Witam serdecznie, Nieszczęsny trojan nie chce się odczepić. Mimo ESET wrzuca do kwarantanny a AdwCleaner.exe usuwa ale problem wraca. Podrzucam logi z FARBAR: FRST oraz Addition (w razie konieczności mogę też wykonać skanowanie w OTL, GMER). Z góry dziękuję za przeanalizowanie logów i podrzucenie odpowiedniego skryptu naprawczego. Pozdrawiam, Norbert.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by lszarszewski (administrator) on ST-781-07 on 08-07-2014 14:44:35
Running from C:\Documents and Settings\lszarszewski\Moje dokumenty\Pobieranie
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LOG Systems) C:\Program Files\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe
(LOG Systems) C:\Program Files\LOG System\LOG System - Agent\LOGSystems.Updater.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
(LOG Systems) C:\Program Files\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Mozilla Corporation) C:\Program Files\Mozila Firefox\firefox.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
(Mozilla Corporation) C:\Program Files\Mozila Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
() C:\WINDOWS\system32\C2MP\UpdateChecker.exe
(Microsoft Corporation) C:\WINDOWS\system32\drwtsn32.exe
(Microsoft Corporation) C:\WINDOWS\system32\drwtsn32.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] = & gt; C:\WINDOWS\RTHDCPL.EXE [16377344 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] = & gt; C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [CanonSolutionMenu] = & gt; C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] = & gt; C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-18] (CANON INC.)
HKLM\...\Run: [NokiaMServer] = & gt; C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NokiaMusic FastStart] = & gt; C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe [2193000 2011-10-21] (Nokia)
HKLM\...\Run: [APSDaemon] = & gt; C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] = & gt; C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-73586283-1532298954-682003330-1004\...\Run: [MSMSGS] = & gt; C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-73586283-1532298954-682003330-1004\...\Run: [GoogleDriveSync] = & gt; C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-73586283-1532298954-682003330-1004\...\Run: [] = & gt; [X]
HKU\S-1-5-21-73586283-1532298954-682003330-1004\...\Run: [NokiaSuite.exe] = & gt; C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-73586283-1532298954-682003330-1004\...\MountPoints2: {c63bae86-f338-11e1-9bf4-001999241d9f} - F:\NokiaPCIA_Autorun.exe
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk - & gt; C:\WINDOWS\system32\C2MP\UpdateChecker.exe ()
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk - & gt; C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay - & gt; {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} = & gt; C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - & Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - & Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1338297209078
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 158.75.35.35 158.75.35.53
FireFox:
========
FF ProfilePath: C:\Documents and Settings\lszarszewski\Dane aplikacji\Mozilla\Firefox\Profiles\wkbsjm51.default
FF Homepage: www.torun.pl
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Site Matcher - C:\Documents and Settings\lszarszewski\Dane aplikacji\Mozilla\Firefox\Profiles\wkbsjm51.default\Extensions\sitematchersite@sitematchersite.com [2014-06-20]
FF Extension: Firefox Synchronisation Extension - C:\Documents and Settings\lszarszewski\Dane aplikacji\Mozilla\Firefox\Profiles\wkbsjm51.default\Extensions\synchronize@nokia.suite [2013-05-15]
FF Extension: Adblock Plus - C:\Documents and Settings\lszarszewski\Dane aplikacji\Mozilla\Firefox\Profiles\wkbsjm51.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-31]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-05-30]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozila Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: " hxxp://www.torun.pl/ "
