Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014 Ran by Tomek (administrator) on KLOZA-47DEDC5AE on 24-04-2014 20:42:33 Running from C:\Documents and Settings\Tomek\Pulpit\LoL Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Atheros) C:\WINDOWS\system32\acs.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\WINDOWS\system32\PnkBstrA.exe () C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Razer\Diamondback 3G\razerhid.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe () C:\Program Files\Razer\Diamondback 3G\razertra.exe (Razer Inc.) C:\Program Files\Razer\Diamondback 3G\razerofa.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [561263 2010-05-21] () HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [Diamondback] => C:\Program Files\Razer\Diamondback 3G\razerhid.exe [228352 2010-04-28] () HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-02] (AVAST Software) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15714592 2014-03-09] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [377288 2014-03-09] (NVIDIA Corporation) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-03-09] () HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\Powiadomienia monitorowania tuszu - HP Deskjet 2050 J510 series.lnk ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1395003722671 Tcpip\Parameters: [DhcpNameServer] 85.237.160.6 85.237.160.3 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\bk8638v2.default-1396303935625 FF NetworkProxy: "ftp", "223.83.108.22 " FF NetworkProxy: "ftp_port", 8123 FF NetworkProxy: "http", "223.83.108.22 " FF NetworkProxy: "http_port", 8123 FF NetworkProxy: "socks", "223.83.108.22 " FF NetworkProxy: "socks_port", 8123 FF NetworkProxy: "ssl", "223.83.108.22 " FF NetworkProxy: "ssl_port", 8123 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Adblock Plus - C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\bk8638v2.default-1396303935625\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR StartupUrls: "hxxp://www.google.com/" CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17] CHR Extension: (Dysk Google) - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17] CHR Extension: (YouTube) - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17] CHR Extension: (McAfee Security Scan+) - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-31] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17] CHR Extension: (AdBlock) - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-19] CHR Extension: (avast! Online Security) - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-17] CHR Extension: (Google Wallet) - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-17] CHR Extension: (Gmail) - C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-02] ========================== Services (Whitelisted) ================= R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2010-05-21] (Atheros) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-02] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-17] (Oracle Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2014-03-17] () ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-06-19] (Advanced Micro Devices) R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1714176 2010-01-05] (Atheros Communications, Inc.) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-02] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-02] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-02] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-02] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-02] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-02] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180760 2014-04-02] () S3 gdrv; C:\WINDOWS\gdrv.sys [14656 2014-03-16] (Windows (R) Codename Longhorn DDK provider) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation) S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation) R3 Razerlow; C:\WINDOWS\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2010-05-21] (Atheros Communications, Inc.) S3 catchme; \??