Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 03 Ran by Administrator (administrator) on PC on 16-01-2014 17:37:29 Running from C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== () C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\WINDOWS\system32\ati2evxx.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Ralink Technology, Corp.) C:\Program Files\RALINK\Common\RaUI.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-05-05] (Analog Devices, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-28] (AVAST Software) HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2003-09-12] (ATI Technologies, Inc.) Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll () HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 HKCU\...\Run: [AQQ] - C:\Program Files\WapSter\WapSter AQQ\AQQ.exe [8174592 2013-10-16] (AQQ Sp. z o.o.) HKCU\...\Policies\Explorer: [NoSMHelp] 1 HKCU\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKCU\...\Policies\Explorer: [NoSMMyPictures] 1 HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\system32\advpack.dll [ 2012-01-07] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl/ SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\0cg0prn5.default FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", ""); FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll () FF Extension: Youtube MP3 Converter - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\0cg0prn5.default\Extensions\2conv@hotger.com.xpi [2013-11-15] FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\0cg0prn5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-01] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-12] ========================== Services (Whitelisted) ================= R2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [376832 2003-09-12] () S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [114688 2003-09-12] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-28] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation) S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG) R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2013-08-12] (Meetinghouse Data Communications) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2013-12-28] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-28] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-22] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2013-12-28] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2013-12-28] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-28] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-28] () R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [47104 2013-03-03] (VIA Technologies, Inc. ) R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP) R3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.) R3 HSF_DP; C:\Windows\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.) R3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [255232 2006-03-08] (Ralink Technology, Corp.) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd) S0 Si3114r5; C:\Windows\System32\Drivers\Si3114r5.sys [211496 2013-03-03] (Silicon Image, Inc) R0 Si3132; C:\Windows\System32\Drivers\Si3132.sys [80424 2013-03-03] (Silicon Image, Inc) S0 SscRdBus; C:\Windows\System32\DRIVERS\SscRdBus.sys [124080 2011-01-26] (SuperSpeed LLC) R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [13976 2013-03-03] (VIA Technologies, Inc.) R3 winachsf; C:\Windows\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.) S4 IntelIde; No ImagePath U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-05] () U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-16 17:31 - 2014-01-16 17:31 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-01-16 17:24 - 2014-01-16 17:24 - 00000000 ____D C:\MATS 2014-01-16 17:22 - 2014-01-16 17:22 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Windows PowerShell 1.0 2014-01-16 17:21 - 2014-01-16 17:31 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt 2014-01-16 17:21 - 2014-01-16 17:31 - 00001084 _____ C:\WINDOWS\spupdsvc.log 2014-01-16 17:21 - 2014-01-16 17:22 - 00039140 _____ C:\WINDOWS\KB926139-v2.log 2014-01-16 17:21 - 2014-01-16 17:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$ 2014-01-16 17:21 - 2014-01-16 17:21 - 00000000 ____D C:\WINDOWS\system32\windowspowershell 2014-01-16 17:14 - 2014-01-16 17:14 - 00000000 _____ C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument tekstowy.txt 2014-01-16 13:55 - 2014-01-16 13:56 - 00027052 _____ C:\Documents