Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2014 Ran by darek (administrator) on ZAQ on 08-12-2014 23:26:10 Running from C:\Documents and Settings\darek\Moje dokumenty Loaded Profile: darek (Available profiles: darek & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE (NVIDIA Corporation) C:\WINDOWS\system32\nvraidservice.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (SAMSUNG) C:\Program Files\SEC\MagicTune3.6\MagicTune.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Opera Software) C:\operausb1217int\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-12-22] (Realtek Semiconductor Corp.) HKLM\...\Run: [NVRaidService] => C:\WINDOWS\system32\nvraidservice.exe [83968 2004-06-11] (NVIDIA Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2007-08-20] (Ahead Software Gmbh) HKLM\...\Run: [AdslTaskBar] => rundll32.exe stmctrl.dll,TaskBar HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4767304 2013-03-07] (AVAST Software) HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\Policies\Explorer: [NoRecentDocsMenu] 0 HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\MountPoints2: H - H:\setup.exe -autorun HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\MountPoints2: {039ef48c-2f0c-11e1-a649-000fea385d46} - I:\AutoRun.exe HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\MountPoints2: {4fc7ff07-2fa8-11e1-a650-000fea385d46} - I:\AutoRun.exe HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\MountPoints2: {777bd5fb-2fc0-11e1-a652-000fea385d46} - I:\AutoRun.exe HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\MountPoints2: {7c4a3ce4-80e1-11e1-a6d0-000fea385d46} - I:\AutoRun.exe HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\MountPoints2: {7c4a3ce9-80e1-11e1-a6d0-001e101f89d0} - L:\AutoRun.exe HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\MountPoints2: {9e12ae4c-2f33-11e1-a64e-000fea385d46} - I:\AutoRun.exe HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\MountPoints2: {b8ee3fe0-8655-11e2-bfc7-000fea385d46} - K:\AutoRun.exe HKU\S-1-5-21-1606980848-1284227242-839522115-1003\...\MountPoints2: {ef4c14e1-f4b9-11da-9ba3-000fea385d46} - H:\setup.exe -autorun Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MagicTune 3.6.lnk ShortcutTarget: MagicTune 3.6.lnk -> C:\Program Files\SEC\MagicTune3.6\MagicTuneTray.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1606980848-1284227242-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1606980848-1284227242-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1606980848-1284227242-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ URLSearchHook: HKU\S-1-5-21-1606980848-1284227242-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKU\S-1-5-21-1606980848-1284227242-839522115-1003 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} SearchScopes: HKU\S-1-5-21-1606980848-1284227242-839522115-1003 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Downloads\Nowy folder\BitComet_1.12\tools\bitcometbho.dll (BitComet) BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: gFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files\FlashGet\getflash.dll () DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{0CA3D862-99E8-4413-83CA-E142847C5F30}: [NameServer] 194.204.152.34 194.204.159.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\darek\Dane aplikacji\Mozilla\Firefox\Profiles\bq2aui3b.default FF Homepage: hxxp://www.google.com/webhp?hl=pl FF Keyword.URL: hxxp://go.mail.ru/search?fr=fftb&q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @pandasecurity.com/activescan -> C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF Plugin: @real.com/nppl3260;version=6.0.11.3088 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin HKU\S-1-5-21-1606980848-1284227242-839522115-1003: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Extension: DownloadHelper - C:\Documents and Settings\darek\Dane aplikacji\Mozilla\Firefox\Profiles\bq2aui3b.