Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01 Ran by Administrator (administrator) on UNKNOWN-71426F9 on 01-07-2015 13:30:08 Running from C:\Documents and Settings\Administrator\Moje dokumenty\Pobrane Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 6 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Sony DADC Austria AG.) C:\WINDOWS\system32\UAService7.exe (TODO: <公司名>) C:\Program Files\Blazers\Watsvc.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Edimax Technology Co.) C:\Program Files\EDIMAX\Common\RaUI.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16380416 2007-07-05] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Web Protector Plus Agent] => "C:\Program Files\WebProtectorPlus\WebProtectorPlus.exe" HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-26] (Avast Software s.r.o.) HKU\S-1-5-21-1708537768-861567501-725345543-500\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-1708537768-861567501-725345543-500\...\Run: [BitComet] => "E:\Program Files\BitComet\BitComet.exe" /tray HKU\S-1-5-21-1708537768-861567501-725345543-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-15] (Microsoft Corporation) HKU\S-1-5-21-1708537768-861567501-725345543-500\...\Run: [ChicaPasswordManager] => "C:\Program Files\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned HKU\S-1-5-21-1708537768-861567501-725345543-500\...\Run: [FDPRO-516] => C:\Program Files\Fighters\FighterLauncher.exe FDPRO HKU\S-1-5-21-1708537768-861567501-725345543-500\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_190_Plugin.exe [927920 2015-06-29] (Adobe Systems Incorporated) HKU\S-1-5-21-1708537768-861567501-725345543-500\...\MountPoints2: C - C:\Autorun.exe HKU\S-1-5-21-1708537768-861567501-725345543-500\...\MountPoints2: E - E:\setupSNK.exe HKU\S-1-5-21-1708537768-861567501-725345543-500\...\MountPoints2: {58b24340-b7a0-11dc-9857-001fd0443da4} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://connect.garmin.com/transfer/upload HKU\S-1-5-21-1708537768-861567501-725345543-500\...\MountPoints2: {8b166d40-b7ad-11dc-b3be-243c2007506a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://connect.garmin.com/transfer/upload HKU\S-1-5-21-1708537768-861567501-725345543-500\...\MountPoints2: {f5a3d140-fb4e-11e1-9af4-001fd0443da4} - F:\iStudio.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wireless Utility.lnk [2011-09-08] ShortcutTarget: Wireless Utility.lnk -> C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-26] (Avast Software s.r.o.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1708537768-861567501-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-1708537768-861567501-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1708537768-861567501-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: [S-1-5-21-1708537768-861567501-725345543-500] ATTENTION ==> Default URLSearchHook is missing. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki" <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\.DEFAULT -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Tcpip\Parameters: [DhcpNameServer] 178.218.224.6 8.8.8.8 208.67.222.222 Tcpip\..\Interfaces\{D8A6DD57-39DB-4229-9337-F1A6AC70A2F6}: [DhcpNameServer] 178.218.224.6 8.8.8.8 208.67.222.222 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=WDCXWD2500AAKS FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\s0nkknun.default-1435617860953 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-29] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1708537768-861567501-725345543-500: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-11-18] (Ubisoft) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2003-05-15] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-31] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-26] Chrome: ======= CHR DefaultSearchKeyword: Default -> 1B8A343EA1942983B884378295857E6BD55312991C4861D1DCD19C2B5C109622 CHR DefaultSearchURL: Default -> ADE7871558B440ED240D3B0440CD81B9EE492ED33E1246891426CFA4A2C88E1F CHR Profile: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15] CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15] CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15] CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15] CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15] CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-26] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-26] (Avast Software s.r.o.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [135168 2009-06-12] (Sony DADC Austria AG.) [File not signed] R2 Watsvc; C:\Program Files\Blazers\Watsvc.exe [107160 2015-04-17] (TODO: <公司名>) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-09-08] (Cisco Systems, Inc.) [File not signed] R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-06-19] (Advanced Micro Devices) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-06-26] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-06-26] (Avast Software s.r.o.) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-06-26] (Avast Software s.r.o.) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-06-26] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-06-26] (Avast Software s.r.o.) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-29] (Avast Software s.r.o.) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-06-26] (Avast Software s.r.o.) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-06-26] () R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [279712 2008-01-01] () S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2013-06-01] (Windows (R) 2000 DDK provider) S3 hwdatacard; C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys [101120 2007-10-03] (Huawei Technologies Co., Ltd.) [File not signed] R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2008-01-01] () S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation) S3 nsysaudm; C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nsysaudm.sys [31744 2004-07-11] () [File not signed] R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-19] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-28] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-28] (NVIDIA Corporation) S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1174976 2011-04-25] (Ralink Technology, Corp.) R0 sfdrv01; C:\WINDOWS\System32\drivers\sfdrv01.sys [50688 2005-08-10] (Protection Technology) [File not signed] R0 sfhlp02; C:\WINDOWS\System32\drivers\sfhlp02.sys [6656 2005-05-17] (Protection Technology) [File not signed] R0 sfsync02; C:\WINDOWS\System32\drivers\sfsync02.sys [19968 2005-05-17] (Protection Technology) [File not signed] R0 sfsync03; C:\WINDOWS\System32\drivers\sfsync03.sys [35328 2005-10-14] (Protection Technology) [File not signed] R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [477240 2012-06-15] (Duplex Secure Ltd.) S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31872 2008-04-15] (Microsoft Corporation) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S2 Scutum50; System32\Drivers\Scutum50.sys [X] S3 sony_ssm.sys; \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\sony_ssm.