 23:34 - 2015-06-30 23:35 - 00000000 ___SD C:\ComboFix 2015-06-30 20:33 - 2015-06-30 20:34 - 05631262 ____R (Swearware) C:\Documents and Settings\admin\Pulpit\ComboFix.exe 2015-06-30 20:14 - 2015-06-30 20:19 - 00000000 ____D C:\Kopia xampp 2015-06-24 10:21 - 2015-06-24 10:21 - 00006144 _____ C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-12 12:33 - 2009-06-10 18:33 - 00457248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvudisp.exe 2015-06-12 12:33 - 2009-06-10 18:33 - 00019495 _____ C:\WINDOWS\system32\nvdisp.nvu 2015-06-12 12:32 - 2015-06-12 12:32 - 00000000 ____D C:\NVIDIA 2015-06-12 12:32 - 2009-06-04 16:39 - 00457248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NVUNINST.EXE 2015-06-12 11:31 - 2015-06-12 11:31 - 00009988 _____ C:\WINDOWS\DPINST.LOG 2015-06-12 11:31 - 2015-06-12 11:31 - 00000519 _____ C:\Documents and Settings\All Users\Pulpit\BDARemote.lnk 2015-06-12 11:31 - 2015-06-12 11:31 - 00000000 ____D C:\Program Files\USB TV 2015-06-12 11:31 - 2015-06-12 11:31 - 00000000 ____D C:\Program Files\DIFX 2015-06-12 11:31 - 2015-06-12 11:31 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2015-06-12 11:31 - 2015-06-12 11:31 - 00000000 ____D C:\Documents and Settings\admin\Dane aplikacji\InstallShield 2015-06-12 11:30 - 2015-06-12 11:30 - 00000000 ____D C:\ATI 2015-06-12 10:08 - 2009-04-28 03:58 - 00045056 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt.dll 2015-06-12 10:08 - 2009-04-28 03:58 - 00045056 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl.dll 2015-06-12 10:08 - 2009-04-28 03:56 - 03227648 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd.dll 2015-06-12 10:08 - 2008-10-21 19:51 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atibrtmon.exe 2015-06-12 10:08 - 2007-08-31 15:20 - 00007167 _____ C:\WINDOWS\system32\atifglpf.xml 2015-06-08 22:52 - 2015-06-08 22:52 - 00000000 ____D C:\Program Files\ESET 2015-06-08 22:52 - 2015-06-08 22:52 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\ESET 2015-06-08 22:52 - 2015-06-08 22:52 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ESET 2015-06-02 21:30 - 2015-06-02 23:16 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-01 22:56 - 2015-02-26 01:18 - 00000000 ____D C:\Documents and Settings\admin\Ustawienia lokalne\temp 2015-07-01 22:55 - 2014-08-19 19:55 - 00000000 ____D C:\Documents and Settings\admin\Pulpit 2015-07-01 22:40 - 2014-08-19 22:12 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-01 22:02 - 2014-08-25 16:24 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-01 17:09 - 2014-08-19 17:10 - 00000000 ____D C:\WINDOWS\Registration 2015-07-01 16:02 - 2014-08-19 19:45 - 00031916 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-01 10:12 - 2014-08-19 17:12 - 01239630 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-01 10:10 - 2014-08-21 11:20 - 00000222 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-07-01 10:10 - 2014-08-19 22:12 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-01 10:10 - 2014-08-19 19:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-01 10:10 - 2014-08-19 19:07 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-07-01 10:10 - 2014-08-19 19:07 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-07-01 00:46 - 2014-08-19 19:55 - 00000188 ___SH C:\Documents and Settings\admin\ntuser.ini 2015-07-01 00:45 - 2014-08-19 19:04 - 00931893 _____ C:\WINDOWS\setupapi.log 2015-07-01 00:12 - 2015-04-08 00:07 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-07-01 00:11 - 2015-04-08 00:07 - 00000649 _____ C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2015-07-01 00:11 - 2015-04-08 00:07 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2015-07-01 00:11 - 2014-08-19 19:04 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-07-01 00:10 - 