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-27] FF Extension: Adblock Plus - C:\Documents and Settings\darek\Dane aplikacji\Mozilla\Firefox\Profiles\bq2aui3b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-27] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-10] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [45248 2013-03-07] (AVAST Software) R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) [File not signed] S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) [File not signed] R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2304320 2004-12-22] (Realtek Semiconductor Corp.) R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-03-07] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-03-07] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [49760 2013-03-07] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49248 2013-03-07] () R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770784 2014-12-01] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [368176 2013-03-07] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [62376 2013-03-07] (AVAST Software) S3 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [164736 2013-03-07] () S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation) R3 dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [223128 2006-06-05] () [File not signed] U3 hdvyjxyxqmkh; No ImagePath S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [85248 2010-11-04] (Huawei Technologies Co., Ltd.) R4 InCDfs; C:\WINDOWS\system32\Drivers\InCDfs.sys [91136 2004-09-07] (Ahead Software AG) [File not signed] R1 InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [28544 2004-09-07] (Ahead Software AG) [File not signed] U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [5760 2004-09-07] (Ahead Software AG) [File not signed] U3 laabhyqiggnl; No ImagePath R1 magicpvt; C:\WINDOWS\System32\drivers\magicpvt.sys [9728 2005-06-10] (Samsung Electronics, Inc.) [File not signed] R1 MagicTune; C:\WINDOWS\system32\drivers\MTictwl.sys [13396 2005-10-21] () [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation) R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-03] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33024 2004-07-28] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-07-28] (NVIDIA Corporation) R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation) R0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28544 2008-06-19] (Panda Security, S.L.) R3 Pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [47360 2007-04-15] (VSO Software) [File not signed] S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [642560 2006-06-05] () [File not signed] U3 stbyyqrcqsvf; No ImagePath R3 Stmatm; C:\WINDOWS\System32\DRIVERS\stmatm.sys [60255 2008-04-23] (STMicroelectronics ) [File not signed] R3 TaurusUsb; C:\WINDOWS\System32\DRIVERS\torususb.sys [683791 2008-04-23] () [File not signed] S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) U3 wdddcnhfodbs; No ImagePath S3 PC Camera ; system32\DRIVERS\pa3106hk.sys [X] S4 IntelIde; No ImagePath S3 USBET; system32\DRIVERS\ETdrv.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 23:26 - 2014-12-08 23:26 - 00014618 _____ () C:\Documents and Settings\darek\Moje dokumenty\FRST.txt 2014-12-08 23:24 - 2014-12-08 23:26 - 00000000 ____D () C:\FRST 2014-12-08 23:24 - 2014-12-08 23:24 - 00001716 _____ () C:\checkup.txt 2014-12-08 22:39 - 2014-12-08 23:17 - 00001166 _____ () C:\prośba.txt 2014-12-08 22:38 - 2014-12-08 17:59 - 00002866 _____ () C:\PCloudCleaner.LOG 2014-12-08 21:54 - 2014-12-08 21:54 - 00852487 _____ () C:\Documents and Settings\darek\Moje dokumenty\SecurityCheck.exe 2014-12-08 21:40 - 2014-12-08 21:40 - 01111040 _____ (Farbar) C:\Documents and Settings\darek\Moje dokumenty\FRST.exe 2014-12-08 19:45 - 2014-12-08 19:45 - 00000000 ____D () C:\Program Files\ESET 2014-12-08 19:34 - 2014-12-08 19:40 - 00000000 ____D () C:\Documents and Settings\darek\Dane aplikacji\Thunderbird 2014-12-08 19:34 - 2014-12-08 19:34 - 00000000 ____D () C:\Documents and Settings\darek\Ustawienia lokalne\Dane aplikacji\Thunderbird 2014-12-08 17:13 - 2014-12-08 17:16 - 00018764 _____ () C:\Documents and Settings\darek\Moje dokumenty\cc_20141208_171345.reg 2014-12-08 16:20 - 2014-12-08 16:20 - 00000935 _____ () C:\Documents and Settings\All Users\Pulpit\Panda Cloud Cleaner.lnk 2014-12-08 16:20 - 2014-12-08 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security 2014-12-08 16:12 - 2014-12-08 20:38 - 00000000 ____D () C:\operausb1217int 2014-12-08 16:12 - 2014-12-08 16:12 - 00000000 ____D () C:\ccsetup500 2014-12-08 16:12 - 