Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04 Ran by bb (administrator) on BB-646B165D5480 on 17-04-2015 18:05:49 Running from C:\Documents and Settings\bb\Moje dokumenty Loaded Profiles: bb & UpdatusUser (Available profiles: bb & UpdatusUser) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Acronis) C:\Documents and Settings\bb\Dane aplikacji\startup\sys.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Alternet software) D:\util\DOSPRINT.EXE (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-09-23] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [!@#$%^&*] => C:\Documents and Settings\bb\Dane aplikacji\startup\sys.exe [512000 2015-04-17] (Acronis) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [eg5XuyfZ0ykrIxsvQ] => c:\documents and settings\bb\dane aplikacji\eg5xuyfz0ykrixsvq\eg5xuyfz0ykrixsvq.exe [812872 2015-04-13] (Google Inc.) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [2Z0ofjLEZs8cgcCVr] => c:\documents and settings\bb\dane aplikacji\2z0ofjlezs8cgccvr\2z0ofjlezs8cgccvr.exe [812872 2015-04-13] (Google Inc.) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [3Vn1VN1ivAWgwrF3Dd2FZ] => c:\documents and settings\bb\dane aplikacji\3vn1vn1ivawgwrf3dd2fz\3vn1vn1ivawgwrf3dd2fz.exe [638816 2009-03-08] (Microsoft Corporation) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [pgJv7QIqye34HnxVFQp2AvU] => c:\documents and settings\bb\dane aplikacji\pgjv7qiqye34hnxvfqp2avu\pgjv7qiqye34hnxvfqp2avu.exe [812872 2015-04-13] (Google Inc.) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [kSar2vrcUkqx] => c:\documents and settings\bb\dane aplikacji\ksar2vrcukqx\ksar2vrcukqx.exe [889976 2015-04-07] (Opera Software) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [C2DMmTRHdH4] => c:\documents and settings\bb\dane aplikacji\c2dmmtrhdh4\c2dmmtrhdh4.exe [638816 2009-03-08] (Microsoft Corporation) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Policies\Explorer: [HideSCAHealth] 1 Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\drukuj.bat () Startup: C:\Documents and Settings\bb\Menu Start\Programy\Autostart\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-1547161642-1935655697-1801674531-1005] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-14] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Profile: C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04] CHR Extension: (Google Drive) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04] CHR Extension: (YouTube) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04] CHR Extension: (Google Search) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04] CHR Extension: (Bookmark Manager) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16] CHR Extension: (Google Wallet) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] CHR Extension: (Gmail) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACSSCR; C:\WINDOWS\System32\DRIVERS\a38usb.sys [33536 2006-03-24] (Advanced Card Systems Ltd) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation) S4 IntelIde; No ImagePath S3 MSICDSetup; \??\E:\CDriver.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 18:05 - 2015-04-17 18:05 - 00011199 _____ () C:\Documents and Settings\bb\Moje dokumenty\FRST.txt 2015-04-17 18:04 - 2015-04-17 18:05 - 00000000 ____D () C:\FRST 2015-04-17 18:03 - 2015-04-17 18:03 - 00380416 _____ () C:\Documents and Settings\bb\Moje dokumenty\dn8odr5z.exe 2015-04-17 18:02 - 2015-04-17 18:02 - 01137152 _____ (Farbar) C:\Documents and Settings\bb\Moje dokumenty\FRST.exe 2015-04-17 17:50 - 2015-04-17 17:50 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2015-04-17 17:47 - 2015-04-15 19:35 - 00788272 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\asw4.tmp 2015-04-17 17:47 - 2015-04-15 19:35 - 00427736 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\asw9.tmp 2015-04-17 17:47 - 2015-04-15 19:35 - 00208024 _____ () C:\WINDOWS\system32\Drivers\aswA.tmp 2015-04-17 17:47 - 2015-04-15 19:35 - 00073440 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\asw7.tmp 2015-04-17 17:47 - 2015-04-15 19:35 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswB.tmp 2015-04-17 17:47 - 2015-04-15 19:35 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\asw5.tmp 2015-04-17 17:47 - 2015-04-15 19:35 - 00049904 _____ () C:\WINDOWS\system32\Drivers\asw8.tmp 2015-04-17 17:47 - 2015-04-15 19:35 - 00024144 _____ () C:\WINDOWS\system32\Drivers\asw6.tmp 2015-04-17 17:44 - 2015-04-17 17:44 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\C2DMmTRHdH4 2015-04-17 