Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015 Ran by xXx (administrator) on XXX-F8511966402 on 05-03-2015 09:25:02 Running from C:\Documents and Settings\xXx\Moje dokumenty\Downloads Loaded Profiles: xXx (Available profiles: xXx) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Advanced Micro Devices Inc.) E:\ATI TECHNOLOGIES\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) E:\ATI TECHNOLOGIES\ATI.ACE\Core-Static\CCC.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\system32\dwwin.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\dwwin.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [StartCCC] => E:\ATI TECHNOLOGIES\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-11-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-1606980848-789336058-682003330-1003\...\Run: [DAEMON Tools Lite] => E:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1606980848-789336058-682003330-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\S-1-5-21-1606980848-789336058-682003330-1003 -> {72F7767D-D8FF-40C1-A911-93B9FE23DC9A} URL = https://www.google.com/search?q={searchTerms} BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB Tcpip\Parameters: [DhcpNameServer] 192.168.65.65 46.148.145.10 195.46.37.2 FireFox: ======== FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR Profile: C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29] CHR Extension: (Google Docs) - C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29] CHR Extension: (Google Drive) - C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29] CHR Extension: (YouTube) - C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29] CHR Extension: (Google Search) - C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29] CHR Extension: (Google Sheets) - C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29] CHR Extension: (AdBlock) - C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-30] CHR Extension: (Google Wallet) - C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29] CHR Extension: (Gmail) - C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed] S4 MBAMScheduler; E:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; E:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AIRPLUS; C:\WINDOWS\System32\DRIVERS\airplus.sys [255360 2006-08-15] (D-Link) [File not signed] S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4024832 2006-11-06] (Realtek Semiconductor Corp.) S3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-07-28] (Disc Soft Ltd) S3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2007-04-17] (VIA Technologies, Inc. ) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [42496 2004-04-15] (VIA Technologies, Inc. ) R3 HdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [136448 2006-11-09] (VIA Technologies, Inc.) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [50960 2002-02-15] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16112 2002-03-21] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [22512 2002-03-08] (HP) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-06] (Malwarebytes Corporation) S3 MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10.sys [51968 2011-02-10] (Generic USB smartcard reader) S3 NTSIM; C:\WINDOWS\system32\ntsim.sys [7040 2003-07-17] (VIA Networking Technologies, Inc. ) [File not signed] R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-12-05] (Sonic Solutions) [File not signed] S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.) S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.) R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.) R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-05 08:58 - 2015-03-05 08:58 - 00000008 __RSH () C:\Documents and Settings\All Users\ntuser.pol 2015-03-03 19:40 - 2015-03-05 09:25 - 00000000 ____D () C:\FRST 2015-03-03 18:38 - 2015-03-05 09:25 - 00000000 ____D () C:\Documents and Settings\xXx\Ustawienia lokalne\temp 2015-03-03 18:38 - 2015-03-03 18:38 - 00014911 _____ () C:\ComboFix.txt 2015-03-03 18:38 - 2015-03-03 18:38 - 00000000 ____D () C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp 2015-03-03 18:38 - 2015-03-03 18:38 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\temp 2015-03-03 18:38 - 2015-03-03 18:38 - 00000000 ____D () C:\Documents and Settings\Default User\Ustawienia lokalne\temp 2015-03-03 18:25 - 2015-03-03 18:25 - 00000000 _RSHD () C:\cmdcons 2015-03-03 18:25 - 2008-05-21 12:36 - 00000211 _____ () C:\Boot.bak 2015-03-03 18:25 - 2004-08-03 23:00 - 00262400 __RSH () C:\cmldr 2015-03-03 