Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Ania kwiaty (administrator) on ANIA on 08-04-2015 21:10:51 Running from C:\Documents and Settings\Ania kwiaty\Moje dokumenty Loaded Profiles: Ania kwiaty (Available profiles: Ania kwiaty) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (France Telecom SA) C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16859136 2007-12-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [CardDetectorHUAWEI177] => C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe [290816 2011-02-23] (France Telecom SA) HKLM\...\Run: [BEWINTERNET-PL-IEWSessionManager] => C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe [140016 2011-02-23] (France Telecom SA) HKLM\...\Run: [BEWINTERNET-PL-IEWSMSNotify] => C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Phonetools\SMSNotify.exe [131072 2011-02-23] (France Telecom) HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [ConvertAd] => C:\Documents and Settings\Ania kwiaty\Ustawienia lokalne\Dane aplikacji\ConvertAd\ConvertAd.exe HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKU\S-1-5-21-448539723-515967899-1801674531-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-448539723-515967899-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd) HKU\S-1-5-21-448539723-515967899-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-448539723-515967899-1801674531-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4557552 2015-03-31] (Disc Soft Ltd) HKU\S-1-5-21-448539723-515967899-1801674531-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe [960688 2015-01-28] (Adobe Systems Incorporated) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1428515936&from=cor&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1415913125&from=obw&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1428515936&from=cor&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-448539723-515967899-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1428515936&from=cor&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD HKU\S-1-5-21-448539723-515967899-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-448539723-515967899-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1428515936&from=cor&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1428515936&from=cor&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1428515936&from=cor&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD&q={searchTerms} SearchScopes: HKU\S-1-5-21-448539723-515967899-1801674531-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1428515936&from=cor&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD&q={searchTerms} SearchScopes: HKU\S-1-5-21-448539723-515967899-1801674531-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1428515936&from=cor&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD&q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-15] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-15] (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-22] () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-15] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-19] FF HKU\S-1-5-21-448539723-515967899-1801674531-1003\...\Firefox\Extensions: [{E528A21C-8D60-CDC8-A5E6-1A33C11D995C}] - C:\Program Files\ver5BlockAndSurf\182.xpi Opera: ======= OPR StartupUrls: "hxxp://do-search.com/?type=hp&ts=1428515936&from=cor&uid=ST9160827AS_5RF0PTADXXXX5RF0PTAD" OPR Extension: (No Name) - C:\Documents and Settings\Ania kwiaty\Dane aplikacji\Opera Software\Opera Stable\Extensions\gnjbfdmiommbcdfigaefehgdndnpeech [2014-11-13] OPR Extension: (No Name) - C:\Documents and Settings\Ania kwiaty\Dane aplikacji\Opera Software\Opera Stable\Extensions\ilhhefepljbmehhbmjcflhcchkddfaon [2014-11-13] OPR Extension: (No Name) - C:\Documents and Settings\Ania kwiaty\Dane aplikacji\Opera Software\Opera Stable\Extensions\jhapbopfchfogphiimjbhodmgnppoigk [2014-11-13] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-13] (AVAST Software) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1023728 2015-03-31] (Disc Soft Ltd) R2 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [90112 2011-02-23] (France Telecom SA) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-15] (Oracle Corporation) R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [159812 2000-01-01] (NVIDIA Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [549184 2007-10-26] (Atheros Communications, Inc.