17:42 - 2015-04-17 17:42 - 02217984 _____ () C:\Documents and Settings\bb\Moje dokumenty\adwcleaner_4.201.exe 2015-04-17 17:42 - 2015-04-17 17:42 - 00443264 _____ () C:\Documents and Settings\bb\Moje dokumenty\SafePCRepair.exe 2015-04-17 17:39 - 2015-04-17 17:40 - 00243600 _____ () C:\Documents and Settings\bb\Moje dokumenty\Firefox Setup Stub 37.0.1.exe 2015-04-17 14:38 - 2015-04-17 16:41 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\kSar2vrcUkqx 2015-04-17 14:37 - 2015-04-17 14:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041715-01.dmp 2015-04-17 12:43 - 2015-04-17 17:44 - 00000434 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429267406.job 2015-04-17 12:43 - 2015-04-17 16:41 - 00000973 _____ () C:\Documents and Settings\All Users\Pulpit\Opera.lnk 2015-04-17 12:43 - 2015-04-17 12:43 - 00000675 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk 2015-04-17 12:43 - 2015-04-17 12:43 - 00000000 ____D () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Opera Software 2015-04-17 12:43 - 2015-04-17 12:43 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\Opera Software 2015-04-17 12:42 - 2015-04-17 14:38 - 00000000 ____D () C:\Program Files\Opera 2015-04-17 12:41 - 2015-04-17 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome 2015-04-17 12:40 - 2015-04-17 17:45 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-17 12:40 - 2015-04-17 17:44 - 00001024 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-17 12:40 - 2015-04-17 12:40 - 00000000 ____D () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Deployment 2015-04-17 10:39 - 2015-04-17 10:39 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\pgJv7QIqye34HnxVFQp2AvU 2015-04-17 10:20 - 2015-04-17 10:20 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\3Vn1VN1ivAWgwrF3Dd2FZ 2015-04-17 09:14 - 2015-04-17 09:14 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\2Z0ofjLEZs8cgcCVr 2015-04-16 11:07 - 2015-04-17 10:39 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\startup 2015-04-16 11:07 - 2015-04-16 11:07 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\eg5XuyfZ0ykrIxsvQ 2015-04-15 19:35 - 2015-04-15 19:35 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr 2015-04-14 20:57 - 2015-04-14 20:59 - 00000032 _____ () C:\WINDOWS\Autolog.INI 2015-04-14 20:37 - 2015-04-15 19:39 - 00001908 _____ () C:\Documents and Settings\bb\Pulpit\Autolog.lnk 2015-04-09 20:36 - 2015-04-09 20:36 - 05434692 _____ () C:\Documents and Settings\bb\Moje dokumenty\ZUS Z-3 - Zaświadczenie płatnika składek.gofin 2015-04-08 11:14 - 2015-04-08 11:14 - 00000000 ____D () C:\Program Files\GOFIN 2015-04-08 11:14 - 2015-04-08 11:14 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GOFIN 2015-03-23 19:33 - 2015-04-06 18:01 - 00000000 ____D () C:\Documents and Settings\bb\Pulpit\SKLAD 2015-03-23 12:30 - 2015-03-23 12:30 - 00014772 _____ () C:\Documents and Settings\bb\Moje dokumenty\Reklamacja.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 18:05 - 2013-09-05 02:54 - 00000000 ___RD () C:\Documents and Settings\bb\Moje dokumenty 2015-04-17 18:05 - 2013-09-05 02:54 - 00000000 ____D () C:\Documents and Settings\bb\Ustawienia lokalne\Temp 2015-04-17 17:53 - 2013-09-17 17:56 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-17 17:50 - 2013-09-05 04:19 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-04-17 17:49 - 2013-09-05 04:19 - 01177968 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-17 17:49 - 2008-04-15 14:00 - 00527266 _____ () C:\WINDOWS\system32\perfh015.dat 2015-04-17 17:49 - 2008-04-15 14:00 - 00093062 _____ () C:\WINDOWS\system32\perfc015.dat 2015-04-17 17:46 - 2013-09-05 02:31 - 01207197 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-17 17:45 - 2013-09-05 04:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-04-17 17:45 - 2013-09-05 04:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-04-17 17:44 - 2014-03-23 12:42 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-04-17 17:44 - 2013-09-05 02:54 - 00000000 __RHD () C:\Documents and Settings\bb\Dane aplikacji 2015-04-17 17:44 - 2013-09-05 02:53 - 00032506 _____ () C:\WINDOWS\SchedLgU.Txt 2015-04-17 17:44 - 2013-09-05 02:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-17 17:43 - 2014-11-26 18:56 - 00000000 ____D () C:\AdwCleaner 2015-04-17 17:43 - 2013-09-05 03:05 - 00000188 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini 2015-04-17 17:43 - 2013-09-05 02:54 - 00000188 ___SH () C:\Documents and Settings\bb\ntuser.ini 2015-04-17 14:37 - 2014-01-04 