and Settings\Administrator\Moje dokumenty\FRST.txt 2014-01-06 15:55 - 2014-01-06 15:55 - 00000022 _____ C:\WINDOWS\system32\ati64hlp.stb 2014-01-06 15:50 - 2014-01-06 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\ATI HydraVision 2014-01-06 15:50 - 2003-09-12 21:10 - 00114688 ____N () C:\WINDOWS\system32\ati2sgag.exe 2014-01-06 15:50 - 2003-09-12 17:27 - 00229376 ____R (ATI Technologies Inc.) C:\WINDOWS\system32\atiiiexx.dll 2014-01-06 15:05 - 2014-01-06 15:51 - 00001443 _____ C:\WINDOWS\DirectX.log 2014-01-06 15:05 - 2014-01-06 15:05 - 00000000 ____D C:\Program Files\directx 2014-01-06 14:53 - 2014-01-06 14:53 - 00000543 _____ C:\Documents and Settings\All Users\Pulpit\Gothic II.lnk 2014-01-06 14:53 - 2014-01-06 14:53 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Gothic II 2013-12-25 22:59 - 2014-01-01 16:24 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\Święta 2013_2014 2013-12-21 15:08 - 2013-12-21 15:09 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\Kontakty 2013-12-21 15:05 - 2013-12-21 15:05 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\Nokia 2013-12-21 15:03 - 2008-04-13 22:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2013-12-21 15:02 - 2014-01-16 17:22 - 00012367 _____ C:\WINDOWS\FaxSetup.log 2013-12-21 15:02 - 2014-01-16 17:22 - 00007484 _____ C:\WINDOWS\ocgen.log 2013-12-21 15:02 - 2014-01-16 17:22 - 00005143 _____ C:\WINDOWS\tsoc.log 2013-12-21 15:02 - 2014-01-16 17:22 - 00004058 _____ C:\WINDOWS\comsetup.log 2013-12-21 15:02 - 2014-01-16 17:22 - 00003864 _____ C:\WINDOWS\msmqinst.log 2013-12-21 15:02 - 2014-01-16 17:22 - 00002463 _____ C:\WINDOWS\ntdtcsetup.log 2013-12-21 15:02 - 2013-12-21 15:02 - 00004303 _____ C:\WINDOWS\Wdf01009Inst.log 2013-12-21 15:02 - 2013-12-21 15:02 - 00003409 _____ C:\WINDOWS\setupact.log 2013-12-21 15:02 - 2013-12-21 15:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$ 2013-12-21 15:02 - 2013-12-21 15:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2013-12-21 15:02 - 2013-12-21 15:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf 2013-12-21 15:02 - 2013-12-21 15:02 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-12-21 15:02 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll 2013-12-21 14:43 - 2013-12-21 15:04 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite 2013-12-21 14:43 - 2013-12-21 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Nokia 2013-12-21 14:43 - 2013-12-21 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2013-12-21 14:42 - 2013-12-21 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Nokia 2013-12-21 14:42 - 2013-12-21 14:42 - 00000000 ____D C:\Program Files\Common Files\Nokia 2013-12-21 14:41 - 2013-12-21 14:41 - 00011684 _____ C:\WINDOWS\DPINST.LOG 2013-12-21 14:41 - 2013-12-21 14:41 - 00000000 ____D C:\Program Files\DIFX 2013-12-21 14:41 - 2012-10-17 14:53 - 00019072 _____ (Nokia) C:\WINDOWS\system32\Drivers\pccsmcfd.sys 2013-12-21 14:40 - 2013-12-21 14:41 - 00000000 ____D C:\Program Files\PC Connectivity Solution 2013-12-21 14:40 - 2013-01-23 10:31 - 00137600 _____ (Nokia) C:\WINDOWS\system32\Drivers\nmwcdnsu.sys 2013-12-21 14:40 - 2013-01-23 10:31 - 00123904 _____ (Nokia) C:\WINDOWS\system32\ccdcmbwu.dll 2013-12-21 14:40 - 2013-01-23 10:31 - 00075264 _____ (Nokia) C:\WINDOWS\system32\nmwcdcls.dll 2013-12-21 14:40 - 2013-01-23 10:31 - 00069632 _____ (Nokia) C:\WINDOWS\system32\nmwcdcocls.dll 2013-12-21 14:40 - 2013-01-23 10:31 - 00023168 _____ (Nokia) C:\WINDOWS\system32\Drivers\ccdcmbo.sys 2013-12-21 14:40 - 2013-01-23 10:31 - 00018560 _____ (Nokia) C:\WINDOWS\system32\Drivers\ccdcmb.sys 2013-12-21 14:40 - 2013-01-23 10:31 - 00008576 _____ (Nokia) C:\WINDOWS\system32\Drivers\nmwcdnsuc.sys 2013-12-21 14:40 - 2013-01-23 10:31 - 00008192 _____ (Nokia) C:\WINDOWS\system32\Drivers\usbser_lowerfltj.sys 2013-12-21 14:40 - 2013-01-23 10:31 - 00008192 _____ (Nokia) C:\WINDOWS\system32\Drivers\usbser_lowerflt.sys 2013-12-21 14:40 - 2012-06-11 13:04 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll 2013-12-21 14:39 - 2013-12-21 14:42 - 00000000 ____D C:\Program Files\Nokia 2013-12-21 14:39 - 2013-12-21 14:39 - 00000000 ____D C:\Program Files\MSXML 6.0 2013-12-21 14:39 - 2013-12-21 14:39 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache 2013-12-17 17:56 - 2013-12-17 17:57 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-01-16 17:37 - 2013-10-24 15:01 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie 2014-01-16 17:37 - 2013-08-12 22:12 