18:24 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2015-03-03 18:24 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2015-03-03 18:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2015-03-03 18:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2015-03-03 18:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2015-03-03 18:24 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2015-03-03 18:24 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2015-03-03 18:24 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2015-03-03 18:24 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2015-03-03 18:23 - 2015-03-03 18:38 - 00000000 ____D () C:\Qoobox 2015-03-03 18:23 - 2015-03-03 18:38 - 00000000 ____D () C:\ComboFix 2015-03-03 18:23 - 2015-03-03 18:36 - 00000000 ____D () C:\WINDOWS\erdnt 2015-03-03 18:23 - 2015-03-03 18:23 - 00000000 ___RD () C:\Documents and Settings\xXx\Menu Start\Programy\Narzędzia administracyjne 2015-03-03 18:22 - 2015-03-03 18:22 - 05612482 ____R (Swearware) C:\Documents and Settings\xXx\Pulpit\ComboFix.exe 2015-03-03 17:30 - 2015-03-03 17:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030315-01.dmp 2015-02-27 23:54 - 2015-02-27 23:53 - 00069552 ____H () C:\WINDOWS\Minidump\Mini022715-01.dmp 2015-02-24 16:15 - 2015-02-24 16:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini022415-01.dmp 2015-02-22 19:06 - 2015-02-22 19:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini022215-01.dmp 2015-02-21 23:09 - 2015-02-21 23:09 - 00090112 _____ () C:\WINDOWS\Minidump\Mini022115-01.dmp 2015-02-20 19:35 - 2015-02-20 19:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini022015-01.dmp 2015-02-19 21:39 - 2015-02-19 21:39 - 00000752 _____ () C:\Documents and Settings\xXx\Pulpit\Skrót do Tibia MULTI-ip changer.lnk 2015-02-19 21:38 - 2015-02-19 21:38 - 00000637 _____ () C:\Documents and Settings\xXx\Pulpit\Skrót do loader.lnk 2015-02-19 21:38 - 2015-02-19 21:38 - 00000608 _____ () C:\Documents and Settings\xXx\Pulpit\Skrót do Tibia.lnk 2015-02-19 15:16 - 2015-02-19 15:16 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021915-04.dmp 2015-02-19 15:00 - 2015-02-19 15:00 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021915-03.dmp 2015-02-19 14:58 - 2015-02-19 14:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021915-02.dmp 2015-02-19 14:56 - 2015-02-19 14:56 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021915-01.dmp 2015-02-18 21:11 - 2015-02-18 21:11 - 00000877 _____ () C:\Documents and Settings\xXx\Pulpit\Skrót do chrome.lnk 2015-02-18 20:03 - 2015-02-18 20:05 - 00000000 ____D () C:\Program Files\Google 2015-02-18 19:42 - 2015-02-18 19:42 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-03.dmp 2015-02-18 19:31 - 2015-02-18 19:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-02.dmp 2015-02-18 19:29 - 2015-02-18 19:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-01.dmp 2015-02-18 18:22 - 2015-02-26 20:01 - 00000000 ____D () C:\Documents and Settings\xXx\Dane aplikacji\Tibia 2015-02-16 16:30 - 2015-02-16 16:27 - 00069552 ____H () C:\WINDOWS\Minidump\Mini021615-01.dmp 2015-02-07 22:47 - 2015-02-07 22:46 - 00069552 ____H () C:\WINDOWS\Minidump\Mini020715-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-05 09:23 - 2008-05-21 12:52 - 00000000 ____D () C:\Documents and Settings\xXx\Pulpit 2015-03-05 09:08 - 2014-07-15 20:04 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-05 08:59 - 2008-05-21 12:41 - 01682456 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-05 08:58 - 2014-08-30 09:54 - 00262144 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2015-03-05 08:58 - 2014-07-15 20:04 - 00001026 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-05 08:58 - 2009-05-16 16:43 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job 2015-03-05 08:58 - 2008-05-21 14:31 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-03-05 08:58 - 2008-05-21 14:31 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-03-05 08:58 - 2008-05-21 12:52 - 00000000 __SHD () C:\Documents and Settings\xXx\Ustawienia lokalne\Historia 2015-03-05 08:58 - 2008-05-21 12:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-05 08:58 - 2008-05-21 12:49 - 00000000 __SHD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2015-03-05 08:56 - 2008-05-21 12:52 - 00000188 ___SH () C:\Documents and Settings\xXx\ntuser.ini 2015-03-05 08:56 - 2008-05-21 12:49 - 00032530 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-05 08:55 - 2014-07-08 09:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-03-05 