Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014 Ran by Administrator (administrator) on SERWER on 25-04-2014 11:48:45 Running from K:\Dokumenty\Programy\Bezpieczeństwo Microsoft(R) Windows(R) Server 2003, Standard Edition Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe (American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe () C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe (Microsoft Corporation) C:\WINDOWS\system32\Dfssvc.exe (Microsoft Corporation) C:\WINDOWS\System32\dns.exe (ESET) C:\Program Files\ESET\ESET File Security\ekrn.exe (ESET) C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe (Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe (Microsoft Corporation) C:\WINDOWS\System32\ismserv.exe (Microsoft Corporation) C:\WINDOWS\System32\llssrv.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe (MySQL AB) C:\xampp\mysql\bin\mysqld.exe (Microsoft Corporation) C:\WINDOWS\system32\ntfrs.exe (Oki Data Corporation) C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\OPHJLDCS.EXE (Oki Data Corporation) C:\Program Files\Okidata\Print Job Accounting\oklogsvc.exe (Oki Data Corporation) C:\Program Files\Okidata\Print Job Accounting\okwchsvc.exe (Oki Data Corporation) C:\Program Files\Okidata\Print Job Accounting\opja0004.exe (Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe (Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3sqlmgr.exe (Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\ntbtrv.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Apache Software Foundation) C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe (Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\NTDBSMGR.EXE (Microsoft Corporation) C:\WINDOWS\System32\wins.exe (Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE (Apache Software Foundation) C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe (ESET) C:\Program Files\ESET\ESET Remote Administrator\Server\EHttpSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe (CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (ESET) C:\Program Files\ESET\ESET File Security\egui.exe (American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\logon.scr (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe (CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (ESET) C:\Program Files\ESET\ESET File Security\egui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.) HKLM\...\Run: [FileZilla Server Interface] => C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [1044992 2011-10-23] (FileZilla Project) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET File Security\egui.exe [2169784 2013-04-18] (ESET) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Winlogon: [UIHost] %SystemRoot%\system32\logonui.exe [x ] () HKLM\...\Policies\Explorer: [ShowSuperHidden] 1 HKLM\...\Command Processor: <======= ATTENTION HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-12-05] (Microsoft Corporation) HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-12-05] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-12-05] (Microsoft Corporation) HKU\S-1-5-21-164526557-389637068-3605861435-1173\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44032 2003-12-05] (Microsoft Corporation) HKU\S-1-5-21-164526557-389637068-3605861435-500\...\MountPoints2: F - F:\LaunchU3.exe -a Lsa: [Notification Packages] RASSFM KDCSVC WDIGEST scecli SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\APC UPS Status.lnk ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKCU - DefaultScope {F4A3C28E-039F-466A-B738-409B3CCDE648} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {F4A3C28E-039F-466A-B738-409B3CCDE648} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - Łą&cza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315724876810 Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [257536] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\..