\C:\DOCUME~1\Tomek\USTAWI~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath S3 NVHDA; system32\drivers\nvhda32.sys [X] U3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-24 20:41 - 2014-04-24 20:42 - 00000000 ____D () C:\FRST 2014-04-24 18:09 - 2014-04-24 18:09 - 00020014 _____ () C:\ComboFix.txt 2014-04-22 15:31 - 2014-04-24 19:01 - 00000011 _____ () C:\Documents and Settings\Tomek\Pulpit\autoexec.cfg 2014-04-21 20:47 - 2014-04-22 05:25 - 00000000 __SHD () C:\WINDOWS\system32\AI_RecycleBin 2014-04-21 20:47 - 2014-04-21 20:47 - 00000000 ____D () C:\Program Files\Pando Networks 2014-04-21 20:37 - 2014-04-21 20:47 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\Riot Games 2014-04-19 23:51 - 2014-04-19 23:51 - 00000000 ____D () C:\Documents and Settings\Tomek\Moje dokumenty\CC 2014-04-19 22:06 - 2014-04-19 22:26 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt 2014-04-19 22:06 - 2014-04-19 22:20 - 00000000 ____D () C:\Documents and Settings\Tomek\Doctor Web 2014-04-19 21:54 - 2014-04-19 21:54 - 00006998 _____ () C:\Documents and Settings\Tomek\Pulpit\hijackthis.log 2014-04-19 21:31 - 2014-04-19 21:31 - 00000000 _RSHD () C:\cmdcons 2014-04-19 21:31 - 2014-03-16 22:38 - 00000223 _____ () C:\Boot.bak 2014-04-19 21:31 - 2004-08-03 23:00 - 00262400 __RSH () C:\cmldr 2014-04-19 21:29 - 2014-04-24 18:09 - 00000000 ____D () C:\Qoobox 2014-04-19 21:29 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-04-19 21:29 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-04-19 21:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-04-19 21:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-04-19 21:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-04-19 21:29 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-04-19 21:29 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-04-19 21:29 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-04-19 21:29 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-04-18 17:19 - 2014-04-18 17:19 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Skyrim 2014-04-18 17:17 - 2014-04-18 17:17 - 00063432 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2014-04-18 17:16 - 2014-04-18 17:18 - 00000552 _____ () C:\WINDOWS\spupdsvc.log 2014-04-18 17:10 - 2014-04-18 17:10 - 00000000 ____D () C:\Documents and Settings\Tomek\Moje dokumenty\My Games 2014-04-18 13:35 - 2014-04-18 13:35 - 00000205 _____ () C:\Documents and Settings\Tomek\Pulpit\The Elder Scrolls V Skyrim.url 2014-04-17 04:07 - 2014-04-17 04:07 - 00000000 ____D () C:\Documents and Settings\Tomek\Moje dokumenty\Tor Browser 2014-04-17 03:04 - 2014-04-17 03:04 - 00000000 ____D () C:\WINDOWS\Sun 2014-04-17 03:04 - 2014-04-17 03:04 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Sun 2014-04-17 02:59 - 2014-04-17 02:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-17 02:59 - 2014-04-17 02:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-17 02:59 - 2014-04-17 02:59 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-17 02:59 - 2014-04-17 02:59 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-17 02:59 - 2014-04-17 02:59 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-17 02:59 - 2014-04-17 02:59 - 00000000 ____D () C:\Program Files\Java 2014-04-17 02:59 - 2014-04-17 02:59 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-04-17 02:59 - 2014-04-17 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-17 02:59 - 2014-04-17 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Sun 2014-04-17 02:58 - 2014-04-17 02:58 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\Sun 2014-04-16 18:41 - 2014-04-16 18:41 - 00000608 _____ () C:\Documents and Settings\All Users\Pulpit\Icewind Dale + Serce Zimy.lnk 2014-04-16 18:41 - 2014-04-16 18:41 - 00000155 _____ () C:\WINDOWS\DirectX.log 2014-04-16 18:39 - 2014-04-16 18:39 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Saga Icewind Dale DVD 2014-04-16 18:26 - 2014-04-16 18:26 - 00000552 _____ () C:\Documents and Settings\Tomek\Pulpit\Baldur's Gate II.lnk 2014-04-16 18:26 - 2014-04-16 18:26 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Bioware 2014-04-15 21:35 - 2014-04-24 17:59 - 00036852 _____ () C:\WINDOWS\setupapi.log 2014-04-15 21:35 - 2014-04-15 21:35 - 00000539 _____ () C:\Documents and Settings\All Users\Pulpit\S.T.A.L.K.E.R. - Zew Prypeci.lnk 2014-04-15 21:35 - 2014-04-15 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GSC World Publishing 2014-04-13 21:26 - 2014-04-13 21:26 - 00000338 _____ () C:\Documents and Settings\Tomek\Pulpit\Skrót do Gry.lnk 2014-04-09 15:55 - 2014-04-09 15:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-07 19:46 - 2014-04-07 22:25 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\foobar2000 2014-04-07 19:46 - 2014-04-07 19:46 - 00000782 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\foobar2000.lnk 2014-04-07 19:46 - 2014-04-07 19:46 - 00000706 _____ () C:\Documents and Settings\All Users\Pulpit\foobar2000.lnk 2014-04-07 19:45 - 2014-04-07 19:46 - 00000000 ____D () C:\Program Files\foobar2000 2014-04-07 12:29 - 2014-04-24 20:42 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit\LoL 2014-04-05 19:09 - 2014-04-05 19:09 