Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 03 Ran by Adam (administrator) on FELL on 26-01-2014 19:22:42 Running from C:\Documents and Settings\Adam\Moje dokumenty\Pobieranie Microsoft Windows XP Home Edition Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) D:\Programy\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (AVAST Software) D:\Programy\AVAST Software\Avast\AvastUI.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.) HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [14396416 2005-05-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [avast] - D:\Programy\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-21] (Logitech, Inc.) HKLM\...\Run: [EasyTuneV] - C:\Program Files\Gigabyte\ET5\GUI.exe [200704 2004-06-14] () HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1390728523&from=amt&uid=SAMSUNGXSP0812N_S00MJ10L201489 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SearchScopes: HKLM - DefaultScope value is missing. BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{8B972B40-269B-4A10-831B-7B7DF21723C7}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\sctlj4v7.default FF Homepage: hxxp://www.wp.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Programy\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - D:\Programy\AVAST Software\Avast\WebRep\FF [2013-08-06] FF HKLM\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Documents and Settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\sctlj4v7.default\extensions\lightningnewtab@gmail.com.xpi FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1390728523&from=amt&uid=SAMSUNGXSP0812N_S00MJ10L201489 Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" ========================== Services (Whitelisted) ================= S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () R2 avast! Antivirus; D:\Programy\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 Update Surftastic; "C:\Program Files\Surftastic\updateSurftastic.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-06] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-06] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-06] () R3 ET5Drv; C:\WINDOWS\system32\Drivers\ET5Drv.sys [186584 2004-09-20] (Microsoft Corporation) S3 GVCplDrv; C:\Windows\System32\Drivers\GVCplDrv.sys [23040 2004-05-02] () S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2006-03-02] () S3 catchme; \??\C:\DOCUME~1\Adam\USTAWI~1\Temp\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S4 IntelIde; No ImagePath U3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-26 19:22 - 2014-01-26 19:22 - 00000000 ____D C:\FRST 2014-01-26 17:56 - 2014-01-26 17:56 - 00011124 _____ C:\ComboFix.txt 2014-01-26 17:34 - 2014-01-26 17:34 - 00000000 _RSHD C:\cmdcons 2014-01-26 17:34 - 2014-01-09 17:43 - 00000211 _____ C:\Boot.bak 2014-01-26 17:34 - 2004-08-03 23:00 - 00262400 __RSH C:\cmldr 2014-01-26 17:32 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2014-01-26 17:32 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2014-01-26 17:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-01-26 17:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-01-26 17:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-01-26 17:32 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-01-26 17:32 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe 2014-01-26 17:32 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe 2014-01-26 17:32 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe 2014-01-26 17:31 - 2014-01-26 17:57 - 00000000 ____D C:\Qoobox 2014-01-26 17:31 - 2014-01-26 17:55 - 00000000 ____D C:\WINDOWS\erdnt 2014-01-26 17:31 - 2014-01-26 17:31 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty\Moje wideo 2014-01-26 17:31 - 2014-01-26 17:31 - 00000000 ___RD C:\Documents and Settings\Adam\Moje dokumenty\Moje wideo 2014-01-26 17:31 - 2014-01-26 17:31 - 00000000 ___RD C:\Documents and Settings\Adam\Menu Start\Programy\Narzędzia administracyjne 2014-01-26 17:00 - 2014-01-26 17:12 - 00000000 ____D C:\AdwCleaner 2014-01-26 16:52 - 2014-01-26 16:52 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\EMCO 2014-01-26 16:51 - 2014-01-26 16:51 - 00000000 ____D C:\Program Files\EMCO 2014-01-26 16:49 - 2014-01-26 16:49 - 52841952 _____ (EMCO Software ) C:\Documents and Settings\Adam\Moje dokumenty\malwaredestroyersetup.exe 2014-01-26 16:46 - 2014-01-26 16:46 - 00889416 _____ (Microsoft Corporation) C:\Documents and Settings\Adam\Moje dokumenty\dotNetFx40_Full_setup.exe 2014-01-26 16:40 - 2014-01-26 16:39 - 01021432 _____ (Microsoft Corporation) C:\Documents and Settings\Adam\Moje dokumenty\NDP451-KB2859818-Web.exe 2014-01-26 16:35 - 2014-01-26 16:35 - 00000000 ____D C:\Documents and Settings\Adam\Moje dokumenty\Crystal%20Security%203.0.0.68 2014-01-26 16:34 - 2014-01-26 16:34 - 00266582 _____ C:\Documents and Settings\Adam\Moje dokumenty\Crystal%20Security%203.0.0.68.zip 2014-01-26 15:26 - 2014-01-26 16:22 - 00000000 ____D C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2014-01-26 14:37 - 2011-06-21 11:24 - 00032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys 2014-01-26 11:32 - 2014-01-26 11:32 - 00000000 ____D C:\Program Files\Enigma Software Group 2014-01-26 11:31 - 2014-01-26 15:26 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2014-01-26 10:31 - 2014-01-26 10:31 - 00000000 ____D C:\Documents and Settings\Adam\.android 2014-01-26 10:30 - 2014-01-26 10:30 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\cache 2014-01-26 10:30 - 2014-01-26 10:30 - 00000000 _____ C:\Documents and Settings\Adam\daemonprocess.txt 2014-01-26 10:29 - 2014-01-26 11:23 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\IePluginService 2014-01-25 18:56 - 2014-01-25 18:56 - 00023412 _____ C:\Documents and Settings\Adam\.recently-used.xbel 2014-01-24 00:01 - 2014-01-24 00:01 - 00003706 _____ C:\Documents and Settings\Adam\Pulpit\logo.jpeg 2014-01-20 19:28 - 2014-01-20 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\MathematicaPlayer 2014-01-20 19:28 - 2014-01-20 19:28 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\MathematicaPlayer 2014-01-20 19:28 - 2014-01-20 19:28 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\MathematicaPlayer 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Program Files\Extras 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Program Files\Common Files\Wolfram Research 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Program Files\Common Files\ResearchSoft 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Wolfram CDF Player 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Mathematica 2014-01-20 19:26 - 2013-02-07 19:39 - 00369968 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\ml32i3.dll 2014-01-20 19:26 - 2013-02-07 19:39 - 00360752 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\mltcpip32.mlp 2014-01-20 19:26 - 2013-02-07 19:39 - 00258864 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\ml32i2.dll 2014-01-20 19:26 - 2013-02-07 19:39 - 00252720 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\ml32i1.dll 2014-01-20 19:26 - 2013-02-07 19:39 - 00173360 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\mlmodule32.dll 2014-01-20 19:26 - 2013-02-07 19:39 - 00095536 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\mltcp32.mlp 2014-01-20 19:26 - 2013-02-07 19:39 - 00088368 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\mlshm32.mlp 2014-01-20 19:26 - 2013-02-07 19:39 - 00078128 _____ (Wolfram Research, Inc.) C:\WINDOWS\system32\mlmap32.mlp 2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____D C:\Program Files\Wolfram Research 2014-01-18 13:07 - 2014-01-18 13:16 - 00000000 ____D C:\Documents and Settings\Adam\Pulpit\matma