\Interfaces\{532DD92E-A3E1-4CE7-8A0E-122370506FB2}: [NameServer]192.168.100.1 FireFox: ======== FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-27] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= S2 AdaptecStorageManagerAgent; C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe [94208 2007-06-24] (Adaptec Incorporated) R2 Apache2.2; C:\xampp\apache\bin\httpd.exe [29416 2009-12-20] (Apache Software Foundation) R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176193 2005-12-12] (American Power Conversion Corporation) R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [99328 2013-05-31] () R2 Dfs; C:\WINDOWS\system32\Dfssvc.exe [164864 2007-02-17] (Microsoft Corporation) R2 DNS; C:\WINDOWS\System32\dns.exe [458240 2012-01-30] (Microsoft Corporation) S3 EhttpSrv; C:\Program Files\ESET\ESET File Security\EHttpSrv.exe [33616 2013-04-18] (ESET) R2 ekrn; C:\Program Files\ESET\ESET File Security\ekrn.exe [946144 2013-04-18] (ESET) R3 ERA_HTTP_SERVER; C:\Program Files\ESET\ESET Remote Administrator\Server\EHttpSrv.exe [98584 2013-09-05] (ESET) R2 ERA_SERVER; C:\Program Files\ESET\ESET Remote Administrator\Server\era.exe [4666688 2013-09-05] (ESET) S2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [630784 2011-10-23] (FileZilla Project) R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [112800 2011-06-29] (Intel Corporation) R2 IsmServ; C:\WINDOWS\System32\ismserv.exe [40448 2007-02-17] (Microsoft Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) R2 kdc; C:\WINDOWS\System32\lsass.exe [16384 2003-12-05] (Microsoft Corporation) R2 LicenseService; C:\WINDOWS\System32\llssrv.exe [94720 2007-02-18] (Microsoft Corporation) R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [214880 2011-04-24] (Microsoft Corporation) R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [28512 2010-04-03] (Microsoft Corporation) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [42872672 2011-04-24] (Microsoft Corporation) R2 MySQL; C:\xampp\mysql\bin\mysqld.exe [6095504 2009-12-20] (MySQL AB) R2 NtFrs; C:\WINDOWS\system32\ntfrs.exe [792576 2007-02-17] (Microsoft Corporation) R2 OKI OPHJ DCS Loader; C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\OPHJLDCS.EXE [24576 2007-07-24] (Oki Data Corporation) R2 OkiJaSvc; C:\Program Files\Okidata\Print Job Accounting\oklogsvc.exe [307200 2013-06-07] (Oki Data Corporation) R2 OkiWchSvc; C:\Program Files\Okidata\Print Job Accounting\okwchsvc.exe [49152 2010-09-01] (Oki Data Corporation) R2 opja0004; C:\Program Files\Okidata\Print Job Accounting\opja0004.exe [141312 2013-05-21] (Oki Data Corporation) R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [147456 2012-03-28] (Oki Data Corporation) R2 Pervasive.SQL (relational); C:\Program Files\Pervasive Software\PSQL\bin\w3sqlmgr.exe [36640 2009-11-17] (Pervasive Software Inc.) R2 Pervasive.SQL (transactional); C:\Program Files\Pervasive Software\PSQL\bin\ntbtrv.exe [111904 2009-11-17] (Pervasive Software Inc.) S3 RSoPProv; C:\WINDOWS\system32\RSoPProv.exe [67072 2007-02-17] (Microsoft Corporation) S3 sacsvr; C:\WINDOWS\system32\sacsvr.dll [12288 2003-12-05] (Microsoft Corporation) R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [367456 2011-04-24] (Microsoft Corporation) S4 TrkSvr; C:\WINDOWS\system32\trksvr.dll [50688 2003-12-05] (Microsoft Corporation) S4 Tssdis; C:\WINDOWS\System32\tssdis.exe [71168 2007-02-17] (Microsoft Corporation) R2 VisualSVNServer; C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe [24464 2012-05-18] (Apache Software Foundation) R2 WINS; C:\WINDOWS\System32\wins.exe [158720 2011-08-10] (Microsoft Corporation) R2 Eventlog; [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S3 WinHttpAutoProxySvc; winhttp.dll [X] ==================== Drivers (Whitelisted) ==================== R0 aar81xx; C:\WINDOWS\System32\DRIVERS\aar81xx.sys [332888 2011-09-09] (Adaptec, Inc.) R3 ati2mpad; C:\WINDOWS\System32\DRIVERS\ati2mpad.sys [343552 2007-02-17] (ATI Technologies Inc.) S4 