Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015 Ran by Serwer (administrator) on SERWERM on 03-05-2015 21:57:40 Running from C:\Documents and Settings\Serwer\Pulpit\rpm Loaded Profiles: Serwer (Available profiles: Serwer & Admin) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe () C:\Program Files\GNU\GnuPG\dirmngr.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe () C:\Program Files\PowerSoft\PowersoftService.exe (KYOCERA MITA CORPORATION) C:\Program Files\Kyocera\FileUtility\SFUSVC.exe (KYOCERA MITA Corporation) C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe () C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe (KYOCERA MITA Corporation) C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (Dropbox, Inc.) C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\Dropbox.exe (Torpedo) C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\Torpedo\Torpedo.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16844800 2007-09-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-08-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [StatusClient 2.6] => C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [61440 2004-02-27] (Hewlett-Packard) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2215064 2010-08-12] (ESET) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [CryptoCard Suite Cert Monitor] => C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe [520704 2011-12-05] () HKU\S-1-5-21-329068152-1284227242-839522115-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated) HKU\S-1-5-21-329068152-1284227242-839522115-1003\...\MountPoints2: {3e90043b-2286-11de-85a1-001d7daa7fed} - O:\ReCyClER\sEtUp.exe HKU\S-1-5-21-329068152-1284227242-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.) HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.) AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-22] (Google) AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-22] (Google) SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk [2008-02-11] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Scanner File Utility.lnk [2011-04-20] ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation) Startup: C:\Documents and Settings\Serwer\Menu Start\Programy\Autostart\Dropbox.lnk [2015-04-29] ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Serwer\Menu Start\Programy\Autostart\KeySerwer.lnk [2009-04-08] ShortcutTarget: KeySerwer.lnk -> E:\ZUI Mieszczanin\Programy\KeySerwer.exe (Zakład Usług Informatycznych "Mieszczanin") Startup: C:\Documents and Settings\Serwer\Menu Start\Programy\Autostart\Torpedo.lnk [2015-05-03] ShortcutTarget: Torpedo.lnk -> C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\Torpedo\Torpedo.exe (Torpedo) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-329068152-1284227242-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKU\S-1-5-21-329068152-1284227242-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-329068152-1284227242-839522115-1003\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKU\S-1-5-21-329068152-1284227242-839522115-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://supertoolbar.ask.com/redirect?client=ie&tb=ARS&o=15084&src=crm&q={searchTerms}&locale=en_US SearchScopes: HKU\S-1-5-21-329068152-1284227242-839522115-1003 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=uV6zctzQ1RrM-cHSS5Ilfdp9UFc?q={searchTerms} SearchScopes: HKU\S-1-5-21-329068152-1284227242-839522115-1003 -> {FF8821A1-C982-40C4-9910-8D0405FDAC31} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation) Toolbar: HKU\S-1-5-21-329068152-1284227242-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A42} https://net.dnbnord.pl/static/components/13040/install_ax.exe DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} http://cached.gamedesire.com/g_bin/pl/marbles_2_0_0_36.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{A96E193D-59E1-43C3-AD1B-4BCB1653CA6D}: [NameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Serwer\Dane aplikacji\Mozilla\Firefox\Profiles\78yij460.