Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014 Ran by Waldek (administrator) on CD-4636358BBA64 on 11-07-2014 14:59:44 Running from F:\waldek Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (CyberLink) C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink) C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Redefine Sp z o.o.) C:\Program Files\ipla\ipla.exe (GG Network S.A.) C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe () C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (GG Network S.A.) C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe (GG Network S.A.) C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe (Torpedo) C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\Torpedo\Torpedo.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (GG Network S.A.) C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe (GG Network S.A.) C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe (GG Network S.A.) C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-11-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 2013-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2029640 2009-05-14] (ESET) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [PowerDVD13Agent] => C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2013-07-05] (CyberLink Corp.) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2780432 2009-05-08] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-1935655697-1214440339-682003330-1003\...\Run: [Adobe] => wscript "C:\Documents and Settings\Waldek\Dane aplikacji\Adobe\Flash Player\BrowserCache\IDMcache.vbs" "C:\Documents and Settings\Waldek\Dane aplikacji\Adobe\Flash Player\BrowserCache\IDMcache.bat" HKU\S-1-5-21-1935655697-1214440339-682003330-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [139264 2006-11-16] (Nero AG) HKU\S-1-5-21-1935655697-1214440339-682003330-1003\...\Run: [IPLA!] => C:\Program Files\ipla\ipla.exe [18633728 2010-11-15] (Redefine Sp z o.o.) HKU\S-1-5-21-1935655697-1214440339-682003330-1003\...\Run: [GG] => C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe [4023360 2014-06-04] (GG Network S.A.) HKU\S-1-5-21-1935655697-1214440339-682003330-1003\...\Run: [EPSON SX110 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [199680 2008-09-27] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1935655697-1214440339-682003330-1003\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5472016 2009-04-30] (Logitech Inc.) HKU\S-1-5-21-1935655697-1214440339-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1935655697-1214440339-682003330-1003\...\MountPoints2: {d887eca0-52df-11e3-965d-00241d9a8f36} - \WSiP\WSIP.exe Startup: C:\Documents and Settings\Waldek\Menu Start\Programy\Autostart\Torpedo.lnk ShortcutTarget: Torpedo.lnk -> C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\Torpedo\Torpedo.exe (Torpedo) ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.gazeta.pl/msn/0,0.html?pc=UP97&ocid=UP97DHP HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Waldek\Dane aplikacji\Mozilla\Firefox\Profiles\rocx8ar9.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Google FF Homepage: https://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Documents and Settings\Waldek\Dane aplikacji\Mozilla\Firefox\Profiles\rocx8ar9.default\searchplugins\ask-search.xml FF SearchPlugin: C:\Documents and Settings\Waldek\Dane aplikacji\Mozilla\Firefox\Profiles\rocx8ar9.default\searchplugins\bingp.xml FF Extension: DownloadHelper - C:\Documents and Settings\Waldek\Dane aplikacji\Mozilla\Firefox\Profiles\rocx8ar9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-15] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-09-12] ========================== Services (Whitelisted) ================= S2 .EsetTrialReset; C:\WINDOWS\system32\regedt32.exe [3584 2008-04-15] (Microsoft Corporation) R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-07-05] (CyberLink) R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-07-05] (CyberLink) S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-05-14] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [731840 2009-05-14] (ESET) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed] ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [114472 2009-05-14] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94360 2009-05-14] (ESET) S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-05-01] (Logitech Inc.) R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2009-04-30] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-11] (Malwarebytes Corporation) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [4125352 2011-12-02] (Realtek Semiconductor Corp.) R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [76560 2013-07-06] (CyberLink Corp.) S4 IntelIde; No ImagePath S3 RTLVLANMP; system32\DRIVERS\RTLVLAN.SYS [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-11 14:58 - 2014-07-11 14:59 - 00000000 ____D () C:\FRST 2014-07-10 21:08 - 2014-07-10 21:08 - 00000000 __SHD () C:\found.000 2014-07-10 20:31 - 2014-07-11 14:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-10 20:31 - 2014-07-10 20:31 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2014-07-10 20:31 - 2014-07-10 20:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-10 20:31 - 2014-07-10 20:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-07-10 20:31 - 2014-07-10 20:31 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-07-10 20:31 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-10 20:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-07-10 19:36 - 2014-07-11 14:40 - 00023998 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-10 19:21 - 2014-07-10 19:21 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2014-07-10 19:17 - 2014-07-10 19:17 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache 2014-06-30 15:13 - 2014-07-01 12:12 - 00000000 ___RD () C:\Documents and Settings\Waldek\Pulpit\Nowe NUTKI 2014-06-19 19:19 - 2014-07-10 20:30 - 00000000 ____D () C:\Documents and Settings\Waldek\Moje dokumenty\Pobrane ==================== One Month Modified Files and Folders ======= 2014-07-11 15:00 - 2013-09-11 18:01 - 00000000 ____D () C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp 2014-07-11 14:59 - 2014-07-11 14:58 - 00000000 ____D () C:\FRST 2014-07-11 14:57 - 2013-09-11 19:48 - 00252032 _____ () C:\WINDOWS\setupapi.log 2014-07-11 14:42 - 2013-09-27 17:05 - 00000000 ____D () C:\Documents and Settings\Waldek\Dane