Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Marzena i Tomek (administrator) on MT-51687E0 on 06-04-2014 18:11:57 Running from D:\programy\użytki\bezpieczeństwo_diagnostyka\farbar Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe () C:\Advanced Wheel Mouse\wh_exec.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [WheelMouse] - C:\Advanced Wheel Mouse\wh_exec.exe [147456 2000-01-01] () HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20145368 2000-01-01] (Realtek Semiconductor Corp.) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [377288 2014-02-23] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15713624 2014-02-23] (NVIDIA Corporation) HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-839522115-412668190-682003330-1004\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-839522115-412668190-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-839522115-412668190-682003330-1004\...\Run: [ALLUpdate] - C:\Program Files\ALLPlayer\ALLUpdate.exe [3000704 2014-01-29] (ALLPlayer Group Ltd.) HKU\S-1-5-21-839522115-412668190-682003330-1004\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-839522115-412668190-682003330-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 AppInit_DLLs: C:\WINDOWS\system32\guard32.dll => C:\WINDOWS\system32\guard32.dll [301264 2012-11-08] (COMODO) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1392149689765 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Marzena i Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\02puo5kw.default-1393510455906 FF Homepage: hxxp://www.wp.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-25] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-20] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [497952 2012-11-08] (COMODO) R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32640 2012-11-08] (COMODO) S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2014-02-11] (Windows (R) 2000 DDK provider) R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [99080 2012-11-08] (COMODO) R3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-15] (Microsoft Corporation) S3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [14240 2007-02-03] (Logitech Inc.) R3 PID_PEPI; C:\WINDOWS\System32\DRIVERS\LV302V32.SYS [938272 2007-02-03] (Logitech Inc.) R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH) S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-02-27] () R3 whfltr2k; C:\WINDOWS\System32\DRIVERS\whfltr2k.sys [7424 2000-01-01] () S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org) S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-06 18:02 - 2014-04-06 18:02 - 00000000 ____D () C:\MATS 2014-03-30 20:02 - 2014-03-30 20:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-24 21:27 - 2014-03-24 21:27 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\DAEMON Tools Images 2014-03-23 13:40 - 2014-03-23 13:40 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt 2014-03-23 13:40 - 2014-03-23 13:40 - 00000000 ____D () C:\Documents and Settings\Marzena i Tomek\Doctor Web 2014-03-19 16:01 - 2014-04-06 18:11 - 00000000 ____D () C:\FRST 2014-03-19 11:23 - 2014-03-19 11:23 - 00001880 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2014-03-19 11:23 - 2014-03-19 11:23 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-19 11:23 - 2014-03-19 11:23 - 00000000 ____D () C:\Documents and Settings\Marzena i Tomek\Ustawienia lokalne\Dane aplikacji\Skype 2014-03-19 11:23 - 2014-03-19 11:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Skype 2014-03-13 21:34 - 2014-03-13 21:34 - 00000000 ___RD () C:\Documents and Settings\LocalService\Ulubione 2014-03-13 19:47 - 2014-04-05 13:49 - 00024626 _____ () C:\WINDOWS\setupapi.log 2014-03-13 19:28 - 2014-03-13 19:28 - 00000000 ____D () C:\Documents and Settings\Marzena i Tomek\Dane aplikacji\Avira 2014-03-13 19:28 - 2014-03-13 19:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\Avira 2014-03-13 19:27 - 2014-02-25 12:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2014-03-13 19:27 - 2014-02-25 12:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-03-13 19:27 - 2014-02-25 12:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2014-03-13 19:27 - 2014-02-25 12:41 