Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Piotr (administrator) on UG-7 on 04-10-2013 14:30:51
Running from C:\Documents and Settings\Piotr\Pulpit
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Nico Mak Computing, Inc.) C:\PROGRA~1\WinZip\winzip32.exe
() D:\PS\mikropesel.exe
(OldTimer Tools) C:\Documents and Settings\Piotr\Pulpit\OTL.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [CryptoCard Suite Cert Monitor] - C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe [524800 2012-05-08] ()
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe [490696 2011-09-29] (Kaspersky Lab ZAO)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [tuto4pc_pl_17] - [x]
HKLM\...\Run: [upt4pc_pl_17.exe] - C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_17\upt4pc_pl_17.exe -runhelper
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-1715567821-1647877149-682003330-1003\$bff9f685edafa35acfdd511cf1823462\n. ATTENTION! ====> ZeroAccess/Alureon?
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {046ee6d9-3001-11df-bc9c-0013d43aa19c} - CAROBNJAK//jellena.exe
MountPoints2: {0f1b2e66-d756-11df-bd54-0013d43aa19c} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nJSIj.ExE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.msn.com/spresults.aspx?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=988E0013D43AA19C&affID=125032&tsp=5025
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125052713734
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\n7e4o7sp.default
FF NewTab: hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=988E0013D43AA19C&affID=125032&tsp=5025
FF SearchEngineOrder.1: Google
FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=988E0013D43AA19C&affID=125032&tsp=5025
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\n7e4o7sp.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=988E0013D43AA19C&affID=125032&tsp=5025"
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\Piotr\USTAWI~1\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [aipfmkinhleccnodemkoofnnofpbbpac] - C:\Documents and Settings\Piotr\Dane aplikacji\BabSolution\CR\searchgol.crx
CHR HKLM\...\Chrome\Extension: [doobfiogmfmpjnoofjhhgjehmlofngfp] - C:\DOCUME~1\Piotr\USTAWI~1\DANEAP~1\metacrawler-speeddial.crx

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe [490696 2011-09-29] (Kaspersky Lab ZAO)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
S2 vToolbarUpdater14.1.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [31576 2013-02-11] (AVG Technologies)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [95579 2003-12-16] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135984 2011-08-18] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [13104 2011-08-18] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [50992 2011-08-31] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [584496 2013-06-21] (Kaspersky Lab)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [37168 2011-09-01] (Kaspersky Lab ZAO)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59520 2011-06-16] (SCM Microsystems Inc.)
R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [122942 2003-12-16] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [99002 2003-12-16] (Intel Corporation)
S3 akshasp; system32\DRIVERS\akshasp.sys [x]
S3 aksusb; system32\DRIVERS\aksusb.sys [x]
U2 CertPropSvc; 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; 
U3 fgtdapod; \??\C:\DOCUME~1\Piotr\USTAWI~1\Temp\fgtdapod.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-04 14:27 - 2013-10-04 14:27 - 00000000 ____D C:\FRST
2013-10-04 14:26 - 2013-10-04 14:26 - 00044200 _____ C:\Documents and Settings\Piotr\Pulpit\Extras.Txt
2013-10-04 14:12 - 2013-10-04 14:07 - 00368554 _____ C:\Documents and Settings\Piotr\Pulpit\gmer.zip
2013-10-04 14:12 - 2013-10-04 13:58 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Piotr\Pulpit\OTL.exe
2013-10-04 14:12 - 2013-10-04 13:57 - 01087213 _____ (Farbar) C:\Documents and Settings\Piotr\Pulpit\FRST.exe
