Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01 Ran by ROBI (administrator) on DOM-B63A3EBE6D8 on 09-07-2014 10:56:13 Running from C:\Documents and Settings\ROBI\Moje dokumenty\Downloads Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) E:\Programy\Avast\AvastSvc.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (AVAST Software) E:\Programy\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICEE.EXE (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-06-24] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => E:\Programy\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software) HKLM\...\Run: [Babakan] => cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20131027 (exit) else (start http://dinoraptzor.org && exit) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2013-12-23] (Advanced Micro Devices, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-1202660629-2049760794-1801674531-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1202660629-2049760794-1801674531-1003\...\Run: [EPSON Stylus DX8400 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [182272 2007-04-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1202660629-2049760794-1801674531-1003\...\MountPoints2: {5e661fb3-0c00-11e3-a065-001e8c026627} - G:\RunGame.exe ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Programy\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programy\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 91.198.89.34 91.198.89.11 FireFox: ======== FF ProfilePath: C:\Documents and Settings\ROBI\Dane aplikacji\Mozilla\Firefox\Profiles\6due18dm.default-1402149830250 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Programy\Avast\WebRep\FF FF Extension: avast! Online Security - E:\Programy\Avast\WebRep\FF [2013-12-10] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-29] FF StartMenuInternet: FIREFOX.EXE - E:\Programy\Mozill Firefox\firefox.exe Chrome: ======= CHR StartupUrls: "hxxp://www.wp.pl/" CHR DefaultSearchKeyword: qvo6 CHR DefaultSearchProvider: qvo6 CHR DefaultSearchURL: http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000AAKS-00YGA0_WD-WCAS8283862138621&ts=1377105870&type=default&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Dokumenty Google) - C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19] CHR Extension: (Dysk Google) - C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19] CHR Extension: (YouTube) - C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-19] CHR Extension: (avast! Online Security) - C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-10] CHR Extension: (Google Wallet) - C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10] CHR Extension: (Gmail) - C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-19] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programy\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-12] ========================== Services (Whitelisted) ================= R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [643072 2013-12-23] (ATI Technologies Inc.) [File not signed] R2 avast! Antivirus; E:\Programy\Avast\AvastSvc.exe [50344 2014-05-12] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-14] (Oracle Corporation) S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed] ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-12] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-12] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-12] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-12] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-12] () R3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [37888 2009-08-20] (Atheros Communications, Inc.) [File not signed] R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [6852096 2013-12-23] (ATI Technologies Inc.) [File not signed] R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices) R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [106296 2012-09-17] (JMicron Technology Corp.) S2 Kmm4xNT; C:\WINDOWS\system32\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [File not signed] S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 PGR1394b; C:\WINDOWS\System32\DRIVERS\HS3dSensor1394.sys [72704 2008-02-19] (Point Grey Research) [File not signed] S3 catchme; \??\C:\DOCUME~1\ROBI\USTAWI~1\Temp\catchme.sys [X] S3 jjjxqqff; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S3 XDva404; \??