ClusDisk; C:\WINDOWS\System32\DRIVERS\ClusDisk.sys [69120 2007-02-17] (Microsoft Corporation) R0 DfsDriver; C:\WINDOWS\System32\drivers\Dfs.sys [34816 2007-02-17] (Microsoft Corporation) R2 DgiVecp; C:\WINDOWS\System32\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.) R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation) R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [142328 2013-01-29] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115560 2013-01-29] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [95960 2013-01-29] (ESET) R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S4 RsFx0150; C:\WINDOWS\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2007-02-17] (Realtek Semiconductor Corporation) S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project) S3 WLBS; C:\WINDOWS\System32\DRIVERS\wlbs.sys [179712 2007-02-17] (Microsoft Corporation) S4 adpu320; No ImagePath S4 afcnt; No ImagePath S4 AmdIde; No ImagePath U4 Amon; U4 Apvxd; U4 Apvxdwin; S4 arc; No ImagePath U4 Atrack; U4 AvconsoleEXE; U4 avgcc32; U4 avgserv9; U4 AVG_CC; U4 AVPCC; U4 AVPCC Service; U4 BlackIce Utility; U4 CcApp; U4 CcRegVfy; U4 ConfigSafe; U4 CPD_EXE; S4 cpqarry2; No ImagePath S4 cpqcissm; No ImagePath S4 cpqfcalm; No ImagePath U4 Defwatch; S4 dellcerc; No ImagePath U4 dvpapi9x; S4 elxstor; No ImagePath U4 F-StopW; U4 Fix-it; U4 Fix-it AV; U4 Freedom; S4 hpcisss; No ImagePath S4 hpt3xx; No ImagePath U4 iamapp; S4 iirsp; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S4 ipsraidn; No ImagePath U3 LicenseInfo; No ImagePath U4 Look 'n' Stop; S4 lp6nds35; No ImagePath U4 McAfee Firewall; U4 McAfee Winguage; U4 McAfee.InstantUpdate.Monitor; U4 McAfeeVirusScanService; U4 NAV Agent; U4 NAV Configuration Wizard; U4 NAV DefAlert; S4 nfrd960; No ImagePath U4 Nod32CC; U4 NOD32POP3; U4 Norton Auto-Protect; U4 Norton eMail Protect; U4 Norton Navigaton Loader; U4 Norton Program Event Checker; U4 Norton Program Scheduler; U4 NPS Event Checker; U4 Panda Scheduler; S4 ql2100; No ImagePath S4 ql2200; No ImagePath S4 ql2300; No ImagePath U5 sacdrv; C:\Windows\System32\Drivers\sacdrv.sys [74240 2007-02-17] (Microsoft Corporation) U4 ScanInicio; U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [105472 2007-02-17] (Microsoft Corporation) S4 symmpi; No ImagePath U4 SymTray - Norton SystemWorks; U4 Tiny Personal Firewall; U4 TrueVector; S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] U4 VirusScan Online; U1 WS2IFSL; U4 ZoneAlarm; ==================== NetSvcs (Whitelisted) =================== NETSVC: Sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) NETSVC: TrkSvr -> C:\Windows\system32\trksvr.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-04-25 11:48 - 2014-04-25 11:48 - 00000000 ____D () C:\FRST 2014-04-25 11:22 - 2014-04-25 11:22 - 00055148 _____ () C:\Documents and Settings\Administrator\Pulpit\Extras.Txt 2014-04-25 11:20 - 2014-04-25 11:20 - 00060870 _____ () C:\Documents and Settings\Administrator\Pulpit\OTL.Txt 2014-04-25 11:15 - 2014-04-25 11:14 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Pulpit\OTL.exe 2014-04-25 10:29 - 2014-04-25 11:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\1 2014-04-24 12:30 - 2014-04-24 12:30 - 00000000 ____D () C:\Program Files\Support Tools 2014-04-24 12:30 - 2014-04-24 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Windows Support Tools 2014-04-24 10:48 - 2014-04-24 10:48 - 00039040 _____ () C:\Documents and Settings\Administrator\Moje dokumenty\cc_20140424_104847.reg 2014-04-24 10:47 - 2014-04-24 10:48 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-24 10:47 - 2014-04-24 10:48 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-04-24 10:25 - 2014-04-24 10:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Oracle 2014-04-24 10:24 - 2014-04-24 10:24 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log 2014-04-24 10:24 - 2014-04-24 10:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-24 