Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01 Ran by Radek (administrator) on LZTU9NUP1182PY8 on 13-05-2014 18:08:30 Running from F:\ Platform: Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (C-Media Electronic Inc. (www.cmedia.com.tw)) E:\WINDOWS\mixer.exe (Sun Microsystems, Inc.) E:\Program Files\Java\jre6\bin\jusched.exe (Conducent Technologies, Inc.) E:\Program Files\TimeSink\AdGateway\TSAdBot.exe () E:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe (Microsoft Corporation) E:\WINDOWS\system32\wscntfy.exe (Opera Software) E:\Program Files\Opera\opera.exe (OldTimer Tools) F:\OTL.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [C-Media Mixer] => Mixer.exe /startup HKLM\...\Run: [NvCplDaemon] => E:\WINDOWS\System32\NvCpl.dll [5058560 2003-10-06] (NVIDIA Corporation) HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [SunJavaUpdateSched] => E:\Program Files\Java\jre6\bin\jusched.exe [149280 2009-11-30] (Sun Microsystems, Inc.) HKLM\...\Run: [TimeSink Ad Client] => E:\Program Files\TimeSink\AdGateway\TsAdBot.exe [95744 1999-10-15] (Conducent Technologies, Inc.) HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\Run: [cbvcs] => E:\WINDOWS\System32\urretnd.exe HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\Run: [cdoosoft] => E:\DOCUME~1\RADEK~1.LZT\USTAWI~1\Temp\herss.exe <===== ATTENTION HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\MountPoints2: {0f8c7392-98ad-11df-8328-4d6564696130} - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\MountPoints2: {2ab5ce2f-ddd0-11de-812a-4d6564696130} - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\MountPoints2: {5947d3c4-44c4-11df-824e-4d6564696130} - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\MountPoints2: {6bfdf8f0-20a3-11df-81e2-4d6564696130} - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\MountPoints2: {8f67adae-d19b-11e0-83b9-ab39ce244ce4} - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\MountPoints2: {988e6d4c-5f75-11df-8297-4d6564696130} - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\MountPoints2: {b66937b6-e590-11de-813f-4d6564696130} - yudald.bat HKU\S-1-5-21-1957994488-73586283-682003330-1003\...\MountPoints2: {e7ac338e-d380-11e3-83bd-eaf6552a4ae5} - H:\ autoplay=true Startup: E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TP-LINK Wireless Configuration Utility.lnk ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> E:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () Startup: E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TP-LINK Wireless Configuration Utility.lnk ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> E:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15425&l=dis HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - E:\Program Files\Ask.com\GenericAskToolbar.dll No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=NRO2&o=15422&src=crm&q={searchTerms}&locale=en_US SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=NRO2&o=15422&src=crm&q={searchTerms}&locale=en_US BHO: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKLM - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll No File Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - E:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - E:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\Mozilla\Firefox\Profiles\j2382m30.default FF DefaultSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Google FF Homepage: hxxp://www.ask.com?o=15425&l=dis FF Plugin: @adobe.com/FlashPlayer - E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @tools.google.com/Google Update;version=3 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\Mozilla\Firefox\Profiles\j2382m30.default\searchplugins\askcom.xml FF Extension: Polski slownik poprawnej pisowni - E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\Mozilla\Firefox\Profiles\j2382m30.default\Extensions\pl@dictionaries.addons.mozilla.org [2010-09-12] FF Extension: Sothink Web Video Downloader for Firefox - E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\Mozilla\Firefox\Profiles\j2382m30.