Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015 01 Ran by bb (administrator) on BB-646B165D5480 on 20-04-2015 16:40:18 Running from C:\Documents and Settings\bb\Pulpit Loaded Profiles: bb & UpdatusUser (Available profiles: bb & UpdatusUser) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Alternet software) D:\util\DOSPRINT.EXE (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-09-23] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2013-10-07] (Microsoft Corporation) Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Microsoft Corporation) Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Microsoft Corporation) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [ZgN8ZyBhngoonJjN] => c:\documents and settings\bb\dane aplikacji\zgn8zybhngoonjjn\zgn8zybhngoonjjn.exe [812872 2015-04-13] (Google Inc.) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [x28L9mM7M0TJLKtY4TnMv] => c:\documents and settings\bb\dane aplikacji\x28l9mm7m0tjlkty4tnmv\x28l9mm7m0tjlkty4tnmv.exe [889976 2015-04-07] (Opera Software) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\...\Run: [BvIkyhS6eVotKhiDws] => c:\documents and settings\bb\dane aplikacji\bvikyhs6evotkhidws\bvikyhs6evotkhidws.exe [889976 2015-04-07] (Opera Software) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\drukuj.bat [2013-09-11] () Startup: C:\Documents and Settings\bb\Menu Start\Programy\Autostart\OpenOffice.org 3.4.1.lnk [2013-09-04] ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1547161642-1935655697-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-1547161642-1935655697-1801674531-1005] ATTENTION ==> Default URLSearchHook is missing. BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles\hoj871r9.default FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Chrome PDF Viewer) - chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/ No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - internal-pdf-viewer No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\pepflashplayer32_17_0_0_171.dll () CHR Profile: C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04] CHR Extension: (Google Drive) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04] CHR Extension: (YouTube) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04] CHR Extension: (Google Search) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04] CHR Extension: (Bookmark Manager) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16] CHR Extension: (Google Wallet) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04] CHR Extension: (Gmail) - C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACSSCR; C:\WINDOWS\System32\DRIVERS\a38usb.sys [33536 2006-03-24] (Advanced Card Systems Ltd) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation) S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 16:40 - 2015-04-20 16:40 - 00010429 _____ () C:\Documents and Settings\bb\Pulpit\FRST.txt 2015-04-20 16:39 - 2015-04-20 16:40 - 00000000 ____D () C:\Documents and Settings\bb\Pulpit\Nowy folder 2015-04-20 16:37 - 2015-04-20 16:37 - 00000730 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2015-04-20 16:37 - 2015-04-20 16:37 - 00000724 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2015-04-20 16:37 - 2015-04-20 16:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-20 16:37 - 2015-04-20 16:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-20 16:37 - 2015-04-20 16:37 - 00000000 ____D () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Mozilla 2015-04-20 16:37 - 2015-04-20 16:37 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\Mozilla 2015-04-20 16:37 - 2015-04-20 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Mozilla 2015-04-20 16:34 - 2015-04-20 16:34 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2015-04-20 16:15 - 2015-04-20 16:17 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\BvIkyhS6eVotKhiDws 2015-04-20 13:42 - 2015-04-20 16:15 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\x28L9mM7M0TJLKtY4TnMv 2015-04-20 09:57 - 2015-04-20 09:57 - 00032664 _____ () C:\Documents and Settings\bb\Moje dokumenty\Shortcut.txt 2015-04-20 09:56 - 2015-04-20 09:56 - 00000000 ____D () C:\Documents and Settings\bb\Moje dokumenty\FRST-OlderVersion 2015-04-18 04:07 - 2015-04-18 04:07 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\ZgN8ZyBhngoonJjN 2015-04-17 18:37 - 2015-04-20 10:01 - 00000000 ____D () C:\Program Files\TeamViewer 2015-04-17 18:37 - 2015-04-17 18:37 - 07973256 _____ (TeamViewer GmbH) C:\Documents and Settings\bb\Moje dokumenty\TeamViewer_Setup_pl.exe 2015-04-17 18:37 - 