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-13] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-11-13] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-11-13] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-13] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-13] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414392 2014-11-13] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-11-13] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-11-13] () R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-04-08] (Disc Soft Ltd) S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [82816 2010-11-15] (Huawei Technologies Co., Ltd.) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-02] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6081984 2000-01-01] (NVIDIA Corporation) [File not signed] R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [46720 2007-05-04] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2007-05-04] (NVIDIA Corporation) S3 PCAMPR5; C:\WINDOWS\system32\PCAMPR5.SYS [34688 2009-08-31] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [32128 2009-08-31] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}t; C:\WINDOWS\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}t.sys [55056 2014-09-21] (StdLib) S1 ccnfd_1_10_0_2; system32\drivers\ccnfd_1_10_0_2.sys [X] S4 IntelIde; No ImagePath U4 WMCoreService; No ImagePath S1 wpnfd_1_10_0_1; system32\drivers\wpnfd_1_10_0_1.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 21:10 - 2015-04-08 21:11 - 00015294 _____ () C:\Documents and Settings\Ania kwiaty\Moje dokumenty\FRST.txt 2015-04-08 21:10 - 2015-04-08 21:10 - 01135104 _____ (Farbar) C:\Documents and Settings\Ania kwiaty\Moje dokumenty\FRST.exe 2015-04-08 21:10 - 2015-04-08 21:10 - 00000000 ____D () C:\FRST 2015-04-08 20:10 - 2015-04-08 20:11 - 00000000 ____D () C:\Documents and Settings\Ania kwiaty\Dane aplikacji\DAEMON Tools Lite 2015-04-08 20:10 - 2015-04-08 20:10 - 00025104 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys 2015-04-08 20:10 - 2015-04-08 20:10 - 00001613 _____ () C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk 2015-04-08 20:10 - 2015-04-08 20:10 - 00000000 ____D () C:\WINDOWS\LastGood 2015-04-08 20:10 - 2015-04-08 20:10 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2015-04-08 20:10 - 2015-04-08 20:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite 2015-04-08 20:09 - 2015-04-08 20:09 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite 2015-04-08 20:02 - 2015-04-08 20:02 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-04-08 19:59 - 2015-04-08 19:59 - 00738232 _____ (Generic internet ) C:\Documents and Settings\Ania kwiaty\Moje dokumenty\DAEMON-Tools-Lite(12708)-dp (2).exe 2015-04-08 19:59 - 2015-04-08 19:59 - 00000000 ____D () C:\Documents and Settings\Ania kwiaty\Dane aplikacji\do-search 2015-04-08 19:58 - 2015-04-08 19:58 - 00738232 _____ (Generic internet ) C:\Documents and Settings\Ania kwiaty\Moje dokumenty\DAEMON-Tools-Lite(12708)-dp (1).exe 2015-04-08 19:57 - 2015-04-08 19:57 - 00738232 _____ (Generic internet ) C:\Documents and Settings\Ania kwiaty\Moje dokumenty\DAEMON-Tools-Lite(12708)-dp.exe 2015-03-25 17:52 - 2015-03-25 17:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032515-01.dmp 2015-03-12 12:52 - 2015-03-12 12:52 - 00001043 _____ () C:\Documents and Settings\Ania kwiaty\Moje dokumenty\Niedostarczona_poczta_-_zwrot_do_nadawcy.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 21:11 - 2014-08-14 16:15 - 00000000 ____D () C:\Documents and Settings\Ania kwiaty\Ustawienia lokalne\Temp 2015-04-08 21:10 - 2014-08-14 16:15 - 00000000 ___RD () C:\Documents and Settings\Ania kwiaty\Moje dokumenty 2015-04-08 21:09 - 2014-08-14 18:16 - 00000000 ____D () C:\Documents and Settings\Ania kwiaty\Dane aplikacji\Skype 2015-04-08 21:07 - 2014-11-12 18:07 - 00000432 _____ () C:\WINDOWS\Tasks\At1.job 2015-04-08 20:53 - 2014-11-13 22:52 - 00000958 _____ () C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_313939323530303332392d3437415a556c2a3223346c41.job 2015-04-08 20:25 - 2014-08-14 19:10 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2015-04-08 20:11 - 2015-01-18 23:22 - 00025038 _____ () C:\WINDOWS\setupapi.log 2015-04-08 20:10 - 2014-08-14 17:49 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-04-08 20:10 - 2014-08-14 17:49 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-04-08 20:10 - 2014-08-14 16:15 - 00000000 __RHD () C:\Documents and Settings\Ania kwiaty\Dane aplikacji 