Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-08-2013 03 Ran by Milena (administrator) on 28-08-2013 10:30:08 Running from C:\Documents and Settings\Milena\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe (S3 Graphics Co., Ltd.) C:\WINDOWS\system32\VTtrayp.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe (Alcor Micro, Corp.) C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Adobe Systems Incorporated) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Spotify Ltd) C:\Documents and Settings\Milena\Application Data\Spotify\Data\SpotifyWebHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VTTimer] - C:\Windows\system32\VTTimer.exe [53248 2005-03-08] (S3 Graphics, Inc.) HKLM\...\Run: [VTTrayp] - C:\Windows\system32\VTtrayp.exe [163840 2005-11-01] (S3 Graphics Co., Ltd.) HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [High Definition Audio Property Page Shortcut] - C:\Windows\system32\HDAShCut.exe [61952 2005-01-08] (Windows (R) Server 2003 DDK provider) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software) HKLM\...\Run: [Sunkist2k] - C:\Program Files\Multimedia Card Reader\shwicon2k.exe [131072 2005-02-25] (Alcor Micro, Corp.) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-09-07] (Analog Devices, Inc.) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-02-19] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [180269 2012-12-06] (RealNetworks, Inc.) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKCU\...\Run: [ALLUpdate] - C:\Program Files\ALLPlayer\ALLUpdate.exe [2991616 2012-10-09] (ALLCinema) HKCU\...\Run: [FlashGet 3] - C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe [3372720 2012-11-08] (Trend Media Corporation Limited) HKCU\...\Run: [Spotify Web Helper] - C:\Documents and Settings\Milena\Application Data\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-11] (Spotify Ltd) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.) Startup: C:\Documents and Settings\Milena\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Milena\Application Data\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~1\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 194.150.251.2 193.16.255.2 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Milena\Application Data\Mozilla\Firefox\Profiles\9l18e9pq.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2105 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.2.2163 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1212 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [856064 2005-10-06] (Microsoft Corporation) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [25256 2012-10-31] (AVAST Software) R3 AEAudioService; C:\Windows\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software) R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [97608 2012-10-31] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-10-31] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-06] (DT Soft Ltd) R3 FETND5BV; C:\Windows\System32\DRIVERS\fetnd5bv.sys [43008 2006-08-24] (VIA Technologies, Inc. ) S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [145920 2005-01-08] (Windows (R) Server 2003 DDK provider) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP) R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-08-24] (JMicron ) R0 jraid; C:\Windows\System32\DRIVERS\jraid.sys [42880 2006-08-24] (JMicron Technology Corp.