2015-04-17 18:37 - 00000706 _____ () C:\Documents and Settings\All Users\Pulpit\TeamViewer 10.lnk 2015-04-17 18:37 - 2015-04-17 18:37 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 10 2015-04-17 18:06 - 2015-04-20 09:57 - 00042595 _____ () C:\Documents and Settings\bb\Moje dokumenty\Addition.txt 2015-04-17 18:05 - 2015-04-20 09:57 - 00025695 _____ () C:\Documents and Settings\bb\Moje dokumenty\FRST.txt 2015-04-17 18:04 - 2015-04-20 16:40 - 00000000 ____D () C:\FRST 2015-04-17 18:03 - 2015-04-17 18:03 - 00380416 _____ () C:\Documents and Settings\bb\Moje dokumenty\dn8odr5z.exe 2015-04-17 18:02 - 2015-04-20 09:56 - 01137664 _____ (Farbar) C:\Documents and Settings\bb\Pulpit\FRST.exe 2015-04-17 17:42 - 2015-04-17 17:42 - 02217984 _____ () C:\Documents and Settings\bb\Moje dokumenty\adwcleaner_4.201.exe 2015-04-17 17:39 - 2015-04-17 17:40 - 00243600 _____ () C:\Documents and Settings\bb\Moje dokumenty\Firefox Setup Stub 37.0.1.exe 2015-04-17 14:37 - 2015-04-17 14:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041715-01.dmp 2015-04-17 12:43 - 2015-04-20 16:28 - 00000434 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429267406.job 2015-04-17 12:43 - 2015-04-17 12:43 - 00000675 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk 2015-04-17 12:43 - 2015-04-17 12:43 - 00000000 ____D () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Opera Software 2015-04-17 12:43 - 2015-04-17 12:43 - 00000000 ____D () C:\Documents and Settings\bb\Dane aplikacji\Opera Software 2015-04-17 12:42 - 2015-04-20 16:15 - 00000000 ____D () C:\Program Files\Opera 2015-04-17 12:41 - 2015-04-20 16:27 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome 2015-04-17 12:40 - 2015-04-20 16:28 - 00001024 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-17 12:40 - 2015-04-20 15:45 - 00001028 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-17 12:40 - 2015-04-17 12:40 - 00000000 ____D () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Deployment 2015-04-14 20:57 - 2015-04-14 20:59 - 00000032 _____ () C:\WINDOWS\Autolog.INI 2015-04-14 20:37 - 2015-04-15 19:39 - 00001908 _____ () C:\Documents and Settings\bb\Pulpit\Autolog.lnk 2015-04-09 20:36 - 2015-04-09 20:36 - 05434692 _____ () C:\Documents and Settings\bb\Moje dokumenty\ZUS Z-3 - Zaświadczenie płatnika składek.gofin 2015-04-08 11:14 - 2015-04-08 11:14 - 00000000 ____D () C:\Program Files\GOFIN 2015-04-08 11:14 - 2015-04-08 11:14 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GOFIN 2015-03-23 19:33 - 2015-04-06 18:01 - 00000000 ____D () C:\Documents and Settings\bb\Pulpit\SKLAD 2015-03-23 12:30 - 2015-03-23 12:30 - 00014772 _____ () C:\Documents and Settings\bb\Moje dokumenty\Reklamacja.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 16:40 - 2013-09-05 02:54 - 00000000 ____D () C:\Documents and Settings\bb\Ustawienia lokalne\Temp 2015-04-20 16:40 - 2013-09-05 02:54 - 00000000 ____D () C:\Documents and Settings\bb\Pulpit 2015-04-20 16:37 - 2013-09-05 04:19 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-04-20 16:37 - 2013-09-05 04:19 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2015-04-20 16:37 - 2013-09-05 04:18 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-04-20 16:37 - 2013-09-05 02:54 - 00000000 __RHD () C:\Documents and Settings\bb\Dane aplikacji 2015-04-20 16:37 - 2013-09-05 02:54 - 00000000 ___HD () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji 2015-04-20 16:33 - 2013-09-05 04:19 - 01177968 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-20 16:33 - 2008-04-15 14:00 - 00527266 _____ () C:\WINDOWS\system32\perfh015.dat 2015-04-20 16:33 - 2008-04-15 14:00 - 00093062 _____ () C:\WINDOWS\system32\perfc015.dat 2015-04-20 16:32 - 2013-09-05 02:31 - 01213700 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-20 16:29 - 2013-09-05 04:23 - 00000157 _____ () C:\WINDOWS\wiadebug.log 2015-04-20 16:28 - 2014-03-23 12:42 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-04-20 16:28 - 2013-09-05 04:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-04-20 16:28 - 2013-09-05 02:54 - 00000188 ___SH () C:\Documents and Settings\bb\ntuser.ini 2015-04-20 16:28 - 2013-09-05 02:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-20 16:27 - 2013-09-05 02:54 - 00000000 ___RD () C:\Documents and Settings\bb\Moje dokumenty 2015-04-20 16:20 - 2013-09-05 03:05 - 00000188 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini 2015-04-20 16:20 - 2013-09-05 02:53 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt 2015-04-20 15:53 - 2013-09-17 17:56 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-20 