19:21 - 00000000 ____D () C:\WINDOWS\Minidump 2015-04-17 12:45 - 2013-09-05 02:54 - 00000000 ___HD () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji 2015-04-17 12:44 - 2013-09-05 02:54 - 00000000 ____D () C:\Documents and Settings\bb\Pulpit 2015-04-17 12:43 - 2013-09-05 04:19 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2015-04-17 12:41 - 2013-09-04 21:18 - 00000000 ____D () C:\Program Files\Google 2015-04-17 12:13 - 2013-09-16 17:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2015-04-17 11:44 - 2013-09-04 21:47 - 00000000 ____D () C:\Program Files\WinRAR 2015-04-17 11:44 - 2013-09-04 21:47 - 00000000 ____D () C:\Documents and Settings\bb\Menu Start\Programy\WinRAR 2015-04-17 11:44 - 2013-09-04 21:47 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR 2015-04-17 10:18 - 2013-09-05 04:18 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-04-17 09:13 - 2008-04-15 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-04-16 08:53 - 2013-09-17 17:56 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-04-16 08:53 - 2013-09-17 17:56 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-04-15 20:53 - 2013-09-10 20:34 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-15 20:48 - 2013-09-08 19:01 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-14 20:47 - 2013-09-05 02:54 - 00001599 _____ () C:\Documents and Settings\bb\Menu Start\Programy\Pomoc zdalna.lnk 2015-04-13 09:20 - 2013-11-25 11:50 - 00029965 _____ () C:\Documents and Settings\bb\Pulpit\Weekendówka Kusina.odt 2015-04-10 20:33 - 2014-09-13 17:49 - 00000000 ____D () C:\Documents and Settings\bb\Pulpit\ZDS 2015-04-09 20:47 - 2014-07-02 19:19 - 00524288 _____ () C:\WINDOWS\system32\config\WEBWRF_L.evt 2015-04-09 20:47 - 2014-02-06 13:49 - 00524288 _____ () C:\WINDOWS\system32\config\WEBWRF.evt 2015-04-09 20:47 - 2013-12-20 22:25 - 00882616 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2015-04-09 20:47 - 2013-09-05 02:53 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2015-04-08 15:00 - 2014-03-23 12:42 - 00000210 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2015-04-08 12:38 - 2014-01-22 12:56 - 00000000 ____D () C:\Program Files\e-Deklaracje 2015-04-08 12:38 - 2013-09-16 17:54 - 00000676 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\e-Deklaracje.lnk 2015-04-08 12:38 - 2013-09-16 17:54 - 00000670 _____ () C:\Documents and Settings\All Users\Pulpit\e-Deklaracje.lnk 2015-04-08 11:15 - 2013-12-20 20:47 - 00000823 _____ () C:\Documents and Settings\All Users\Pulpit\DRUKI Gofin.lnk 2015-04-08 11:12 - 2014-06-25 19:26 - 00552531 _____ () C:\Documents and Settings\bb\Moje dokumenty\VAT UE JANUSZ.gofin 2015-04-06 12:03 - 2013-09-05 04:18 - 00779167 _____ () C:\WINDOWS\setupapi.log 2015-03-25 17:01 - 2013-10-08 17:07 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-03-23 21:39 - 2014-10-24 19:02 - 00005632 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-23 19:00 - 2008-04-15 14:00 - 00000545 _____ () C:\WINDOWS\win.ini ==================== Files in the root of some directories ======= 2013-09-09 22:28 - 2006-02-03 18:01 - 0053317 _____ () C:\Documents and Settings\bb\Dane aplikacji\CertumAPI.xml 2014-10-24 19:02 - 2015-03-23 21:39 - 0005632 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-16 17:53 - 2013-09-16 18:03 - 0004188 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\unins000.dat 2013-09-16 18:03 - 2013-09-16 18:03 - 0707504 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\unins000.exe 2013-09-16 17:53 - 2013-09-16 18:03 - 0011761 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\unins000.msg Some content of TEMP: ==================== C:\Documents and Settings\bb\Ustawienia lokalne\Temp\APNSetup.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\CCP11s.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\cdo1312767964.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\cdo1822675921.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\cryptoapi4java.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\ICReinstall_BurnAware Free Edition.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\KB01171546.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\KB10960718.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\nativecall.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\pkcs11wrapper.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\sqlite3.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\Tsu9BC18DE2.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================