\C:\WINDOWS\system32\XDva404.sys [X] S3 XDva405; \??\C:\WINDOWS\system32\XDva405.sys [X] S3 XDva406; \??\C:\WINDOWS\system32\XDva406.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-07 14:23 - 2014-07-09 10:56 - 00000000 ____D () C:\FRST 2014-07-07 08:52 - 2014-07-07 08:53 - 00000000 ___SD () C:\ComboFix 2014-06-25 16:22 - 2014-06-25 16:22 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\BlueStacks 2014-06-23 16:44 - 2014-07-08 23:46 - 00000025 _____ () C:\WINDOWS\popcinfot.dat 2014-06-23 11:02 - 2014-06-23 11:02 - 00000552 _____ () C:\WINDOWS\system32\d3d8caps.dat 2014-06-23 11:02 - 2014-06-23 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games 2014-06-22 13:58 - 2014-06-22 13:58 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-06-22 13:58 - 2014-06-22 13:58 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-06-22 13:18 - 2014-06-22 13:21 - 00085289 _____ () C:\WINDOWS\DirectX.log 2014-06-22 10:36 - 2014-06-22 10:36 - 00000000 ____D () C:\Program Files\Traffic Simulator Configuration Tool 2014-06-22 10:36 - 2014-06-22 10:36 - 00000000 ____D () C:\Documents and Settings\ROBI\Menu Start\Programy\Maxis 2014-06-21 16:32 - 2014-06-21 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\GRETECH 2014-06-14 16:14 - 2014-07-07 14:28 - 00035014 _____ () C:\WINDOWS\setupapi.log 2014-06-14 14:59 - 2014-06-14 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-14 14:59 - 2014-06-14 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-14 14:59 - 2014-06-14 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-14 14:59 - 2014-06-14 14:59 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-14 14:59 - 2014-06-14 14:59 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-14 14:59 - 2014-06-14 14:59 - 00000000 ____D () C:\Program Files\Java 2014-06-14 14:59 - 2014-06-14 14:59 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-14 14:59 - 2014-06-14 14:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-06-14 14:50 - 2014-06-14 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Network Addon Mod 2014-06-14 14:26 - 2014-06-14 14:27 - 00000000 ____D () C:\Program Files\QuickTime 2014-06-14 14:26 - 2014-06-14 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\QuickTime 2014-06-14 14:26 - 2014-06-14 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2014-06-14 14:16 - 2014-07-09 10:31 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-06-14 05:57 - 2014-06-14 05:57 - 00000074 _____ () C:\WINDOWS\wininit.ini 2014-06-13 21:17 - 2014-06-13 21:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-13 21:16 - 2014-06-13 21:16 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-06-13 21:16 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-13 21:16 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-13 19:16 - 2014-06-13 19:23 - 00000232 _____ () C:\gromozon_removal.log 2014-06-13 19:06 - 2014-06-13 19:09 - 00010774 _____ () C:\lopR.txt 2014-06-13 19:05 - 2014-06-13 19:09 - 00000000 ____D () C:\Lop SD 2014-06-13 06:43 - 2014-06-13 06:43 - 00000000 __SHD () C:\Documents and Settings\ROBI\PrivacIE 2014-06-11 21:10 - 2014-06-14 05:57 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2014-06-11 21:10 - 2014-06-11 23:27 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-06-11 19:35 - 2014-06-11 19:38 - 00000000 ____D () C:\Documents and Settings\ROBI\Moje dokumenty\Frydek-mistek 2014-06-11 18:54 - 2004-07-19 16:19 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax 2014-06-11 18:54 - 2004-07-19 16:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00354816 ____C () C:\WINDOWS\system32\dllcache\psisdecd.dll 2014-06-11 18:54 - 2004-07-09 04:26 - 00354816 _____ () C:\WINDOWS\system32\psisdecd.dll 2014-06-11 18:54 - 2004-07-09 04:26 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nabtsfec.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00052224 ____C () C:\WINDOWS\system32\dllcache\msdvbnp.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00052224 _____ () C:\WINDOWS\system32\msdvbnp.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00052096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msdv.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00030208 ____C () C:\WINDOWS\system32\dllcache\psisrndr.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00030208 _____ () C:\WINDOWS\system32\psisrndr.