09:31 - 2008-04-15 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-04-18 12:08 - 2013-09-11 17:00 - 00018336 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-04-18 11:47 - 2013-10-08 17:07 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-04-18 04:07 - 2013-09-05 04:18 - 00124520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-04-18 04:06 - 2013-09-04 21:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2015-04-17 17:43 - 2014-11-26 18:56 - 00000000 ____D () C:\AdwCleaner 2015-04-17 14:37 - 2014-01-04 19:21 - 00000000 ____D () C:\WINDOWS\Minidump 2015-04-17 12:41 - 2013-09-04 21:18 - 00000000 ____D () C:\Program Files\Google 2015-04-17 12:13 - 2013-09-16 17:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2015-04-17 11:44 - 2013-09-04 21:47 - 00000000 ____D () C:\Program Files\WinRAR 2015-04-17 11:44 - 2013-09-04 21:47 - 00000000 ____D () C:\Documents and Settings\bb\Menu Start\Programy\WinRAR 2015-04-17 11:44 - 2013-09-04 21:47 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR 2015-04-16 08:53 - 2013-09-17 17:56 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-04-16 08:53 - 2013-09-17 17:56 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-04-15 20:53 - 2013-09-10 20:34 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-15 20:48 - 2013-09-08 19:01 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-14 20:47 - 2013-09-05 02:54 - 00001599 _____ () C:\Documents and Settings\bb\Menu Start\Programy\Pomoc zdalna.lnk 2015-04-13 09:20 - 2013-11-25 11:50 - 00029965 _____ () C:\Documents and Settings\bb\Pulpit\Weekendówka Kusina.odt 2015-04-10 20:33 - 2014-09-13 17:49 - 00000000 ____D () C:\Documents and Settings\bb\Pulpit\ZDS 2015-04-09 20:47 - 2014-07-02 19:19 - 00524288 _____ () C:\WINDOWS\system32\config\WEBWRF_L.evt 2015-04-09 20:47 - 2014-02-06 13:49 - 00524288 _____ () C:\WINDOWS\system32\config\WEBWRF.evt 2015-04-09 20:47 - 2013-12-20 22:25 - 00882616 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2015-04-09 20:47 - 2013-09-05 02:53 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2015-04-08 15:00 - 2014-03-23 12:42 - 00000210 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2015-04-08 12:38 - 2014-01-22 12:56 - 00000000 ____D () C:\Program Files\e-Deklaracje 2015-04-08 12:38 - 2013-09-16 17:54 - 00000676 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\e-Deklaracje.lnk 2015-04-08 12:38 - 2013-09-16 17:54 - 00000670 _____ () C:\Documents and Settings\All Users\Pulpit\e-Deklaracje.lnk 2015-04-08 11:15 - 2013-12-20 20:47 - 00000823 _____ () C:\Documents and Settings\All Users\Pulpit\DRUKI Gofin.lnk 2015-04-08 11:12 - 2014-06-25 19:26 - 00552531 _____ () C:\Documents and Settings\bb\Moje dokumenty\VAT UE JANUSZ.gofin 2015-04-06 12:03 - 2013-09-05 04:18 - 00779167 _____ () C:\WINDOWS\setupapi.log 2015-03-23 21:39 - 2014-10-24 19:02 - 00005632 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-23 19:00 - 2008-04-15 14:00 - 00000545 _____ () C:\WINDOWS\win.ini ==================== Files in the root of some directories ======= 2013-09-09 22:28 - 2006-02-03 18:01 - 0053317 _____ () C:\Documents and Settings\bb\Dane aplikacji\CertumAPI.xml 2014-10-24 19:02 - 2015-03-23 21:39 - 0005632 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-16 17:53 - 2013-09-16 18:03 - 0004188 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\unins000.dat 2013-09-16 18:03 - 2013-09-16 18:03 - 0707504 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\unins000.exe 2013-09-16 17:53 - 2013-09-16 18:03 - 0011761 _____ () C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\unins000.msg Some content of TEMP: ==================== C:\Documents and Settings\bb\Ustawienia lokalne\Temp\APNSetup.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\CCP11s.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\cdo1312767964.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\cdo1822675921.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\cryptoapi4java.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\ICReinstall_BurnAware Free Edition.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\KB01171546.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\KB10960718.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\nativecall.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\pkcs11wrapper.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\bb\Ustawienia lokalne\Temp\sqlite3.dll C:\Documents and Settings\bb\Ustawienia lokalne\Temp\Tsu9BC18DE2.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================