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys 2014-03-13 19:25 - 2014-03-31 17:47 - 00000858 _____ () C:\Documents and Settings\All Users\Pulpit\Avira.lnk 2014-03-13 19:25 - 2014-03-31 17:47 - 00000000 ____D () C:\Program Files\Avira 2014-03-13 19:25 - 2014-03-31 17:47 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Avira 2014-03-13 19:25 - 2014-03-13 19:27 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Avira 2014-03-13 19:23 - 2014-03-13 19:23 - 00149992 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-13 19:22 - 2014-03-13 19:22 - 00027488 _____ () C:\Documents and Settings\Marzena i Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-03-13 18:41 - 2014-03-13 18:46 - 00000727 _____ () C:\Documents and Settings\Administrator\avgrep.txt 2014-03-07 16:06 - 2014-04-06 18:09 - 00000242 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-03-07 16:06 - 2014-03-09 10:31 - 00000236 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job ==================== One Month Modified Files and Folders ======= 2014-04-06 18:11 - 2014-03-19 16:01 - 00000000 ____D () C:\FRST 2014-04-06 18:11 - 2013-07-01 20:53 - 00015506 _____ () C:\WINDOWS\system32\nvAppTimestamps 2014-04-06 18:10 - 2014-03-03 19:50 - 01149916 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-06 18:10 - 2012-10-29 22:35 - 00000000 ____D () C:\Documents and Settings\Marzena i Tomek\Dane aplikacji\Skype 2014-04-06 18:09 - 2014-03-07 16:06 - 00000242 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-04-06 18:09 - 2014-03-03 19:50 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-04-06 18:09 - 2014-03-03 19:50 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-04-06 18:09 - 2013-05-18 10:24 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-06 18:09 - 2012-11-02 17:29 - 00000298 _____ () C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job 2014-04-06 18:09 - 2012-10-29 21:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-06 18:08 - 2014-03-03 19:49 - 00032504 _____ () C:\WINDOWS\SchedLgU.Txt 2014-04-06 18:08 - 2013-11-25 21:45 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-04-06 18:08 - 2013-07-15 23:48 - 01843092 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-839522115-412668190-682003330-1004-0.dat 2014-04-06 18:08 - 2013-07-15 23:48 - 00150138 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2014-04-06 18:08 - 2012-10-29 21:09 - 00000188 ___SH () C:\Documents and Settings\Marzena i Tomek\ntuser.ini 2014-04-06 18:08 - 2012-10-29 21:09 - 00000000 ____D () C:\Documents and Settings\Marzena i Tomek 2014-04-06 18:02 - 2014-04-06 18:02 - 00000000 ____D () C:\MATS 2014-04-06 17:59 - 2013-02-02 15:14 - 00001054 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-06 17:53 - 2012-10-29 21:52 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-04-06 17:53 - 2012-10-29 21:09 - 00000000 __RHD () C:\Documents and Settings\Marzena i Tomek\Dane aplikacji 2014-04-06 17:53 - 2012-10-29 21:09 - 00000000 ___HD () C:\Documents and Settings\Marzena i Tomek\Ustawienia lokalne\Dane aplikacji 2014-04-06 16:24 - 2008-04-15 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-05 13:51 - 2012-10-29 21:09 - 00000000 ____D () C:\Documents and Settings\Marzena i Tomek\Pulpit 2014-04-05 13:49 - 2014-03-13 19:47 - 00024626 _____ () C:\WINDOWS\setupapi.log 2014-04-02 22:42 - 2012-10-30 17:25 - 00000000 ____D () C:\Games 2014-04-02 22:42 - 2012-10-29 21:54 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-04-02 22:42 - 2012-10-29 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-04-02 20:04 - 2012-10-29 21:03 - 00000000 ____D () C:\WINDOWS\system32\DirectX 2014-03-31 17:58 - 2012-10-29 22:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-03-31 17:47 - 2014-03-13 19:25 - 00000858 _____ () C:\Documents and Settings\All Users\Pulpit\Avira.lnk 2014-03-31 17:47 - 2014-03-13 19:25 - 00000000 ____D () C:\Program Files\Avira 2014-03-31 17:47 - 2014-03-13 19:25 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Avira 2014-03-31 17:47 - 2013-08-19 19:08 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Package Cache 2014-03-30 20:02 - 2014-03-30 20:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-30 19:11 - 2012-10-29 21:54 - 01285526 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-30 