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Dysk Google) - C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (YouTube) - C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Szukaj w Google) - C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Gmail) - C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
========================== Services (Whitelisted) =================
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 LSAService; C:\Program Files\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe [938496 2014-04-30] (LOG Systems) [File not signed]
R2 LSUpdaterService; C:\Program Files\LOG System\LOG System - Agent\LOGSystems.Updater.exe [70144 2014-03-17] (LOG Systems) [File not signed]
R2 winvnc; C:\Program Files\UltraVNC\winvnc.exe [1737200 2010-11-28] (UltraVNC)
==================== Drivers (Whitelisted) ====================
R3 cxbu0wdm; C:\WINDOWS\System32\DRIVERS\cxbu0wdm.sys [126976 2013-08-19] (HID Global Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [141264 2010-12-21] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94872 2010-12-21] (ESET)
S3 HPFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [16288 2007-04-12] (Hewlett Packard)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2007-04-04] (Infineon Technologies AG)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-06-30] (Malwarebytes Corporation)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 catchme; \??\C:\DOCUME~1\IT\USTAWI~1\Temp\catchme.sys [X]
U2 CertPropSvc;
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-08 14:44 - 2014-07-08 14:44 - 00000000 ____D () C:\FRST
2014-07-08 14:41 - 2014-07-08 14:41 - 00001616 _____ () C:\WINDOWS\svcpack.log
2014-07-08 14:40 - 2014-07-08 14:40 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Dane aplikacji\OpenCandy
2014-07-08 08:03 - 2014-07-08 08:03 - 00000458 _____ () C:\Documents and Settings\lszarszewski\Pulpit\HALA.lnk
2014-07-04 15:24 - 2014-07-08 13:24 - 00102912 _____ () C:\Documents and Settings\lszarszewski\Pulpit\ZESTAWIENIE ZADAŃ HALA.xls
2014-07-04 13:03 - 2014-07-04 12:07 - 00076288 _____ () C:\Documents and Settings\lszarszewski\Moje dokumenty\ZESTAWIENIE ZADAŃ HALA.xls
2014-07-03 18:03 - 2014-07-03 18:03 - 00024576 _____ () C:\Documents and Settings\lszarszewski\Pulpit\Zadania otwarcie hali.xls
2014-07-02 12:38 - 2014-07-02 12:52 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Pulpit\WOLONTARIAT (TIS)
2014-06-30 12:05 - 2014-06-30 12:05 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-06-30 12:04 - 2014-07-04 09:14 - 00018666 _____ () C:\WINDOWS\setupapi.log
2014-06-30 12:04 - 2014-06-30 12:04 - 00000000 ____D () C:\Program Files\SkanerOnline
2014-06-30 11:48 - 2014-06-30 11:49 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Dane aplikacji\Malwarebytes
2014-06-30 11:10 - 2014-06-30 11:56 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2014-06-30 11:09 - 2014-06-30 11:09 - 00000723 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
2014-06-30 11:09 - 2014-06-30 11:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-30 11:09 - 2014-06-30 11:09 - 00000000 ____D () C:\Documents and Settings\IT\Dane aplikacji\Mozilla
2014-06-30 11:05 - 2014-06-30 11:05 - 00000000 ____D () C:\Documents and Settings\IT\Ustawienia lokalne\Dane aplikacji\Mozilla
2014-06-30 10:05 - 2014-07-01 09:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\temp
2014-06-30 10:05 - 2014-06-30 11:35 - 00000000 ____D () C:\Documents and Settings\IT\Ustawienia lokalne\temp
2014-06-30 10:05 - 2014-06-30 10:05 - 00012607 _____ () C:\ComboFix.txt
2014-06-30 10:05 - 2014-06-30 10:05 - 00000000 ____D () C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp
2014-06-30 10:05 - 2014-06-30 10:05 - 00000000 ____D () C:\Documents and Settings\infocomp.ST-781-07\Ustawienia lokalne\temp