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-01-16 17:37 - 2013-08-12 19:46 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty 2014-01-16 17:37 - 2013-08-12 19:39 - 00000000 ____D C:\TMP 2014-01-16 17:36 - 2013-08-12 19:46 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit 2014-01-16 17:35 - 2013-08-12 21:35 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-16 17:35 - 2013-08-12 21:35 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-16 17:34 - 2013-08-12 19:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-16 17:33 - 2013-08-12 19:44 - 00021760 _____ C:\WINDOWS\system32\notepad.ini 2014-01-16 17:31 - 2014-01-16 17:31 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-01-16 17:31 - 2014-01-16 17:21 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt 2014-01-16 17:31 - 2014-01-16 17:21 - 00001084 _____ C:\WINDOWS\spupdsvc.log 2014-01-16 17:31 - 2013-11-19 16:46 - 00018470 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-16 17:31 - 2013-08-12 19:46 - 00032458 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-16 17:31 - 2013-08-12 19:46 - 00000292 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2014-01-16 17:31 - 2013-08-12 19:45 - 00000188 ___SH C:\Documents and Settings\LocalService\ntuser.ini 2014-01-16 17:30 - 2013-10-30 09:05 - 00000000 ____D C:\AdwCleaner 2014-01-16 17:30 - 2013-08-12 19:46 - 00000000 ____D C:\Documents and Settings\Administrator 2014-01-16 17:25 - 2013-08-12 19:46 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2014-01-16 17:24 - 2014-01-16 17:24 - 00000000 ____D C:\MATS 2014-01-16 17:22 - 2014-01-16 17:22 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Windows PowerShell 1.0 2014-01-16 17:22 - 2014-01-16 17:21 - 00039140 _____ C:\WINDOWS\KB926139-v2.log 2014-01-16 17:22 - 2013-12-21 15:02 - 00012367 _____ C:\WINDOWS\FaxSetup.log 2014-01-16 17:22 - 2013-12-21 15:02 - 00007484 _____ C:\WINDOWS\ocgen.log 2014-01-16 17:22 - 2013-12-21 15:02 - 00005143 _____ C:\WINDOWS\tsoc.log 2014-01-16 17:22 - 2013-12-21 15:02 - 00004058 _____ C:\WINDOWS\comsetup.log 2014-01-16 17:22 - 2013-12-21 15:02 - 00003864 _____ C:\WINDOWS\msmqinst.log 2014-01-16 17:22 - 2013-12-21 15:02 - 00002463 _____ C:\WINDOWS\ntdtcsetup.log 2014-01-16 17:22 - 2013-08-12 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy 2014-01-16 17:21 - 2014-01-16 17:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$ 2014-01-16 17:21 - 2014-01-16 17:21 - 00000000 ____D C:\WINDOWS\system32\windowspowershell 2014-01-16 17:20 - 2013-08-12 21:28 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2014-01-16 17:17 - 2013-10-27 20:36 - 00000000 ____D C:\FRST 2014-01-16 17:14 - 2014-01-16 17:14 - 00000000 _____ C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument tekstowy.txt 2014-01-16 14:03 - 2013-08-12 19:44 - 00021758 _____ C:\WINDOWS\notepad.ini 2014-01-16 13:56 - 2014-01-16 13:55 - 00027052 _____ C:\Documents and Settings\Administrator\Moje dokumenty\FRST.txt 2014-01-15 13:23 - 2013-08-20 17:13 - 00000000 ____D C:\Documents and Settings\Administrator\Menu Start\Programy\Gothic PL 2014-01-15 13:21 - 2013-08-28 08:30 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\vlc 2014-01-15 13:11 - 2013-11-23 14:51 - 00162701 _____ C:\WINDOWS\setupapi.log 2014-01-15 13:11 - 2008-04-15 12:00 - 00002184 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-09 20:20 - 2013-08-18 16:19 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\HP 2014-01-09 20:20 - 2013-08-18 16:00 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\HP 2014-01-09 20:14 - 2013-08-12 20:08 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy 2014-01-06 15:55 - 2014-01-06 15:55 - 00000022 _____ C:\WINDOWS\system32\ati64hlp.stb 2014-01-06 15:51 - 2014-01-06 15:05 - 00001443 _____ C:\WINDOWS\DirectX.log 2014-01-06 15:50 - 2014-01-06 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\ATI HydraVision 2014-01-06 15:50 - 2013-08-12 21:22 - 00000000 ___RD C:\WINDOWS\Web 2014-01-06 15:50 - 2013-08-12 20:17 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2014-01-06 15:50 - 2013-08-12 20:17 - 00000000 ____D C:\Program Files\ATI Technologies 2014-01-06 15:43 - 2013-11-04 17:46 - 00000010 _____ C:\WINDOWS\WININIT.INI 2014-01-06 15:25 - 2013-11-04 17:55 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\ATI 2014-01-06 15:05 - 2014-01-06 15:05 - 00000000 ____D C:\Program Files\directx 2014-01-06 14:53 - 2014-01-06 14:53 - 00000543 _____ C:\Documents and Settings\All Users\Pulpit\Gothic II.lnk 2014-01-06 14:53 - 2014-01-06 