10:24 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-24 10:24 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-24 10:24 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-24 10:24 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-24 10:24 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-23 17:20 - 2014-04-23 17:20 - 00000006 _____ () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\VisualSVNServer.pid 2014-04-23 11:07 - 2014-04-23 17:18 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt 2014-04-23 11:07 - 2014-04-23 11:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Doctor Web 2014-04-23 11:07 - 2014-04-23 11:03 - 147131440 _____ () C:\Documents and Settings\Administrator\Pulpit\tx6v279d.exe 2014-04-17 13:13 - 2014-04-17 13:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2927811$ 2014-04-17 13:13 - 2014-04-17 13:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-17 13:13 - 2014-04-17 13:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$ 2014-04-17 13:12 - 2014-04-17 13:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB943729$ 2014-04-17 13:12 - 2014-03-06 19:57 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-04-17 13:12 - 2014-03-06 19:57 - 06021632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-04-17 13:12 - 2014-03-06 19:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-04-17 13:12 - 2014-03-06 19:57 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-04-17 13:12 - 2014-03-06 19:57 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-04-17 13:12 - 2014-03-06 19:57 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-04-17 13:12 - 2014-03-06 19:57 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-04-17 13:12 - 2014-03-06 19:57 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-04-17 13:12 - 2014-03-06 19:57 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-04-17 13:12 - 2014-02-06 11:26 - 01074176 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-04-17 13:12 - 2014-02-03 07:10 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcsvc.dll 2014-04-17 13:11 - 2011-10-25 18:39 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-04-17 12:25 - 2014-04-17 12:25 - 00000058 _____ () C:\WINDOWS\wininit.ini 2014-04-17 09:16 - 2014-04-23 11:08 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-04-17 09:15 - 2014-04-23 11:10 - 00000000 ____D () C:\Program Files\Spybot 2014-04-10 16:05 - 2014-04-10 16:05 - 00000912 _____ () C:\Documents and Settings\Administrator\Moje dokumenty\udp.pcapng 2014-04-10 15:57 - 2014-04-10 16:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Wireshark 2014-04-10 15:49 - 2014-04-10 15:49 - 00000065 _____ () C:\WINDOWS\system32\-1 2014-04-10 15:49 - 2014-04-10 15:49 - 00000000 ____D () C:\Program Files\WinPcap 2014-04-10 15:49 - 2014-04-10 15:49 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\WinPcap 2014-04-10 15:46 - 2014-04-10 15:49 - 00000000 ____D () C:\Program Files\Wireshark 2014-04-10 15:46 - 2014-04-10 15:46 - 00001497 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Wireshark.lnk ==================== One Month Modified Files and Folders ======= 2014-04-25 11:48 - 2014-04-25 11:48 - 00000000 ____D () C:\FRST 2014-04-25 11:48 - 2014-04-25 10:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\1 2014-04-25 11:22 - 2014-04-25 11:22 - 00055148 _____ () C:\Documents and Settings\Administrator\Pulpit\Extras.Txt 2014-04-25 11:22 - 2011-09-11 08:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-04-25 11:20 - 2014-04-25 11:20 - 00060870 _____ () C:\Documents and Settings\Administrator\Pulpit\OTL.Txt 2014-04-25 11:14 - 2014-04-25 11:15 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Pulpit\OTL.exe 2014-04-25 10:44 - 2011-09-11 08:50 - 01334306 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-25 10:30 - 2011-10-18 14:26 - 00000000 ____D () C:\WINDOWS\tracing 2014-04-25 10:29 - 2011-09-16 13:43 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp 2014-04-25 10:29 - 2011-09-11 19:47 - 00017796 _____ () C:\WINDOWS\system32\OP5650.cah 2014-04-25 06:00 - 2012-12-12 08:42 - 00000246 _____ () C:\WINDOWS\Tasks\KOPIA_D.job 2014-04-25 01:48 - 2011-09-11 10:35 - 00000000 ____D () C:\WINDOWS\security 2014-04-24 12:30 - 2014-04-24 12:30 - 00000000 ____D () C:\Program Files\Support Tools 2014-04-24 12:30 - 2014-04-24 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Windows Support Tools 2014-04-24 12:30 - 2011-09-11 10:40 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-04-24 12:30 - 2011-09-11 10:35 - 00000000 ____D () C:\WINDOWS\Help 2014-04-24 11:16 - 2011-11-01 00:22 - 00000000 ____D () C:\Program Files\Passware 2014-04-24 11:16 - 2011-09-11 08:58 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2014-04-24 11:15 - 2011-09-11 17:57 - 00000000 ____D () C:\Program Files\Notepad++ 2014-04-24 11:15 - 2011-09-11 17:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Notepad++ 2014-04-24 10:48 - 2014-04-24 10:48 - 00039040 _____ () C:\Documents and Settings\Administrator\Moje dokumenty\cc_20140424_104847.reg 2014-04-24 10:48 - 2014-04-24 10:47 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-24 10:48 - 2014-04-24 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner 2014-04-24 10:48 - 2011-09-11 08:58 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty 2014-04-24 10:48 - 2011-09-11 08:58 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-04-24 10:43 - 2011-10-25 09:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie 2014-04-24 10:25 - 2014-04-24 10:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Oracle 2014-04-24 10:25 - 2011-09-11 08:58 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2014-04-24 10:24 - 2014-04-24 10:24 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log 2014-04-24 10:24 - 2014-04-24 10:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-24 10:24 - 2013-10-15 14:16 - 00000000 ____D () C:\Program Files\Java 2014-04-23 17:24 - 2011-09-11 10:41 - 01661046 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-23 17:24 - 2003-12-05 14:00 - 00708834 _____ () C:\WINDOWS\system32\perfh015.dat 2014-04-23 17:24 - 2003-12-05 14:00 - 00156978 _____ () C:\WINDOWS\system32\perfc015.dat 2014-04-23 17:20 - 2014-04-23 17:20 - 00000006 _____ () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\VisualSVNServer.pid 2014-04-23 17:20 - 2011-09-11 12:03 - 00002048 _____ () C:\WINDOWS\system32\config\netlogon.dnb 2014-04-23 17:20 - 2011-09-11 12:03 - 00001929 _____ () C:\WINDOWS\system32\config\netlogon.dns 2014-04-23 17:20 - 2011-09-11 11:55 - 00000000 ____D () C:\WINDOWS\NTDS 2014-04-23 17:20 - 2011-09-11 10:35 - 00000000 ____D () C:\WINDOWS\system32\wins 2014-04-23 17:20 - 2011-09-11 08:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-23 17:18 - 2014-04-23 11:07 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt 2014-04-23 17:18 - 2012-05-23 14:25 - 00131072 _____ () C:\WINDOWS\system32\config\VisualSVNServer.Evt 2014-04-23 17:18 - 2011-09-11 11:57 - 00065536 _____ () C:\WINDOWS\system32\config\DnsEvent.Evt 2014-04-23 17:18 - 2011-09-11 11:55 - 00524288 _____ () C:\WINDOWS\system32\config\NTDS.Evt 2014-04-23 17:18 - 2011-09-11 11:55 - 00065536 _____ () C:\WINDOWS\system32\config\NtFrs.Evt 2014-04-23 17:17 - 2011-09-11 08:58 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-04-23 11:27 - 2014-04-23 11:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Doctor Web 2014-04-23 11:10 - 2014-04-17 09:15 - 00000000 ____D () C:\Program Files\Spybot 2014-04-23 11:08 - 2014-04-17 09:16 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-04-23 11:08 - 2011-09-11 08:57 - 00032526 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt 2014-04-23 11:03 - 2014-04-23 11:07 - 147131440 _____ () C:\Documents and Settings\Administrator\Pulpit\tx6v279d.exe 2014-04-22 13:36 - 2003-12-05 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-19 16:00 - 2012-12-12 08:43 - 00000246 _____ () C:\WINDOWS\Tasks\KOPIA_W.job 2014-04-17 13:16 - 2013-10-21 10:08 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-17 13:16 - 2011-09-11 09:55 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-04-17 13:13 - 2014-04-17 13:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2927811$ 2014-04-17 13:13 - 2014-04-17 13:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-17 13:13 - 2014-04-17 13:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$ 2014-04-17 13:13 - 2011-09-11 09:53 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-17 13:13 - 2011-09-11 09:16 - 00000000 ___HD () C:\WINDOWS\$hf_mig$ 2014-04-17 13:12 - 2014-04-17 13:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB943729$ 2014-04-17 12:25 - 2014-04-17 12:25 - 00000058 _____ () C:\WINDOWS\wininit.ini 2014-04-14 20:13 - 2014-04-24 10:24 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-14 20:05 - 2014-04-24 10:24 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-14 20:05 - 2014-04-24 10:24 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-14 20:04 - 2014-04-24 10:24 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-14 19:47 - 2014-04-24 10:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-10 16:14 - 2014-04-10 15:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Wireshark 2014-04-10 16:05 - 2014-04-10 16:05 - 00000912 _____ () C:\Documents and Settings\Administrator\Moje dokumenty\udp.pcapng 2014-04-10 15:49 - 2014-04-10 15:49 - 00000065 _____ () C:\WINDOWS\system32\-1 2014-04-10 15:49 - 2014-04-10 15:49 - 00000000 ____D () C:\Program Files\WinPcap 2014-04-10 15:49 - 2014-04-10 15:49 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\WinPcap 2014-04-10 15:49 - 2014-04-10 15:46 - 00000000 ____D () C:\Program Files\Wireshark 2014-04-10 15:46 - 2014-04-10 15:46 - 00001497 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Wireshark.lnk 2014-04-08 08:05 - 2011-09-11 10:40 - 00130096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-08 08:05 - 2011-09-11 10:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-05 16:01 - 2011-09-11 13:33 - 00000000 ____D () C:\serwer 2014-04-01 09:19 - 2011-09-11 13:20 - 00000000 ____D () C:\Program Files\TightVNC 2014-04-01 09:17 - 2011-10-09 20:28 - 00000000 ____D () C:\Program Files\OpenOffice.org 3 2014-04-01 09:15 - 2013-12-27 19:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-01 09:14 - 2013-11-21 20:47 - 00000000 ____D () C:\WINDOWS\ShellNew 2014-04-01 09:14 - 2013-11-21 20:47 - 00000000 ____D () C:\Program Files\ICEOWS 2014-04-01 09:14 - 2011-09-11 10:35 - 00000000 ____D () C:\WINDOWS\system32\ShellExt ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2007-02-17 09:07] - [2007-02-17 09:07] - 1054720 ____A (Microsoft Corporation) 07D7982818170383BADEFAEA42D29767 C:\WINDOWS\system32\winlogon.exe [2007-02-17 08:48] - [2007-02-17 08:48] - 0531968 ____A (Microsoft Corporation) 80781AD66B330749FD37C07C16C51981 C:\WINDOWS\system32\svchost.exe [2007-02-17 08:07] - [2007-02-17 08:07] - 0014848 ____A (Microsoft Corporation) 007E7B9113E6EAE9A886060D40B97C0B C:\WINDOWS\system32\services.exe [2007-02-17 08:55] - [2009-02-09 12:46] - 0113664 ____A (Microsoft Corporation) AF1FF7D0D3DC6DC6E3582A025B99B170 C:\WINDOWS\system32\User32.dll [2011-09-11 09:19] - [2008-07-29 10:22] - 0586240 ____A (Microsoft Corporation) CDBD8298B079AE2B50B2810ACBF76F53 C:\WINDOWS\system32\userinit.exe [2007-02-17 08:47] - [2007-02-17 08:47] - 0026624 ____A (Microsoft Corporation) 96B27CCF318E92DBF12C85ED99AB4ECE C:\WINDOWS\system32\rpcss.dll [2011-09-11 09:19] - [2009-02-09 13:05] - 0486912 ____A (Microsoft Corporation) 5E0F2F70B23708E713942167E981B320 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2007-02-17 08:47] - [2012-08-22 20:58] - 0154624 _____ (Microsoft Corporation) 7AF7AA404B1B0B82BC9EA64D9E26F6E8 C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!. ==================== End Of Log ============================