aplikacji\Skype 2014-07-11 14:41 - 2014-07-10 20:31 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-11 14:40 - 2014-07-10 19:36 - 00023998 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-11 14:40 - 2008-04-15 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-07-11 14:39 - 2013-09-11 19:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-07-11 14:39 - 2013-09-11 19:51 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-07-11 14:39 - 2013-09-11 18:01 - 00000000 ___RD () C:\Documents and Settings\Waldek\Menu Start\Programy\Autostart 2014-07-11 14:38 - 2014-03-27 15:41 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-07-11 14:38 - 2013-12-15 15:49 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-11 14:38 - 2013-09-15 15:23 - 00000000 ____D () C:\Documents and Settings\Waldek\Dane aplikacji\GG 2014-07-11 14:38 - 2013-09-15 14:55 - 00000000 ____D () C:\Documents and Settings\Waldek\Dane aplikacji\ipla 2014-07-11 14:38 - 2013-09-11 18:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-10 21:08 - 2014-07-10 21:08 - 00000000 __SHD () C:\found.000 2014-07-10 20:53 - 2013-09-12 13:06 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2014-07-10 20:53 - 2013-09-11 18:01 - 00032434 _____ () C:\WINDOWS\SchedLgU.Txt 2014-07-10 20:53 - 2013-09-11 18:01 - 00000188 ___SH () C:\Documents and Settings\Waldek\ntuser.ini 2014-07-10 20:43 - 2013-12-10 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$ 2014-07-10 20:43 - 2013-09-12 14:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-10 20:31 - 2014-07-10 20:31 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2014-07-10 20:31 - 2014-07-10 20:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-10 20:31 - 2014-07-10 20:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-07-10 20:31 - 2014-07-10 20:31 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-07-10 20:31 - 2013-09-11 19:48 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-07-10 20:31 - 2013-09-11 19:48 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-07-10 20:31 - 2013-09-11 19:48 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-07-10 20:30 - 2014-06-19 19:19 - 00000000 ____D () C:\Documents and Settings\Waldek\Moje dokumenty\Pobrane 2014-07-10 20:27 - 2013-12-15 15:49 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-10 20:04 - 2014-05-11 20:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-10 20:04 - 2013-09-12 14:47 - 00000730 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2014-07-10 20:04 - 2013-09-12 14:47 - 00000724 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2014-07-10 20:01 - 2013-09-15 16:57 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-10 19:42 - 2013-09-15 16:57 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-07-10 19:42 - 2013-09-15 16:57 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-07-10 19:32 - 2014-01-15 21:15 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-10 19:31 - 2013-12-12 01:35 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-10 19:21 - 2014-07-10 19:21 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2014-07-10 19:19 - 2013-09-11 19:48 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2014-07-10 19:17 - 2014-07-10 19:17 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache 2014-07-03 16:51 - 2013-09-11 18:01 - 00000000 ____D () C:\Documents and Settings\Waldek\Pulpit 2014-07-03 16:50 - 2014-01-18 17:52 - 00000000 ___RD () C:\Documents and Settings\Waldek\Pulpit\Gorące NuTkI 2014-07-03 16:48 - 2013-09-15 13:42 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini 2014-07-03 16:34 - 2013-11-17 20:22 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs 2014-07-03 16:31 - 2013-09-20 16:29 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-07-03 11:36 - 2014-02-14 09:53 - 00000000 _____ () C:\WINDOWS\system32\Drivers\logiflt.iad 2014-07-02 20:47 - 2013-10-20 16:04 - 00000000 ___RD () C:\Documents and Settings\Waldek\Pulpit\moje D 2014-07-01 12:12 - 2014-06-30 15:13 - 00000000 ___RD () C:\Documents and Settings\Waldek\Pulpit\Nowe NUTKI 2014-07-01 12:06 - 2013-09-11 19:48 - 00189221 _____ () C:\WINDOWS\setupact.log 2014-06-30 15:15 - 2014-03-10 21:17 - 00000000 ___RD () C:\Documents and Settings\Waldek\Pulpit\PSEJAŻDZKA 2014-06-30 15:15 - 2014-03-02 22:34 - 00000000 ___RD () C:\Documents and Settings\Waldek\Pulpit\daw 2014-06-30 13:12 - 2013-09-18 18:54 - 00000000 ___RD () C:\Documents and Settings\Waldek\Pulpit\Dawid 2014-06-30 12:47 - 2013-09-12 14:42 - 00002513 _____ () C:\Documents and Settings\Waldek\Pulpit\Microsoft Office Word 2007.lnk 2014-06-25 15:03 - 2013-09-11 18:01 - 00000000 ___HD () C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji 2014-06-24 16:40 - 2013-09-15 15:23 - 00000000 ____D () C:\Documents and Settings\Waldek\Ustawienia lokalne\Dane aplikacji\GG 2014-06-20 14:15 - 2013-09-23 15:41 - 00000000 ___RD () C:\Documents and Settings\Waldek\Pulpit\Nela 2014-06-19 19:19 - 2013-09-11 18:01 - 00000000 ___RD () C:\Documents and Settings\Waldek\Moje dokumenty 2014-06-17 22:14 - 2013-10-16 20:14 - 00000000 ____D () C:\Documents and Settings\Waldek\Moje dokumenty\Pobieranie 2014-06-15 22:32 - 2013-10-11 20:25 - 00000000 ___RD () C:\Documents and Settings\Waldek\Pulpit\Nieużywane skróty pulpitu Some content of TEMP: ==================== C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\7za.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\APNSetup.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\bassmod.dll C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\gg10.upgr.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\ggdrive-menu.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\ggdrive-overlay.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\installstats.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\jre-7u60-windows-i586-iftw.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\setup_wm.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\_is174.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\_is177.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\_is1A1.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\_is1A6.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\_is300.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\_is301.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\_is3AC.exe C:\Documents and Settings\Waldek\Ustawienia lokalne\Temp\_is42F.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================