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\MPC-HC 2014-04-05 19:08 - 2014-04-05 19:08 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-04-05 19:08 - 2014-04-05 19:08 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\K-Lite Codec Pack 2014-04-05 19:08 - 2013-12-01 15:10 - 00218200 _____ () C:\WINDOWS\system32\unrar.dll 2014-04-05 19:04 - 2014-04-07 19:48 - 00003584 _____ () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-05 14:22 - 2014-04-05 14:22 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\SuperMemo World 2014-04-05 14:21 - 2014-04-05 14:22 - 00000000 ____D () C:\Program Files\SuperMemo UX 2014-04-05 14:21 - 2014-04-05 14:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\SuperMemo UX 2014-04-05 14:21 - 2014-04-05 14:21 - 00000715 _____ () C:\Documents and Settings\All Users\Pulpit\SuperMemo UX.lnk 2014-04-05 14:21 - 2014-04-05 14:21 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\SuperMemo World 2014-04-05 14:14 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys 2014-04-05 14:14 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys 2014-04-05 14:13 - 2014-04-24 20:40 - 00000476 _____ () C:\WINDOWS\Tasks\At2.job 2014-04-05 14:13 - 2014-04-24 14:00 - 00000476 _____ () C:\WINDOWS\Tasks\At4.job 2014-04-05 14:13 - 2014-04-24 10:10 - 00000476 _____ () C:\WINDOWS\Tasks\At1.job 2014-04-05 14:13 - 2014-04-23 14:13 - 00000476 _____ () C:\WINDOWS\Tasks\At3.job 2014-04-05 14:13 - 2014-04-05 14:13 - 00002017 _____ () C:\Documents and Settings\All Users\Pulpit\HP Deskjet 2050 J510 series.lnk 2014-04-05 14:13 - 2014-04-05 14:13 - 00000939 _____ () C:\Documents and Settings\All Users\Pulpit\Zakup materiałów eksploatacyjnych - HP Deskjet 2050 J510 series.lnk 2014-04-05 14:13 - 2014-04-05 14:13 - 00000057 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini 2014-04-05 14:13 - 2014-04-05 14:13 - 00000000 ____D () C:\Program Files\HP 2014-04-05 14:13 - 2014-04-05 14:13 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\HpUpdate 2014-04-05 14:13 - 2014-04-05 14:13 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\HP 2014-04-05 14:13 - 2014-04-05 14:13 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\HP 2014-04-05 14:13 - 2012-09-12 14:43 - 01979280 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrv_DJ2050_J510.dll 2014-04-05 14:13 - 2012-09-12 14:43 - 00529296 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinksts8711.dll 2014-04-05 14:13 - 2012-09-12 14:43 - 00496016 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia1_DJ2050_J510.dll 2014-04-05 14:13 - 2012-09-12 14:43 - 00269200 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinksts8711LM.dll 2014-04-05 14:13 - 2012-09-12 14:43 - 00221072 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkcoi8711.dll 2014-04-05 14:13 - 2012-09-12 14:04 - 02216848 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkins8711.exe 2014-04-05 14:12 - 2014-04-05 14:14 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\HP 2014-04-05 02:19 - 2014-04-05 02:19 - 00000620 _____ () C:\Documents and Settings\Tomek\Pulpit\Skrót do One Unit Whole Blood.lnk 2014-04-05 01:38 - 2014-04-05 01:38 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DOSBox 2014-04-02 19:51 - 2014-04-02 19:51 - 00000000 ____D () C:\Program Files\Realtek 2014-04-02 19:51 - 2013-11-05 19:47 - 05589720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtkHDAud.sys 2014-04-02 19:51 - 2013-10-25 11:38 - 00026084 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2014-04-02 19:51 - 2013-10-04 12:29 - 20145368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE 2014-04-02 19:51 - 2013-09-24 18:59 - 00086232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoInstIIXP.dll 2014-04-02 19:51 - 2013-09-13 18:44 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll 2014-04-02 19:51 - 2013-08-01 19:47 - 01523416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlUpd.exe 2014-04-02 19:51 - 2013-03-05 15:37 - 00891976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSndMgr.CPL 2014-04-02 19:51 - 2011-11-22 16:28 - 00011368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDRXP.dll 2014-04-02 19:51 - 2010-11-03 18:15 - 09721960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTLCPL.EXE 2014-04-02 19:51 - 2010-11-03 18:15 - 00359016 _____ (Realtek Semiconductor Crop.) C:\WINDOWS\vncutil.exe 2014-04-02 19:51 - 2010-11-03 18:15 - 00084584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE 2014-04-02 19:51 - 2010-11-03 18:14 - 02180712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\MicCal.exe 2014-04-02 19:51 - 2010-11-03 18:14 - 00129640 _____ (Realtek