2014-09-22 17:03 - 00000000 ____D C:\Documents and Settings\admin\Moje dokumenty\Pobrane 2015-07-01 00:05 - 2015-03-23 23:50 - 00000000 ____D C:\AdwCleaner 2015-06-30 23:50 - 2014-08-26 12:14 - 00000000 ____D C:\Documents and Settings\admin\Dane aplikacji\uTorrent 2015-06-30 23:35 - 2014-08-19 19:55 - 00000000 __RHD C:\Documents and Settings\admin\Dane aplikacji 2015-06-30 20:12 - 2014-10-03 00:35 - 00000000 ____D C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Adobe 2015-06-30 20:08 - 2006-03-02 14:00 - 00011936 _____ C:\WINDOWS\system32\wpa.dbl 2015-06-29 17:09 - 2014-08-19 18:56 - 00000000 ____D C:\WINDOWS\repair 2015-06-29 10:42 - 2015-03-25 09:04 - 00000473 _____ C:\Documents and Settings\admin\Pulpit\Skrót do Dane na Serwer (192.168.1.48).lnk 2015-06-29 09:32 - 2014-08-19 19:55 - 00000000 ___HD C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji 2015-06-25 10:00 - 2015-03-20 17:32 - 00014336 ___SH C:\Documents and Settings\admin\Pulpit\Thumbs.db 2015-06-24 21:05 - 2015-04-08 00:51 - 00002303 _____ C:\Documents and Settings\All Users\Pulpit\O&O Defrag.lnk 2015-06-24 21:04 - 2014-08-19 19:03 - 00188265 _____ C:\WINDOWS\setupact.log 2015-06-24 19:36 - 2014-11-14 12:29 - 00524288 _____ C:\WINDOWS\system32\config\Cobian B.evt 2015-06-24 13:39 - 2014-08-19 22:13 - 00001819 _____ C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2015-06-18 08:41 - 2015-04-08 00:07 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-18 08:41 - 2015-04-08 00:07 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-16 03:01 - 2014-08-21 11:32 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb1.bin 2015-06-16 03:01 - 2014-08-21 11:32 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin 2015-06-16 03:01 - 2014-08-21 11:32 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin 2015-06-16 03:00 - 2014-08-21 11:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-06-15 08:40 - 2009-06-10 08:28 - 00235289 _____ C:\WINDOWS\system32\NvApps.xml 2015-06-12 12:33 - 2014-08-19 18:56 - 00000000 ____D C:\WINDOWS\Help 2015-06-12 11:52 - 2015-01-09 11:57 - 00000188 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini 2015-06-12 11:31 - 2014-08-19 21:59 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-06-12 11:31 - 2014-08-19 21:40 - 00000000 ____D C:\Program Files\ATI Technologies 2015-06-12 11:31 - 2014-08-19 19:04 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2015-06-10 13:37 - 2015-02-09 22:37 - 00000000 ____D C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Publiker Klient 2015-06-10 13:37 - 2015-02-09 22:36 - 00000000 ____D C:\Program Files\Publiker Klient dla Windows 2015-06-10 03:05 - 2014-08-21 10:39 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-10 03:00 - 2014-08-21 10:39 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-06-10 00:02 - 2014-08-25 16:24 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-06-10 00:02 - 2014-08-25 16:24 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-06-08 22:52 - 2014-08-19 19:04 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-06-08 22:52 - 2014-08-19 19:04 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2015-06-08 15:00 - 2014-08-21 11:20 - 00000216 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2015-06-04 21:45 - 2014-08-25 15:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2015-04-03 08:13 - 2015-04-03 08:13 - 10835603 _____ () C:\Program Files\Publiker Klient dla Windows.rar 2015-02-24 22:30 - 2015-02-26 23:21 - 0000512 _____ () C:\Documents and Settings\admin\Dane aplikacji\proxyvampire.ini 2015-06-24 10:21 - 2015-06-24 10:21 - 0006144 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Documents and Settings\admin\Ustawienia lokalne\temp\catchme.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================