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} [2010-02-23] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - E:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - E:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-11-30] ========================== Services (Whitelisted) ================= S4 Capture Device Service; E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.) S4 JavaQuickStarterService; E:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-11-30] (Sun Microsystems, Inc.) S2 mvqpbaptc; E:\WINDOWS\system32\mamfpuyt.dll [164746 2004-08-04] () ==================== Drivers (Whitelisted) ==================== R2 AegisP; E:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-05-11] (Cisco Systems, Inc.) R3 cmpci; E:\WINDOWS\System32\drivers\cmaudio.sys [377358 2002-11-18] (C-Media Inc) R3 gameenum; E:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2004-08-04] (Microsoft Corporation) S3 HPZid412; E:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP) S3 HPZipr12; E:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP) S3 HPZius12; E:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP) R3 RtlWlanu; E:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2013-03-05] (Realtek Semiconductor Corporation ) S3 Secdrv; E:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2001-07-22] () R0 sptd; E:\WINDOWS\System32\Drivers\sptd.sys [691696 2009-12-03] () U3 a8etmdql; E:\WINDOWS\system32\Drivers\a8etmdql.sys [0 ] (Microsoft Corporation) S2 ADILOADER; System32\Drivers\adildr.sys [X] S3 adiusbaw; System32\DRIVERS\adiusbaw.sys [X] S4 hpt3xx; No ImagePath S4 IntelIde; No ImagePath U5 ScsiPort; E:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== NETSVC: mvqpbaptc -> E:\WINDOWS\system32\mamfpuyt.dll () ==================== One Month Created Files and Folders ======== 2014-05-13 18:07 - 2014-05-13 18:08 - 00000000 ____D () E:\FRST 2014-05-13 17:05 - 2014-05-13 17:05 - 00000275 _____ () E:\DelFix.txt 2014-05-11 20:06 - 2014-05-11 20:07 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\Maxthon3 2014-05-11 20:06 - 2014-05-11 20:06 - 00000637 _____ () E:\Documents and Settings\All Users.WINDOWS\Pulpit\Maxthon Cloud Browser.lnk 2014-05-11 19:07 - 2014-05-11 19:09 - 00000000 ____D () E:\WINDOWS\pss 2014-05-11 18:31 - 2014-05-11 18:34 - 00002432 _____ () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne\TempDk1312.html 2014-05-11 17:44 - 2014-05-11 17:50 - 00002432 _____ () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne\TempDY2692.html 2014-05-11 17:44 - 2014-05-11 17:50 - 00002089 _____ () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne\TempQz2692.html 2014-05-11 17:43 - 2014-05-11 17:53 - 00000000 ____D () E:\Program Files\webget 2014-05-11 17:21 - 2014-05-13 17:26 - 00001034 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-11 17:21 - 2014-05-13 17:26 - 00001030 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-11 17:21 - 2014-05-11 17:28 - 00000000 ____D () E:\Program Files\Google 2014-05-11 17:21 - 2014-05-11 17:21 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne\Dane aplikacji\Google 2014-05-11 17:06 - 2014-05-11 17:06 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\.gstreamer-0.10 2014-05-11 17:05 - 2014-05-11 17:47 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\OpenFM 2014-05-11 17:05 - 2014-05-11 17:47 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\OpenFM 2014-05-11 17:05 - 2014-05-11 17:05 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\OpenFM 2014-05-11 17:02 - 2014-05-13 17:17 - 00000000 _____ () E:\WINDOWS\RTacDbg.txt 2014-05-11 17:02 - 2014-05-11 17:04 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\TP-LINK 2014-05-11 17:01 - 2014-05-11 17:02 