2014-06-30 10:05 - 2014-06-30 10:05 - 00000000 ____D () C:\Documents and Settings\Default User\Ustawienia lokalne\temp
2014-06-30 09:59 - 2014-06-30 09:59 - 00000000 _RSHD () C:\cmdcons
2014-06-30 09:59 - 2012-05-30 11:55 - 00000211 _____ () C:\Boot.bak
2014-06-30 09:59 - 2004-08-03 23:00 - 00262400 __RSH () C:\cmldr
2014-06-30 09:57 - 2014-06-30 10:05 - 00000000 ____D () C:\ComboFix
2014-06-30 09:57 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-06-30 09:57 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-06-30 09:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-06-30 09:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-06-30 09:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-06-30 09:57 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-06-30 09:57 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-06-30 09:57 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-06-30 09:57 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-06-30 09:56 - 2014-06-30 10:05 - 00000000 ____D () C:\Qoobox
2014-06-30 09:56 - 2014-06-30 10:03 - 00000000 ____D () C:\WINDOWS\erdnt
2014-06-30 09:56 - 2014-06-30 09:56 - 00000000 ___RD () C:\Documents and Settings\IT\Moje dokumenty\Moje wideo
2014-06-30 09:56 - 2014-06-30 09:56 - 00000000 ___RD () C:\Documents and Settings\IT\Moje dokumenty\Moje obrazy
2014-06-30 09:56 - 2014-06-30 09:56 - 00000000 ___RD () C:\Documents and Settings\IT\Moje dokumenty\Moja muzyka
2014-06-30 09:56 - 2014-06-30 09:56 - 00000000 ___RD () C:\Documents and Settings\IT\Menu Start\Programy\Narzędzia administracyjne
2014-06-30 09:53 - 2014-06-30 09:53 - 00000000 ____D () C:\Documents and Settings\IT\Dane aplikacji\PC Suite
2014-06-30 09:02 - 2014-06-30 09:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
2014-06-27 10:51 - 2014-06-27 11:35 - 00037888 _____ () C:\Documents and Settings\lszarszewski\Pulpit\Otwarcie Hali.xls
2014-06-26 08:22 - 2014-07-01 09:44 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\Adobe
2014-06-23 10:04 - 2014-06-30 11:48 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 10:04 - 2014-06-30 11:48 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-06-23 10:04 - 2014-06-23 10:04 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-06-23 10:04 - 2014-06-23 10:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-23 10:04 - 2014-06-23 10:04 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2014-06-23 10:04 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-23 08:52 - 2014-07-01 14:05 - 00000000 ____D () C:\AdwCleaner
2014-06-23 08:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-06-20 13:27 - 2014-06-20 13:27 - 00000000 ____D () C:\Program Files\SiteLookup
2014-06-20 13:27 - 2014-06-20 13:27 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Dane aplikacji\SiteFinder
2014-06-18 16:49 - 2014-06-23 10:00 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Moje dokumenty\Pobrane
2014-06-18 12:11 - 2014-06-30 11:09 - 00000000 ____D () C:\Program Files\Mozila Firefox
2014-06-13 12:49 - 2014-06-13 12:49 - 01332224 _____ () C:\Documents and Settings\lszarszewski\Pulpit\OTWARCIE HALI - Express Media.ppt
2014-06-09 13:59 - 2014-06-10 08:35 - 01194496 _____ () C:\Documents and Settings\lszarszewski\Pulpit\OTWARCIE HALI (przed edycją).ppt
==================== One Month Modified Files and Folders =======
2014-07-08 14:44 - 2014-07-08 14:44 - 00000000 ____D () C:\FRST
2014-07-08 14:44 - 2012-05-30 10:20 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Moje dokumenty\Pobieranie
2014-07-08 14:44 - 2012-05-29 14:55 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Temp
2014-07-08 14:41 - 2014-07-08 14:41 - 00001616 _____ () C:\WINDOWS\svcpack.log
2014-07-08 14:40 - 2014-07-08 14:40 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Dane aplikacji\OpenCandy
2014-07-08 14:40 - 2012-05-29 14:55 - 00000000 __RHD () C:\Documents and Settings\lszarszewski\Dane aplikacji
2014-07-08 14:34 - 2013-02-20 14:14 - 00000000 ___RD () C:\Documents and Settings\lszarszewski\Moje dokumenty\Dysk Google
