Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014 Ran by xxx (administrator) on WESTO on 21-01-2014 18:58:23 Running from C:\Documents and Settings\xxx\Pulpit\diagnostyka Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe () C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe () C:\Program Files\CDBurnerXP\NMSAccessU.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\Hytera\HyteraUSBDriver\device_detector.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe () C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.) HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [NokiaInternetModem_AppStart.exe] - C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem.exe [138368 2011-07-08] (Nokia) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) MountPoints2: {47b45234-63fc-11df-939e-00188bdab3f4} - D:\setup.exe MountPoints2: {87ea0dd5-5981-11e0-814d-00164157a97e} - E:\SD_Install.exe MountPoints2: {b8076e68-63e3-11df-9398-fcecccd0ab47} - D:\winPenPack.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HyteraDeviceDetector.lnk ShortcutTarget: HyteraDeviceDetector.lnk -> C:\Program Files\Hytera\HyteraUSBDriver\device_detector.exe () Startup: C:\Documents and Settings\xxx\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: - {4F07DA45-8170-4859-9B5F-037EF2970034} - No File [ ] Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\addtuwbl.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: KeyScrambler - C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\addtuwbl.default\Extensions\keyscrambler@qfx.software.corporation [2012-08-16] FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\addtuwbl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-18] FF Extension: DownThemAll! - C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\addtuwbl.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-03-27] FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-08-29] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4\ FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4\ [] ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG) R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2013-01-03] (Oracle Corporation) R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] () R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation) S4 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [224048 2006-11-13] (VMware, Inc.) S4 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [113456 2006-11-13] (VMware, Inc.) S4 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [269104 2006-11-13] (VMware, Inc.) S4 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [142128 2006-11-13] (VMware, Inc.) R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation) R2 wwanSvc; C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe [106496 2008-10-15] () ==================== Drivers (Whitelisted) ==================== S3 acfva; C:\Windows\System32\DRIVERS\acfva.sys [86528 2004-12-06] (Conexant Systems Inc.) R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. ) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-12] (Avira Operations GmbH & Co. KG) R2 CommSBEP; C:\Windows\System32\Drivers\CommSBEP.sys [24476 2000-04-27] (Motorola) R3 d553bus; C:\Windows\System32\DRIVERS\d553bus.sys [300672 2008-08-20] (MCCI Corporation) R3 d553card; C:\Windows\System32\DRIVERS\d553card.sys [378368 2008-08-20] (MCCI Corporation) R3 d553gps; C:\Windows\System32\DRIVERS\d553gps.sys [76328 2008-08-09] (Dell) R3 d553mdfl; C:\Windows\System32\DRIVERS\d553mdfl.sys [14976 2008-08-20] (MCCI Corporation) R3 d553mdfl2; C:\Windows\System32\DRIVERS\d553mdfl2.sys [14976 2008-08-20] (MCCI Corporation) R3 d553mdm; C:\Windows\System32\DRIVERS\d553mdm.sys [387200 2008-08-20] (MCCI Corporation) R3 d553mdm2; C:\Windows\System32\DRIVERS\d553mdm2.sys [431616 2008-08-20] (MCCI Corporation) R3 d553nd5; C:\Windows\System32\DRIVERS\d553nd5.sys [25984 2008-08-20] (MCCI Corporation) R3 d553unic; C:\Windows\System32\DRIVERS\d553unic.sys [402944 2008-08-20] (MCCI Corporation) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [26248 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd) R3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [122504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd) S3 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14216 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd) R0 EUFS; C:\Windows\System32\drivers\eufs.sys [20616 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.) R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro) R2 hcmon; C:\WINDOWS\system32\Drivers\hcmon.sys [31024 2006-11-13] (VMware, Inc.) S3 HyteraComposite; C:\Windows\System32\DRIVERS\HyteraComposite.sys [32128 2010-09-28] (Microsoft Corporation) S3 HyteraUSBDriver; C:\Windows\System32\DRIVERS\HyteraUSBDriver.sys [35328 2010-11-04] (Hytera) R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [173880 2011-12-15] (QFX Software Corporation) R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation) S3 nokia_usb_modem_cdc_acm; C:\Windows\System32\DRIVERS\nokia_usb_modem_cdc_acm.sys [67968 2011-06-22] (Nokia) S3 nokia_usb_modem_cdc_ecm; C:\Windows\System32\DRIVERS\nokia_usb_modem_cdc_ecm.sys [32896 2011-06-22] (Nokia) S3 nokia_usb_modem_cpo; C:\Windows\System32\DRIVERS\nokia_usb_modem_cpo.sys [9984 2011-06-22] (Nokia) S3 nokia_usb_modem_ecm_enum; C:\Windows\System32\DRIVERS\nokia_usb_modem_ecm_enum.sys [47488 2011-06-22] (Nokia) S3 nokia_usb_modem_ecm_enum_filter; C:\Windows\System32\DRIVERS\nokia_usb_modem_ecm_enum_filter.sys [47488 2011-06-22] (Nokia) S1 oxmf; C:\Windows\System32\DRIVERS\oxmf.sys [15872 2006-01-07] (OEM) S3 Oxmfuf; C:\Windows\System32\DRIVERS\oxmfuf.sys [4992 2006-01-07] (OEM) S3 oxser; C:\Windows\System32\DRIVERS\oxser.sys [49792 2006-01-07] (OEM) R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation) S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX32.sys [114296 2013-07-14] (Ray Hinchliffe) R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\d553scard.sys [25640 2008-08-19] (Sony Ericsson) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-10] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation) S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation) S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] () R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) S3 USB_RNDISY; C:\Windows\System32\DRIVERS\usb8023y.sys [14336 2010-11-04] (Microsoft Corporation) R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2006-11-13] (VMware, Inc.) R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [22576 2006-11-13] (VMware, Inc.) R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [102960 2006-11-13] (VMware, Inc.) R2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2006-11-13] (VMware, Inc.) U3 ayh070r9; C:\Windows\System32\Drivers\ayh070r9.sys [0 ] (Microsoft Corporation) S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-21 18:58 - 2014-01-21 18:58 - 00000000 ____D C:\FRST 2014-01-21 18:36 - 2014-01-21 18:58 - 00000000 ____D C:\Documents and Settings\xxx\Pulpit\diagnostyka 2014-01-21 17:30 - 2014-01-21 17:30 - 00000000 ____D C:\Documents and Settings\xxx\Dane aplikacji\andro 2014-01-21 17:29 - 2014-01-21 17:29 - 00000000 ____D C:\Program Files\XS-Software 2014-01-21 16:53 - 2014-01-21 16:53 - 00000000 ____D C:\Program Files\Microsoft.NET 2014-01-20 17:10 - 2014-01-20 17:10 - 00051262 _____ C:\Documents and Settings\xxx\Moje dokumenty\Koperta C5 UNINet krzywe Pantone.cdr 2014-01-20 07:58 - 2014-01-20 07:58 - 00000000 ____D C:\Documents and Settings\TEMP\Ustawienia lokalne\Dane aplikacji\Sun 2014-01-20 07:51 - 2014-01-20 07:58 - 00000000 ___HD C:\Documents and Settings\TEMP\Ustawienia lokalne\Dane aplikacji 2014-01-20 07:51 - 2010-07-23 08:53 - 00000000 __SHD C:\Documents and Settings\TEMP\Ustawienia lokalne\Historia 2014-01-20 07:51 - 2010-05-15 22:47 - 00000000 ___HD C:\Documents and Settings\TEMP\Ustawienia lokalne 2014-01-18 19:51 - 2014-01-18 19:51 - 