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-01] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-10-21] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29] CHR Extension: (Google Wallet) - C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed] S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET) R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2008-04-23] (FirebirdSQL Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2015232 2008-04-23] (FirebirdSQL Project) [File not signed] S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-22] (Google) S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed] R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed] R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1550896 2007-05-15] (Nero AG) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed] R2 PowerSoft; C:\Program Files\PowerSoft\PowersoftService.exe [1236992 2010-07-29] () [File not signed] R2 SFUSVC; C:\Program Files\Kyocera\FileUtility\SFUSVC.exe [61440 2003-09-16] (KYOCERA MITA CORPORATION) [File not signed] S2 MieszczaninHASPService; E:\ZUI Mieszczanin\Programy\KeyServer.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [376200 2013-02-19] (SafeNet Inc.) S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [244040 2013-01-14] (SafeNet Inc.) S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [53192 2013-01-14] (SafeNet Inc.) S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [295944 2013-03-05] (SafeNet Inc.) R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed] S3 cxbu0wdm; C:\WINDOWS\System32\DRIVERS\cxbu0wdm.sys [126976 2013-08-19] (HID Global Corporation) R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [140752 2010-08-04] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [95896 2010-08-03] (ESET) S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2008-02-08] (Windows (R) 2000 DDK provider) R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608136 2013-03-07] (SafeNet Inc.) R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2008-02-11] (Aladdin Knowledge Systems) [File not signed] R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [118576 2007-05-15] (Nero AG) R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [37040 2007-05-15] (Nero AG) U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16304 2007-05-15] (Nero AG) R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38576 2007-05-15] (Nero AG) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [53632 2007-09-20] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2007-09-20] (NVIDIA Corporation) U2 CertPropSvc; No ImagePath S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-03 21:55 - 2015-05-03 21:57 - 00000000 ____D () C:\FRST 2015-05-03 21:54 - 2015-05-03 21:57 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\rpm 2015-05-03 21:38 - 2015-05-03 21:47 - 00000021 _____ () C:\WINDOWS\S.dirmngr 2015-04-29 15:25 - 2015-04-29 15:25 - 00342648 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2015-04-29 15:20 - 2015-04-29 16:25 - 00768045 _____ () C:\Documents and Settings\All Users\Dane aplikacji\eosxeel.html 2015-04-29 14:52 - 2015-04-29 14:57 - 00000000 ____D () C:\Documents and Settings\Serwer\Dane aplikacji\GofinDruki 2015-04-29 14:52 - 2015-04-29 14:52 - 00000823 _____ () C:\Documents and Settings\All Users\Pulpit\DRUKI Gofin.lnk 2015-04-29 14:52 - 2015-04-29 14:52 - 00000000 ____D () C:\Documents and Settings\Serwer\Moje dokumenty\DRUKI Gofin 2015-04-29 14:33 - 2015-04-29 15:40 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\KREDYT 2015-04-24 10:22 - 2015-04-24 10:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-22 15:48 - 2015-04-29 15:24 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\Akt notarialny 2015-04-08 19:54 - 2015-04-29 15:23 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\Zakładowy Plan Kont spółdzielni mieszkaniowych_pliki 2015-04-08 19:54 - 2015-04-08 19:54 - 00165209 _____ () C:\Documents and Settings\Serwer\Pulpit\Zakładowy Plan Kont spółdzielni mieszkaniowych.htm 2015-04-08 19:47 - 2015-04-29 14:52 - 00000000 ____D () C:\Program Files\GOFIN 2015-04-08 19:47 - 2015-04-08 19:49 - 00000000 ____D () C:\Documents and Settings\Serwer\Dane aplikacji\BilansGofin 2015-04-08 19:47 - 2015-04-08 19:47 - 00000882 _____ () C:\Documents and Settings\All Users\Pulpit\BILANS Gofin 2014.lnk 2015-04-08 