Semiconductor) C:\WINDOWS\RtkAudioService.exe 2014-04-02 19:51 - 2010-11-03 18:13 - 02815592 _____ (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE 2014-04-02 19:51 - 2010-11-03 18:13 - 00285288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\ALSNDMGR.CPL 2014-04-02 19:51 - 2010-11-03 18:13 - 00064104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE 2014-04-02 19:51 - 2009-11-18 07:17 - 01395800 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\Monfilt.sys 2014-04-02 19:51 - 2009-11-18 07:16 - 01691480 _____ (Creative) C:\WINDOWS\system32\Drivers\Ambfilt.sys 2014-04-02 19:33 - 2014-04-02 19:33 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-01 21:11 - 2014-04-01 21:11 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Unity 2014-04-01 21:11 - 2014-04-01 21:11 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\Unity 2014-04-01 00:15 - 2014-04-01 00:15 - 00000730 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2014-04-01 00:15 - 2014-04-01 00:15 - 00000724 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2014-04-01 00:15 - 2014-04-01 00:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-01 00:12 - 2014-04-01 00:12 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit\Stare dane programu Firefox 2014-04-01 00:04 - 2014-04-01 00:04 - 00000000 ____D () C:\WINDOWS\Uninstall 2014-03-31 22:31 - 2014-04-19 22:27 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-03-31 22:31 - 2014-04-14 02:00 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2014-03-31 22:31 - 2014-04-14 02:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-03-31 22:31 - 2014-04-14 02:00 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-03-31 22:31 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-03-31 22:31 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-31 22:31 - 2014-03-31 22:31 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-03-31 22:19 - 2014-04-19 21:37 - 00000000 ____D () C:\WINDOWS\erdnt 2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ___RD () C:\Documents and Settings\Tomek\Moje dokumenty\Moje wideo 2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ___RD () C:\Documents and Settings\Tomek\Menu Start\Programy\Narzędzia administracyjne 2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty\Moje wideo 2014-03-30 23:50 - 2014-03-30 23:50 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-30 23:50 - 2014-03-30 23:50 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\McAfee 2014-03-30 23:50 - 2014-03-30 23:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus 2014-03-30 23:24 - 2014-03-30 23:24 - 00000000 ____D () C:\WINDOWS\pss 2014-03-30 15:38 - 2014-03-30 15:38 - 00000463 _____ () C:\Documents and Settings\All Users\Pulpit\Morrowind.lnk 2014-03-30 15:38 - 2014-03-30 15:38 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Bethesda Softworks 2014-03-30 14:48 - 2014-04-09 09:32 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\DAEMON Tools Lite 2014-03-30 14:30 - 2014-04-01 00:03 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite 2014-03-29 20:23 - 2014-03-29 20:23 - 00001804 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader 9.lnk 2014-03-29 20:23 - 2014-03-29 20:23 - 00001729 _____ () C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk 2014-03-29 20:23 - 2014-03-29 20:23 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-29 20:23 - 2014-03-29 20:23 - 00000000 ____D () C:\Program Files\Adobe 2014-03-29 20:23 - 2014-03-29 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2014-03-29 20:20 - 2014-04-05 01:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GOG.com 2014-03-29 20:20 - 2014-03-29 20:20 - 00004052 _____ () C:\WINDOWS\system32\ST5UNST.LOG 2014-03-29 20:20 - 2014-03-29 20:20 - 00000608 _____ () C:\Documents and Settings\All Users\Pulpit\Unreal Gold.lnk 2014-03-29 20:20 - 2014-03-29 20:20 - 00000078 _____ () C:\WINDOWS\system32\ilent 2014-03-29 20:20 - 2014-03-29 20:20 - 00000000 ____D () C:\Documents and Settings\Tomek\Menu Start\Programy\Startup 2014-03-29 20:20 - 1998-01-24 03:39 - 00196880 _____ (Microsoft Corporation) C:\WINDOWS\system32\richtx32.ocx 2014-03-29 20:20 - 1997-07-19 17:01 - 00192784 _____ (Microsoft Corporation) C:\WINDOWS\system32\TABCTL32.OCX 2014-03-29 20:20 - 1997-07-19 17:00 - 00604432 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMCTL32.OCX 2014-03-29 20:20 - 1997-07-19 17:00 - 00129808 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMDLG32.OCX 2014-03-29 20:20 - 1997-01-16 10:11 - 00075536 _____ (Microsoft Corporation) C:\WINDOWS\system32\picclp32.ocx 2014-03-29 20:20 - 1995-07-26 01:00 