2014-12-08 16:12 - 00000000 ____D () C:\!KillBox 2014-12-08 16:11 - 2014-12-08 16:12 - 00000000 ____D () C:\Apple Safari v4.0.4 2014-12-08 16:11 - 2014-12-08 11:15 - 00093696 _____ (Option^Explicit Software vbtechcd@gmail.com) C:\KillBox_[www.programosy.pl].exe 2014-12-06 19:33 - 2014-12-05 12:12 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\darek\Pulpit\OTL.exe 2014-12-05 22:19 - 2014-12-05 22:20 - 00001307 _____ () C:\Malwarebytes Anti-Malware 1.txt 2014-12-05 20:28 - 2014-12-05 20:28 - 00001854 _____ () C:\WINDOWS\setupapi.log 2014-12-04 18:39 - 2014-12-04 18:39 - 00001990 _____ () C:\Malwarebytes Anti-Malware 0.txt 2014-12-04 18:20 - 2014-12-07 15:36 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-04 18:19 - 2014-12-04 18:19 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2014-12-04 18:19 - 2014-12-04 18:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-12-04 18:19 - 2014-12-04 18:19 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-12-04 18:19 - 2014-12-04 18:19 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-12-04 18:19 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-04 18:19 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-04 18:18 - 2014-12-04 10:26 - 20447072 _____ (Malwarebytes Corporation ) C:\mbam-setup-2.0.4.1028.exe 2014-12-04 16:15 - 2014-12-08 22:36 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2014-12-03 18:16 - 2014-12-03 18:16 - 00000060 _____ () C:\WINDOWS\setupact.log 2014-12-03 18:11 - 2014-12-03 18:11 - 00000000 __SHD () C:\WINDOWS\CSC 2014-12-03 17:03 - 2014-12-03 17:04 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-12-03 17:03 - 2014-12-03 17:03 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-12-03 17:03 - 2006-06-02 23:13 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2014-12-03 17:03 - 2006-06-02 23:13 - 00000000 ___SD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2014-12-03 17:03 - 2006-06-02 23:13 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2014-12-03 17:03 - 2006-06-02 23:13 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start 2014-12-03 17:03 - 2006-06-02 23:13 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2014-12-03 17:03 - 2006-06-02 23:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2014-12-03 17:03 - 2006-06-02 23:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione 2014-12-03 17:03 - 2006-06-02 23:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2014-12-03 17:03 - 2006-06-02 23:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty 2014-12-03 17:03 - 2006-06-02 21:23 - 00001599 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk 2014-12-03 17:03 - 2006-06-02 21:23 - 00000792 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk 2014-12-03 17:03 - 2006-06-02 21:23 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria 2014-12-03 17:03 - 2006-06-02 21:23 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2014-12-03 17:03 - 2006-06-02 21:23 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2014-12-03 17:03 - 2006-06-02 21:19 - 00000000 ___HD () C:\Documents and Settings\Administrator\Szablony 2014-12-01 13:03 - 2014-12-01 13:03 - 00000175 _____ () C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2014-11-10 23:01 - 2014-11-10 23:01 - 00054156 ____H () C:\WINDOWS\QTFont.qfn 2014-11-10 23:01 - 2014-11-10 23:01 - 00001409 _____ () C:\WINDOWS\QTFont.for ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 23:26 - 2006-06-02 21:34 - 00000000 ____D () C:\Documents and Settings\darek\Ustawienia lokalne\Temp 2014-12-08 23:26 - 2006-06-02 21:34 - 00000000 ____D () C:\Documents and Settings\darek\Moje dokumenty 2014-12-08 23:23 - 2009-12-25 10:18 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1284227242-839522115-1004UA.job 2014-12-08 23:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At48.job 2014-12-08 23:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At24.job 2014-12-08 22:59 - 2012-07-16 21:02 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-12-08 22:58 - 2011-12-10 13:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-08 22:58 - 2011-12-10 13:54 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-08 22:58 - 2006-10-18 22:37 - 00000016 _____ () C:\WINDOWS\system32\magicpvt.dat 2014-12-08 22:58 - 2006-06-02 23:07 - 