Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02 Ran by Myron (administrator) on HOME-8E7F039D9D on 29-05-2014 17:45:13 Running from C:\Documents and Settings\Myron\Pulpit\do skanu Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Ahead Software AG) C:\Program Files\Ahead\InCD\InCDsrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (GEMTEKS) C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE () C:\PROGRA~1\NEOSTR~1\CnxMon.exe (THOMSON Telecom Belgium) C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (France Télécom R&D) C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Nullsoft) C:\Program Files\Winamp\winamp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (France Télécom R&D) C:\Program Files\Neostrada TP\NeostradaTP.exe (France Télécom R&D) C:\Program Files\Neostrada TP\ComComp.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [111208 2011-04-07] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13891176 2011-04-07] (NVIDIA Corporation) HKLM\...\Run: [Six Engine] => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [5756544 2010-02-03] (ASUSTeK Computer Inc.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19722344 2010-11-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM\...\Run: [WooCnxMon] => C:\Program Files\Neostrada TP\CnxMon.exe [24576 2003-10-16] () HKLM\...\Run: [SpeedTouch USB Diagnostics] => C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [866816 2004-01-26] (THOMSON Telecom Belgium) HKLM\...\Run: [WOOTASKBARICON] => C:\Program Files\Neostrada TP\TaskBarIcon.exe [53248 2003-10-16] (France Télécom R&D) HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304 2013-03-07] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-602162358-630328440-839522115-1003\...\RunOnce: [WiseStubReboot] - MSIEXEC /passive /I "C:\Program Files\Common Files\Wise Installation Wizard\WIS8A809006C25A4A3A9DAB94659BCDB107_9_10_0224.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WIS8A809006C25A4A3A9DAB94659BCDB107_9_10_0224.MST" WISE_SETUP_EXE_PATH="d:\steam\steamapps\common\bulletstorm demo\install\physx\PhysX_9.10.0224_SystemSoftware.exe" HKU\S-1-5-21-602162358-630328440-839522115-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll () SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=AC8614DAE93D6953&affID=121565&tsp=4994 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8D6B968E-E324-4E04-9C00-83958DF677E0&apn_sauid=27EF05C3-D803-4817-BA91-251853EC275D SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Tcpip\..\Interfaces\{9194E80A-B129-4DD6-BA0B-FA0D8A4B97F0}: [NameServer]194.204.152.34 194.204.159.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Myron\Dane aplikacji\Mozilla\Firefox\Profiles\qvvjzg3h.default FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nprpjplug;version=6.0.12.1483 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Ubisoft Game Launcher\npuplaypc.dll No File FF user.js: detected! => C:\Documents and Settings\Myron\Dane aplikacji\Mozilla\Firefox\Profiles\qvvjzg3h.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\Myron\Dane aplikacji\Mozilla\Firefox\Profiles\qvvjzg3h.default\searchplugins\askcom.xml FF SearchPlugin: C:\Documents and Settings\Myron\Dane aplikacji\Mozilla\Firefox\Profiles\qvvjzg3h.default\searchplugins\delta.xml FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-10] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-30] FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2012-11-18] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-30] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-07] (AVAST Software) R2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [1151090 2004-09-07] (Ahead Software AG) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-20] (Oracle Corporation) S4 ZuneBusEnum; C:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation) S2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [X] R2 WUSB54GCSVC; "C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2011-03-13] (Meetinghouse Data Communications) R3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) R3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-04] () R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-03-07] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-03-07] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [49760 