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2006-08-24] () R1 nvport; C:\WINDOWS\system32\Drivers\nvport.sys [4608 2005-08-23] (NVIDIA Corporation.) R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2005-06-14] (Padus, Inc.) R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [393088 2005-08-11] (Sensaura) R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [38468 2004-12-08] (Alcor Micro Corp.) R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2006-08-24] (VIA Technologies, Inc.) R3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [244352 2006-02-08] (Copyright (C) VIA/S3 Graphics Co, Ltd.) S0 viamraid; C:\Windows\System32\Drivers\viamraid.sys [100992 2006-08-24] (VIA Technologies inc,.ltd) R0 videx32; C:\Windows\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.) R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc) S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-08-28 10:30 - 2013-08-28 10:30 - 00011311 _____ C:\Temp\log3 2013-08-28 10:30 - 2013-08-28 10:30 - 00006089 _____ C:\Temp\log1 2013-08-28 10:30 - 2013-08-28 10:30 - 00000196 _____ C:\Temp\users00 2013-08-28 10:30 - 2013-08-28 10:30 - 00000003 _____ C:\Temp\others 2013-08-28 10:29 - 2013-08-28 10:29 - 00000000 ___HT C:\Temp\etilqs_VxV0klElrMtOHi6 2013-08-28 10:29 - 2013-08-28 10:29 - 00000000 ___HT C:\Temp\etilqs_6mvJWDwsm1F2Pbh 2013-08-28 10:28 - 2013-08-28 10:28 - 00000000 ___HT C:\Temp\etilqs_DgU3ozhZhf1GWVU 2013-08-28 10:26 - 2013-08-28 10:26 - 00016384 ____T C:\Temp\Perflib_Perfdata_348.dat 2013-08-28 10:25 - 2013-08-28 10:25 - 00001342 ____T C:\Temp\MAR3.tmp 2013-08-28 10:25 - 2013-08-28 10:25 - 00001285 ____T C:\Temp\MAR4.tmp 2013-08-28 10:25 - 2013-08-28 10:25 - 00000116 ____T C:\Temp\STS6.tmp 2013-08-28 10:25 - 2013-08-28 10:25 - 00000000 ____D C:\Temp\Skype 2013-08-28 10:22 - 2013-08-28 10:30 - 00000805 _____ C:\Temp\jusched.log 2013-08-28 10:22 - 2013-08-28 10:25 - 00001392 _____ C:\Temp\AdobeARM.log 2013-08-28 10:22 - 2013-08-28 10:24 - 00002846 _____ C:\Temp\hpodvd09.log 2013-08-28 10:22 - 2013-08-28 10:22 - 00032768 _____ C:\Temp\~DFE97F.tmp 2013-08-28 10:22 - 2013-08-28 10:22 - 00001342 ____T C:\Temp\MAR1.tmp 2013-08-28 10:22 - 2013-08-28 10:22 - 00001285 ____T C:\Temp\MAR2.tmp 2013-08-28 10:22 - 2013-08-28 10:22 - 00000116 ____T C:\Temp\STS4.tmp 2013-08-28 10:22 - 2013-08-28 10:22 - 00000000 ____D C:\Temp\_avast_ 2013-08-28 10:13 - 2013-08-28 10:13 - 00000000 ____D C:\WINDOWS\pss 2013-08-27 22:38 - 2013-08-27 22:38 - 00010047 _____ C:\Documents and Settings\Milena\Desktop\hijackthis.log 2013-08-27 22:38 - 2013-08-27 22:38 - 00002455 _____ C:\Documents and Settings\Milena\Desktop\HiJackThis.lnk 2013-08-27 22:38 - 2013-08-27 22:38 - 00000000 ____D C:\Program Files\Trend Micro 2013-08-27 22:38 - 2013-08-27 22:38 - 00000000 ____D C:\Documents and Settings\Milena\Start Menu\Programs\HiJackThis 2013-08-27 22:37 - 2013-08-27 22:37 - 00685248 _____ C:\Documents and