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\TP-LINK 2014-05-11 17:01 - 2014-05-11 17:02 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\TP-LINK 2014-05-11 17:01 - 2014-05-11 17:01 - 00021361 _____ (Cisco Systems, Inc.) E:\WINDOWS\system32\Drivers\AegisP.sys 2014-05-11 17:01 - 2014-05-11 17:01 - 00001908 _____ () E:\Documents and Settings\All Users.WINDOWS\Pulpit\TP-LINK Wireless Configuration Utility.lnk 2014-05-11 17:01 - 2014-05-11 17:01 - 00000000 ____D () E:\Program Files\TP-LINK 2014-05-11 17:00 - 2013-03-05 14:14 - 01345936 _____ (Realtek Semiconductor Corporation ) E:\WINDOWS\system32\rtwlanu.sys 2014-05-11 17:00 - 2013-03-05 14:14 - 01345936 _____ (Realtek Semiconductor Corporation ) E:\WINDOWS\system32\Drivers\RTWlanU.sys 2014-05-11 17:00 - 2013-02-25 07:56 - 00007807 _____ () E:\WINDOWS\system32\netrtwlanu.cat 2014-05-11 16:59 - 2014-05-11 17:01 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TP-LINK 2014-05-11 16:59 - 2014-05-11 17:01 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TP-LINK 2014-05-04 14:31 - 2013-10-15 12:07 - 00084030 _____ () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Pulpit\udział sprzedaży przedstawiciela w regionie.xlsx 2014-05-04 14:12 - 2014-05-04 14:12 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Pulpit\fazy wzrostu grochu 2014-05-04 14:07 - 2014-05-04 14:15 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Pulpit\materiały od Bromirskiego 2014-05-04 14:06 - 2013-05-21 15:27 - 00018375 _____ () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Pulpit\zakupy w 2012.xlsx 2014-05-04 14:02 - 2014-05-04 14:02 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Moje dokumenty\GTA LC User Files ==================== One Month Modified Files and Folders ======= 2014-05-13 18:08 - 2014-05-13 18:07 - 00000000 ____D () E:\FRST 2014-05-13 17:26 - 2014-05-11 17:21 - 00001034 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-13 17:26 - 2014-05-11 17:21 - 00001030 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-13 17:17 - 2014-05-11 17:02 - 00000000 _____ () E:\WINDOWS\RTacDbg.txt 2014-05-13 17:17 - 2009-11-29 13:37 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT 2014-05-13 17:17 - 2009-11-29 13:24 - 00000159 _____ () E:\WINDOWS\wiadebug.log 2014-05-13 17:17 - 2009-11-29 13:24 - 00000050 _____ () E:\WINDOWS\wiaservc.log 2014-05-13 17:14 - 2009-11-30 18:40 - 00384466 _____ () E:\WINDOWS\WindowsUpdate.log 2014-05-13 17:14 - 2009-11-29 13:45 - 00000188 ___SH () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\ntuser.ini 2014-05-13 17:14 - 2009-11-29 13:42 - 00032386 _____ () E:\WINDOWS\SchedLgU.Txt 2014-05-13 17:10 - 2009-11-29 13:34 - 00000000 ____D () E:\WINDOWS\system32\Restore 2014-05-13 17:05 - 2014-05-13 17:05 - 00000275 _____ () E:\DelFix.txt 2014-05-13 16:58 - 2009-11-29 13:20 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Pulpit 2014-05-13 16:51 - 2001-07-22 00:17 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl 2014-05-11 20:52 - 2009-12-18 22:52 - 00000069 _____ () E:\WINDOWS\NeroDigital.ini 2014-05-11 20:07 - 2014-05-11 20:06 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\Maxthon3 2014-05-11 20:06 - 2014-05-11 20:06 - 00000637 _____ () E:\Documents and Settings\All Users.WINDOWS\Pulpit\Maxthon Cloud Browser.lnk 2014-05-11 20:06 - 2009-11-29 13:45 - 00000000 __RHD () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji 2014-05-11 20:01 - 2009-11-29 13:45 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Pulpit 2014-05-11 20:01 - 2006-08-28 06:57 - 00000000 ____D () E:\Documents and Settings\All Users\Pulpit 2014-05-11 19:48 - 2010-02-23 21:25 - 00070144 __SHC () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Pulpit\Thumbs.db 2014-05-11 19:44 - 2009-12-15 19:22 - 00000151 _____ () E:\WINDOWS\PhotoSnapViewer.INI 2014-05-11 19:28 - 2010-05-02 21:03 - 00005120 __SHC () E:\WINDOWS\system32\Thumbs.db 2014-05-11 