2013-03-07] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49248 2013-03-07] () R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [765736 2013-03-07] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [368176 2013-03-07] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [62376 2013-03-07] (AVAST Software) S3 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [164736 2013-03-07] () S3 BCM42RLY; C:\WINDOWS\System32\BCM42RLY.SYS [17992 2005-02-01] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [11264 2005-10-20] (ASUSTeK Computer Inc.) S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP) R4 InCDfs; C:\WINDOWS\system32\Drivers\InCDfs.sys [91136 2004-09-07] (Ahead Software AG) R1 InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [28544 2004-09-07] (Ahead Software AG) U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [5760 2004-09-07] (Ahead Software AG) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [93568 2005-08-18] (NVIDIA Corporation) S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33536 2005-04-05] (NVIDIA Corporation) S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-04-05] (NVIDIA Corporation) R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.) S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [252928 2006-01-12] (Ralink Technology, Corp.) S3 zte_cdc_acm; C:\WINDOWS\System32\DRIVERS\zte_cdc_acm.sys [67968 2011-08-10] (ZTE) S3 zte_cpo; C:\WINDOWS\System32\DRIVERS\zte_cpo.sys [9984 2011-08-10] (ZTE) R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation) R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt; C:\WINDOWS\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys [55224 2014-05-12] (StdLib) S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [X] S4 IntelIde; No ImagePath S3 LVcKap; system32\DRIVERS\LVcKap.sys [X] S3 LVMVDrv; system32\DRIVERS\LVMVDrv.sys [X] S3 LVPr2Mon; system32\DRIVERS\LVPr2Mon.sys [X] S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X] S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-29 17:42 - 2014-05-29 17:45 - 00000000 ____D () C:\FRST 2014-05-29 00:52 - 2014-05-29 17:45 - 00000000 ____D () C:\Documents and Settings\Myron\Pulpit\do skanu 2014-05-15 18:05 - 2014-05-12 16:40 - 00055224 _____ (StdLib) C:\WINDOWS\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys 2014-05-11 09:21 - 2014-05-11 17:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-10 15:02 - 2014-05-10 15:02 - 00000000 ____D () C:\Documents and Settings\Myron\Pulpit\Sql kurs 2014-05-09 18:17 - 2014-05-09 18:20 - 00000000 ____D () C:\Documents and Settings\Myron\Moje dokumenty\Duke Nukem Forever 2014-05-09 18:12 - 2014-05-09 18:12 - 00000371 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Duke Nukem Forever.lnk 2014-05-05 08:13 - 2014-05-05 18:01 - 00294971 _____ () C:\Documents and Settings\Myron\Pulpit\Nowy-1.cpt 2014-04-30 22:46 - 2014-04-30 22:46 - 00000000 ____D () C:\Documents and Settings\Myron\Ustawienia lokalne\Dane aplikacji\2K Games 2014-04-30 22:24 - 2014-04-30 22:24 - 00000592 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mafia II.lnk ==================== One Month Modified Files and Folders ======= 2014-05-29 17:45 - 2014-05-29 17:42 - 00000000 ____D () C:\FRST 2014-05-29 17:45 - 2014-05-29 00:52 - 00000000 ____D () C:\Documents and Settings\Myron\Pulpit\do skanu 2014-05-29 17:42 - 2011-03-13 16:26 - 00000000 ____D () C:\Documents and Settings\Myron\Pulpit 2014-05-29 17:36 - 2012-11-20 15:56 - 00000000 ____D () C:\Program Files\Neostrada TP 2014-05-29 17:33 - 2013-09-25 12:00 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-29 17:25 - 2013-04-10 19:41 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-05-29 17:25 - 2013-03-14 15:21 - 00097485 _____ () C:\WINDOWS\setupapi.log 2014-05-29 17:25 - 2011-03-13 16:19 - 01744104 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-29 17:24 - 2013-09-25 12:00 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-29 17:24 - 2013-01-05 17:41 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-602162358-630328440-839522115-1003.job 2014-05-29 17:24 - 2011-03-13 17:11 - 00000157 _____ () C:\WINDOWS\wiadebug.log 