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00018688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wstcodec.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdaplgin.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ccdecode.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00015104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpe.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\streamip.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax 2014-06-11 18:54 - 2004-07-09 04:26 - 00011392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bdasup.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\slip.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00010112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys 2014-06-11 18:54 - 2004-07-09 04:26 - 00010112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisip.sys 2014-06-11 18:54 - 2002-12-12 00:14 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdllreg.exe 2014-06-11 18:54 - 2002-12-12 00:14 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksolay.ax 2014-06-11 18:54 - 2002-12-12 00:14 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys 2014-06-11 18:54 - 2002-12-12 00:14 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys 2014-06-11 18:54 - 2002-08-29 03:41 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pid.dll 2014-06-11 18:53 - 2014-06-11 18:53 - 00000000 ____D () C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\WorldofTanks 2014-06-10 23:37 - 2014-06-10 23:37 - 00000000 _RSHD () C:\cmdcons 2014-06-10 23:37 - 2014-06-04 17:14 - 00000216 _____ () C:\Boot.bak 2014-06-10 23:37 - 2004-08-03 23:00 - 00262400 __RSH () C:\cmldr 2014-06-10 23:35 - 2014-06-10 23:35 - 00000000 ___RD () C:\Documents and Settings\ROBI\Moje dokumenty\Moje wideo 2014-06-10 23:35 - 2014-06-10 23:35 - 00000000 ___RD () C:\Documents and Settings\ROBI\Menu Start\Programy\Narzędzia administracyjne 2014-06-10 23:35 - 2014-06-10 23:35 - 00000000 ____D () C:\Qoobox 2014-06-10 23:35 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-06-10 23:35 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-06-10 23:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-06-10 23:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-06-10 23:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-06-10 23:35 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-06-10 23:35 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-06-10 23:35 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-06-10 23:35 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-06-10 23:34 - 2014-06-10 23:34 - 00000000 ____D () C:\WINDOWS\erdnt 2014-06-10 12:17 - 2014-07-09 10:23 - 00131072 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2014-06-10 12:17 - 2014-06-10 12:17 - 00000000 ____D () C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\ATI 2014-06-10 12:17 - 2014-06-10 12:17 - 00000000 ____D () C:\Documents and Settings\ROBI\Dane aplikacji\ATI 2014-06-10 12:17 - 2014-06-10 12:17 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\ATI 2014-06-10 10:20 - 2014-06-10 10:20 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Catalyst Control Center 2014-06-10 10:18 - 2014-06-10 10:20 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-06-10 10:18 - 2014-06-10 10:18 - 00000000 ____D () C:\Program Files\ATI 2014-06-10 10:17 - 2014-06-10 10:17 - 00000000 ____D () C:\AMD ==================== One Month Modified Files and Folders ======= 2014-07-09 10:56 - 2014-07-07 14:23 - 00000000 ____D () C:\FRST 2014-07-09 10:56 - 2013-08-19 12:05 - 00000000 ____D () C:\Documents and Settings\ROBI\Ustawienia lokalne\Temp 2014-07-09 10:31 - 2014-06-14 14:16 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-09 10:29 - 2013-08-19 11:52 - 01550256 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-09 10:24 - 2013-08-19 13:31 - 00461150 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-09 10:24 - 2001-10-26 20:15 - 00000680 _____ () C:\WINDOWS\system32\perfh015.dat 2014-07-09 10:24 - 2001-10-26 20:15 - 00000338 _____ () C:\WINDOWS\system32\perfc015.dat 2014-07-09 10:23 - 2014-06-10 12:17 - 00131072 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2014-07-09 10:23 - 2014-04-06 11:59 - 00000220 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-07-09 10:23 - 2013-12-10 12:25 - 00000324 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-07-09 10:23 - 2013-08-19 17:37 