2013-10-04 12:52 - 2013-10-04 14:25 - 00111390 _____ C:\Documents and Settings\Piotr\Pulpit\OTL.Txt
2013-10-04 12:40 - 2013-10-04 12:40 - 00000266 _____ C:\WINDOWS\Tasks\EPUpdater.job
2013-10-04 12:40 - 2013-10-04 12:40 - 00000000 ____D C:\Documents and Settings\Piotr\Dane aplikacji\BabSolution
2013-10-04 12:39 - 2013-10-04 12:39 - 00368554 _____ C:\Documents and Settings\Piotr\Moje dokumenty\gmer.zip
2013-10-04 12:39 - 2013-10-04 12:39 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Babylon
2013-10-04 11:35 - 2013-10-04 12:42 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-04 11:35 - 2013-10-04 11:35 - 00000426 _____ C:\WINDOWS\Tasks\At1.job
2013-10-04 11:35 - 2013-10-04 11:35 - 00000000 ____D C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\eorezo
2013-10-04 11:35 - 2013-10-04 11:35 - 00000000 ____D C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\BonanzaDealsLive
2013-10-04 11:35 - 2013-10-04 11:35 - 00000000 ____D C:\Documents and Settings\Piotr\Dane aplikacji\MetaCrawler
2013-10-04 11:35 - 2013-10-04 11:35 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\BonanzaDealsLive
2013-10-04 11:34 - 2013-10-04 12:02 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-04 11:34 - 2013-10-04 11:33 - 00356754 _____ C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\metacrawler-speeddial.crx
2013-10-04 11:33 - 2013-10-04 11:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Piotr\Moje dokumenty\OTL.exe
2013-10-04 11:33 - 2013-10-04 11:33 - 00000000 ____D C:\Program Files\metaCrawler
2013-10-04 11:31 - 2013-10-04 11:32 - 00611880 _____ C:\Documents and Settings\Piotr\Pulpit\OTL_3.2.70.2 (25180).exe
2013-10-02 08:37 - 2013-10-02 08:37 - 00000000 ____D C:\Ps131002
2013-10-02 07:21 - 2013-10-02 07:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-27 13:28 - 2013-09-27 13:28 - 00000000 ____D C:\Documents and Settings\Piotr\Pulpit\skróty
2013-09-27 13:10 - 2013-09-27 13:10 - 00002323 _____ C:\Documents and Settings\Piotr\Menu Start\Programy\Windows Install Clean Up.lnk
2013-09-27 13:10 - 2013-09-27 13:10 - 00000000 ____D C:\Program Files\Windows Installer Clean Up
2013-09-27 12:34 - 2013-09-27 12:34 - 00000000 ____D C:\Documents and Settings\Piotr\Dane aplikacji\eCyber
2013-09-27 12:33 - 2013-09-30 13:14 - 00000000 ____D C:\Program Files\iSafe
2013-09-27 12:33 - 2013-09-30 09:20 - 00000000 ____D C:\Documents and Settings\Piotr\Dane aplikacji\iSafe
2013-09-27 12:33 - 2013-09-27 13:25 - 00000000 ____D C:\WINDOWS\865537E164904193A4B6669C62711852.TMP
2013-09-25 12:59 - 2013-10-04 12:41 - 00000568 _____ C:\winzip.log
2013-09-25 12:59 - 2013-09-25 12:59 - 01836889 _____ C:\Documents and Settings\Piotr\Pulpit\mikropesel1358.zip
2013-09-11 10:07 - 2013-09-11 10:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 10:07 - 2013-09-11 10:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 10:07 - 2013-09-11 10:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$

==================== One Month Modified Files and Folders =======

2013-10-04 14:27 - 2013-10-04 14:27 - 00000000 ____D C:\FRST
2013-10-04 14:26 - 2013-10-04 14:26 - 00044200 _____ C:\Documents and Settings\Piotr\Pulpit\Extras.Txt
2013-10-04 14:26 - 2005-08-26 12:27 - 00000000 ____D C:\Documents and Settings\Piotr\Pulpit
2013-10-04 14:25 - 2013-10-04 12:52 - 00111390 _____ C:\Documents and Settings\Piotr\Pulpit\OTL.Txt
2013-10-04 14:18 - 2012-04-16 08:11 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-04 14:16 - 2013-08-28 15:04 - 00001034 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 14:07 - 2013-10-04 14:12 - 00368554 _____ C:\Documents and Settings\Piotr\Pulpit\gmer.zip
2013-10-04 13:58 - 2013-10-04 14:12 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Piotr\Pulpit\OTL.exe
2013-10-04 13:57 - 2013-10-04 14:12 - 01087213 _____ (Farbar) C:\Documents and Settings\Piotr\Pulpit\FRST.exe