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\WINDOWS\system32\threed32.ocx 2014-03-29 20:20 - 1995-07-26 01:00 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\grid32.ocx 2014-03-29 20:20 - 1995-07-26 01:00 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoutl32.ocx 2014-03-29 20:19 - 1997-01-16 00:00 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\ST5UNST.EXE 2014-03-29 20:19 - 1997-01-16 00:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB5StKit.dll 2014-03-29 12:00 - 2014-04-01 00:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-04-24 20:42 - 2014-04-24 20:41 - 00000000 ____D () C:\FRST 2014-04-24 20:42 - 2014-04-07 12:29 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit\LoL 2014-04-24 20:41 - 2014-03-16 22:48 - 00000000 ____D () C:\Documents and Settings\Tomek\Moje dokumenty\Pobieranie 2014-04-24 20:40 - 2014-04-05 14:13 - 00000476 _____ () C:\WINDOWS\Tasks\At2.job 2014-04-24 20:30 - 2014-03-17 00:02 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-04-24 20:26 - 2014-03-21 01:15 - 00005338 _____ () C:\WINDOWS\system32\nvAppTimestamps 2014-04-24 20:26 - 2014-03-16 22:23 - 01201328 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-24 20:25 - 2014-03-17 00:01 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-24 20:25 - 2014-03-16 23:46 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-04-24 20:25 - 2014-03-16 23:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-04-24 20:25 - 2014-03-16 23:08 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-04-24 20:25 - 2014-03-16 22:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-24 20:24 - 2014-03-16 22:33 - 00000188 ___SH () C:\Documents and Settings\Tomek\ntuser.ini 2014-04-24 20:02 - 2014-03-16 22:42 - 00393216 _____ () C:\WINDOWS\system32\config\ACS.evt 2014-04-24 20:02 - 2014-03-16 22:31 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt 2014-04-24 19:16 - 2014-03-17 00:01 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-24 19:05 - 2014-03-20 02:56 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit\GG 2014-04-24 19:01 - 2014-04-22 15:31 - 00000011 _____ () C:\Documents and Settings\Tomek\Pulpit\autoexec.cfg 2014-04-24 18:50 - 2008-04-15 14:00 - 00013064 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-24 18:12 - 2014-03-16 22:31 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-04-24 18:12 - 2014-03-16 22:26 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-04-24 18:09 - 2014-04-24 18:09 - 00020014 _____ () C:\ComboFix.txt 2014-04-24 18:09 - 2014-04-19 21:29 - 00000000 ____D () C:\Qoobox 2014-04-24 18:09 - 2014-03-16 22:33 - 00000000 ___HD () C:\Documents and Settings\Tomek\Ustawienia lokalne 2014-04-24 18:09 - 2014-03-16 22:31 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne 2014-04-24 18:09 - 2014-03-16 22:26 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne 2014-04-24 18:08 - 2008-04-15 14:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-04-24 18:04 - 2014-03-16 22:33 - 00000000 __RHD () C:\Documents and Settings\Tomek\Dane aplikacji 2014-04-24 17:59 - 2014-04-15 21:35 - 00036852 _____ () C:\WINDOWS\setupapi.log 2014-04-24 17:59 - 2014-03-16 23:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-04-24 17:59 - 2014-03-16 23:05 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-04-24 17:04 - 2014-03-17 18:07 - 00000000 ____D () C:\Documents and Settings\Tomek\Menu Start\Programy\Steam 2014-04-24 16:53 - 2014-03-16 22:33 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit 2014-04-24 14:00 - 2014-04-05 14:13 - 00000476 _____ () C:\WINDOWS\Tasks\At4.job 2014-04-24 10:10 - 2014-04-05 14:13 - 00000476 _____ () C:\WINDOWS\Tasks\At1.job 2014-04-23 15:46 - 2014-03-16 23:58 - 00012720 _____ () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-04-23 14:13 - 2014-04-05 14:13 - 00000476 _____ () C:\WINDOWS\Tasks\At3.job 2014-04-22 05:25 - 2014-04-21 20:47 - 00000000 __SHD () C:\WINDOWS\system32\AI_RecycleBin 2014-04-21 20:51 - 2014-03-16 23:04 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-04-21 20:51 - 2014-03-16 22:33 - 00000000 ___HD () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji 2014-04-21 20:48 - 2014-03-16 22:23 - 00000000 ____D () C:\WINDOWS\system32\DirectX 2014-04-21 20:47 - 2014-04-21 20:47 - 00000000 ____D () C:\Program Files\Pando Networks 2014-04-21 20:47 - 2014-04-21 20:37 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\Riot Games 2014-04-19 23:51 - 2014-04-19 23:51 - 00000000 ____D () C:\Documents and Settings\Tomek\Moje dokumenty\CC 2014-04-19 23:51 - 2014-03-16 22:33 - 00000000 ___RD () C:\Documents and Settings\Tomek\Moje dokumenty 2014-04-19 23:45 - 2014-03-16 