Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014 Ran by user (administrator) on LAPTOP on 04-05-2014 17:45:58 Running from C:\Documents and Settings\user\Pulpit Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Corporation) C:\WINDOWS\system32\accelerometerST.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe () C:\Program Files\WiseEnhance\updateWiseEnhance.exe () C:\Program Files\WiseEnhance\bin\utilWiseEnhance.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-20] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated) HKLM\...\Run: [AccelerometerSysTrayApplet] => c:\WINDOWS\System32\accelerometerST.exe [82488 2009-01-22] (Hewlett-Packard Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3873704 2014-04-18] (AVAST Software) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247728 2011-03-09] (TomTom) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [1961984 2005-07-14] (Ahead Software AG) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_182_Plugin.exe [844464 2014-04-27] (Adobe Systems Incorporated) HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\MountPoints2: {29fe55f8-3aca-11e2-b2f8-18a90599487c} - G:\urDrive.exe HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\MountPoints2: {8e82c340-60ce-11e2-81e1-806d6172696f} - G:\Starter.exe HKU\S-1-5-21-746137067-1390067357-839522115-1003\...\MountPoints2: {b591830d-5999-11e1-b0e8-18a90599487c} - H:\Nokia_Ovi_Suite_3_0_0_291_ALL.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stacjebenzynowe.pl/index.php HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKCU - DefaultScope {42168F92-DA71-42E6-BC7F-132EAC1F1899} URL = http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com%2F <===== ATTENTION SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {42168F92-DA71-42E6-BC7F-132EAC1F1899} URL = http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com%2F <===== ATTENTION SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: WiseEnhance - {bc8c4384-d19c-474b-a298-c90b7e5c5204} - C:\Program Files\WiseEnhance\WiseEnhancebho.dll (WiseEnhance) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\6nnf3cfr.default FF Homepage: poczta.fm FF NetworkProxy: "backup.ftp", "127.0.0.1" FF NetworkProxy: "backup.ftp_port", 9666 FF NetworkProxy: "backup.gopher", "127.0.0.1" FF NetworkProxy: "backup.gopher_port", 9666 FF NetworkProxy: "backup.socks", "127.0.0.1" FF NetworkProxy: "backup.socks_port", 9666 FF NetworkProxy: "backup.ssl", "127.0.0.1" FF NetworkProxy: "backup.ssl_port", 9666 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 9666 FF NetworkProxy: "gopher", "127.0.0.1" FF NetworkProxy: "gopher_port", 9666 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 9666 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "127.0.0.1" FF NetworkProxy: "socks_port", 9666 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 9666 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\6nnf3cfr.default\searchplugins\youtube-video-search.xml FF Extension: Flashblock - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\6nnf3cfr.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-17] FF Extension: DivX Web Player - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\6nnf3cfr.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-12-29] FF Extension: WiseEnhance - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\6nnf3cfr.default\Extensions\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}.xpi [2014-04-25] FF Extension: Adblock Plus - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\6nnf3cfr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-28] FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-04-30] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-04-30] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-04-30] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-04-18] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) R2 Update WiseEnhance; C:\Program Files\WiseEnhance\updateWiseEnhance.exe [316704 2014-05-04] () R2 Util WiseEnhance; C:\Program Files\WiseEnhance\bin\utilWiseEnhance.exe [316704 2014-05-04] () R2 yksvc; C:\WINDOWS\System32\yk51x86.dll [282624 2009-06-04] (Marvell) ==================== Drivers (Whitelisted) ==================== R3 5U876UVC; C:\WINDOWS\System32\DRIVERS\5U876.sys [118656 2009-06-30] (Ricoh co.,Ltd.