2015-04-08 20:09 - 2014-08-14 17:48 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-04-08 20:06 - 2014-08-14 17:50 - 01178396 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-08 20:06 - 2014-08-14 17:38 - 00000000 ____D () C:\WINDOWS\system32\pl-pl 2015-04-08 20:06 - 2001-10-26 19:15 - 00532122 _____ () C:\WINDOWS\system32\perfh015.dat 2015-04-08 20:06 - 2001-10-26 19:15 - 00093512 _____ () C:\WINDOWS\system32\perfc015.dat 2015-04-08 20:00 - 2014-08-14 16:15 - 00000000 ____D () C:\Documents and Settings\Ania kwiaty\Pulpit 2015-04-08 19:57 - 2014-08-14 16:06 - 01914392 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-08 19:54 - 2014-11-13 22:52 - 00000442 _____ () C:\WINDOWS\Tasks\SMupdate3.job 2015-04-08 19:15 - 2014-11-13 22:52 - 00000442 _____ () C:\WINDOWS\Tasks\SMupdate2.job 2015-04-08 19:15 - 2014-11-13 22:52 - 00000442 _____ () C:\WINDOWS\Tasks\SMupdate1.job 2015-04-08 19:15 - 2014-08-14 16:12 - 00032562 _____ () C:\WINDOWS\SchedLgU.Txt 2015-04-08 19:12 - 2014-08-14 18:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2015-04-08 19:10 - 2014-11-13 23:20 - 00000326 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-04-08 19:10 - 2008-04-08 01:02 - 00000200 _____ () C:\WINDOWS\avast5.ini 2015-04-08 19:09 - 2014-11-10 20:52 - 00000000 ____D () C:\Program Files\Opera 2015-04-08 19:09 - 2014-09-16 14:16 - 00000436 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410869771.job 2015-04-08 19:09 - 2014-08-14 17:04 - 00184028 _____ () C:\WINDOWS\system32\nvapps.xml 2015-04-08 19:08 - 2014-11-13 22:57 - 00001396 _____ () C:\WINDOWS\Tasks\ZBALKSH.job 2015-04-08 19:08 - 2014-11-13 22:57 - 00001396 _____ () C:\WINDOWS\Tasks\YQJZFRE.job 2015-04-08 19:08 - 2014-11-13 22:55 - 00001394 _____ () C:\WINDOWS\Tasks\FZNXDO.job 2015-04-08 19:08 - 2014-11-13 22:55 - 00001392 _____ () C:\WINDOWS\Tasks\ZAJJM.job 2015-04-08 19:08 - 2014-11-13 22:52 - 00000370 _____ () C:\WINDOWS\Tasks\YTDownloader.job 2015-04-08 19:08 - 2014-11-13 22:52 - 00000352 _____ () C:\WINDOWS\Tasks\ShopperProJSUpd.job 2015-04-08 19:08 - 2014-08-18 13:46 - 00000234 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-04-08 19:08 - 2014-08-14 17:58 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-04-08 19:08 - 2014-08-14 17:58 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-04-08 19:08 - 2014-08-14 16:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-08 12:35 - 2014-08-14 16:15 - 00000188 ___SH () C:\Documents and Settings\Ania kwiaty\ntuser.ini 2015-04-08 12:34 - 2014-08-14 18:46 - 00000000 ____D () C:\Documents and Settings\Ania kwiaty\Dane aplikacji\GG 2015-04-07 22:20 - 2015-01-23 23:20 - 00000034 _____ () C:\WINDOWS\AvastEmUpdate.ini 2015-04-07 21:59 - 2014-09-22 10:46 - 00002267 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2015-04-07 21:54 - 2008-04-08 01:30 - 00000474 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A16F4A34-78E6-4BF2-8AE0-B691D9F87CF1}.job 2015-04-05 15:28 - 2001-07-22 01:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-04-03 22:20 - 2014-08-14 18:46 - 00000000 ____D () C:\Documents and Settings\Ania kwiaty\Ustawienia lokalne\Dane aplikacji\GG 2015-03-28 23:01 - 2015-01-28 20:22 - 00000892 _____ () C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-03-25 17:52 - 2015-02-10 10:51 - 00000000 ____D () C:\WINDOWS\Minidump 2015-03-13 13:25 - 2014-08-14 16:04 - 00000000 ____D () C:\Program Files\Common Files\System ==================== Files in the root of some directories ======= 2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Documents and Settings\Ania kwiaty\Dane aplikacji\FZNXDO 2014-11-12 21:27 - 2014-11-13 21:38 - 0000067 _____ () C:\Documents and Settings\Ania kwiaty\Dane aplikacji\WB.CFG 2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Documents and Settings\Ania kwiaty\Dane aplikacji\YQJZFRE 2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Documents and Settings\Ania kwiaty\Dane aplikacji\ZAJJM 2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Documents and Settings\Ania kwiaty\Dane aplikacji\ZBALKSH Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Documents and Settings\Ania kwiaty\Ustawienia lokalne\Temp\ggdrive-menu.exe C:\Documents and Settings\Ania kwiaty\Ustawienia lokalne\Temp\ggdrive-overlay.exe C:\Documents and Settings\Ania kwiaty\Ustawienia lokalne\Temp\installstats.exe C:\Documents and Settings\Ania kwiaty\Ustawienia lokalne\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================