19:47 - 2015-04-08 19:47 - 00000000 ____D () C:\Documents and Settings\Serwer\Moje dokumenty\BILANS Gofin ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-03 21:57 - 2008-02-08 00:39 - 00000000 ____D () C:\Documents and Settings\Serwer\Ustawienia lokalne\Temp 2015-05-03 21:55 - 2008-02-08 00:39 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit 2015-05-03 21:47 - 2014-04-01 13:35 - 00000224 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-05-03 21:47 - 2010-02-02 11:40 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-03 21:47 - 2008-02-08 00:39 - 00000000 ___RD () C:\Documents and Settings\Serwer\Menu Start\Programy\Autostart 2015-05-03 21:47 - 2008-02-08 00:37 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-03 21:47 - 2008-02-08 00:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-05-03 21:47 - 2008-02-08 00:26 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-05-03 21:47 - 2008-02-08 00:12 - 01823530 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-03 21:47 - 2007-10-29 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-05-03 21:39 - 2013-12-11 10:23 - 00048330 _____ () C:\WINDOWS\setupapi.log 2015-04-29 16:25 - 2008-02-08 00:37 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt 2015-04-29 16:24 - 2008-02-08 00:39 - 00000188 ___SH () C:\Documents and Settings\Serwer\ntuser.ini 2015-04-29 16:23 - 2012-07-20 15:27 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-29 15:41 - 2013-02-11 16:02 - 00000000 ___RD () C:\Documents and Settings\Serwer\Moje dokumenty\Dropbox 2015-04-29 15:41 - 2013-02-11 15:59 - 00000000 ____D () C:\Documents and Settings\Serwer\Dane aplikacji\Dropbox 2015-04-29 15:40 - 2013-02-11 16:00 - 00000000 ____D () C:\Documents and Settings\Serwer\Menu Start\Programy\Dropbox 2015-04-29 15:35 - 2009-07-21 11:06 - 00000000 ____D () C:\SFK 2015-04-29 15:34 - 2010-02-02 11:40 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-29 15:33 - 2014-01-08 15:35 - 00000000 ____D () C:\PIT Format 2013 2015-04-29 15:31 - 2014-12-09 18:01 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\SAPIR 2015-04-29 15:31 - 2012-10-16 10:41 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\Kielecka 34 2015-04-29 15:31 - 2010-04-29 11:10 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\USTAWY, INTERPRETACJE 2015-04-29 15:31 - 2008-02-08 00:39 - 00000000 ___HD () C:\Documents and Settings\Serwer\Szablony 2015-04-29 15:30 - 2012-07-16 14:42 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\2012_07_16 Mieszczanin poprawka 2015-04-29 15:30 - 2008-02-08 00:39 - 00000000 ____D () C:\Documents and Settings\Serwer 2015-04-29 15:29 - 2008-02-08 00:24 - 00000000 ___HD () C:\Documents and Settings\Default User\Szablony 2015-04-29 15:28 - 2014-05-26 14:24 - 00000000 ___HD () C:\Documents and Settings\Admin\Szablony 2015-04-29 15:27 - 2013-06-27 16:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-29 15:27 - 2011-06-14 16:44 - 00000380 _____ () C:\WINDOWS\Tasks\PowerSoft - Update.job 2015-04-29 15:26 - 2011-10-28 11:01 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\STOWARZYSZENIA 2015-04-29 15:25 - 2008-02-08 00:37 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2015-04-29 15:24 - 2015-02-28 17:10 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\kolorrr 2015-04-29 15:24 - 2014-11-25 17:17 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\wwwwww 2015-04-29 15:24 - 2008-02-08 00:39 - 00000000 ___RD () C:\Documents and Settings\Serwer\Moje dokumenty 2015-04-29 15:23 - 2015-04-02 17:24 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\księgowość wspólnoty mieszkaniowej – Gorące tematy – MSP - Gazeta Prawna - wiadomości, podatki, prawo, biznes i finanse_pliki 2015-04-29 15:23 - 2015-03-16 11:33 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\Zielona Mila_pliki 2015-04-29 15:23 - 2015-02-09 12:05 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\Dawidek 2015-04-29 15:23 - 2015-02-08 15:27 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\Deweloper Warszawa. Apartamenty, nowe mieszkania od dewelopera Osiedle Pustułeczki, Warszawa, Ursynów, ul.Pustułeczki_pliki 2015-04-29 15:23 - 2015-01-23 18:15 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\Logowanie_pliki 