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-18] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-18] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-18] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-18] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-18] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-18] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-18] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-18] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1735296 2010-01-13] (Broadcom Corporation) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.) R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-01-14] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S4 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [5504 2004-03-02] (Ahead Software AG) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-01-17] (Duplex Secure Ltd.) R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [10144 2003-05-14] (Logitech Inc.) S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [21216 2003-05-14] (Logitech Inc.) S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [13920 2003-05-14] (Logitech Inc.) S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [5728 2003-05-14] (Logitech Inc.) R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [44288 2003-05-14] (Logitech Inc.) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [297728 2009-06-04] (Marvell) R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gt; C:\WINDOWS\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gt.sys [55232 2014-04-24] (StdLib) S3 CnxEtP; system32\DRIVERS\CnxEtP.sys [X] S3 CnxEtU; system32\DRIVERS\CnxEtU.sys [X] S3 CnxTgNW; system32\DRIVERS\CnxTgNW.sys [X] S3 e4usbaw; system32\DRIVERS\e4usbaw.sys [X] S0 hobgjgic; No ImagePath S2 IKANLOADER2; System32\Drivers\e4ldr.sys [X] S4 IntelIde; No ImagePath S0 izgmjg; No ImagePath S0 motbgwoz; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-04 17:45 - 2014-05-04 17:46 - 00016092 _____ () C:\Documents and Settings\user\Pulpit\FRST.txt 2014-05-04 17:44 - 2014-05-04 17:45 - 00000000 ____D () C:\FRST 2014-05-04 17:43 - 2014-05-04 17:44 - 01050624 _____ (Farbar) C:\Documents and Settings\user\Pulpit\FRST.exe 2014-04-30 08:18 - 2014-04-30 08:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-29 22:38 - 2014-04-29 22:38 - 00509178 _____ () C:\Documents and Settings\user\Pulpit\PIT ASKA.rar 2014-04-29 22:37 - 2014-04-29 22:38 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\PIT ASKA 2014-04-28 21:57 - 2014-04-24 12:32 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gt.sys 2014-04-26 11:33 - 2014-04-26 11:33 - 04539051 _____ () C:\Documents and Settings\user\Pulpit\BABCIA PIT.rar 2014-04-26 11:33 - 2014-04-26 11:33 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\BABCIA PIT 2014-04-26 11:26 - 2014-04-26 11:26 - 00707504 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.exe 2014-04-25 15:50 - 2014-04-25 15:50 - 00030462 _____ () C:\Documents and Settings\user\hs_err_pid2716.log 2014-04-25 15:42 - 2014-04-25 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-25 15:42 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-25 15:42 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-25 15:42 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-25 15:42 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-25 15:42 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-25 15:38 - 2014-04-25 15:42 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log 2014-04-25 15:16 - 2014-04-25 15:02 - 00000426 _____ () C:\AVScanner.ini 2014-04-25 15:02 - 2014-04-25 15:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\McAfee 2014-04-25 00:02 - 2014-04-25 14:59 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2014-04-24 23:51 - 2014-04-25 15:00 - 00000000 ____D () C:\Program Files\WiseEnhance 2014-04-24 23:50 - 2014-04-24 23:50 - 00700824 _____ ( ) C:\Documents and Settings\user\Pulpit\Adobe-Reader(12627).exe 2014-04-24 21:59 - 2014-04-24 21:59 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\Nowy folder 2014-04-24 13:00 - 2014-04-24 13:00 - 00030460 _____ () C:\Documents and Settings\user\hs_err_pid2512.log 2014-04-18 19:24 - 2014-04-18 19:24 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-18 19:24 - 2014-04-18 19:24 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-04-17 13:00 - 2014-04-17 13:00 - 00030563 _____ () C:\Documents and Settings\user\hs_err_pid3748.log 2014-04-15 18:13 - 2014-04-26 11:26 - 00011761 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.msg 2014-04-15 18:13 - 2014-04-26 11:26 - 00005899 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.dat 2014-04-10 20:00 - 2014-04-10 20:00 - 00030565 _____ () C:\Documents and Settings\user\hs_err_pid2712.log ==================== One Month Modified Files and Folders ======= 2014-05-04 17:46 - 2014-05-04 17:45 - 00016092 _____ () C:\Documents and Settings\user\Pulpit\FRST.txt 2014-05-04 17:45 - 2014-05-04 17:44 - 00000000 ____D () C:\FRST 2014-05-04 17:45 - 2010-01-13 13:18 - 00000000 ____D () C:\Documents and Settings\user\Pulpit 2014-05-04 17:44 - 2014-05-04 17:43 - 01050624 _____ (Farbar) C:\Documents and Settings\user\Pulpit\FRST.exe 2014-05-04 17:41 - 2013-04-02 12:56 - 00143801 _____ () C:\WINDOWS\setupapi.log 2014-05-04 17:37 - 2010-01-13 13:11 - 00461984 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-04 17:36 - 2012-07-02 22:31 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-05-04 17:31 - 2011-04-18 22:20 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-04 17:31 - 2010-01-13 14:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-05-04 17:31 - 2010-01-13 14:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-05-04 17:31 - 2010-01-13 13:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-04 17:31 - 2009-02-04 01:13 - 00121808 _____ () C:\WINDOWS\system32\ativvaxx.cap 2014-05-04 13:48 - 2010-01-13 13:18 - 00000188 ___SH () C:\Documents and Settings\user\ntuser.ini 2014-05-04 13:48 - 2010-01-13 13:17 - 00031910 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-04 13:27 - 2012-07-01 17:22 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-04 13:19 - 2011-04-18 22:20 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-03 22:35 - 2010-01-15 22:04 - 02008854 _____ () C:\WINDOWS\ACD Wallpaper.bmp 2014-05-03 13:30 - 2013-12-29 22:10 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\ZDJĘCIA NA ŚCIANĘ 2014-05-02 14:31 - 2001-07-22 02:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-01 22:27 - 2013-01-15 15:58 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\vlc 2014-05-01 08:11 - 2012-04-25 15:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-30 20:51 - 2013-04-13 13:57 - 00030565 _____ () C:\Documents and Settings\user\hs_err_pid3292.log 2014-04-30 08:18 - 2014-04-30 08:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-29 22:38 - 2014-04-29 22:38 - 00509178 _____ () C:\Documents and Settings\user\Pulpit\PIT ASKA.rar 2014-04-29 22:38 - 2014-04-29 22:37 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\PIT ASKA 2014-04-27 17:16 - 2010-01-17 11:40 - 00000000 ____D () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Adobe 2014-04-27 16:19 - 2012-04-10 17:12 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-04-27 16:19 - 2011-05-18 21:18 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-04-26 11:33 - 2014-04-26 11:33 - 04539051 _____ () C:\Documents and Settings\user\Pulpit\BABCIA PIT.rar 2014-04-26 11:33 - 2014-04-26 11:33 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\BABCIA PIT 2014-04-26 11:26 - 2014-04-26 11:26 - 00707504 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.exe 2014-04-26 11:26 - 2014-04-15 18:13 - 00011761 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.msg 2014-04-26 11:26 - 2014-04-15 18:13 - 00005899 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\unins000.dat 2014-04-26 11:26 - 2010-01-13 13:18 - 00000000 ___HD () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji 2014-04-25 15:50 - 2014-04-25 15:50 - 00030462 _____ () C:\Documents and Settings\user\hs_err_pid2716.log 2014-04-25 15:42 - 2014-04-25 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-04-25 15:42 - 2014-04-25 15:38 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log 2014-04-25 15:42 - 2011-04-03 13:25 - 00000000 ____D () C:\Program Files\Java 2014-04-25 15:42 - 2010-01-13 14:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-04-25 15:37 - 2010-01-13 14:03 - 01087636 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-25 15:37 - 2001-10-26 20:15 - 00490866 _____ () C:\WINDOWS\system32\perfh015.dat 2014-04-25 15:37 - 2001-10-26 20:15 - 00084078 _____ () C:\WINDOWS\system32\perfc015.dat 2014-04-25 15:16 - 2010-01-13 14:02 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-04-25 15:16 - 2010-01-13 14:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2014-04-25 15:16 - 2010-01-13 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-04-25 15:02 - 2014-04-25 15:16 - 00000426 _____ () C:\AVScanner.ini 2014-04-25 15:02 - 2014-04-25 15:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji\McAfee 2014-04-25 15:02 - 2010-01-13 13:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji 2014-04-25 15:00 - 2014-04-24 23:51 - 00000000 ____D () C:\Program Files\WiseEnhance 2014-04-25 