Settings\Milena\Desktop\HijackThis(12030).exe 2013-08-27 22:02 - 2013-08-27 22:04 - 00006416 _____ C:\WINDOWS\setupapi.log 2013-08-27 20:10 - 2013-08-27 20:10 - 00116508 _____ E:\Moje dokumenty\cc_20130827_201000.reg 2013-08-27 20:02 - 2013-08-27 20:03 - 00000000 ____D C:\Program Files\CCleaner 2013-08-27 20:01 - 2013-08-27 20:02 - 04454952 _____ (Piriform Ltd) C:\Documents and Settings\Milena\Desktop\ccsetup405.exe 2013-08-27 18:15 - 2013-08-27 18:15 - 01072975 _____ (Farbar) C:\Documents and Settings\Milena\Desktop\FRST.exe 2013-08-27 18:10 - 2013-08-27 18:10 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Milena\Desktop\TFC.exe 2013-08-27 18:09 - 2013-08-27 18:09 - 00005046 _____ C:\Documents and Settings\Milena\Desktop\AdwCleaner[R0].txt 2013-08-27 18:06 - 2013-08-27 18:06 - 00004858 _____ C:\Documents and Settings\Milena\Desktop\AdwCleaner[S0].txt 2013-08-27 17:42 - 2013-08-27 17:54 - 00000000 ____D C:\AdwCleaner 2013-08-27 17:41 - 2013-08-27 17:41 - 00994642 _____ C:\Documents and Settings\Milena\Desktop\AdwCleaner.exe 2013-08-27 17:39 - 2013-08-27 17:39 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\Stare dane programu Firefox 2013-08-27 17:04 - 2013-08-27 17:04 - 00965772 _____ C:\Documents and Settings\Milena\Desktop\GMER.txt 2013-08-27 15:03 - 2013-08-27 15:03 - 00097968 _____ C:\Documents and Settings\Milena\Desktop\OTL.Txt 2013-08-27 15:03 - 2013-08-27 15:03 - 00053402 _____ C:\Documents and Settings\Milena\Desktop\Extras.Txt 2013-08-27 15:00 - 2013-08-27 15:00 - 00377856 _____ C:\Documents and Settings\Milena\Desktop\k3j294sc.exe 2013-08-27 15:00 - 2013-08-27 15:00 - 00017230 _____ C:\Documents and Settings\Milena\Desktop\Addition.txt 2013-08-27 14:58 - 2013-08-27 14:58 - 00000000 ____D C:\FRST 2013-08-27 12:50 - 2013-08-27 14:37 - 00001184 _____ C:\Documents and Settings\Milena\Desktop\mig2708.txt 2013-08-25 12:35 - 2013-08-25 12:35 - 00000000 __SHD C:\WINDOWS\ftpcache 2013-08-25 10:04 - 2013-08-25 10:04 - 00418377 _____ C:\Documents and Settings\Milena\Desktop\rozowy-kwiatek-motyl.jpeg 2013-08-25 10:03 - 2013-08-25 10:03 - 00279596 _____ C:\Documents and Settings\Milena\Desktop\chomik-kwiatek-rozowy-kapelusz.jpeg 2013-08-25 09:45 - 2013-08-25 17:06 - 00011388 _____ C:\Documents and Settings\Milena\Desktop\mig2508.txt 2013-08-24 12:27 - 2013-08-24 12:27 - 00004633 _____ C:\Documents and Settings\Milena\Desktop\mig2408.txt 2013-08-24 12:27 - 2013-08-23 16:24 - 00008470 _____ E:\Moje dokumenty\mig2308.txt 2013-08-24 10:01 - 2013-08-24 10:52 - 00001860 _____ E:\Moje dokumenty\mig2408.txt 2013-08-22 14:28 - 2013-08-22 15:26 - 00000145 _____ C:\Documents and Settings\Milena\Desktop\lek.txt 2013-08-22 09:17 - 2013-08-22 17:09 - 00010391 _____ E:\Moje dokumenty\mig2208.txt 2013-08-21 16:15 - 2013-08-21 16:25 - 00346048 _____ E:\Moje dokumenty\PicsArt_1377088452216.jpg 2013-08-21 16:13 - 2013-08-21 16:21 - 00346665 _____ E:\Moje dokumenty\PicsArt_1377088324776.jpg 2013-08-21 16:12 - 2013-08-21 16:12 - 00925457 _____ E:\Moje dokumenty\20130821_134302.jpg 2013-08-21 16:12 - 2013-08-21 16:12 - 00894913 _____ E:\Moje dokumenty\20130821_135520.jpg 2013-08-21 08:40 - 2013-08-21 16:44 - 