2014-05-29 17:24 - 2011-03-13 17:11 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-05-29 17:24 - 2011-03-13 16:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-29 17:23 - 2011-03-13 16:26 - 00000188 ___SH () C:\Documents and Settings\Myron\ntuser.ini 2014-05-29 17:23 - 2011-03-13 16:26 - 00000000 ____D () C:\Documents and Settings\Myron 2014-05-29 17:23 - 2011-03-13 16:25 - 00032198 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-29 07:41 - 2011-03-13 17:09 - 01254156 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-05-29 07:41 - 2001-10-26 20:15 - 00555462 _____ () C:\WINDOWS\system32\perfh015.dat 2014-05-29 07:41 - 2001-10-26 20:15 - 00104494 _____ () C:\WINDOWS\system32\perfc015.dat 2014-05-28 22:32 - 2011-03-13 17:08 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-05-27 23:48 - 2011-03-13 17:06 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-05-27 23:22 - 2013-03-26 13:26 - 00000000 ____D () C:\Documents and Settings\Myron\Dane aplikacji\uTorrent 2014-05-27 00:16 - 2011-03-13 17:05 - 00000223 __RSH () C:\boot.ini 2014-05-27 00:16 - 2001-07-22 02:16 - 00000609 _____ () C:\WINDOWS\win.ini 2014-05-27 00:16 - 2001-07-22 02:15 - 00000243 _____ () C:\WINDOWS\system.ini 2014-05-26 19:07 - 2011-03-13 16:26 - 00000000 ___HD () C:\Documents and Settings\Myron\Ustawienia lokalne\Dane aplikacji 2014-05-25 23:58 - 2011-03-13 16:26 - 00000000 ___RD () C:\Documents and Settings\Myron\Menu Start\Programy 2014-05-25 20:48 - 2011-03-18 01:57 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-05-24 22:56 - 2001-07-22 02:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-19 00:27 - 2011-03-13 17:08 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-05-15 00:17 - 2011-03-13 16:26 - 00000000 ___RD () C:\Documents and Settings\Myron\Moje dokumenty 2014-05-14 17:17 - 2011-03-13 16:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-05-12 16:40 - 2014-05-15 18:05 - 00055224 _____ (StdLib) C:\WINDOWS\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gt.sys 2014-05-11 17:10 - 2014-05-11 09:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-11 01:40 - 2011-03-18 01:53 - 00063488 _____ () C:\Documents and Settings\Myron\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-10 20:19 - 2013-01-05 17:41 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-602162358-630328440-839522115-1003.job 2014-05-10 15:02 - 2014-05-10 15:02 - 00000000 ____D () C:\Documents and Settings\Myron\Pulpit\Sql kurs 2014-05-09 18:21 - 2011-03-13 20:03 - 00000095 _____ () C:\WINDOWS\winamp.ini 2014-05-09 18:20 - 2014-05-09 18:17 - 00000000 ____D () C:\Documents and Settings\Myron\Moje dokumenty\Duke Nukem Forever 2014-05-09 18:12 - 2014-05-09 18:12 - 00000371 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Duke Nukem Forever.lnk 2014-05-05 18:01 - 2014-05-05 08:13 - 00294971 _____ () C:\Documents and Settings\Myron\Pulpit\Nowy-1.cpt 2014-04-30 22:46 - 2014-04-30 22:46 - 00000000 ____D () C:\Documents and Settings\Myron\Ustawienia lokalne\Dane aplikacji\2K Games 2014-04-30 22:24 - 2014-04-30 22:24 - 00000592 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mafia II.lnk 2014-04-30 00:25 - 2011-03-13 16:26 - 00000000 __RHD () C:\Documents and Settings\Myron\Dane aplikacji 2014-04-30 00:23 - 2012-02-04 14:04 - 00000000 ____D () C:\Tapety 2014-04-29 19:08 - 2014-04-28 22:12 - 00000000 ____D () C:\Documents and Settings\Myron\Moje dokumenty\Max Payne Savegames ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\winlogon.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\system32\svchost.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\system32\services.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea C:\WINDOWS\system32\User32.dll [2004-08-04 00:44] - [2008-04-14 23:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\WINDOWS\system32\userinit.exe [2004-08-04 00:44] - [2008-04-14 23:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\rpcss.dll [2004-08-04 00:44] - [2008-04-14 23:50] - 0399360 ____A (Microsoft Corporation) 02396dab9dd407b06539981f477f3fec ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2004-08-04 00:36] - [2008-04-14 22:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================