19:11 - 2008-04-15 14:00 - 00565376 _____ () C:\WINDOWS\system32\perfh015.dat 2014-03-30 19:11 - 2008-04-15 14:00 - 00110462 _____ () C:\WINDOWS\system32\perfc015.dat 2014-03-27 20:01 - 2012-10-29 21:09 - 00000000 ___RD () C:\Documents and Settings\Marzena i Tomek\Moje dokumenty 2014-03-26 22:36 - 2014-02-11 21:34 - 2145386496 _____ () C:\WINDOWS\MEMORY.DMP 2014-03-24 23:00 - 2014-02-11 21:52 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2014-03-24 21:37 - 2012-10-29 21:02 - 00000000 ____D () C:\WINDOWS\Registration 2014-03-24 21:32 - 2012-10-29 21:58 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-24 21:27 - 2014-03-24 21:27 - 00000000 ____D () C:\Documents and Settings\All Users\Dokumenty\DAEMON Tools Images 2014-03-24 21:27 - 2012-10-29 21:54 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2014-03-23 13:40 - 2014-03-23 13:40 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt 2014-03-23 13:40 - 2014-03-23 13:40 - 00000000 ____D () C:\Documents and Settings\Marzena i Tomek\Doctor Web 2014-03-23 13:18 - 2012-10-29 21:51 - 00000211 ___SH () C:\boot.ini 2014-03-23 13:18 - 2008-04-15 14:00 - 00000528 ____C () C:\WINDOWS\win.ini 2014-03-23 13:18 - 2008-04-15 14:00 - 00000227 ____C () C:\WINDOWS\system.ini 2014-03-19 11:23 - 2014-03-19 11:23 - 00001880 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2014-03-19 11:23 - 2014-03-19 11:23 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-03-19 11:23 - 2014-03-19 11:23 - 00000000 ____D () C:\Documents and Settings\Marzena i Tomek\Ustawienia lokalne\Dane aplikacji\Skype 2014-03-19 11:23 - 2014-03-19 11:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Skype 2014-03-19 11:23 - 2013-03-22 20:38 - 00000000 ___RD () C:\Program Files\Skype 2014-03-19 11:22 - 2012-10-29 22:35 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2014-03-19 10:51 - 2013-11-27 20:38 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-03-19 10:48 - 2012-10-29 22:01 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-03-13 21:34 - 2014-03-13 21:34 - 00000000 ___RD () C:\Documents and Settings\LocalService\Ulubione 2014-03-13 21:34 - 2012-10-29 21:08 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-03-13 19:46 - 2012-10-29 21:45 - 00000000 ____D () C:\WINDOWS\repair 2014-03-13 19:28 - 2014-03-13 19:28 - 00000000 ____D () C:\Documents and Settings\Marzena i Tomek\Dane aplikacji\Avira 2014-03-13 19:28 - 2014-03-13 19:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\Avira 2014-03-13 19:28 - 2012-10-29 21:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji 2014-03-13 19:27 - 2014-03-13 19:25 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Avira 2014-03-13 19:23 - 2014-03-13 19:23 - 00149992 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-13 19:22 - 2014-03-13 19:22 - 00027488 _____ () C:\Documents and Settings\Marzena i Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-03-13 19:22 - 2013-12-18 17:22 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt 2014-03-13 19:22 - 2013-11-11 19:43 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt 2014-03-13 19:22 - 2012-11-12 17:50 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt 2014-03-13 19:11 - 2012-11-06 17:17 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-03-13 18:46 - 2014-03-13 18:41 - 00000727 _____ () C:\Documents and Settings\Administrator\avgrep.txt 2014-03-13 18:41 - 2012-11-06 17:17 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-03-12 22:34 - 2012-10-29 21:08 - 00000188 ___SH () C:\Documents and Settings\LocalService\ntuser.ini 2014-03-12 11:54 - 2012-10-30 17:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-11 23:48 - 2013-12-18 17:23 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 23:48 - 2012-10-30 17:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight 2014-03-09 10:31 - 2014-03-07 16:06 - 00000236 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job Some content of TEMP: ==================== C:\Documents and Settings\Marzena i Tomek\Ustawienia lokalne\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-15 14:00] - [2008-04-15 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 14:00] - [2008-04-15 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================