00117760 ___SH C:\Documents and Settings\xxx\Moje dokumenty\Thumbs.db 2014-01-18 17:48 - 2014-01-18 18:29 - 00000523 _____ C:\Documents and Settings\xxx\Pulpit\etui tablet.txt 2014-01-17 10:01 - 2014-01-17 12:32 - 00000000 ___RD C:\Documents and Settings\xxx\Moje dokumenty\Moje wideo 2014-01-17 09:30 - 2014-01-17 09:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-17 09:29 - 2014-01-17 09:31 - 00004460 _____ C:\WINDOWS\KB2914368.log ==================== One Month Modified Files and Folders ======= 2014-01-21 18:58 - 2014-01-21 18:58 - 00000000 ____D C:\FRST 2014-01-21 18:58 - 2014-01-21 18:36 - 00000000 ____D C:\Documents and Settings\xxx\Pulpit\diagnostyka 2014-01-21 18:36 - 2010-05-27 17:26 - 00000000 ____D C:\Documents and Settings\xxx\Moje dokumenty\Pobieranie 2014-01-21 18:36 - 2010-05-20 11:49 - 00000000 ____D C:\Documents and Settings\xxx\Pulpit 2014-01-21 17:30 - 2014-01-21 17:30 - 00000000 ____D C:\Documents and Settings\xxx\Dane aplikacji\andro 2014-01-21 17:30 - 2010-05-20 11:49 - 00000000 __RHD C:\Documents and Settings\xxx\Dane aplikacji 2014-01-21 17:29 - 2014-01-21 17:29 - 00000000 ____D C:\Program Files\XS-Software 2014-01-21 17:29 - 2013-08-21 10:02 - 00000000 ____D C:\Documents and Settings\xxx\Pulpit\skróty 2014-01-21 17:29 - 2010-05-15 22:47 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2014-01-21 17:08 - 2010-07-21 23:34 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2014-01-21 17:00 - 2011-02-23 12:21 - 00000000 ____D C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Downloaded Installations 2014-01-21 17:00 - 2010-05-15 22:48 - 01172426 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-21 17:00 - 2004-08-04 13:00 - 00529854 _____ C:\WINDOWS\system32\perfh015.dat 2014-01-21 17:00 - 2004-08-04 13:00 - 00092942 _____ C:\WINDOWS\system32\perfc015.dat 2014-01-21 16:53 - 2014-01-21 16:53 - 00000000 ____D C:\Program Files\Microsoft.NET 2014-01-21 16:49 - 2010-06-16 09:09 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2014-01-21 16:48 - 2010-05-15 22:47 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty 2014-01-21 16:08 - 2012-10-25 15:27 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-21 10:18 - 2013-08-29 00:20 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-01-21 10:09 - 2010-06-03 13:43 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\drukowanie pdf 2014-01-21 08:57 - 2010-05-15 21:00 - 00000000 ____D C:\WINDOWS\Registration 2014-01-21 08:33 - 2010-05-15 21:47 - 00000000 ____D C:\WINDOWS\system32\ias 2014-01-21 08:32 - 2004-08-04 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-21 08:31 - 2010-05-15 22:51 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-21 08:31 - 2010-05-15 22:51 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-21 08:30 - 2010-05-18 13:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-21 08:26 - 2010-05-15 21:02 - 01164369 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-21 08:16 - 2010-05-27 22:09 - 00206848 _____ C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-21 07:11 - 2010-05-20 11:49 - 00000188 ___SH C:\Documents and Settings\xxx\ntuser.ini 2014-01-21 07:11 - 2010-05-18 13:06 - 00032522 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-21 07:10 - 2010-05-20 11:49 - 00000000 ____D C:\Documents and Settings\xxx 2014-01-20 23:09 - 2010-05-26 21:45 - 00000000 ____D C:\Documents and Settings\xxx\Dane aplikacji\vlc 2014-01-20 21:30 - 2010-12-30 21:17 - 00936446 _____ C:\WINDOWS\setupapi.log 2014-01-20 17:10 - 2014-01-20 17:10 - 00051262 _____ C:\Documents and Settings\xxx\Moje dokumenty\Koperta C5 UNINet krzywe Pantone.cdr 2014-01-20 17:10 - 2010-05-20 11:49 - 00000000 ___RD C:\Documents and Settings\xxx\Moje dokumenty 2014-01-20 07:58 - 2014-01-20 07:58 - 00000000 ____D C:\Documents and Settings\TEMP\Ustawienia lokalne\Dane aplikacji\Sun 2014-01-20 07:58 - 2014-01-20 07:51 - 00000000 ___HD C:\Documents and Settings\TEMP\Ustawienia lokalne\Dane aplikacji 2014-01-20 07:52 - 2010-05-15 