2015-04-29 15:23 - 2014-12-08 19:08 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\EWEL 2015-04-29 15:23 - 2014-11-19 13:25 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\Obrzeżna - zaswiadczenia 2015-04-29 15:23 - 2014-04-07 11:58 - 00005632 _____ () C:\Documents and Settings\Serwer\Pulpit\WZORZESTWIENIADOBANKU.XLS.ulikqhb 2015-04-29 15:23 - 2014-02-05 11:16 - 00000000 ____D () C:\Program Files\PIT Projekt 2013 2015-04-29 15:23 - 2011-10-06 11:34 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\E-SĄD - wzory 2015-04-29 15:23 - 2011-02-24 14:33 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\UCHWAŁY NA ZEBRANIA 2015-04-29 15:23 - 2010-07-23 15:01 - 00000000 ____D () C:\Documents and Settings\Serwer\Pulpit\Odzyskane Mail'e 2015-04-29 15:23 - 2009-03-09 13:13 - 00000000 ____D () C:\Documents and Settings\Serwer\Dane aplikacji\TeamViewer 2015-04-29 15:23 - 2008-02-08 00:39 - 00000000 ___RD () C:\Documents and Settings\Serwer\Moje dokumenty\Moje obrazy 2015-04-29 15:22 - 2013-04-14 02:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-04-29 15:22 - 2009-10-28 13:21 - 00000000 ____D () C:\Program Files\SubEdit-Player 2015-04-29 15:22 - 2009-10-28 13:10 - 00000000 ____D () C:\Program Files\NAPI-PROJEKT 2015-04-29 15:22 - 2009-07-10 11:08 - 00000000 ____D () C:\Program Files\QPrinter Bookmaker 2015-04-29 15:22 - 2009-04-06 11:54 - 00000000 ____D () C:\totalcmd 2015-04-29 15:22 - 2008-10-14 19:25 - 00000000 ____D () C:\Program Files\PhotoScape 2015-04-29 15:22 - 2008-06-16 12:28 - 00000000 ____D () C:\Program Files\WinRAR 2015-04-29 15:22 - 2008-02-15 19:20 - 00000000 ____D () C:\Program Files\IrfanView 2015-04-29 15:22 - 2008-02-11 17:19 - 00002533 _____ () C:\Documents and Settings\Serwer\Pulpit\Microsoft Excel.lnk 2015-04-29 15:22 - 2008-02-08 00:11 - 00000000 ____D () C:\Program Files\Outlook Express 2015-04-29 15:21 - 2014-06-02 14:47 - 00002082 _____ () C:\Documents and Settings\Serwer\Moje dokumenty\Default.rdp 2015-04-29 15:21 - 2013-12-06 00:41 - 00000000 ____D () C:\Program Files\7-Zip 2015-04-29 15:21 - 2012-12-17 18:11 - 00000000 ____D () C:\HP_LaserJet_400_M401 2015-04-29 15:21 - 2009-10-28 13:10 - 00000000 ____D () C:\Program Files\ALLPlayer 2015-04-29 15:20 - 2008-02-11 15:48 - 00000000 ____D () C:\Documents and Settings\Serwer\Moje dokumenty\M.Trąby 8 2015-04-29 15:20 - 2008-02-11 15:48 - 00000000 ____D () C:\Documents and Settings\Serwer\Moje dokumenty\M.Trąby 10 2015-04-29 15:20 - 2008-02-08 00:24 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-04-29 15:17 - 2014-01-21 15:52 - 00000000 ____D () C:\ARCHIWUM 2015-04-29 15:17 - 2011-10-31 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard 2015-04-29 15:15 - 2014-11-05 12:42 - 00006016 _____ () C:\Documents and Settings\Serwer\Pulpit\KPiR 2014.XLS.ulikqhb 2015-04-29 14:57 - 2014-12-30 12:34 - 00000000 ____D () C:\Documents and Settings\Serwer\Moje dokumenty\Pobrane 2015-04-29 14:52 - 2012-11-20 14:16 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\GOFIN 2015-04-29 14:52 - 2008-02-08 00:39 - 00000000 __RHD () C:\Documents and Settings\Serwer\Dane aplikacji 2015-04-29 14:52 - 2008-02-08 00:24 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-04-29 14:39 - 2009-07-13 14:35 - 00000000 ____D () C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\CutePDF Writer 2015-04-29 14:30 - 2011-10-31 14:15 - 00000386 _____ () C:\WINDOWS\Tasks\At4.job 2015-04-29 14:27 - 2014-02-07 22:22 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2015-04-29 13:15 - 2011-10-31 14:15 - 00000386 _____ () C:\WINDOWS\Tasks\At3.job 2015-04-29 10:15 - 2011-10-31 14:15 - 00000386 _____ () C:\WINDOWS\Tasks\At1.job 2015-04-29 05:29 - 2012-07-20 15:28 - 00001819 _____ () C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2015-04-29 04:00 - 2009-07-21 11:52 - 00000224 _____ () C:\WINDOWS\Tasks\kopia.job 2015-04-29 01:33 - 2008-02-08 00:39 - 00000000 ___HD () C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji 2015-04-28 21:27 - 2014-02-07 22:22 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2015-04-28 20:45 - 2011-10-31 14:15 - 00000386 _____ () C:\WINDOWS\Tasks\At2.job 2015-04-28 10:36 - 