wyklady(1) 2014-01-18 13:02 - 2014-01-18 13:02 - 04272783 _____ C:\Documents and Settings\Adam\Pulpit\matma wyklady(1).rar 2014-01-18 12:29 - 2014-01-17 23:44 - 00318950 _____ C:\Documents and Settings\Adam\Pulpit\Kopia KRESKI v1.0.odt 2014-01-17 21:42 - 2014-01-17 23:44 - 00318950 _____ C:\Documents and Settings\Adam\Pulpit\KRESKI v1.0.odt 2014-01-15 11:02 - 2014-01-15 11:02 - 00000527 _____ C:\Documents and Settings\Adam\Pulpit\kolos 3 pochodne.txt 2013-12-31 16:26 - 2014-01-12 14:33 - 00023597 _____ C:\Documents and Settings\Adam\Pulpit\Kopia ekhem.ods 2013-12-29 23:02 - 2014-01-12 13:02 - 00023363 _____ C:\Documents and Settings\Adam\Pulpit\ekhem.ods 2013-12-29 21:30 - 2013-12-29 21:30 - 00149380 _____ C:\Documents and Settings\Adam\Moje dokumenty\ts3_clientui-win32-1375083581-2013-12-29 21_30_03.187500.dmp 2013-12-29 21:29 - 2013-12-29 21:29 - 00147456 _____ C:\Documents and Settings\Adam\Moje dokumenty\ts3_clientui-win32-1375083581-2013-12-29 21_29_12.843750.dmp 2013-12-28 15:18 - 2013-12-27 23:08 - 00119828 _____ C:\Documents and Settings\Adam\Pulpit\GRUBE.sb ==================== One Month Modified Files and Folders ======= 2014-01-26 19:22 - 2014-01-26 19:22 - 00000000 ____D C:\FRST 2014-01-26 19:22 - 2013-08-06 13:14 - 00000000 ____D C:\Documents and Settings\Adam\Moje dokumenty\Pobieranie 2014-01-26 19:14 - 2013-08-06 12:05 - 00426754 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-26 19:09 - 2013-08-06 13:24 - 00000350 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-01-26 19:09 - 2013-08-06 12:42 - 00000000 ____D C:\WINDOWS\system32\Lang 2014-01-26 19:08 - 2013-08-06 12:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-26 19:08 - 2013-08-06 12:10 - 00000000 __SHD C:\Documents and Settings\NetworkService 2014-01-26 19:06 - 2013-08-06 12:25 - 00196608 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2014-01-26 19:06 - 2013-08-06 12:11 - 00032454 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-26 19:06 - 2013-08-06 12:11 - 00000188 ___SH C:\Documents and Settings\Adam\ntuser.ini 2014-01-26 17:57 - 2014-01-26 17:31 - 00000000 ____D C:\Qoobox 2014-01-26 17:57 - 2013-08-06 12:11 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne 2014-01-26 17:57 - 2013-08-06 12:10 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne 2014-01-26 17:56 - 2014-01-26 17:56 - 00011124 _____ C:\ComboFix.txt 2014-01-26 17:55 - 2014-01-26 17:31 - 00000000 ____D C:\WINDOWS\erdnt 2014-01-26 17:54 - 2006-03-02 13:00 - 00000227 _____ C:\WINDOWS\system.ini 2014-01-26 17:44 - 2013-08-06 12:11 - 00000000 __RHD C:\Documents and Settings\Adam\Dane aplikacji 2014-01-26 17:34 - 2014-01-26 17:34 - 00000000 _RSHD C:\cmdcons 2014-01-26 17:34 - 2013-08-06 13:51 - 00000327 __RSH C:\boot.ini 2014-01-26 17:31 - 2014-01-26 17:31 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty\Moje wideo 2014-01-26 17:31 - 2014-01-26 17:31 - 00000000 ___RD C:\Documents and Settings\Adam\Moje dokumenty\Moje wideo 2014-01-26 17:31 - 2014-01-26 17:31 - 00000000 ___RD C:\Documents and Settings\Adam\Menu Start\Programy\Narzędzia administracyjne 2014-01-26 17:31 - 2013-08-06 13:53 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty 2014-01-26 17:31 - 2013-08-06 12:11 - 00000000 ___RD C:\Documents and Settings\Adam\Moje dokumenty 2014-01-26 17:31 - 2013-08-06 12:11 - 00000000 ___RD C:\Documents and Settings\Adam\Menu Start\Programy 2014-01-26 17:22 - 2013-08-06 12:11 - 00000000 ____D C:\Documents and Settings\Adam\Pulpit 2014-01-26 17:12 - 2014-01-26 17:00 - 00000000 ____D C:\AdwCleaner 2014-01-26 17:04 - 2013-08-06 12:11 - 00000000 ____D C:\Documents and Settings\Adam 2014-01-26 17:03 - 2013-08-06 13:53 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2014-01-26 17:03 - 2013-08-06 12:11 - 00000000 ___HD C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji 2014-01-26 16:52 - 2014-01-26 16:52 