00011956 _____ E:\Moje dokumenty\mig2108.txt 2013-08-20 09:37 - 2013-08-20 17:24 - 00008834 _____ E:\Moje dokumenty\mig2008.txt 2013-08-19 09:50 - 2013-08-19 16:55 - 00009702 _____ E:\Moje dokumenty\mig1908.txt 2013-08-18 15:20 - 2013-08-18 15:20 - 00114213 _____ E:\Moje dokumenty\slider_1.jpg 2013-08-18 09:35 - 2013-08-18 16:54 - 00013324 _____ E:\Moje dokumenty\mig1808.txt 2013-08-17 09:13 - 2013-08-17 17:52 - 00018026 _____ E:\Moje dokumenty\mig1708.txt 2013-08-16 15:59 - 2013-08-16 15:59 - 00018430 _____ E:\Moje dokumenty\tadam.png 2013-08-16 09:28 - 2013-08-16 16:48 - 00023325 _____ E:\Moje dokumenty\MIG1608.txt 2013-08-15 09:21 - 2013-08-15 17:12 - 00011833 _____ E:\Moje dokumenty\mig1508.txt 2013-08-14 08:29 - 2013-08-14 17:08 - 00016996 _____ E:\Moje dokumenty\mig1408.txt 2013-08-13 17:50 - 2013-08-28 10:26 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Skype 2013-08-13 09:18 - 2013-08-13 17:40 - 00019804 _____ E:\Moje dokumenty\mig1308.txt 2013-08-12 08:57 - 2013-08-12 18:19 - 00018618 _____ E:\Moje dokumenty\mig1208.txt 2013-08-11 09:31 - 2013-08-11 18:17 - 00007281 _____ E:\Moje dokumenty\mig1108.txt 2013-08-10 09:47 - 2013-08-10 17:53 - 00012005 _____ E:\Moje dokumenty\mig1008.txt 2013-08-09 18:20 - 2013-08-09 18:20 - 00015824 _____ E:\Moje dokumenty\mig0908.txt 2013-08-09 07:38 - 2013-08-09 15:24 - 00008543 _____ E:\Moje dokumenty\mig0908a.txt 2013-08-08 08:47 - 2013-08-08 17:24 - 00008801 _____ E:\Moje dokumenty\mig0808.txt 2013-08-07 16:37 - 2013-08-07 16:37 - 00000027 _____ C:\Documents and Settings\Milena\Desktop\not.txt 2013-08-02 23:20 - 2013-08-02 23:20 - 00000000 ____D E:\Moje dokumenty\to 2013-08-02 23:20 - 2013-07-28 17:09 - 00004137 _____ E:\Moje dokumenty\mig2807.txt 2013-08-02 23:20 - 2013-07-27 16:06 - 00001487 _____ E:\Moje dokumenty\mig2707.txt 2013-08-02 23:20 - 2013-07-21 17:19 - 00007739 _____ E:\Moje dokumenty\mig2107.txt 2013-08-02 23:20 - 2013-07-20 12:55 - 00001303 _____ E:\Moje dokumenty\mig2007.txt 2013-08-02 23:20 - 2013-07-19 18:15 - 00005265 _____ E:\Moje dokumenty\mig1907.txt 2013-08-02 23:20 - 2013-07-13 15:32 - 00004023 _____ E:\Moje dokumenty\mig1307.txt 2013-08-02 23:20 - 2013-07-12 16:06 - 00007694 _____ E:\Moje dokumenty\fakty.txt 2013-08-02 23:20 - 2013-07-12 13:54 - 00000038 _____ E:\Moje dokumenty\kryszftofina.txt 2013-08-02 23:20 - 2013-07-11 17:01 - 00004277 _____ E:\Moje dokumenty\mig1107.txt 2013-08-02 23:20 - 2013-07-10 16:45 - 00006836 _____ E:\Moje dokumenty\mig1007.txt 2013-07-31 13:00 - 2013-07-31 13:00 - 00093646 _____ E:\Moje dokumenty\wyciag-2013-07-19.pdf 2013-07-29 15:47 - 2013-07-29 15:47 - 00235190 _____ E:\Moje dokumenty\rekord.PNG ==================== One Month Modified Files and Folders ======= 2013-08-28 10:30 - 2013-08-28 10:30 - 00013191 _____ C:\Temp\log3 2013-08-28 10:30 - 2013-08-28 10:30 - 00006991 _____ C:\Temp\log1 2013-08-28 10:30 - 2013-08-28 10:30 - 00000196 _____ C:\Temp\users00 2013-08-28 10:30 - 2013-08-28 10:30 - 00000003 _____ C:\Temp\others 2013-08-28 10:30 - 2013-08-28 10:22 - 00000805 _____ C:\Temp\jusched.log 2013-08-28 10:29 - 2013-08-28 10:29 - 00000000 ___HT C:\Temp\etilqs_VxV0klElrMtOHi6 2013-08-28 10:29 - 2013-08-28 10:29 - 00000000 ___HT C:\Temp\etilqs_6mvJWDwsm1F2Pbh 2013-08-28 10:28 - 2013-08-28 10:28 - 00000000 ___HT C:\Temp\etilqs_DgU3ozhZhf1GWVU 2013-08-28 10:26 - 2013-08-28 10:26 - 00016384 ____T C:\Temp\Perflib_Perfdata_348.dat 2013-08-28 10:26 - 2013-08-13 17:50 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Skype 2013-08-28 10:26 - 2012-12-06 21:01 - 01958939 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-28 10:25 - 2013-08-28 10:25 - 00001342 ____T C:\Temp\MAR3.tmp 2013-08-28 10:25 - 2013-08-28 10:25 - 00001285 ____T C:\Temp\MAR4.tmp 2013-08-28 10:25 - 2013-08-28 10:25 - 00000116 ____T C:\Temp\STS6.tmp 2013-08-28 10:25 - 2013-08-28 10:25 - 00000000 ____D C:\Temp\Skype 2013-08-28 10:25 - 2013-08-28 10:22 - 00001392 _____ C:\Temp\AdobeARM.log 2013-08-28 10:25 - 2013-06-04 10:02 - 00002267 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk 2013-08-28 10:25 - 2013-03-09 16:47 - 00001656 _____ C:\WINDOWS\system32\secustat.dat 2013-08-28 10:25 - 2013-03-09 16:40 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\BITS 2013-08-28 10:25 - 2013-02-06 04:12 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-28 10:25 - 2012-12-06 21:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-08-28 10:25 - 2012-12-06 20:59 - 00000000 ____D C:\WINDOWS\Registration 2013-08-28 10:25 - 2012-12-06 15:53 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-08-28 10:25 - 2012-12-06 12:54 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-28 10:25 - 2012-12-06 12:54 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-28 10:24 - 2013-08-28 10:22 - 00005692 _____ C:\Temp\hpodvd09.log 2013-08-28 10:24 - 2012-12-06 22:06 - 00000178 ___SH C:\Documents and Settings\Milena\ntuser.ini 2013-08-28 10:24 - 2012-12-06 21:51 - 00032590 _____ C:\WINDOWS\SchedLgU.Txt 2013-08-28 10:22 - 2013-08-28 10:22 - 00032768 _____ C:\Temp\~DFE97F.tmp 2013-08-28 10:22 - 2013-08-28 10:22 - 00001342 ____T C:\Temp\MAR1.tmp 2013-08-28 10:22 - 2013-08-28 10:22 - 00001285 ____T C:\Temp\MAR2.tmp 2013-08-28 10:22 - 2013-08-28 10:22 - 00000116 ____T C:\Temp\STS4.tmp 2013-08-28 10:22 - 2013-08-28 10:22 - 00000000 ____D C:\Temp\_avast_ 2013-08-28 10:20 - 2012-12-06 12:47 - 00000304 __RSH C:\BOOT.INI 2013-08-28 10:20 - 2006-08-24 14:00 - 00000645 _____ C:\WINDOWS\win.ini 2013-08-28 10:20 - 2006-08-24 14:00 - 00000227 _____ C:\WINDOWS\system.ini 2013-08-28 10:13 - 2013-08-28 10:13 - 00000000 ____D C:\WINDOWS\pss 2013-08-28 10:08 - 2013-05-09 12:41 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Spotify 2013-08-28 09:51 - 2012-12-06 23:27 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-08-28 09:45 - 2013-05-09 12:43 - 00000000 ____D C:\Documents and Settings\Milena\Local Settings\Application Data\Spotify 2013-08-28 09:42 - 2010-11-21 19:03 - 00211456 ___SH E:\Moje dokumenty\Thumbs.db 2013-08-28 09:33 - 2013-02-06 04:12 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-27 22:38 - 2013-08-27 22:38 - 00010047 _____ C:\Documents and Settings\Milena\Desktop\hijackthis.log 2013-08-27 22:38 - 2013-08-27 22:38 - 00002455 _____ C:\Documents and Settings\Milena\Desktop\HiJackThis.lnk 2013-08-27 22:38 - 2013-08-27 22:38 - 00000000 ____D C:\Program Files\Trend Micro 2013-08-27 22:38 - 2013-08-27 22:38 - 00000000 ____D C:\Documents and Settings\Milena\Start Menu\Programs\HiJackThis 2013-08-27 22:38 - 2010-06-23 01:12 - 00000000 ____D E:\Moje dokumenty\Downloads 2013-08-27 22:37 - 2013-08-27 22:37 - 00685248 _____ C:\Documents and Settings\Milena\Desktop\HijackThis(12030).exe 2013-08-27 22:04 - 2013-08-27 22:02 - 00006416 _____ C:\WINDOWS\setupapi.log 2013-08-27 20:10 - 2013-08-27 20:10 - 00116508 _____ E:\Moje dokumenty\cc_20130827_201000.reg 2013-08-27 20:05 - 2012-12-06 20:20 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\AIMP3 2013-08-27 20:05 - 2012-12-06 16:39 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\DAEMON Tools Lite 2013-08-27 20:04 - 2012-12-06 22:06 - 00000000 ____D C:\Documents and Settings\Milena 2013-08-27 20:03 - 2013-08-27 20:02 - 00000000 ____D C:\Program Files\CCleaner 2013-08-27 20:02 - 2013-08-27 20:01 - 04454952 _____ (Piriform Ltd) C:\Documents and Settings\Milena\Desktop\ccsetup405.exe 2013-08-27 18:15 - 2013-08-27 18:15 - 01072975 _____ (Farbar) C:\Documents and Settings\Milena\Desktop\FRST.exe 2013-08-27 18:10 - 2013-08-27 18:10 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Milena\Desktop\TFC.exe 2013-08-27 18:09 - 2013-08-27 18:09 - 00005046 _____ C:\Documents and Settings\Milena\Desktop\AdwCleaner[R0].txt 2013-08-27 18:06 - 2013-08-27 18:06 - 00004858 _____ C:\Documents and Settings\Milena\Desktop\AdwCleaner[S0].txt 2013-08-27 17:54 - 2013-08-27 17:42 - 00000000 ____D C:\AdwCleaner 2013-08-27 17:41 - 2013-08-27 17:41 - 00994642 _____ C:\Documents and Settings\Milena\Desktop\AdwCleaner.exe 2013-08-27 17:39 - 2013-08-27 17:39 - 00000000 ____D C:\Documents and Settings\Milena\Desktop\Stare dane programu Firefox 2013-08-27 17:39 - 2012-12-06 16:22 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-27 17:04 - 2013-08-27 17:04 - 00965772 _____ C:\Documents and Settings\Milena\Desktop\GMER.txt 2013-08-27 15:03 - 2013-08-27 15:03 - 00097968 _____ C:\Documents and Settings\Milena\Desktop\OTL.Txt 2013-08-27 15:03 - 2013-08-27 15:03 - 00053402 _____ C:\Documents and Settings\Milena\Desktop\Extras.Txt 2013-08-27 15:00 - 2013-08-27 15:00 - 00377856 _____ C:\Documents and Settings\Milena\Desktop\k3j294sc.exe 2013-08-27 15:00 - 2013-08-27 15:00 - 00017230 _____ C:\Documents and Settings\Milena\Desktop\Addition.txt 2013-08-27 14:58 - 2013-08-27 14:58 - 00000000 ____D C:\FRST 2013-08-27 14:37 - 2013-08-27 12:50 - 00001184 _____ C:\Documents and Settings\Milena\Desktop\mig2708.txt 2013-08-26 04:09 - 2012-12-06 21:35 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt 2013-08-25 17:06 - 2013-08-25 09:45 - 00011388 _____ C:\Documents and Settings\Milena\Desktop\mig2508.txt 2013-08-25 13:15 - 2012-12-06 22:09 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Macromedia 2013-08-25 12:35 - 2013-08-25 12:35 - 00000000 __SHD C:\WINDOWS\ftpcache 2013-08-25 10:04 - 2013-08-25 10:04 - 00418377 _____ C:\Documents and Settings\Milena\Desktop\rozowy-kwiatek-motyl.jpeg 2013-08-25 10:03 - 2013-08-25 10:03 - 00279596 _____ C:\Documents and Settings\Milena\Desktop\chomik-kwiatek-rozowy-kapelusz.jpeg 