21:00 - 00005805 _____ C:\WINDOWS\wmsetup.log 2014-01-18 19:51 - 2014-01-18 19:51 - 00117760 ___SH C:\Documents and Settings\xxx\Moje dokumenty\Thumbs.db 2014-01-18 19:51 - 2013-02-06 02:17 - 00000000 ____D C:\Documents and Settings\xxx\Moje dokumenty\Zdjęcia 2013 2014-01-18 19:51 - 2010-11-30 11:10 - 00000000 ____D C:\Documents and Settings\xxx\Moje dokumenty\vesnet 2014-01-18 19:51 - 2010-06-18 22:40 - 00000000 ____D C:\Documents and Settings\xxx\Moje dokumenty\WSB 2014-01-18 19:50 - 2011-02-12 18:45 - 00000000 ____D C:\Documents and Settings\xxx\Moje dokumenty\Moje filmy 2014-01-18 19:50 - 2010-08-11 15:34 - 00000000 ____D C:\Documents and Settings\xxx\Moje dokumenty\Alfa Radio 2014-01-18 18:29 - 2014-01-18 17:48 - 00000523 _____ C:\Documents and Settings\xxx\Pulpit\etui tablet.txt 2014-01-17 13:40 - 2010-09-25 22:38 - 00000000 ____D C:\Documents and Settings\xxx\Dane aplikacji\Any Video Converter 2014-01-17 12:32 - 2014-01-17 10:01 - 00000000 ___RD C:\Documents and Settings\xxx\Moje dokumenty\Moje wideo 2014-01-17 12:10 - 2012-02-13 20:00 - 00000000 ____D C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\NokiaInternetModem 2014-01-17 10:53 - 2013-07-12 09:53 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-17 10:46 - 2010-05-27 18:30 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-17 09:31 - 2014-01-17 09:29 - 00004460 _____ C:\WINDOWS\KB2914368.log 2014-01-17 09:31 - 2010-05-15 22:48 - 02216835 _____ C:\WINDOWS\FaxSetup.log 2014-01-17 09:31 - 2010-05-15 22:48 - 01086805 _____ C:\WINDOWS\ocgen.log 2014-01-17 09:31 - 2010-05-15 22:48 - 01027867 _____ C:\WINDOWS\tsoc.log 2014-01-17 09:31 - 2010-05-15 22:48 - 00639788 _____ C:\WINDOWS\comsetup.log 2014-01-17 09:31 - 2010-05-15 22:48 - 00453373 _____ C:\WINDOWS\iis6.log 2014-01-17 09:31 - 2010-05-15 22:48 - 00389594 _____ C:\WINDOWS\netfxocm.log 2014-01-17 09:31 - 2010-05-15 22:48 - 00387876 _____ C:\WINDOWS\ntdtcsetup.log 2014-01-17 09:31 - 2010-05-15 22:48 - 00155429 _____ C:\WINDOWS\MedCtrOC.log 2014-01-17 09:31 - 2010-05-15 22:48 - 00118357 _____ C:\WINDOWS\ocmsn.log 2014-01-17 09:31 - 2010-05-15 22:48 - 00114703 _____ C:\WINDOWS\tabletoc.log 2014-01-17 09:31 - 2010-05-15 22:48 - 00111716 _____ C:\WINDOWS\msgsocm.log 2014-01-17 09:31 - 2010-05-15 22:48 - 00001374 _____ C:\WINDOWS\imsins.log 2014-01-17 09:30 - 2014-01-17 09:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-17 09:30 - 2010-05-15 22:48 - 00707030 _____ C:\WINDOWS\msmqinst.log 2014-01-15 10:49 - 2013-07-15 22:37 - 00000000 ____D C:\Documents and Settings\xxx\Moje dokumenty\WESTO 2014-01-13 20:57 - 2012-11-01 22:57 - 00000000 ____D C:\Program Files\Ja2 2014-01-13 20:57 - 2010-05-15 21:00 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Gry 2014-01-12 00:00 - 2012-02-18 19:00 - 00000000 ____D C:\AP Ramzes Some content of TEMP: ==================== C:\Documents and Settings\TEMP\Ustawienia lokalne\Temp\avgnt.exe C:\Documents and Settings\xxx\Ustawienia lokalne\Temp\20131027231702.859.exe C:\Documents and Settings\xxx\Ustawienia lokalne\Temp\avgnt.exe C:\Documents and Settings\xxx\Ustawienia lokalne\Temp\vlc-2.0.5-win32.exe C:\Documents and Settings\xxx\Ustawienia lokalne\Temp\vlc-2.0.6-win32.exe C:\Documents and Settings\xxx\Ustawienia lokalne\Temp\vlc-2.1.1-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 13:00] - [2008-04-14 18:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2004-08-04 13:00] - [2008-04-14 18:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2004-08-04 13:00] - [2008-04-14 18:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2004-08-04 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2004-08-04 13:00] - [2008-04-14 18:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2004-08-04 13:00] - [2008-04-14 18:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\rpcss.dll [2004-08-04 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 13:00] - [2008-04-14 17:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================