2014-07-08 14:32 - 2014-03-28 08:47 - 00000236 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
2014-07-08 14:32 - 2013-02-20 14:12 - 00001044 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 14:32 - 2004-08-04 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-08 14:31 - 2014-03-17 10:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\firebird
2014-07-08 14:31 - 2012-05-29 16:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-08 14:31 - 2012-05-29 16:27 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-07-08 14:31 - 2012-05-29 14:39 - 01304891 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-08 14:31 - 2012-05-29 14:37 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-08 14:30 - 2012-05-29 14:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-08 14:13 - 2013-02-20 14:12 - 00001048 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 14:13 - 2012-05-29 14:54 - 00032470 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-08 14:09 - 2012-05-29 14:55 - 00000188 ___SH () C:\Documents and Settings\lszarszewski\ntuser.ini
2014-07-08 13:34 - 2012-05-29 14:55 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Pulpit
2014-07-08 13:30 - 2012-07-06 07:39 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-08 13:24 - 2014-07-04 15:24 - 00102912 _____ () C:\Documents and Settings\lszarszewski\Pulpit\ZESTAWIENIE ZADAŃ HALA.xls
2014-07-08 13:13 - 2012-05-29 14:55 - 00000000 ___HD () C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji
2014-07-08 08:19 - 2013-02-20 14:13 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Google Drive
2014-07-08 08:03 - 2014-07-08 08:03 - 00000458 _____ () C:\Documents and Settings\lszarszewski\Pulpit\HALA.lnk
2014-07-07 17:09 - 2013-12-12 09:21 - 00017920 _____ () C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-04 13:03 - 2012-05-29 14:55 - 00000000 ___RD () C:\Documents and Settings\lszarszewski\Moje dokumenty
2014-07-04 12:57 - 2014-04-09 09:14 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Pulpit\SPORTOWE LATO 2014
2014-07-04 12:48 - 2012-05-29 17:51 - 00002513 _____ () C:\Documents and Settings\lszarszewski\Pulpit\Microsoft Office Word 2007.lnk
2014-07-04 12:07 - 2014-07-04 13:03 - 00076288 _____ () C:\Documents and Settings\lszarszewski\Moje dokumenty\ZESTAWIENIE ZADAŃ HALA.xls
2014-07-04 09:14 - 2014-06-30 12:04 - 00018666 _____ () C:\WINDOWS\setupapi.log
2014-07-03 18:03 - 2014-07-03 18:03 - 00024576 _____ () C:\Documents and Settings\lszarszewski\Pulpit\Zadania otwarcie hali.xls
2014-07-02 12:52 - 2014-07-02 12:38 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Pulpit\WOLONTARIAT (TIS)
2014-07-01 14:05 - 2014-06-23 08:52 - 00000000 ____D () C:\AdwCleaner
2014-07-01 11:03 - 2014-04-16 12:52 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Pulpit\WAGNER 2015
2014-07-01 10:10 - 2012-05-29 14:44 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-07-01 09:44 - 2014-06-26 08:22 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\Adobe
2014-07-01 09:17 - 2014-06-30 10:05 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\temp
2014-06-30 12:42 - 2014-05-26 11:07 - 00121344 _____ () C:\Documents and Settings\lszarszewski\Pulpit\ZESTAWIENIE ZADAŃ (SGP 2014).xls
2014-06-30 12:05 - 2014-06-30 12:05 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-06-30 12:04 - 2014-06-30 12:04 - 00000000 ____D () C:\Program Files\SkanerOnline
2014-06-30 12:01 - 2012-05-29 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-06-30 11:56 - 2014-06-30 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2014-06-30 11:55 - 2012-05-29 15:12 - 00000000 __SHD () C:\Documents and Settings\lszarszewski\UserData
2014-06-30 11:55 - 2012-05-29 14:55 - 00000000 ____D () C:\Documents and Settings\lszarszewski
2014-06-30 11:49 - 2014-06-30 11:48 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Dane aplikacji\Malwarebytes