19:27 - 2010-05-02 21:03 - 00007168 __SHC () E:\WINDOWS\Thumbs.db 2014-05-11 19:14 - 2001-07-22 00:16 - 00000615 _____ () E:\WINDOWS\win.ini 2014-05-11 19:14 - 2001-07-22 00:15 - 00000227 _____ () E:\WINDOWS\system.ini 2014-05-11 19:09 - 2014-05-11 19:07 - 00000000 ____D () E:\WINDOWS\pss 2014-05-11 18:53 - 2009-11-29 17:19 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\Real 2014-05-11 18:53 - 2009-11-29 13:45 - 00000000 ___RD () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ulubione 2014-05-11 18:53 - 2009-11-29 13:45 - 00000000 ___RD () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Menu Start\Programy\Akcesoria 2014-05-11 18:53 - 2009-11-29 13:20 - 00000000 ___RD () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2014-05-11 18:53 - 2009-11-29 13:20 - 00000000 ___RD () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2014-05-11 18:53 - 2009-11-29 13:20 - 00000000 ___RD () E:\Documents and Settings\All Users.WINDOWS\Menu Start 2014-05-11 18:41 - 2009-11-29 13:21 - 00763990 ____C () E:\WINDOWS\system32\PerfStringBackup.INI 2014-05-11 18:41 - 2001-10-26 18:15 - 00355830 _____ () E:\WINDOWS\system32\perfh015.dat 2014-05-11 18:41 - 2001-10-26 18:15 - 00049712 _____ () E:\WINDOWS\system32\perfc015.dat 2014-05-11 18:34 - 2014-05-11 18:31 - 00002432 _____ () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne\TempDk1312.html 2014-05-11 18:34 - 2009-11-29 13:45 - 00000000 ___HD () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne 2014-05-11 18:28 - 2010-05-05 18:36 - 00091682 _____ () E:\WINDOWS\setupapi.log 2014-05-11 18:28 - 2010-04-29 15:44 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\Pionek 2014-05-11 18:14 - 2010-05-05 18:29 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ulead Systems 2014-05-11 18:14 - 2010-05-05 18:29 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ulead Systems 2014-05-11 18:14 - 2009-11-29 13:20 - 00000000 __RHD () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji 2014-05-11 18:04 - 2009-11-29 15:31 - 00001419 ____C () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\hpzinstall.log 2014-05-11 18:04 - 2009-11-29 15:31 - 00001419 ____C () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\hpzinstall.log 2014-05-11 18:03 - 2006-08-28 05:21 - 00000000 ____D () E:\Program Files\Wanadoo 2014-05-11 18:02 - 2009-11-29 13:20 - 00157806 _____ () E:\WINDOWS\setupact.log 2014-05-11 18:00 - 2009-11-29 14:14 - 00000000 ____D () E:\WINDOWS\twain_32 2014-05-11 17:59 - 2010-02-07 20:32 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Menu Start\Programy\BusinessCardsMX3 2014-05-11 17:58 - 2009-11-29 13:20 - 00000000 ___RD () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart 2014-05-11 17:58 - 2009-11-29 13:20 - 00000000 ___RD () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart 2014-05-11 17:58 - 2006-08-29 12:22 - 00000000 ____D () E:\Program Files\Common Files\Adobe 2014-05-11 17:56 - 2009-12-02 22:27 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Menu Start\Programy\GTA - Libery City 2014-05-11 17:56 - 2009-11-29 13:45 - 00000000 ___RD () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Menu Start\Programy 2014-05-11 17:53 - 2014-05-11 17:43 - 00000000 ____D () E:\Program Files\webget 2014-05-11 17:50 - 2014-05-11 17:44 - 00002432 _____ () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne\TempDY2692.html 2014-05-11 17:50 - 2014-05-11 17:44 - 00002089 _____ () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne\TempQz2692.html 2014-05-11 17:47 - 2014-05-11 17:05 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\OpenFM 2014-05-11 17:47 - 2014-05-11 17:05 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\OpenFM 2014-05-11 17:28 - 2014-05-11 17:21 - 00000000 ____D () E:\Program Files\Google 2014-05-11 17:21 - 2014-05-11 17:21 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne\Dane aplikacji\Google 2014-05-11 