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-01 13:29 - 2015-07-01 13:30 - 00000000 ____D C:\FRST 2015-06-26 15:03 - 2015-06-26 15:03 - 00000000 _____ C:\autoexec.bat 2015-06-26 14:13 - 2015-06-26 14:13 - 00000000 ____D C:\WINDOWS\jumpshot.com 2015-06-26 14:11 - 2015-06-26 14:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-06-26 13:58 - 2015-07-01 11:20 - 00000378 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-06-26 13:58 - 2015-06-26 13:58 - 00001689 _____ C:\Documents and Settings\All Users\Pulpit\Avast Free Antivirus.lnk 2015-06-26 13:58 - 2015-06-26 13:58 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\AVAST Software 2015-06-26 13:58 - 2015-06-26 13:58 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\AVAST Software 2015-06-26 13:57 - 2015-06-29 09:00 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys 2015-06-26 13:57 - 2015-06-26 13:57 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-06-26 13:57 - 2015-06-26 13:57 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe 2015-06-26 13:57 - 2015-06-26 13:57 - 00209048 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-06-26 13:57 - 2015-06-26 13:57 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-06-26 13:57 - 2015-06-26 13:57 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys 2015-06-26 13:57 - 2015-06-26 13:57 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys 2015-06-26 13:57 - 2015-06-26 13:57 - 00049904 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-06-26 13:57 - 2015-06-26 13:57 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr 2015-06-26 13:57 - 2015-06-26 13:57 - 00024144 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-06-26 13:57 - 2015-06-26 13:57 - 00000000 ____D C:\Program Files\AVAST Software 2015-06-26 13:46 - 2015-06-26 13:46 - 05481344 _____ (Avast Software s.r.o.) C:\Documents and Settings\All Users\Pulpit\avast_free_antivirus_setup_online_dobreprogramy.exe 2015-06-26 13:46 - 2015-06-26 13:46 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2015-06-26 11:03 - 2015-06-26 11:03 - 00000000 ____D C:\RegBackup 2015-06-26 11:00 - 2015-06-26 11:05 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\Stare dane programu Firefox 2015-06-26 10:38 - 2015-06-26 11:26 - 00000000 ____D C:\AdwCleaner 2015-06-26 10:35 - 2015-06-26 10:35 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\gic 2015-06-26 10:35 - 2015-06-26 10:35 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\cmsiex 2015-06-08 00:41 - 2015-06-26 10:59 - 00000000 ____D C:\Program Files\QSearch 2015-06-08 00:22 - 2015-06-29 15:42 - 00000000 ____D C:\Program Files\360 Internet Protection 2015-06-03 00:09 - 2015-06-03 00:09 - 00001464 _____ C:\Documents and Settings\All Users\Pulpit\Picexa.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-01 13:30 - 2015-02-12 00:07 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty\Pobrane 2015-07-01 13:30 - 2009-04-07 05:00 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2015-07-01 13:12 - 2014-02-01 09:11 - 00000428 _____ C:\WINDOWS\Tasks\At14.job 2015-07-01 13:11 - 2014-01-01 00:11 - 00000428 _____ C:\WINDOWS\Tasks\At13.job 2015-07-01 12:35 - 2014-11-20 00:35 - 00000432 _____ C:\WINDOWS\Tasks\At15.job 2015-07-01 12:33 - 2013-09-19 00:36 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-01 12:11 - 2009-04-07 05:00 - 00032406 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-01 11:20 - 2009-04-07 04:52 - 00395022 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-01 11:14 - 2009-04-07 07:24 - 00186097 _____ C:\WINDOWS\system32\nvapps.xml 2015-07-01 11:14 - 2009-04-07 06:40 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-07-01 11:14 - 2009-04-07 06:40 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-07-01 11:14 - 2009-04-07 05:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-30 17:06 - 2009-04-07 05:00 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-06-30 10:11 - 2014-01-23 11:11 - 00000263 _____ C:\Documents and Settings\NetworkService\Dane aplikacji\WB.CFG 2015-06-29 15:43 - 2015-05-20 00:21 - 00000000 ____D C:\Program Files\Starcraft 2 Stream Browser 2015-06-29 15:42 - 2014-11-15 02:15 - 00000000 ____D C:\Program Files\850b2711-3b9e-4035-b0f1-3d66cb450503 2015-06-29 15:42 - 2014-11-15 02:15 - 00000000 ____D C:\Program Files\7a8c5642-978f-47be-b77e-23ec0acc9cca 2015-06-29 15:42 - 2011-05-08 23:00 - 00000000 ____D C:\Program Files\Adobe 2015-06-29 15:29 - 2009-04-07 05:00 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit 2015-06-29 15:25 - 2011-09-20 22:16 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie 2015-06-29 15:20 - 2009-04-07 05:00 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji 2015-06-29 15:17 - 2009-04-07 05:00 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2015-06-29 15:09 - 2014-11-20 00:21 - 00000000 ____D C:\Program Files\ClipNStore 2015-06-29 15:09 - 2009-04-08 08:45 - 00000000 ____D C:\Program Files\AGEIA Technologies 2015-06-29 10:33 - 2013-09-19 00:36 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-06-29 10:33 - 2011-09-08 02:01 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-06-29 09:00 - 2001-07-22 07:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-06-26 16:20 - 2009-04-07 06:38 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-06-26 15:14 - 2009-04-07 05:00 - 00000000 ____D C:\Documents and Settings\Administrator 2015-06-26 15:02 - 2009-04-07 06:36 - 00979277 _____ C:\WINDOWS\setupapi.log 2015-06-26 14:59 - 2015-04-11 00:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-26 13:58 - 2009-04-07 06:38 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2015-06-26 13:46 - 2009-04-07 06:36 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-06-26 11:10 - 2011-09-08 02:00 - 00000000 ____D C:\Program Files\Google 2015-06-26 11:09 - 2009-04-07 05:00 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty 2015-06-26 11:07 - 2012-05-19 22:47 - 00000000 ____D C:\Program Files\Windows TaskAd 2015-06-26 11:07 - 2011-09-08 02:01 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google 2015-06-26 11:07 - 2011-09-08 02:00 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Google 2015-06-26 11:06 - 2008-01-01 00:02 - 00000000 ____D C:\Program Files\Genie Soft 2015-06-26 10:58 - 2009-04-07 05:00 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start\Programy 