14:53 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Gothic II 2014-01-06 14:53 - 2013-08-12 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2014-01-06 14:35 - 2013-08-12 20:08 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty\Muzyka 2014-01-04 18:31 - 2013-11-04 19:31 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2014-01-02 16:56 - 2013-08-12 19:38 - 00000000 ____D C:\WINDOWS\system32\Restore 2014-01-01 17:29 - 2013-08-12 20:51 - 00000000 ____D C:\Program Files\Opera 2014-01-01 16:24 - 2013-12-25 22:59 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\Święta 2013_2014 2013-12-30 16:34 - 2013-09-06 16:13 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2013-12-28 12:53 - 2013-08-12 22:12 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-12-28 12:53 - 2013-08-12 22:12 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-12-28 12:53 - 2013-08-12 22:12 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-12-28 12:53 - 2013-08-12 22:12 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-12-28 12:53 - 2013-08-12 22:12 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-12-28 12:53 - 2013-08-12 22:12 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-12-28 12:53 - 2013-08-12 22:12 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2013-12-28 12:53 - 2013-08-12 22:11 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-12-21 15:09 - 2013-12-21 15:08 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\Kontakty 2013-12-21 15:05 - 2013-12-21 15:05 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\Nokia 2013-12-21 15:04 - 2013-12-21 14:43 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite 2013-12-21 15:02 - 2013-12-21 15:02 - 00004303 _____ C:\WINDOWS\Wdf01009Inst.log 2013-12-21 15:02 - 2013-12-21 15:02 - 00003409 _____ C:\WINDOWS\setupact.log 2013-12-21 15:02 - 2013-12-21 15:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$ 2013-12-21 15:02 - 2013-12-21 15:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2013-12-21 15:02 - 2013-12-21 15:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf 2013-12-21 15:02 - 2013-12-21 15:02 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-12-21 14:56 - 2013-08-12 21:32 - 01274314 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-21 14:56 - 2008-04-15 12:00 - 00565292 _____ C:\WINDOWS\system32\perfh015.dat 2013-12-21 14:56 - 2008-04-15 12:00 - 00108894 _____ C:\WINDOWS\system32\perfc015.dat 2013-12-21 14:43 - 2013-12-21 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Nokia 2013-12-21 14:43 - 2013-12-21 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2013-12-21 14:43 - 2013-12-21 14:42 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Nokia 2013-12-21 14:42 - 2013-12-21 14:42 - 00000000 ____D C:\Program Files\Common Files\Nokia 2013-12-21 14:42 - 2013-12-21 14:39 - 00000000 ____D C:\Program Files\Nokia 2013-12-21 14:41 - 2013-12-21 14:41 - 00011684 _____ C:\WINDOWS\DPINST.LOG 2013-12-21 14:41 - 2013-12-21 14:41 - 00000000 ____D C:\Program Files\DIFX 2013-12-21 14:41 - 2013-12-21 14:40 - 00000000 ____D C:\Program Files\PC Connectivity Solution 2013-12-21 14:39 - 2013-12-21 14:39 - 00000000 ____D C:\Program Files\MSXML 6.0 2013-12-21 14:39 - 2013-12-21 14:39 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache 2013-12-18 14:43 - 2013-10-24 09:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-17 17:57 - 2013-12-17 17:56 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2011-07-31 17:09] - [2011-07-31 17:09] - 2549760 ____A (Microsoft Corporation) dca5a6ef20d7ac2b0214c1d7fd4aae5f C:\Windows\System32\winlogon.exe [2009-02-27 10:15] - [2009-02-27 10:15] - 0559616 ____A (Microsoft Corporation) cef41b7f252c18d841769d72ea33d086 C:\Windows\System32\svchost.exe [2008-04-15 12:00] - [2008-04-15 12:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2012-01-07 14:10] - [2012-01-07 14:10] - 0111104 ____A (Microsoft Corporation) 8816e60bf654353e8e0d35ed98875445 C:\Windows\System32\User32.dll [2009-05-20 14:25] - [2009-05-20 14:25] - 0631296 ____A (Microsoft Corporation) eff0eb33111c9cb9ee5244a6b270f856 C:\Windows\System32\userinit.exe [2008-04-15 12:00] - [2008-04-15 12:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\rpcss.dll [2012-01-07 14:10] - [2012-01-07 14:10] - 0401408 ____A (Microsoft Corporation) c9e5ac78d9a00b1de8ce2ad1bdde7e42 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2008-04-15 12:00] - [2008-04-15 12:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================