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\EMCO 2014-01-26 16:52 - 2013-08-06 13:53 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2014-01-26 16:51 - 2014-01-26 16:51 - 00000000 ____D C:\Program Files\EMCO 2014-01-26 16:49 - 2014-01-26 16:49 - 52841952 _____ (EMCO Software ) C:\Documents and Settings\Adam\Moje dokumenty\malwaredestroyersetup.exe 2014-01-26 16:46 - 2014-01-26 16:46 - 00889416 _____ (Microsoft Corporation) C:\Documents and Settings\Adam\Moje dokumenty\dotNetFx40_Full_setup.exe 2014-01-26 16:39 - 2014-01-26 16:40 - 01021432 _____ (Microsoft Corporation) C:\Documents and Settings\Adam\Moje dokumenty\NDP451-KB2859818-Web.exe 2014-01-26 16:35 - 2014-01-26 16:35 - 00000000 ____D C:\Documents and Settings\Adam\Moje dokumenty\Crystal%20Security%203.0.0.68 2014-01-26 16:34 - 2014-01-26 16:34 - 00266582 _____ C:\Documents and Settings\Adam\Moje dokumenty\Crystal%20Security%203.0.0.68.zip 2014-01-26 16:22 - 2014-01-26 15:26 - 00000000 ____D C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2014-01-26 16:22 - 2013-08-06 13:53 - 00618529 _____ C:\WINDOWS\setupapi.log 2014-01-26 15:42 - 2013-08-06 12:06 - 00001607 _____ C:\Documents and Settings\All Users\Menu Start\Określ dostęp do programów i ich ustawienia domyślne.lnk 2014-01-26 15:42 - 2013-08-06 12:06 - 00001599 _____ C:\Documents and Settings\Default User\Menu Start\Programy\Pomoc zdalna.lnk 2014-01-26 15:42 - 2013-08-06 12:06 - 00001507 _____ C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk 2014-01-26 15:38 - 2013-08-06 12:11 - 00001599 _____ C:\Documents and Settings\Adam\Menu Start\Programy\Pomoc zdalna.lnk 2014-01-26 15:26 - 2014-01-26 11:31 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2014-01-26 11:32 - 2014-01-26 11:32 - 00000000 ____D C:\Program Files\Enigma Software Group 2014-01-26 11:23 - 2014-01-26 10:29 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\IePluginService 2014-01-26 10:31 - 2014-01-26 10:31 - 00000000 ____D C:\Documents and Settings\Adam\.android 2014-01-26 10:30 - 2014-01-26 10:30 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\cache 2014-01-26 10:30 - 2014-01-26 10:30 - 00000000 _____ C:\Documents and Settings\Adam\daemonprocess.txt 2014-01-26 10:28 - 2013-08-06 13:12 - 00000914 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2014-01-26 10:28 - 2013-08-06 12:11 - 00000987 _____ C:\Documents and Settings\Adam\Menu Start\Programy\Internet Explorer.lnk 2014-01-25 19:15 - 2013-10-15 18:59 - 00000000 ____D C:\Documents and Settings\Adam\.gimp-2.6 2014-01-25 18:56 - 2014-01-25 18:56 - 00023412 _____ C:\Documents and Settings\Adam\.recently-used.xbel 2014-01-25 18:56 - 2013-08-06 12:11 - 00000000 ___RD C:\Documents and Settings\Adam\Moje dokumenty\Moje obrazy 2014-01-25 13:47 - 2013-10-04 18:25 - 00001870 _____ C:\Documents and Settings\Adam\Pulpit\Email.txt 2014-01-24 16:43 - 2013-10-17 19:45 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\gtk-2.0 2014-01-24 00:01 - 2014-01-24 00:01 - 00003706 _____ C:\Documents and Settings\Adam\Pulpit\logo.jpeg 2014-01-23 19:48 - 2013-12-23 13:08 - 00055417 _____ C:\Documents and Settings\Adam\Pulpit\stle strony.txt 2014-01-22 21:25 - 2013-08-23 18:35 - 00000000 ____D C:\Documents and Settings\Adam\Pulpit\INWENTARYZACJE 2014-01-21 11:23 - 2013-08-06 13:52 - 04430088 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2014-01-20 19:39 - 2013-08-06 12:25 - 01717384 _____ C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-01-20 19:28 - 2014-01-20 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\MathematicaPlayer 2014-01-20 19:28 - 2014-01-20 19:28 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\MathematicaPlayer 2014-01-20 19:28 - 2014-01-20 19:28 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\MathematicaPlayer 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Program Files\Extras 