2015-06-26 10:58 - 2009-04-07 05:00 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2015-06-26 10:50 - 2009-04-07 06:38 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty 2015-06-26 10:50 - 2009-04-07 04:51 - 00000000 ____D C:\Program Files\Common Files\System 2015-06-26 10:40 - 2015-04-27 00:28 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\c716fd70-872c-4aaa-a07f-e248365d7f56 2015-06-26 10:35 - 2015-04-27 01:21 - 00000177 _____ C:\Documents and Settings\Administrator\SetupComponents.exe 2015-06-26 10:35 - 2015-04-02 01:02 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 2015-06-26 10:35 - 2009-04-07 06:36 - 00174277 _____ C:\WINDOWS\setupact.log 2015-06-26 10:33 - 2014-11-15 00:20 - 00000003 _____ C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\proxy.log 2015-06-20 01:24 - 2012-08-10 00:26 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\Nowy folder (2) 2015-06-17 00:05 - 2015-04-27 00:41 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit\GARMIN FORERUNNER ==================== Files in the root of some directories ======= 2014-02-02 18:11 - 2015-05-25 01:05 - 0000074 _____ () C:\Documents and Settings\Administrator\Dane aplikacji\WB.CFG 2009-08-06 10:07 - 2015-02-02 02:27 - 0015872 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-15 00:20 - 2015-06-26 10:33 - 0000003 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\proxy.log Files to move or delete: ==================== C:\Documents and Settings\Administrator\SetupComponents.exe C:\Documents and Settings\Administrator\TempWmicBatchFile.bat C:\Windows\Tasks\At13.job C:\Windows\Tasks\At14.job C:\Windows\Tasks\At15.job Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\APNSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\AutoRun.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\AutoRunGUI.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\BackupSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\Bit3C.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\CmdLineExtInstallerExe.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\comver.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\DeltaTB.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\drm_dyndata_7400008.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\drm_dyndata_7400009.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\EAInstall.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\EASetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\EASOUNInstaller.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\eauninstall.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\FIFA08 Demo.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\FP_PL_PFS_INSTALLER.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\GameuxInstallHelper.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\gg10.upgr.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\GoogleToolbarInstaller_en32_signed.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\hp_48.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ICReinstall_AdbeRdr11000_pl_Downloader.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ICReinstall_garmin-express.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ICReinstall_microsoft-excel.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ICReinstall_PDFCreatorSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\Need for Speed Underground 2_uninst.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\RDtemp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\setacl.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\setup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\setup_wm.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ShopperProDBUpd.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\SIMEEI2Installer.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\SIMEEIInstaller.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\sqlite3.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\tages.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ubi13.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ubi17.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ubi1A.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ubi6A.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ubi8.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ubiB.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\ubiD0.tmp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\UninstallEADM.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\upd.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\WhiteLabelSetup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is1.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is10.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is11.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is12.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is13.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is14.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is15.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is16.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is17.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is18.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is19.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is1A.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is2.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is2D.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is3.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is4.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is5.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is6.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is6F.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is7.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is8.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is82.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is9.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_isA.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_isB.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_isC.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_isD.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_isE.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_isF.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\{3401A427-9181-44FE-8AD3-1EF939AF0B08}-setup.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\{A7B74FAB-4EED-4B08-900F-8444D4485603}-GoogleToolbarInstaller_updater_signed.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\{D632AD00-677B-4972-A90F-C3DCBA6EB04D}-GoogleToolbarInstaller_updater_signed.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================