2014-06-30 11:48 - 2014-06-23 10:04 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 11:48 - 2014-06-23 10:04 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-06-30 11:48 - 2012-05-29 16:25 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-06-30 11:48 - 2012-05-29 16:25 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start
2014-06-30 11:48 - 2012-05-29 16:24 - 00000000 __RHD () C:\Documents and Settings\Default User\Dane aplikacji
2014-06-30 11:35 - 2014-06-30 10:05 - 00000000 ____D () C:\Documents and Settings\IT\Ustawienia lokalne\temp
2014-06-30 11:33 - 2012-05-31 10:43 - 00000188 __SHC () C:\Documents and Settings\IT\ntuser.ini
2014-06-30 11:10 - 2012-05-29 16:24 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-06-30 11:09 - 2014-06-30 11:09 - 00000723 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
2014-06-30 11:09 - 2014-06-30 11:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-30 11:09 - 2014-06-30 11:09 - 00000000 ____D () C:\Documents and Settings\IT\Dane aplikacji\Mozilla
2014-06-30 11:09 - 2014-06-18 12:11 - 00000000 ____D () C:\Program Files\Mozila Firefox
2014-06-30 11:09 - 2012-05-31 10:43 - 00000000 __RHD () C:\Documents and Settings\IT\Dane aplikacji
2014-06-30 11:05 - 2014-06-30 11:05 - 00000000 ____D () C:\Documents and Settings\IT\Ustawienia lokalne\Dane aplikacji\Mozilla
2014-06-30 11:05 - 2012-05-31 10:43 - 00000000 ___HD () C:\Documents and Settings\IT\Ustawienia lokalne\Dane aplikacji
2014-06-30 10:05 - 2014-06-30 10:05 - 00012607 _____ () C:\ComboFix.txt
2014-06-30 10:05 - 2014-06-30 10:05 - 00000000 ____D () C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp
2014-06-30 10:05 - 2014-06-30 10:05 - 00000000 ____D () C:\Documents and Settings\infocomp.ST-781-07\Ustawienia lokalne\temp
2014-06-30 10:05 - 2014-06-30 10:05 - 00000000 ____D () C:\Documents and Settings\Default User\Ustawienia lokalne\temp
2014-06-30 10:05 - 2014-06-30 09:57 - 00000000 ____D () C:\ComboFix
2014-06-30 10:05 - 2014-06-30 09:56 - 00000000 ____D () C:\Qoobox
2014-06-30 10:05 - 2014-01-27 10:25 - 00000000 ___HD () C:\Documents and Settings\infocomp.ST-781-07\Ustawienia lokalne
2014-06-30 10:05 - 2012-05-31 10:43 - 00000000 ___HD () C:\Documents and Settings\IT\Ustawienia lokalne
2014-06-30 10:05 - 2012-05-29 16:25 - 00000000 __RHD () C:\Documents and Settings\Default User\Ustawienia lokalne
2014-06-30 10:05 - 2012-05-29 14:54 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne
2014-06-30 10:05 - 2012-05-29 14:44 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne
2014-06-30 10:03 - 2014-06-30 09:56 - 00000000 ____D () C:\WINDOWS\erdnt
2014-06-30 10:03 - 2004-08-04 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-06-30 09:59 - 2014-06-30 09:59 - 00000000 _RSHD () C:\cmdcons
2014-06-30 09:59 - 2012-05-29 16:24 - 00000327 __RSH () C:\boot.ini
2014-06-30 09:56 - 2014-06-30 09:56 - 00000000 ___RD () C:\Documents and Settings\IT\Moje dokumenty\Moje wideo
2014-06-30 09:56 - 2014-06-30 09:56 - 00000000 ___RD () C:\Documents and Settings\IT\Moje dokumenty\Moje obrazy
2014-06-30 09:56 - 2014-06-30 09:56 - 00000000 ___RD () C:\Documents and Settings\IT\Moje dokumenty\Moja muzyka
2014-06-30 09:56 - 2014-06-30 09:56 - 00000000 ___RD () C:\Documents and Settings\IT\Menu Start\Programy\Narzędzia administracyjne
2014-06-30 09:56 - 2012-05-31 10:43 - 00000000 ___RD () C:\Documents and Settings\IT\Moje dokumenty
2014-06-30 09:56 - 2012-05-31 10:43 - 00000000 ___RD () C:\Documents and Settings\IT\Menu Start\Programy
2014-06-30 09:55 - 2014-03-17 10:34 - 00001819 _____ () C:\Documents and Settings\IT\Pulpit\Google Chrome.lnk
2014-06-30 09:54 - 2014-03-17 10:34 - 00000000 ____D () C:\Documents and Settings\IT\Ustawienia lokalne\Dane aplikacji\Google
2014-06-30 09:53 - 2014-06-30 09:53 - 00000000 ____D () C:\Documents and Settings\IT\Dane aplikacji\PC Suite
2014-06-30 09:02 - 2014-06-30 09:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
2014-06-30 09:02 - 2012-05-29 14:54 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji
2014-06-27 11:35 - 2014-06-27 10:51 - 00037888 _____ () C:\Documents and Settings\lszarszewski\Pulpit\Otwarcie Hali.xls
2014-06-26 14:46 - 2012-05-29 17:51 - 00002515 _____ () C:\Documents and Settings\lszarszewski\Pulpit\Microsoft Office PowerPoint 2007.lnk
2014-06-26 07:51 - 2012-05-29 16:25 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
2014-06-26 07:49 - 2014-02-17 16:49 - 00000030 _____ () C:\AVScanner.ini
2014-06-26 07:49 - 2012-07-06 07:39 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-26 07:49 - 2012-02-03 14:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-24 15:44 - 2013-12-30 09:23 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Pulpit\SGP 2014
2014-06-23 13:45 - 2012-05-31 16:13 - 00348160 ___SH () C:\Documents and Settings\lszarszewski\Pulpit\Thumbs.db
2014-06-23 12:13 - 2013-08-20 14:14 - 00066048 _____ () C:\Documents and Settings\lszarszewski\Pulpit\FINANSE TOPS 2014.xls
2014-06-23 10:46 - 2013-12-10 10:46 - 00047336 _____ () C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2014-06-23 10:33 - 2013-10-09 08:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-06-23 10:04 - 2014-06-23 10:04 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-06-23 10:04 - 2014-06-23 10:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-23 10:04 - 2014-06-23 10:04 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2014-06-23 10:00 - 2014-06-18 16:49 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Moje dokumenty\Pobrane
2014-06-23 09:55 - 2012-05-29 16:24 - 00224024 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-20 13:35 - 2014-04-02 11:47 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Pulpit\Bartek
2014-06-20 13:27 - 2014-06-20 13:27 - 00000000 ____D () C:\Program Files\SiteLookup
2014-06-20 13:27 - 2014-06-20 13:27 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Dane aplikacji\SiteFinder
2014-06-16 11:58 - 2013-08-20 08:40 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Pulpit\TOPS 2013 - 2014
2014-06-13 12:49 - 2014-06-13 12:49 - 01332224 _____ () C:\Documents and Settings\lszarszewski\Pulpit\OTWARCIE HALI - Express Media.ppt
2014-06-13 10:33 - 2014-05-21 10:29 - 00000000 ____D () C:\Documents and Settings\lszarszewski\Pulpit\BIEG WOLNOŚCI
2014-06-12 16:20 - 2012-05-31 09:42 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2014-06-12 16:19 - 2013-08-14 15:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-12 16:13 - 2012-05-29 17:42 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-12 09:15 - 2013-08-30 09:43 - 00201728 _____ () C:\Documents and Settings\lszarszewski\Pulpit\WSPÓŁZAWODNICTWO SPORTOWE 2013 - 2014 (aktualizacja 11.06.2014).xls
2014-06-10 08:35 - 2014-06-09 13:59 - 01194496 _____ () C:\Documents and Settings\lszarszewski\Pulpit\OTWARCIE HALI (przed edycją).ppt
2014-06-09 07:43 - 2014-03-28 08:47 - 00000230 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job
Some content of TEMP:
====================
C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Temp\DseShExt-x86.dll
C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Temp\NEventMessages.dll
C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Temp\NOSEventMessages.dll
C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Temp\Quarantine.exe
C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Temp\SDShelEx-win32.dll
C:\Documents and Settings\lszarszewski\Ustawienia lokalne\Temp\SimBundD.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe = & gt; File is digitally signed
C:\WINDOWS\system32\winlogon.exe = & gt; File is digitally signed
C:\WINDOWS\system32\svchost.exe = & gt; File is digitally signed
C:\WINDOWS\system32\services.exe = & gt; File is digitally signed
C:\WINDOWS\system32\User32.dll = & gt; File is digitally signed
C:\WINDOWS\system32\userinit.exe = & gt; File is digitally signed
C:\WINDOWS\system32\rpcss.dll = & gt; File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys = & gt; File is digitally signed
==================== End Of Log ============================