2013-08-24 12:27 - 2013-08-24 12:27 - 00004633 _____ C:\Documents and Settings\Milena\Desktop\mig2408.txt 2013-08-24 10:52 - 2013-08-24 10:01 - 00001860 _____ E:\Moje dokumenty\mig2408.txt 2013-08-23 16:24 - 2013-08-24 12:27 - 00008470 _____ E:\Moje dokumenty\mig2308.txt 2013-08-22 17:09 - 2013-08-22 09:17 - 00010391 _____ E:\Moje dokumenty\mig2208.txt 2013-08-22 15:26 - 2013-08-22 14:28 - 00000145 _____ C:\Documents and Settings\Milena\Desktop\lek.txt 2013-08-21 16:44 - 2013-08-21 08:40 - 00011956 _____ E:\Moje dokumenty\mig2108.txt 2013-08-21 16:25 - 2013-08-21 16:15 - 00346048 _____ E:\Moje dokumenty\PicsArt_1377088452216.jpg 2013-08-21 16:21 - 2013-08-21 16:13 - 00346665 _____ E:\Moje dokumenty\PicsArt_1377088324776.jpg 2013-08-21 16:12 - 2013-08-21 16:12 - 00925457 _____ E:\Moje dokumenty\20130821_134302.jpg 2013-08-21 16:12 - 2013-08-21 16:12 - 00894913 _____ E:\Moje dokumenty\20130821_135520.jpg 2013-08-20 17:24 - 2013-08-20 09:37 - 00008834 _____ E:\Moje dokumenty\mig2008.txt 2013-08-19 16:55 - 2013-08-19 09:50 - 00009702 _____ E:\Moje dokumenty\mig1908.txt 2013-08-18 16:54 - 2013-08-18 09:35 - 00013324 _____ E:\Moje dokumenty\mig1808.txt 2013-08-18 15:20 - 2013-08-18 15:20 - 00114213 _____ E:\Moje dokumenty\slider_1.jpg 2013-08-17 17:52 - 2013-08-17 09:13 - 00018026 _____ E:\Moje dokumenty\mig1708.txt 2013-08-16 16:48 - 2013-08-16 09:28 - 00023325 _____ E:\Moje dokumenty\MIG1608.txt 2013-08-16 15:59 - 2013-08-16 15:59 - 00018430 _____ E:\Moje dokumenty\tadam.png 2013-08-15 17:12 - 2013-08-15 09:21 - 00011833 _____ E:\Moje dokumenty\mig1508.txt 2013-08-15 14:42 - 2012-12-06 22:29 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Image Zone Express 2013-08-15 14:42 - 2012-01-19 11:28 - 00000000 ____D E:\Moje dokumenty\Moje zeskanowane obrazy 2013-08-14 17:08 - 2013-08-14 08:29 - 00016996 _____ E:\Moje dokumenty\mig1408.txt 2013-08-14 09:27 - 2013-06-04 10:02 - 00000000 ___RD C:\Program Files\Skype 2013-08-14 09:27 - 2012-12-06 20:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype 2013-08-13 17:48 - 2012-12-06 20:34 - 00000000 ____D C:\Documents and Settings\Milena\Application Data\Old_Skype 2013-08-13 17:40 - 2013-08-13 09:18 - 00019804 _____ E:\Moje dokumenty\mig1308.txt 2013-08-12 18:19 - 2013-08-12 08:57 - 00018618 _____ E:\Moje dokumenty\mig1208.txt 2013-08-11 18:17 - 2013-08-11 09:31 - 00007281 _____ E:\Moje dokumenty\mig1108.txt 2013-08-10 17:53 - 2013-08-10 09:47 - 00012005 _____ E:\Moje dokumenty\mig1008.txt 2013-08-09 18:20 - 2013-08-09 18:20 - 00015824 _____ E:\Moje dokumenty\mig0908.txt 2013-08-09 15:24 - 2013-08-09 07:38 - 00008543 _____ E:\Moje dokumenty\mig0908a.txt 2013-08-08 17:24 - 2013-08-08 08:47 - 00008801 _____ E:\Moje dokumenty\mig0808.txt 2013-08-07 16:37 - 2013-08-07 16:37 - 00000027 _____ C:\Documents and Settings\Milena\Desktop\not.txt 2013-08-02 23:20 - 2013-08-02 23:20 - 00000000 ____D E:\Moje dokumenty\to 2013-07-31 13:00 - 2013-07-31 13:00 - 00093646 _____ E:\Moje dokumenty\wyciag-2013-07-19.pdf 2013-07-29 15:47 - 2013-07-29 15:47 - 00235190 _____ E:\Moje dokumenty\rekord.PNG ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================