2013-10-04 13:08 - 2005-08-26 15:47 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2013-10-04 12:42 - 2013-10-04 11:35 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-04 12:41 - 2013-09-25 12:59 - 00000568 _____ C:\winzip.log
2013-10-04 12:40 - 2013-10-04 12:40 - 00000266 _____ C:\WINDOWS\Tasks\EPUpdater.job
2013-10-04 12:40 - 2013-10-04 12:40 - 00000000 ____D C:\Documents and Settings\Piotr\Dane aplikacji\BabSolution
2013-10-04 12:40 - 2005-08-26 12:27 - 00000000 __RHD C:\Documents and Settings\Piotr\Dane aplikacji
2013-10-04 12:40 - 2005-08-26 12:27 - 00000000 ___HD C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji
2013-10-04 12:39 - 2013-10-04 12:39 - 00368554 _____ C:\Documents and Settings\Piotr\Moje dokumenty\gmer.zip
2013-10-04 12:39 - 2013-10-04 12:39 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Babylon
2013-10-04 12:39 - 2005-08-26 14:13 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji
2013-10-04 12:39 - 2005-08-26 12:27 - 00000000 ___RD C:\Documents and Settings\Piotr\Moje dokumenty
2013-10-04 12:34 - 2013-08-02 10:27 - 00000000 ____D C:\Program Files\trend micro
2013-10-04 12:30 - 2013-06-13 13:53 - 01389942 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-04 12:08 - 2013-08-28 15:04 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 12:08 - 2013-05-24 10:55 - 00000308 _____ C:\WINDOWS\Tasks\Tixq.job
2013-10-04 12:08 - 2005-08-26 12:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-04 12:08 - 2004-08-04 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-04 12:07 - 2013-06-20 14:24 - 00065536 _____ C:\WINDOWS\system32\config\Kaspersk.evt
2013-10-04 12:07 - 2013-06-13 13:55 - 00032512 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-04 12:07 - 2005-08-26 12:27 - 00000188 ___SH C:\Documents and Settings\Piotr\ntuser.ini
2013-10-04 12:02 - 2013-10-04 11:34 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-04 12:02 - 2005-08-26 12:27 - 00000000 ___RD C:\Documents and Settings\Piotr\Menu Start\Programy
2013-10-04 12:01 - 2005-08-26 14:13 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy
2013-10-04 11:35 - 2013-10-04 11:35 - 00000426 _____ C:\WINDOWS\Tasks\At1.job
2013-10-04 11:35 - 2013-10-04 11:35 - 00000000 ____D C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\eorezo
2013-10-04 11:35 - 2013-10-04 11:35 - 00000000 ____D C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\BonanzaDealsLive
2013-10-04 11:35 - 2013-10-04 11:35 - 00000000 ____D C:\Documents and Settings\Piotr\Dane aplikacji\MetaCrawler
2013-10-04 11:35 - 2013-10-04 11:35 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\BonanzaDealsLive
2013-10-04 11:33 - 2013-10-04 11:34 - 00356754 _____ C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\metacrawler-speeddial.crx
2013-10-04 11:33 - 2013-10-04 11:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Piotr\Moje dokumenty\OTL.exe
2013-10-04 11:33 - 2013-10-04 11:33 - 00000000 ____D C:\Program Files\metaCrawler
2013-10-04 11:32 - 2013-10-04 11:31 - 00611880 _____ C:\Documents and Settings\Piotr\Pulpit\OTL_3.2.70.2 (25180).exe
2013-10-04 09:53 - 2011-03-31 15:25 - 00002539 _____ C:\Documents and Settings\Piotr\Pulpit\Microsoft Office Word 2003.lnk
2013-10-03 07:05 - 2012-09-06 08:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 08:37 - 2013-10-02 08:37 - 00000000 ____D C:\Ps131002
2013-10-02 08:36 - 2005-08-26 12:27 - 00000000 ____D C:\Documents and Settings\Piotr
2013-10-02 07:57 - 2013-10-02 07:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-30 13:14 - 2013-09-27 12:33 - 00000000 ____D C:\Program Files\iSafe
2013-09-30 13:14 - 2005-08-26 14:13 - 00000000 __RHD C:\Documents and Settings\Default User\Dane aplikacji
2013-09-30 09:20 - 2013-09-27 12:33 - 00000000 ____D C:\Documents and Settings\Piotr\Dane aplikacji\iSafe
2013-09-27 13:28 - 2013-09-27 13:28 - 00000000 ____D C:\Documents and Settings\Piotr\Pulpit\skróty
2013-09-27 13:28 - 2005-08-26 14:13 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit
2013-09-27 13:25 - 2013-09-27 12:33 - 00000000 ____D C:\WINDOWS\865537E164904193A4B6669C62711852.TMP
2013-09-27 13:24 - 2005-08-26 12:27 - 00000000 __SHD C:\Documents and Settings\Piotr\Ustawienia lokalne\Historia
2013-09-27 13:10 - 2013-09-27 13:10 - 00002323 _____ C:\Documents and Settings\Piotr\Menu Start\Programy\Windows Install Clean Up.lnk
2013-09-27 13:10 - 2013-09-27 13:10 - 00000000 ____D C:\Program Files\Windows Installer Clean Up
2013-09-27 13:09 - 2009-11-04 11:29 - 00000000 ____D C:\Program Files\MSECache
2013-09-27 13:09 - 2007-08-02 10:12 - 00000000 ____D C:\PS
2013-09-27 12:38 - 2012-04-27 13:37 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-09-27 12:34 - 2013-09-27 12:34 - 00000000 ____D C:\Documents and Settings\Piotr\Dane aplikacji\eCyber
2013-09-27 12:33 - 2013-06-03 11:52 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-26 12:19 - 2013-06-18 09:38 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\REFERENDUM
2013-09-25 13:11 - 2004-08-04 14:00 - 00000873 _____ C:\WINDOWS\win.ini
2013-09-25 12:59 - 2013-09-25 12:59 - 01836889 _____ C:\Documents and Settings\Piotr\Pulpit\mikropesel1358.zip
2013-09-25 11:52 - 2006-07-07 09:28 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\Ewid. ludności
2013-09-25 10:24 - 2006-01-24 11:58 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\KASA
2013-09-22 08:26 - 2013-08-28 15:10 - 00001858 _____ C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
2013-09-21 15:18 - 2012-04-16 08:11 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-21 15:18 - 2011-10-10 13:43 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-19 10:33 - 2008-11-20 11:05 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\Wybory uzup do Rady G
2013-09-19 10:32 - 2005-08-29 09:22 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\WYBORY
2013-09-19 10:18 - 2012-05-15 13:40 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\adresy
2013-09-19 10:12 - 2009-04-06 15:44 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\Wybory Parlament Europ
2013-09-18 09:26 - 2006-02-15 08:56 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\Rejestr wyborców
2013-09-16 09:43 - 2007-09-11 08:48 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\Wybory Sejm 2007
2013-09-16 09:42 - 2010-04-22 10:26 - 00000000 ____D C:\Documents and Settings\Piotr\Moje dokumenty\wybory Prezydenta 2010
2013-09-13 15:01 - 2009-11-04 11:30 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2013-09-12 10:20 - 2013-08-24 18:52 - 00002347 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk
2013-09-11 10:37 - 2005-08-26 14:12 - 00205712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-11 10:07 - 2013-09-11 10:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 10:07 - 2013-09-11 10:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 10:07 - 2013-09-11 10:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 10:00 - 2006-04-10 15:39 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-10 07:14 - 2010-01-21 15:06 - 00002451 _____ C:\Documents and Settings\Piotr\Pulpit\Edytor Aktów Prawnych XML.lnk

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\Piotr\Ustawienia lokalne\Temp\gmer.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-04 14:00] - [2008-04-14 19:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\Windows\System32\winlogon.exe
[2004-08-04 14:00] - [2008-04-14 19:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\Windows\System32\svchost.exe
[2004-08-04 14:00] - [2008-04-14 19:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\Windows\System32\services.exe
[2004-08-04 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f 

C:\Windows\System32\User32.dll
[2004-08-04 14:00] - [2008-04-14 19:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\Windows\System32\userinit.exe
[2004-08-04 14:00] - [2008-04-14 19:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 14:00] - [2008-04-14 18:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================