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-09 10:23 - 2013-08-19 13:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-07-09 10:23 - 2013-08-19 13:33 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-07-09 10:23 - 2013-08-19 12:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-09 10:03 - 2013-08-19 12:05 - 00000188 ___SH () C:\Documents and Settings\ROBI\ntuser.ini 2014-07-09 10:03 - 2013-08-19 12:02 - 00032344 _____ () C:\WINDOWS\SchedLgU.Txt 2014-07-09 09:22 - 2013-08-21 19:22 - 00000422 _____ () C:\WINDOWS\Tasks\At1.job 2014-07-09 09:21 - 2014-06-05 06:51 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-07-09 09:15 - 2013-08-19 17:37 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-08 23:59 - 2013-08-19 12:05 - 00000000 ____D () C:\Documents and Settings\ROBI\Pulpit 2014-07-08 23:46 - 2014-06-23 16:44 - 00000025 _____ () C:\WINDOWS\popcinfot.dat 2014-07-08 20:18 - 2014-04-13 07:41 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Google Drive 2014-07-08 16:15 - 2013-08-19 17:26 - 00000000 ____D () C:\Documents and Settings\ROBI\Pulpit\Giery 2014-07-08 15:00 - 2014-04-06 11:59 - 00000214 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-07-08 13:16 - 2014-03-21 18:35 - 00010470 _____ () C:\Documents and Settings\ROBI\Pulpit\Nowy Arkusz programu Microsoft Office Excel.xlsx 2014-07-08 13:06 - 2013-08-19 12:06 - 00000000 ___RD () C:\Documents and Settings\ROBI\Moje dokumenty\Moje obrazy 2014-07-08 00:11 - 2013-08-24 11:33 - 00000000 ____D () C:\Documents and Settings\ROBI\Moje dokumenty\SimCity 4 2014-07-07 14:28 - 2014-06-14 16:14 - 00035014 _____ () C:\WINDOWS\setupapi.log 2014-07-07 14:25 - 2013-08-19 13:30 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-07-07 09:16 - 2013-08-19 12:27 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2014-07-07 09:15 - 2014-02-09 20:59 - 00000000 ____D () C:\Documents and Settings\ROBI\Dane aplikacji\Tropico 4 2014-07-07 08:53 - 2014-07-07 08:52 - 00000000 ___SD () C:\ComboFix 2014-07-07 08:53 - 2013-08-19 12:05 - 00000000 __RHD () C:\Documents and Settings\ROBI\Dane aplikacji 2014-06-26 16:40 - 2001-07-22 02:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-25 17:19 - 2013-08-20 12:42 - 00000000 ____D () C:\Documents and Settings\ROBI\Dane aplikacji\uTorrent 2014-06-25 16:34 - 2013-08-19 13:22 - 00000000 ____D () C:\Documents and Settings\ROBI\Moje dokumenty\Pobieranie 2014-06-25 16:22 - 2014-06-25 16:22 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\BlueStacks 2014-06-25 16:22 - 2013-08-19 13:30 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-06-23 16:46 - 2013-08-19 12:05 - 00000000 ____D () C:\Documents and Settings\ROBI 2014-06-23 11:02 - 2014-06-23 11:02 - 00000552 _____ () C:\WINDOWS\system32\d3d8caps.dat 2014-06-23 11:02 - 2014-06-23 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games 2014-06-23 00:32 - 2013-08-19 16:25 - 00000000 ____D () C:\Documents and Settings\ROBI\Pulpit\Progi 2014-06-23 00:32 - 2013-08-19 13:30 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-06-22 13:58 - 2014-06-22 13:58 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-06-22 13:58 - 2014-06-22 13:58 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-06-22 13:24 - 2013-08-25 13:31 - 00000000 ____D () C:\Program Files\Steam 2014-06-22 13:21 - 2014-06-22 13:18 - 00085289 _____ () C:\WINDOWS\DirectX.log 2014-06-22 13:19 - 2013-08-19 11:51 - 00000000 ____D () C:\WINDOWS\system32\DirectX 2014-06-22 10:37 - 2013-08-19 16:50 - 00000000 ____D () C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\ChomikBox 2014-06-22 10:36 - 2014-06-22 10:36 - 00000000 ____D () C:\Program Files\Traffic Simulator Configuration Tool 2014-06-22 10:36 - 2014-06-22 10:36 - 00000000 ____D () C:\Documents and Settings\ROBI\Menu Start\Programy\Maxis 2014-06-22 10:36 - 2013-08-19 12:05 - 00000000 ___RD () C:\Documents and Settings\ROBI\Menu Start\Programy 2014-06-22 10:23 - 2013-11-25 16:25 - 00000000 ____D () C:\Documents and Settings\ROBI\Moje dokumenty\FLiNGTrainer 2014-06-22 10:23 - 2013-08-19 12:05 - 00000000 ___RD () C:\Documents and Settings\ROBI\Moje dokumenty 2014-06-22 10:22 - 2013-08-19 16:50 - 00000000 ____D () C:\Documents and Settings\ROBI\.gstreamer-0.10 2014-06-21 16:32 - 2014-06-21 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\GRETECH 2014-06-19 11:15 - 2013-08-19 12:05 - 00000000 ___HD () C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji 2014-06-14 14:59 - 2014-06-14 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-14 14:59 - 2014-06-14 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-14 14:59 - 2014-06-14 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-14 14:59 - 2014-06-14 14:59 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-14 14:59 - 2014-06-14 14:59 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-14 14:59 - 2014-06-14 14:59 - 00000000 ____D () C:\Program Files\Java 2014-06-14 14:59 - 2014-06-14 14:59 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-14 14:59 - 2014-06-14 14:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-06-14 14:50 - 2014-06-14 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Network Addon Mod 2014-06-14 14:27 - 2014-06-14 14:26 - 00000000 ____D () C:\Program Files\QuickTime 2014-06-14 14:26 - 2014-06-14 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\QuickTime 2014-06-14 14:26 - 2014-06-14 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2014-06-14 14:23 - 2013-09-05 10:02 - 00000000 ____D () C:\Documents and Settings\ROBI\Menu Start\Programy\WinRAR 2014-06-14 14:23 - 2013-09-05 10:02 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR 2014-06-14 14:16 - 2014-02-27 10:29 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-06-14 14:16 - 2014-02-27 10:29 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-06-14 06:05 - 2014-04-13 07:45 - 00000000 ___RD () C:\Documents and Settings\ROBI\Moje dokumenty\Dysk Google 2014-06-14 05:57 - 2014-06-14 05:57 - 00000074 _____ () C:\WINDOWS\wininit.ini 2014-06-14 05:57 - 2014-06-11 21:10 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2014-06-13 21:31 - 2014-04-06 11:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$ 2014-06-13 21:17 - 2014-06-13 21:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-13 21:16 - 2014-06-13 21:16 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-06-13 19:24 - 2014-03-01 18:27 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2014-06-13 19:23 - 2014-06-13 19:16 - 00000232 _____ () C:\gromozon_removal.log 2014-06-13 19:09 - 2014-06-13 19:06 - 00010774 _____ () C:\lopR.txt 2014-06-13 19:09 - 2014-06-13 19:05 - 00000000 ____D () C:\Lop SD 2014-06-13 06:43 - 2014-06-13 06:43 - 00000000 __SHD () C:\Documents and Settings\ROBI\PrivacIE 2014-06-11 23:27 - 2014-06-11 21:10 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-06-11 19:38 - 2014-06-11 19:35 - 00000000 ____D () C:\Documents and Settings\ROBI\Moje dokumenty\Frydek-mistek 2014-06-11 18:55 - 2013-08-19 16:58 - 00000000 ____D () C:\WINDOWS\RegisteredPackages 2014-06-11 18:53 - 2014-06-11 18:53 - 00000000 ____D () C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\WorldofTanks 2014-06-10 23:37 - 2014-06-10 23:37 - 00000000 _RSHD () C:\cmdcons 2014-06-10 23:37 - 2013-08-19 13:29 - 00000332 __RSH () C:\boot.ini 2014-06-10 23:35 - 2014-06-10 23:35 - 00000000 ___RD () C:\Documents and Settings\ROBI\Moje dokumenty\Moje wideo 2014-06-10 23:35 - 2014-06-10 23:35 - 00000000 ___RD () C:\Documents and Settings\ROBI\Menu Start\Programy\Narzędzia administracyjne 2014-06-10 23:35 - 2014-06-10 23:35 - 00000000 ____D () C:\Qoobox 2014-06-10 23:34 - 2014-06-10 23:34 - 00000000 ____D () C:\WINDOWS\erdnt 2014-06-10 12:17 - 2014-06-10 12:17 - 00000000 ____D () C:\Documents and Settings\ROBI\Ustawienia lokalne\Dane aplikacji\ATI 2014-06-10 12:17 - 2014-06-10 12:17 - 00000000 ____D () C:\Documents and Settings\ROBI\Dane aplikacji\ATI 2014-06-10 12:17 - 2014-06-10 12:17 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\ATI 2014-06-10 10:20 - 2014-06-10 10:20 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Catalyst Control Center 2014-06-10 10:20 - 2014-06-10 10:18 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-06-10 10:18 - 2014-06-10 10:18 - 00000000 ____D () C:\Program Files\ATI 2014-06-10 10:17 - 2014-06-10 10:17 - 00000000 ____D () C:\AMD Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Documents and Settings\ROBI\Ustawienia lokalne\Temp\10176-319468B_sciagnij.exe C:\Documents and Settings\ROBI\Ustawienia lokalne\Temp\CH.dll C:\Documents and Settings\ROBI\Ustawienia lokalne\Temp\Copy.dll C:\Documents and Settings\ROBI\Ustawienia lokalne\Temp\ExPromo.exe C:\Documents and Settings\ROBI\Ustawienia lokalne\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================