08:55 - 2008-05-21 14:27 - 00000000 ___SD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-03-05 08:55 - 2008-05-21 14:27 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-03-05 08:55 - 2008-05-21 12:48 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2015-03-04 22:39 - 2014-07-07 16:40 - 00000000 ____D () C:\Documents and Settings\xXx\Dane aplikacji\uTorrent 2015-03-04 20:08 - 2008-05-21 12:52 - 00000000 ___HD () C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji 2015-03-03 20:56 - 2008-05-21 14:27 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-03-03 19:47 - 2015-01-25 22:52 - 00001778 _____ () C:\Documents and Settings\All Users\Pulpit\Adobe Reader XI.lnk 2015-03-03 18:38 - 2008-05-21 14:27 - 00000000 __RHD () C:\Documents and Settings\Default User\Ustawienia lokalne 2015-03-03 18:38 - 2008-05-21 12:52 - 00000000 ___HD () C:\Documents and Settings\xXx\Ustawienia lokalne 2015-03-03 18:38 - 2008-05-21 12:49 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne 2015-03-03 18:38 - 2008-05-21 12:48 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne 2015-03-03 18:36 - 2002-09-28 22:00 - 00000827 _____ () C:\WINDOWS\system.ini 2015-03-03 18:26 - 2008-05-21 12:52 - 00000000 __RHD () C:\Documents and Settings\xXx\Dane aplikacji 2015-03-03 18:25 - 2008-05-21 14:25 - 00000327 __RSH () C:\boot.ini 2015-03-03 18:23 - 2008-05-21 12:52 - 00000000 ___RD () C:\Documents and Settings\xXx\Menu Start\Programy 2015-03-03 17:30 - 2008-09-22 18:03 - 00000000 ____D () C:\WINDOWS\Minidump 2015-03-02 21:30 - 2008-05-25 17:32 - 00106496 _____ () C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-28 16:33 - 2015-01-11 17:39 - 00000208 _____ () C:\Documents and Settings\xXx\Moje dokumenty\spider.sav 2015-02-27 16:18 - 2002-09-28 22:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-20 16:07 - 2008-05-21 14:28 - 01190026 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-20 16:07 - 2002-09-28 22:00 - 00532118 _____ () C:\WINDOWS\system32\perfh015.dat 2015-02-20 16:07 - 2002-09-28 22:00 - 00093882 _____ () C:\WINDOWS\system32\perfc015.dat 2015-02-19 21:34 - 2014-10-05 09:13 - 00112875 _____ () C:\WINDOWS\setupapi.log 2015-02-18 20:03 - 2014-12-29 13:35 - 00000000 ____D () C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Google 2015-02-18 20:03 - 2014-07-15 20:03 - 00000000 ____D () C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\Deployment 2015-02-18 20:02 - 2014-07-01 15:29 - 00002974 _____ () C:\WINDOWS\system32\nvAppTimestamps 2015-02-18 19:59 - 2008-05-21 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-02-18 19:56 - 2014-10-11 14:08 - 00040523 _____ () C:\WINDOWS\iis6.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00037708 _____ () C:\WINDOWS\FaxSetup.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00020596 _____ () C:\WINDOWS\ocgen.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00018745 _____ () C:\WINDOWS\tsoc.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00012703 _____ () C:\WINDOWS\comsetup.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00007993 _____ () C:\WINDOWS\ntdtcsetup.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00007007 _____ () C:\WINDOWS\netfxocm.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00002844 _____ () C:\WINDOWS\MedCtrOC.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00002399 _____ () C:\WINDOWS\ocmsn.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00001988 _____ () C:\WINDOWS\msgsocm.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00001917 _____ () C:\WINDOWS\imsins.log 2015-02-18 19:56 - 2014-10-11 14:08 - 00001914 _____ () C:\WINDOWS\tabletoc.log 2015-02-18 19:53 - 2008-05-21 12:52 - 00000000 ___RD () C:\Documents and Settings\xXx\Moje dokumenty 2015-02-18 19:33 - 2008-05-21 14:27 - 00000000 ___HD () C:\Documents and Settings\Default User\Ustawienia lokalne\Dane aplikacji 2015-02-18 18:49 - 2008-05-21 12:52 - 00000000 ___RD () C:\Documents and Settings\xXx\Menu Start\Programy\Autostart ==================== Files in the root of some directories ======= 2008-05-25 15:45 - 2004-10-01 14:00 - 0040960 _____ () C:\Program Files\Uninstall_CDS.exe 2014-07-30 16:26 - 2014-07-30 18:56 - 0000222 _____ () C:\Documents and Settings\xXx\Dane aplikacji\burnaware.ini 2008-05-25 17:32 - 2015-03-02 21:30 - 0106496 _____ () C:\Documents and Settings\xXx\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Documents and Settings\xXx\Ustawienia lokalne\temp\KQSOI.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================