23:06 - 01252008 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-19 23:45 - 2008-04-15 14:00 - 00554468 _____ () C:\WINDOWS\system32\perfh015.dat 2014-04-19 23:45 - 2008-04-15 14:00 - 00104156 _____ () C:\WINDOWS\system32\perfc015.dat 2014-04-19 22:27 - 2014-03-31 22:31 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-19 22:26 - 2014-04-19 22:06 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt 2014-04-19 22:26 - 2014-03-16 22:33 - 00000000 ____D () C:\Documents and Settings\Tomek 2014-04-19 22:20 - 2014-04-19 22:06 - 00000000 ____D () C:\Documents and Settings\Tomek\Doctor Web 2014-04-19 21:54 - 2014-04-19 21:54 - 00006998 _____ () C:\Documents and Settings\Tomek\Pulpit\hijackthis.log 2014-04-19 21:37 - 2014-03-31 22:19 - 00000000 ____D () C:\WINDOWS\erdnt 2014-04-19 21:31 - 2014-04-19 21:31 - 00000000 _RSHD () C:\cmdcons 2014-04-19 21:31 - 2014-03-16 23:02 - 00000339 __RSH () C:\boot.ini 2014-04-19 16:30 - 2014-03-16 23:03 - 00097456 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-18 17:35 - 2014-03-16 22:53 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-04-18 17:19 - 2014-04-18 17:19 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Skyrim 2014-04-18 17:18 - 2014-04-18 17:16 - 00000552 _____ () C:\WINDOWS\spupdsvc.log 2014-04-18 17:17 - 2014-04-18 17:17 - 00063432 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2014-04-18 17:17 - 2014-03-17 01:40 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer 2014-04-18 17:17 - 2014-03-16 22:31 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2014-04-18 17:12 - 2014-03-16 23:06 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-04-18 17:10 - 2014-04-18 17:10 - 00000000 ____D () C:\Documents and Settings\Tomek\Moje dokumenty\My Games 2014-04-18 13:35 - 2014-04-18 13:35 - 00000205 _____ () C:\Documents and Settings\Tomek\Pulpit\The Elder Scrolls V Skyrim.url 2014-04-18 09:04 - 2014-03-16 23:50 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-04-18 09:04 - 2014-03-16 23:50 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-04-18 09:04 - 2014-03-16 23:49 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Adobe 2014-04-17 19:02 - 2014-03-16 23:50 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\Adobe 2014-04-17 04:07 - 2014-04-17 04:07 - 00000000 ____D () C:\Documents and Settings\Tomek\Moje dokumenty\Tor Browser 2014-04-17 03:04 - 2014-04-17 03:04 - 00000000 ____D () C:\WINDOWS\Sun 2014-04-17 03:04 - 2014-04-17 03:04 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Sun 2014-04-17 02:59 - 2014-04-17 02:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-17 02:59 - 2014-04-17 02:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-17 02:59 - 2014-04-17 02:59 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-17 02:59 - 2014-04-17 02:59 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-17 02:59 - 2014-04-17 02:59 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-17 02:59 - 2014-04-17 02:59 - 00000000 ____D () C:\Program Files\Java 2014-04-17 02:59 - 2014-04-17 02:59 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-04-17 02:59 - 2014-04-17 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-17 02:59 - 2014-04-17 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Sun 2014-04-17 02:58 - 2014-04-17 02:58 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\Sun 2014-04-16 23:18 - 2014-03-17 00:32 - 00268952 _____ () C:\WINDOWS\system32\PnkBstrB.xtr 2014-04-16 23:18 - 2014-03-17 00:17 - 00137176 _____ () C:\WINDOWS\system32\Drivers\PnkBstrK.sys 2014-04-16 23:18 - 2014-03-17 00:16 - 00268952 _____ () C:\WINDOWS\system32\PnkBstrB.exe 2014-04-16 18:41 - 2014-04-16 18:41 - 00000608 _____ () C:\Documents and Settings\All Users\Pulpit\Icewind Dale + Serce Zimy.lnk 2014-04-16 18:41 - 2014-04-16 18:41 - 00000155 _____ () C:\WINDOWS\DirectX.log 2014-04-16 18:39 - 2014-04-16 18:39 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Saga Icewind Dale DVD 2014-04-16 18:39 - 2014-03-16 22:38 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-04-16 18:26 - 2014-04-16 18:26 - 00000552 _____ () C:\Documents and Settings\Tomek\Pulpit\Baldur's Gate II.lnk 2014-04-16 18:26 - 2014-04-16 18:26 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Bioware 2014-04-15 21:35 - 2014-04-15 21:35 - 00000539 _____ () C:\Documents and Settings\All Users\Pulpit\S.T.A.L.K.E.R. - Zew Prypeci.lnk 2014-04-15 21:35 - 2014-04-15 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GSC World Publishing 2014-04-15 17:53 - 2014-03-17 00:16 - 00268952 _____ () C:\WINDOWS\system32\PnkBstrB.ex0 2014-04-15 16:48 - 2014-03-21 00:40 - 00004000 _____ () C:\Documents and Settings\Tomek\Moje dokumenty\cc_20140320_234041.reg 2014-04-14 02:00 - 2014-03-31 22:31 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2014-04-14 02:00 - 2014-03-31 22:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-14 02:00 - 2014-03-31 22:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-04-13 21:26 - 2014-04-13 21:26 - 00000338 _____ () C:\Documents and Settings\Tomek\Pulpit\Skrót do Gry.lnk 2014-04-11 00:47 - 2014-03-17 00:02 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2014-04-09 15:55 - 2014-04-09 15:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-09 15:55 - 2014-03-16 23:41 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-09 15:52 - 2014-03-16 23:20 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-04-09 15:52 - 2014-03-16 23:18 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-09 09:32 - 2014-03-30 14:48 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\DAEMON Tools Lite 2014-04-09 09:32 - 2014-03-19 23:07 - 00000000 ____D () C:\WINDOWS\Minidump 2014-04-08 15:00 - 2014-03-16 23:46 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-04-07 22:25 - 2014-04-07 19:46 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\foobar2000 2014-04-07 19:48 - 2014-04-05 19:04 - 00003584 _____ () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-07 19:46 - 2014-04-07 19:46 - 00000782 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\foobar2000.lnk 2014-04-07 19:46 - 2014-04-07 19:46 - 00000706 _____ () C:\Documents and Settings\All Users\Pulpit\foobar2000.lnk 2014-04-07 19:46 - 2014-04-07 19:45 - 00000000 ____D () C:\Program Files\foobar2000 2014-04-05 19:09 - 2014-04-05 19:09 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\MPC-HC 2014-04-05 19:08 - 2014-04-05 19:08 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack 2014-04-05 19:08 - 2014-04-05 19:08 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\K-Lite Codec Pack 2014-04-05 19:04 - 2014-03-16 22:33 - 00000792 _____ () C:\Documents and Settings\Tomek\Menu Start\Programy\Windows Media Player.lnk 2014-04-05 19:04 - 2014-03-16 22:33 - 00000000 ___RD () C:\Documents and Settings\Tomek\Menu Start\Programy 2014-04-05 14:22 - 2014-04-05 14:22 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\SuperMemo World 2014-04-05 14:22 - 2014-04-05 14:21 - 00000000 ____D () C:\Program Files\SuperMemo UX 2014-04-05 14:22 - 2014-04-05 14:21 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\SuperMemo UX 2014-04-05 14:21 - 2014-04-05 14:21 - 00000715 _____ () C:\Documents and Settings\All Users\Pulpit\SuperMemo UX.lnk 2014-04-05 14:21 - 2014-04-05 14:21 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\SuperMemo World 2014-04-05 14:14 - 2014-04-05 14:12 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\HP 2014-04-05 14:14 - 2014-03-16 22:33 - 00000000 ___RD () C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart 2014-04-05 14:14 - 2014-03-16 22:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria 2014-04-05 14:13 - 2014-04-05 14:13 - 00002017 _____ () C:\Documents and Settings\All Users\Pulpit\HP Deskjet 2050 J510 series.lnk 2014-04-05 14:13 - 2014-04-05 14:13 - 00000939 _____ () C:\Documents and Settings\All Users\Pulpit\Zakup materiałów eksploatacyjnych - HP Deskjet 2050 J510 series.lnk 2014-04-05 14:13 - 2014-04-05 14:13 - 00000057 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini 2014-04-05 14:13 - 2014-04-05 14:13 - 00000000 ____D () C:\Program Files\HP 2014-04-05 14:13 - 2014-04-05 14:13 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\HpUpdate 2014-04-05 14:13 - 2014-04-05 14:13 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\HP 2014-04-05 14:13 - 2014-04-05 14:13 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\HP 2014-04-05 14:13 - 2014-03-16 22:56 - 00000000 ____D () C:\WINDOWS\twain_32 2014-04-05 02:19 - 2014-04-05 02:19 - 00000620 _____ () C:\Documents and Settings\Tomek\Pulpit\Skrót do One Unit Whole Blood.lnk 2014-04-05 01:38 - 2014-04-05 01:38 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DOSBox 2014-04-05 01:24 - 2014-03-29 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GOG.com 2014-04-03 09:51 - 2014-03-31 22:31 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-03 09:50 - 2014-03-31 22:31 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-04-02 19:52 - 2014-03-16 22:38 - 00000000 ____D () C:\WINDOWS\system32\RTCOM 2014-04-02 19:51 - 2014-04-02 19:51 - 00000000 ____D () C:\Program Files\Realtek 2014-04-02 19:33 - 2014-04-02 19:33 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-02 19:33 - 2014-03-17 00:02 - 00001733 _____ () C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk 2014-04-02 19:33 - 2014-03-17 00:01 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-04-02 19:33 - 2014-03-17 00:01 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-04-02 19:33 - 2014-03-17 00:01 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-04-02 19:33 - 2014-03-17 00:01 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-04-02 19:33 - 2014-03-17 00:01 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-04-02 19:33 - 2014-03-17 00:01 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-04-02 19:33 - 2014-03-17 00:01 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-04-02 19:33 - 2014-03-17 00:01 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-04-01 21:11 - 2014-04-01 21:11 - 00000000 ____D () C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Unity 2014-04-01 21:11 - 2014-04-01 21:11 - 00000000 ____D () C:\Documents and Settings\Tomek\Dane aplikacji\Unity 2014-04-01 00:15 - 2014-04-01 00:15 - 00000730 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2014-04-01 00:15 - 2014-04-01 00:15 - 00000724 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2014-04-01 00:15 - 2014-04-01 00:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-01 00:15 - 2014-03-29 12:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-01 00:12 - 2014-04-01 00:12 - 00000000 ____D () C:\Documents and Settings\Tomek\Pulpit\Stare dane programu Firefox 2014-04-01 00:04 - 2014-04-01 00:04 - 00000000 ____D () C:\WINDOWS\Uninstall 2014-04-01 00:03 - 2014-03-30 14:30 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite 2014-03-31 23:37 - 2014-03-16 23:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$ 2014-03-31 22:31 - 2014-03-31 22:31 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ___RD () C:\Documents and Settings\Tomek\Moje dokumenty\Moje wideo 2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ___RD () C:\Documents and Settings\Tomek\Menu Start\Programy\Narzędzia administracyjne 2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty\Moje wideo 2014-03-31 22:19 - 2014-03-16 23:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2014-03-30 23:50 - 2014-03-30 23:50 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-03-30 23:50 - 2014-03-30 23:50 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\McAfee 2014-03-30 23:50 - 2014-03-30 23:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus 2014-03-30 23:50 - 2014-03-16 23:50 - 00001777 _____ () C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk 2014-03-30 23:50 - 2014-03-16 23:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2014-03-30 23:50 - 2014-03-16 22:31 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji 2014-03-30 23:24 - 2014-03-30 23:24 - 00000000 ____D () C:\WINDOWS\pss 2014-03-30 22:43 - 2014-03-21 23:51 - 00000077 _____ () C:\Documents and Settings\Tomek\Moje dokumenty\Nowy Dokument tekstowy.txt 2014-03-30 15:38 - 2014-03-30 15:38 - 00000463 _____ () C:\Documents and Settings\All Users\Pulpit\Morrowind.lnk 2014-03-30 15:38 - 2014-03-30 15:38 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Bethesda Softworks 2014-03-29 20:23 - 2014-03-29 20:23 - 00001804 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader 9.lnk 2014-03-29 20:23 - 2014-03-29 20:23 - 00001729 _____ () C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk 2014-03-29 20:23 - 2014-03-29 20:23 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-29 20:23 - 2014-03-29 20:23 - 00000000 ____D () C:\Program Files\Adobe 2014-03-29 20:23 - 2014-03-29 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2014-03-29 20:20 - 2014-03-29 20:20 - 00004052 _____ () C:\WINDOWS\system32\ST5UNST.LOG 2014-03-29 20:20 - 2014-03-29 20:20 - 00000608 _____ () C:\Documents and Settings\All Users\Pulpit\Unreal Gold.lnk 2014-03-29 20:20 - 2014-03-29 20:20 - 00000078 _____ () C:\WINDOWS\system32\ilent 2014-03-29 20:20 - 2014-03-29 20:20 - 00000000 ____D () C:\Documents and Settings\Tomek\Menu Start\Programy\Startup 2014-03-28 20:50 - 2014-03-21 00:57 - 01144608 _____ () C:\WINDOWS\system32\nvdrsdb1.bin 2014-03-28 20:50 - 2014-03-21 00:57 - 01144608 _____ () C:\WINDOWS\system32\nvdrsdb0.bin 2014-03-28 20:50 - 2014-03-21 00:57 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2008-04-15 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\WINDOWS\system32\User32.dll [2008-04-15 14:00] - [2008-04-15 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2008-04-15 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2008-04-15 14:00] - [2008-04-15 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================