14:59 - 2014-04-25 00:02 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2014-04-25 00:01 - 2010-11-30 19:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-24 23:50 - 2014-04-24 23:50 - 00700824 _____ ( ) C:\Documents and Settings\user\Pulpit\Adobe-Reader(12627).exe 2014-04-24 21:59 - 2014-04-24 21:59 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\Nowy folder 2014-04-24 13:00 - 2014-04-24 13:00 - 00030460 _____ () C:\Documents and Settings\user\hs_err_pid2512.log 2014-04-24 12:32 - 2014-04-28 21:57 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gt.sys 2014-04-21 22:28 - 2010-03-09 01:08 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\uTorrent 2014-04-18 19:24 - 2014-04-18 19:24 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-18 19:24 - 2014-04-18 19:24 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-04-18 19:24 - 2013-03-01 12:29 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-04-18 19:24 - 2013-03-01 12:29 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-04-18 19:24 - 2013-03-01 12:29 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-04-18 19:24 - 2011-05-12 07:54 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-04-18 19:24 - 2010-11-17 22:12 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-04-18 19:24 - 2010-11-17 22:11 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-04-18 19:24 - 2010-11-17 22:11 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-04-18 19:24 - 2010-11-17 22:11 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-04-17 13:00 - 2014-04-17 13:00 - 00030563 _____ () C:\Documents and Settings\user\hs_err_pid3748.log 2014-04-15 20:04 - 2010-01-15 21:37 - 00000095 _____ () C:\WINDOWS\winamp.ini 2014-04-15 19:44 - 2010-01-17 11:40 - 00000000 ____D () C:\Documents and Settings\user\Dane aplikacji\Adobe 2014-04-14 20:13 - 2014-04-25 15:42 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-14 20:05 - 2014-04-25 15:42 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-14 20:05 - 2014-04-25 15:42 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-14 20:04 - 2014-04-25 15:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-14 19:47 - 2014-04-25 15:42 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-10 20:00 - 2014-04-10 20:00 - 00030565 _____ () C:\Documents and Settings\user\hs_err_pid2712.log 2014-04-05 18:37 - 2014-04-03 21:21 - 00000000 ____D () C:\Documents and Settings\user\Pulpit\Avensis Some content of TEMP: ==================== C:\Documents and Settings\user\Ustawienia lokalne\Temp\AskSLib.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\bitool.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\cacaonew5f79b5.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\DTLite4471-0333.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-6u35-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-6u37-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-6u39-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u15-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u17-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u21-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u25-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u51-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u55-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\pit2011_setup_8.0.1.4.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\utt5BF.tmp.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.0.2-win32.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.0.4-win32.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.0.5-win32.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.0.6-win32.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.0.7-win32.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.0.8-win32.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.1.2-win32.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\vlc-2.1.3-win32.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\_is4.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\{C6193EDF-F5CC-4130-8458-0CFB93F166FE}-GoogleUpdateSetup.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea C:\WINDOWS\system32\User32.dll [2004-08-04 00:44] - [2008-04-14 23:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2004-08-04 00:44] - [2008-04-14 23:50] - 0399360 ____A (Microsoft Corporation) 02396dab9dd407b06539981f477f3fec ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2004-08-04 00:36] - [2008-04-14 22:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================