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Program Files\Common Files\Wolfram Research 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Program Files\Common Files\ResearchSoft 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Wolfram CDF Player 2014-01-20 19:27 - 2014-01-20 19:27 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Mathematica 2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____D C:\Program Files\Wolfram Research 2014-01-18 20:57 - 2013-09-27 19:13 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\Skype 2014-01-18 17:30 - 2013-10-15 16:22 - 00002267 _____ C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2014-01-18 13:16 - 2014-01-18 13:07 - 00000000 ____D C:\Documents and Settings\Adam\Pulpit\matma wyklady(1) 2014-01-18 13:02 - 2014-01-18 13:02 - 04272783 _____ C:\Documents and Settings\Adam\Pulpit\matma wyklady(1).rar 2014-01-18 11:05 - 2013-10-09 09:27 - 00000000 ____D C:\Documents and Settings\Adam\Pulpit\Politechnika 2014-01-18 00:50 - 2013-08-06 13:56 - 00000214 _____ C:\WINDOWS\wiadebug.log 2014-01-18 00:50 - 2013-08-06 13:56 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-17 23:44 - 2014-01-18 12:29 - 00318950 _____ C:\Documents and Settings\Adam\Pulpit\Kopia KRESKI v1.0.odt 2014-01-17 23:44 - 2014-01-17 21:42 - 00318950 _____ C:\Documents and Settings\Adam\Pulpit\KRESKI v1.0.odt 2014-01-15 11:02 - 2014-01-15 11:02 - 00000527 _____ C:\Documents and Settings\Adam\Pulpit\kolos 3 pochodne.txt 2014-01-14 17:59 - 2006-03-02 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-12 14:33 - 2013-12-31 16:26 - 00023597 _____ C:\Documents and Settings\Adam\Pulpit\Kopia ekhem.ods 2014-01-12 13:02 - 2013-12-29 23:02 - 00023363 _____ C:\Documents and Settings\Adam\Pulpit\ekhem.ods 2014-01-09 17:43 - 2014-01-26 17:34 - 00000211 _____ C:\Boot.bak 2014-01-09 17:43 - 2006-03-02 13:00 - 00000498 _____ C:\WINDOWS\win.ini 2014-01-08 15:02 - 2013-10-03 18:13 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\GG 2014-01-07 09:27 - 2013-11-12 11:32 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2014-01-04 20:35 - 2013-09-28 14:08 - 00000000 ____D C:\Program Files\Steam 2013-12-29 21:30 - 2013-12-29 21:30 - 00149380 _____ C:\Documents and Settings\Adam\Moje dokumenty\ts3_clientui-win32-1375083581-2013-12-29 21_30_03.187500.dmp 2013-12-29 21:29 - 2013-12-29 21:29 - 00147456 _____ C:\Documents and Settings\Adam\Moje dokumenty\ts3_clientui-win32-1375083581-2013-12-29 21_29_12.843750.dmp 2013-12-27 23:08 - 2013-12-28 15:18 - 00119828 _____ C:\Documents and Settings\Adam\Pulpit\GRUBE.sb 2013-12-27 13:05 - 2013-12-26 19:56 - 00123759 _____ C:\Documents and Settings\Adam\Pulpit\KRe.sb ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2006-03-02 13:00] - [2006-03-02 13:00] - 1033728 ____A (Microsoft Corporation) 379098a96e6c165b659de7e4328010ea C:\Windows\System32\winlogon.exe [2006-03-02 13:00] - [2006-03-02 13:00] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0 C:\Windows\System32\svchost.exe [2006-03-02 13:00] - [2006-03-02 13:00] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e C:\Windows\System32\services.exe [2006-03-02 13:00] - [2006-03-02 13:00] - 0108544 ____A (Microsoft Corporation) 3da8d964d2cc12ef8e8c342471a37917 C:\Windows\System32\User32.dll [2006-03-02 13:00] - [2006-03-02 13:00] - 0578560 ____A (Microsoft Corporation) 0c81764f50f32d376e6e4b9e9f4b01a0 C:\Windows\System32\userinit.exe [2006-03-02 13:00] - [2006-03-02 13:00] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396 C:\Windows\System32\rpcss.dll [2006-03-02 13:00] - [2006-03-02 13:00] - 0395776 ____A (Microsoft Corporation) 346e5b19fc986fe7185a0c2c43593722 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2006-03-02 13:00] - [2006-03-02 13:00] - 0052864 ____A (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36 ==================== End Of Log ============================