00000000 _____ () C:\WINDOWS\MEMORY.DMP 2014-12-08 22:58 - 2006-06-02 21:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-08 22:01 - 2006-06-02 21:26 - 00032444 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-08 22:00 - 2011-11-05 21:51 - 00777667 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-08 22:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At47.job 2014-12-08 22:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At23.job 2014-12-08 22:00 - 2006-06-02 21:34 - 00000188 ___SH () C:\Documents and Settings\darek\ntuser.ini 2014-12-08 21:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At46.job 2014-12-08 21:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At22.job 2014-12-08 20:36 - 2007-05-28 09:21 - 00000000 ____D () C:\WINDOWS\system32\ActiveScan 2014-12-08 20:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At45.job 2014-12-08 20:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At21.job 2014-12-08 19:34 - 2006-06-02 21:34 - 00000000 ___HD () C:\Documents and Settings\darek\Dane aplikacji 2014-12-08 19:32 - 2014-09-07 12:58 - 00000000 ____D () C:\Documents and Settings\darek\Dane aplikacji\GG 2014-12-08 18:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At43.job 2014-12-08 18:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At19.job 2014-12-08 17:19 - 2007-08-01 22:35 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2014-12-08 17:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At42.job 2014-12-08 17:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At18.job 2014-12-08 16:20 - 2009-01-04 20:31 - 00000000 ____D () C:\Program Files\Panda Security 2014-12-08 16:20 - 2006-06-02 23:13 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-12-08 16:20 - 2006-06-02 23:13 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-12-07 22:57 - 2006-06-03 08:40 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-12-07 21:43 - 2008-07-06 12:46 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Soulseek 2014-12-07 19:28 - 2006-06-02 21:34 - 00000000 ___SD () C:\Documents and Settings\darek\Ustawienia lokalne\Historia 2014-12-07 19:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At44.job 2014-12-07 19:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At20.job 2014-12-07 18:45 - 2006-06-02 21:34 - 00000000 ____D () C:\Documents and Settings\darek 2014-12-07 16:05 - 2014-08-24 23:10 - 00000000 ____D () C:\Documents and Settings\darek\Ustawienia lokalne\Dane aplikacji\Skype 2014-12-07 16:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At41.job 2014-12-07 16:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At17.job 2014-12-07 15:19 - 2006-06-02 21:34 - 00000000 ____D () C:\Documents and Settings\darek\Pulpit 2014-12-07 15:06 - 2006-06-02 21:34 - 00000000 ___RD () C:\Documents and Settings\darek\Ulubione 2014-12-07 14:08 - 2006-06-03 08:40 - 00057856 _____ () C:\Documents and Settings\darek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-07 14:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At39.job 2014-12-07 14:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At15.job 2014-12-07 14:00 - 2006-06-05 18:41 - 00000000 ____D () C:\ET2 2014-12-07 13:00 - 2011-11-28 20:19 - 00000000 ____D () C:\Program Files\Neostrada TP 2014-12-07 13:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At38.job 2014-12-07 13:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At14.job 2014-12-07 00:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At25.job 2014-12-07 00:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At1.job 2014-12-05 20:37 - 2006-06-02 23:11 - 00000212 ___SH () C:\boot.ini 2014-12-05 20:37 - 2001-07-22 01:16 - 00000909 _____ () C:\WINDOWS\win.ini 2014-12-05 20:37 - 2001-07-22 01:15 - 00009448 _____ () C:\WINDOWS\SYSTEM.INI 2014-12-05 20:34 - 2006-06-03 23:33 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2014-12-05 20:28 - 2006-06-02 23:07 - 00000000 ____D () C:\WINDOWS\repair 2014-12-05 20:28 - 2006-06-02 21:19 - 00000000 ____D () C:\WINDOWS\Registration 2014-12-05 20:24 - 2006-06-03 07:54 - 00043016 ____N () C:\Documents and Settings\darek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-12-05 20:21 - 2001-07-22 01:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-05 17:46 - 2006-06-19 20:25 - 00000000 ____D () C:\dane i programy 2014-12-05 17:32 - 2006-06-02 23:12 - 00192976 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-12-04 22:50 - 2006-06-02 23:07 - 00000000 ____D () C:\WINDOWS\msagent 2014-12-04 21:34 - 2009-02-11 13:16 - 00000000 ____D () C:\Documents and Settings\darek\Dane aplikacji\Thinstall 2014-12-04 21:32 - 2006-06-02 21:34 - 00000000 ___HD () C:\Documents and Settings\darek\Ustawienia lokalne\Dane aplikacji 2014-12-04 18:19 - 2006-06-02 23:13 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-12-02 13:56 - 2006-06-02 21:26 - 00000000 ____D () C:\Documents and Settings\LocalService\Dane aplikacji 2014-12-02 13:43 - 2006-06-03 19:20 - 00000082 _____ () C:\WINDOWS\wininit.ini 2014-12-02 12:13 - 2008-03-21 13:28 - 00000000 ____D () C:\Program Files\eMule 2014-12-02 12:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At37.job 2014-12-02 12:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At13.job 2014-12-02 11:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At36.job 2014-12-02 11:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At12.job 2014-12-02 10:23 - 2009-12-25 10:18 - 00001076 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1284227242-839522115-1004Core.job 2014-12-02 10:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At35.job 2014-12-02 10:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At11.job 2014-12-01 15:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At40.job 2014-12-01 15:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At16.job 2014-12-01 13:03 - 2011-05-10 21:20 - 00770784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-12-01 09:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At34.job 2014-12-01 09:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At10.job 2014-12-01 08:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At33.job 2014-12-01 08:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At9.job 2014-12-01 07:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At32.job 2014-12-01 07:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At8.job 2014-11-29 01:00 - 2007-08-02 22:27 - 00000362 _____ () C:\WINDOWS\Tasks\At26.job 2014-11-29 01:00 - 2007-07-01 12:29 - 00000362 _____ () C:\WINDOWS\Tasks\At2.job 2014-11-28 21:22 - 2006-09-03 16:49 - 00000000 ____D () C:\soulseek_donload 2014-11-23 10:52 - 2006-06-03 19:47 - 00000000 ____D () C:\Documents and Settings\darek\Moje dokumenty\prog_edukac 2014-11-21 21:56 - 2006-10-21 21:59 - 00000000 ____D () C:\Program Files\FlashGet 2014-11-21 20:52 - 2007-06-02 23:15 - 02133818 ____N () C:\Documents and Settings\darek\Moje dokumenty\DVD muza.DLC 2014-11-17 21:56 - 2014-06-05 16:51 - 00000352 ____N () C:\Documents and Settings\darek\Menu Start\Programy\Image Eye.lnk 2014-11-17 21:56 - 2006-06-02 21:34 - 00000000 ___RD () C:\Documents and Settings\darek\Menu Start\Programy 2014-11-09 21:33 - 2007-12-17 20:47 - 00001066 _____ () C:\WINDOWS\WaveRec.ini Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At10.job C:\Windows\Tasks\At11.job C:\Windows\Tasks\At12.job C:\Windows\Tasks\At13.job C:\Windows\Tasks\At14.job C:\Windows\Tasks\At15.job C:\Windows\Tasks\At16.job C:\Windows\Tasks\At17.job C:\Windows\Tasks\At18.job C:\Windows\Tasks\At19.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At20.job C:\Windows\Tasks\At21.job C:\Windows\Tasks\At22.job C:\Windows\Tasks\At23.job C:\Windows\Tasks\At24.job C:\Windows\Tasks\At25.job C:\Windows\Tasks\At26.job C:\Windows\Tasks\At27.job C:\Windows\Tasks\At28.job C:\Windows\Tasks\At29.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At30.job C:\Windows\Tasks\At31.job C:\Windows\Tasks\At32.job C:\Windows\Tasks\At33.job C:\Windows\Tasks\At34.job C:\Windows\Tasks\At35.job C:\Windows\Tasks\At36.job C:\Windows\Tasks\At37.job C:\Windows\Tasks\At38.job C:\Windows\Tasks\At39.job C:\Windows\Tasks\At4.job C:\Windows\Tasks\At40.job C:\Windows\Tasks\At41.job C:\Windows\Tasks\At42.job C:\Windows\Tasks\At43.job C:\Windows\Tasks\At44.job C:\Windows\Tasks\At45.job C:\Windows\Tasks\At46.job C:\Windows\Tasks\At47.job C:\Windows\Tasks\At48.job C:\Windows\Tasks\At5.job C:\Windows\Tasks\At6.job C:\Windows\Tasks\At7.job C:\Windows\Tasks\At8.job C:\Windows\Tasks\At9.job ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================