2014-04-07 11:58 - 00008720 _____ () C:\Documents and Settings\Serwer\Pulpit\SPRAWOZDANIA - data oddania.XLS.ulikqhb 2015-04-22 11:33 - 2013-06-03 12:39 - 00000000 ____D () C:\Documents and Settings\Serwer\Dane aplikacji\gnupg 2015-04-19 00:00 - 2011-06-14 16:44 - 00000000 ___HD () C:\Documents and Settings\All Users\Dane aplikacji\{42B88833-FED5-4754-AA63-2680BF17FFB6} 2015-04-16 02:07 - 2013-08-15 02:04 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-16 02:00 - 2008-02-11 12:49 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-15 09:23 - 2012-07-20 15:27 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-04-15 09:23 - 2011-06-14 16:51 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-04-13 12:59 - 2014-04-07 11:58 - 00015808 _____ () C:\Documents and Settings\Serwer\Pulpit\liczniki migracja obrzezna CO.XLS.ulikqhb 2015-04-13 12:57 - 2014-04-07 11:58 - 00033488 _____ () C:\Documents and Settings\Serwer\Pulpit\Liczniki obrzezna przeliczone CO.XLS.ulikqhb 2015-04-13 10:50 - 2014-04-07 11:58 - 00018960 _____ () C:\Documents and Settings\Serwer\Pulpit\Obrzeżna CW Stan liczników.XLS.ulikqhb 2015-04-10 13:33 - 2014-04-07 11:58 - 00012256 _____ () C:\Documents and Settings\Serwer\Pulpit\WITKOWSKA2014.XLS.ulikqhb 2015-04-08 19:14 - 2014-11-05 12:42 - 00021968 _____ () C:\Documents and Settings\Serwer\Pulpit\Oświadczenie 2015.PDF.ulikqhb 2015-04-08 15:00 - 2014-04-01 13:35 - 00000218 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2015-04-07 10:13 - 2008-02-11 17:18 - 00002515 _____ () C:\Documents and Settings\Serwer\Pulpit\Microsoft Word.lnk 2015-04-03 11:33 - 2014-04-07 11:58 - 00014928 _____ () C:\Documents and Settings\Serwer\Pulpit\Obrzeżna - zapłaty za liczniki, wpłaty M-Bank.XLS.ulikqhb 2015-04-03 11:16 - 2014-04-07 11:58 - 00016400 _____ () C:\Documents and Settings\Serwer\Pulpit\obrzeżna.XLS.ulikqhb ==================== Files in the root of some directories ======= 2008-05-07 13:50 - 2008-05-07 13:51 - 0032646 _____ () C:\Documents and Settings\Serwer\Dane aplikacji\CUGOWSKA _ZOFIA_7.05.2008 13-49-53-KOREKTA.dpit 2008-04-26 16:09 - 2008-04-26 16:11 - 0032072 _____ () C:\Documents and Settings\Serwer\Dane aplikacji\DOMAŃSKI_JAROSŁAW_26.04.2008 16-09-39.dpit 2008-04-29 17:35 - 2008-04-29 17:35 - 0033570 _____ () C:\Documents and Settings\Serwer\Dane aplikacji\DOMAŃSKI_JAROSŁAW_NIP3-.dpit 2008-04-29 17:48 - 2008-04-29 17:50 - 0032276 _____ () C:\Documents and Settings\Serwer\Dane aplikacji\DOMAŃSKI_JAROSŁAW_PIT 37.dpit 2008-04-22 21:33 - 2008-04-22 21:33 - 0001436 _____ () C:\Documents and Settings\Serwer\Dane aplikacji\Zeznanie_podatkowe_22.04.2008 21-33-30.dpit 2008-04-26 15:46 - 2008-04-26 15:47 - 0020660 _____ () C:\Documents and Settings\Serwer\Dane aplikacji\ZYCH JAN.dpit 2008-04-26 15:51 - 2008-04-26 15:51 - 0031730 _____ () C:\Documents and Settings\Serwer\Dane aplikacji\ZYCH _JAN_ OK.dpit 2008-04-26 15:36 - 2008-04-26 15:36 - 0032214 _____ () C:\Documents and Settings\Serwer\Dane aplikacji\ZYCH_EDYTA_26.04.2008 15-36-52.dpit 2008-04-21 18:49 - 2008-04-22 21:30 - 0030626 _____ () C:\Documents and Settings\Serwer\Dane aplikacji\ŚPIEWAK_KATARZYNA_21.04.2008 18-49-27.dpit 2008-02-15 20:02 - 2014-06-04 11:22 - 0045056 _____ () C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2008-02-21 15:28 - 2008-03-06 21:47 - 0000600 _____ () C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\PUTTY.RND 2012-02-29 11:51 - 2015-01-27 17:33 - 0021725 _____ () C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\unins000.dat 2015-01-27 17:33 - 2015-01-27 17:33 - 0707744 _____ () C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\unins000.exe 2012-02-29 11:51 - 2015-01-27 17:33 - 0011761 _____ () C:\Documents and Settings\Serwer\Ustawienia lokalne\Dane aplikacji\unins000.msg Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some content of TEMP: ==================== C:\Documents and Settings\Serwer\Ustawienia lokalne\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiumvsm.dll C:\Documents and Settings\Serwer\Ustawienia lokalne\Temp\fefon.exe C:\Documents and Settings\Serwer\Ustawienia lokalne\Temp\jre-8u31-windows-au.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================