17:21 - 2009-11-29 13:55 - 00002425 _____ () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Microsoft Excel.lnk 2014-05-11 17:21 - 2009-11-29 13:55 - 00002425 _____ () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Microsoft Excel.lnk 2014-05-11 17:21 - 2009-11-29 13:45 - 00000000 ___HD () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Ustawienia lokalne\Dane aplikacji 2014-05-11 17:06 - 2014-05-11 17:06 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\.gstreamer-0.10 2014-05-11 17:06 - 2009-11-29 13:45 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8 2014-05-11 17:05 - 2014-05-11 17:05 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\OpenFM 2014-05-11 17:04 - 2014-05-11 17:02 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\TP-LINK 2014-05-11 17:02 - 2014-05-11 17:01 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\TP-LINK 2014-05-11 17:02 - 2014-05-11 17:01 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\TP-LINK 2014-05-11 17:01 - 2014-05-11 17:01 - 00021361 _____ (Cisco Systems, Inc.) E:\WINDOWS\system32\Drivers\AegisP.sys 2014-05-11 17:01 - 2014-05-11 17:01 - 00001908 _____ () E:\Documents and Settings\All Users.WINDOWS\Pulpit\TP-LINK Wireless Configuration Utility.lnk 2014-05-11 17:01 - 2014-05-11 17:01 - 00000000 ____D () E:\Program Files\TP-LINK 2014-05-11 17:01 - 2014-05-11 16:59 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TP-LINK 2014-05-11 17:01 - 2014-05-11 16:59 - 00000000 ____D () E:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TP-LINK 2014-05-11 17:01 - 2006-08-28 05:23 - 00000000 ___HD () E:\Program Files\InstallShield Installation Information 2014-05-06 21:12 - 2010-02-15 18:22 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\foobar2000 2014-05-05 21:13 - 2009-11-29 15:36 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\Winamp 2014-05-05 18:44 - 2009-11-29 15:24 - 00000030 _____ () E:\WINDOWS\TextSpy.ini 2014-05-04 14:15 - 2014-05-04 14:07 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Pulpit\materiały od Bromirskiego 2014-05-04 14:12 - 2014-05-04 14:12 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Pulpit\fazy wzrostu grochu 2014-05-04 14:03 - 2009-12-12 13:17 - 00000000 ____D () E:\Program Files\ipla 2014-05-04 14:02 - 2014-05-04 14:02 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Moje dokumenty\GTA LC User Files 2014-05-04 14:02 - 2009-11-29 13:45 - 00000000 ___RD () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Moje dokumenty 2014-05-04 13:31 - 2009-12-12 13:09 - 00000000 ____D () E:\Documents and Settings\Radek.LZTU9NUP1182PY8\Dane aplikacji\ipla ==================== Bamital & volsnap Check ================= E:\WINDOWS\explorer.exe [2001-10-26 19:29] - [2004-08-04 01:44] - 1033728 ____A (Microsoft Corporation) 379098a96e6c165b659de7e4328010ea E:\WINDOWS\system32\winlogon.exe [2001-10-26 19:30] - [2004-08-04 01:44] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0 E:\WINDOWS\system32\svchost.exe [2001-10-26 19:30] - [2004-08-04 01:44] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e E:\WINDOWS\system32\services.exe [2001-10-26 19:30] - [2004-08-04 01:44] - 0108544 ____A (Microsoft Corporation) 3da8d964d2cc12ef8e8c342471a37917 E:\WINDOWS\system32\User32.dll [2001-10-26 19:29] - [2004-08-04 01:44] - 0578560 ____A (Microsoft Corporation) 0c81764f50f32d376e6e4b9e9f4b01a0 E:\WINDOWS\system32\userinit.exe [2001-10-26 19:30] - [2004-08-04 01:44] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396 E:\WINDOWS\system32\rpcss.dll [2001-10-26 19:29] - [2004-08-04 01:44] - 0395776 ____A (Microsoft Corporation) 346e5b19fc986fe7185a0c2c43593722 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. E:\WINDOWS\system32\Drivers\volsnap.sys [2001-10-26 18:57] - [2004-08-04 01:36] - 0052864 ___AC (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36 ==================== End Of Log ============================