Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014 Ran by x (administrator) on X-672607A7ABE94 on 19-12-2014 16:01:58 Running from C:\Documents and Settings\x\Moje dokumenty\Pobrane Loaded Profile: x (Available profiles: x) Platform: Microsoft Windows XP Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Brother Industries, Ltd.) C:\Program Files\BrownyInd\Brother\BrIndicator.exe (France Télécom R&D) C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (C Technologies) C:\Program Files\C Technologies\C-Pen Core\CPenCoreApp.EXE (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe () C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (France Telecom) C:\WINDOWS\system32\FTRTSVC.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe () C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\ouc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16010752 2006-03-14] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [AdslTaskBar] => rundll32.exe stmctrl.dll,TaskBar HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) HKLM\...\Run: [WOOWATCH] => C:\Program Files\neostrada tp\Watch.exe [20480 2004-08-23] (France Télécom R&D) HKLM\...\Run: [WOOTASKBARICON] => C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET) HKLM\...\Run: [BrStsInd00] => C:\Program Files\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-06-21] (TomTom) HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\Run: [CPenCore] => C:\Program Files\C Technologies\C-Pen Core\CPenCoreApp.exe [2528848 2012-03-15] (C Technologies) HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1 HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\MountPoints2: {02b2100a-c1e1-11e2-a182-00138faf7ef1} - E:\AutoRun.exe HKU\S-1-5-21-842925246-854245398-1606980848-1005\...\MountPoints2: {02b2100d-c1e1-11e2-a182-00138faf7ef1} - E:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-842925246-854245398-1606980848-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl HKU\S-1-5-21-842925246-854245398-1606980848-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl/szukajneo.html URLSearchHook: [S-1-5-21-842925246-854245398-1606980848-1005] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKU\S-1-5-21-842925246-854245398-1606980848-1005 - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll () SearchScopes: HKU\S-1-5-21-842925246-854245398-1606980848-1005 -> {AAC7DED9-F0DF-476C-A857-7C12D9CE1568} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\thbuhhs2.default FF Homepage: hxxp://wp.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Extension: Adblock Plus - C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\thbuhhs2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-16] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-22] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: No Name - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-12-18] Chrome: ======= CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click11.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [110592 2005-04-06] () [File not signed] R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET) R2 FTRTSVC; C:\WINDOWS\System32\FTRTSVC.exe [40960 2004-08-23] (France Telecom) [File not signed] R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 Internet Manager. RunOuc; C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-06-17] () R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-19] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43008 2005-03-09] (Advanced Micro Devices) R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [20480 2005-08-31] (IVT Corporation) [File not signed] R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [20480 2005-08-31] (IVT Corporation) [File not signed] R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation) [File not signed] S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [23000 2005-07-29] (IVT Corporation) [File not signed] R3 BTHidEnum; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [11988 2005-07-29] () [File not signed] R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [28271 2005-04-30] (IVT Corporation) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 CPen; C:\WINDOWS\System32\Drivers\CPen.sys [18752 2010-04-08] () R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118768 2013-09-17] (ESET) S3 filtertdidriver; C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys [7552 2011-01-16] (Huawei Technologies Co., Ltd.) [File not signed] R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP) S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [96000 2012-08-20] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [69760 2012-08-20] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27520 2012-08-20] (Huawei Technologies Co., Ltd.) R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [105344 2002-04-26] (NVIDIA Corporation) [File not signed] R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16128 2003-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 pendfu; C:\WINDOWS\System32\Drivers\pendfu.sys [39096 2010-04-15] (Anoto AB) R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [62208 2002-04-26] (Silicon Image, Inc.) [File not signed] R3 Stmatm; C:\WINDOWS\System32\DRIVERS\stmatm.sys [60255 2003-08-12] (STMicroelectronics ) [File not signed] S3 TaurusUsb; C:\WINDOWS\System32\DRIVERS\torususb.sys [684265 2006-05-25] () [File not signed] R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation) [File not signed] R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation) [File not signed] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.) S4 IntelIde; No ImagePath S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X] S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 16:01 - 2014-12-19 16:02 - 00000000 ____D () C:\FRST 2014-12-19 15:05 - 2014-12-19 15:05 - 00000000 ____D () C:\Program Files\Adblock Plus for IE 2014-12-19 15:05 - 2014-12-19 15:05 - 00000000 ____D () C:\Documents and Settings\x\Dane aplikacji\Adblock Plus for IE 2014-12-19 15:00 - 2014-12-19 15:00 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-12-19 15:00 - 2014-12-19 15:00 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2014-12-19 15:00 - 2014-12-19 14:59 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-12-19 15:00 - 2014-12-19 14:58 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-12-19 15:00 - 2014-12-19 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-12-19 15:00 - 2014-12-19 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-12-19 15:00 - 2014-12-19 14:58 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-12-19 11:34 - 2014-12-19 11:34 - 00000000 ____D () C:\Documents and Settings\x\Pulpit\kopia 2014-12-18 20:34 - 2014-12-18 20:34 - 00000000 ____D () C:\Program Files\ESET 2014-12-18 20:34 - 2014-12-18 20:34 - 00000000 ____D () C:\Documents and Settings\x\Qtrax 2014-12-18 20:34 - 2014-12-18 20:34 - 00000000 ____D () C:\Documents and Settings\x\Menu Start\Programy\QTRAX 2014-12-18 20:34 - 2014-12-18 20:34 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\ESET 2014-12-18 20:34 - 2014-12-18 20:34 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\ESET 2014-12-18 19:41 - 2014-12-18 20:33 - 00000000 ____D () C:\Program Files\ESET(3) 2014-12-18 19:41 - 2014-12-18 20:33 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\ESET(3) 2014-12-18 17:54 - 2014-12-18 20:34 - 00000000 ____D () C:\Program Files\Windows Resource Kits(2) 2014-12-18 17:50 - 2014-12-18 20:34 - 00000000 ____D () C:\Program Files\Common Files\Java(2) 2014-12-18 17:40 - 2014-12-18 19:32 - 00000000 ____D () C:\AdwCleaner 2014-12-18 17:25 - 2014-12-18 20:34 - 00000000 ____D () C:\Program Files\ESET(2) 2014-12-18 17:25 - 2014-12-18 20:34 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\ESET(2) 2014-12-09 12:54 - 2014-12-09 12:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-09 12:27 - 2014-12-09 12:28 - 00000000 ____D () C:\Documents and Settings\x\Moje dokumenty\ANAMAR- 2014 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 16:02 - 2010-09-22 00:11 - 00000000 ____D () C:\Documents and Settings\x\Ustawienia lokalne\Temp 2014-12-19 16:01 - 2014-07-08 13:53 - 00000000 ____D () C:\Documents and Settings\x\Moje dokumenty\Pobrane 2014-12-19 15:54 - 2010-09-22 00:05 - 01839058 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-19 15:28 - 2013-06-15 10:04 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-19 15:22 - 2010-09-22 00:11 - 00000000 ____D () C:\Documents and Settings\x\Pulpit 2014-12-19 15:21 - 2010-09-22 18:46 - 00000000 ____D () C:\Program Files\neostrada tp 2014-12-19 15:21 - 2010-09-22 01:58 - 00000257 _____ () C:\WINDOWS\wiadebug.log 2014-12-19 15:21 - 2010-09-22 01:58 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-19 15:20 - 2014-03-09 11:21 - 00000214 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakoñczeniu obs³ugi systemu Microsoft Windows XP — logowanie.job 2014-12-19 15:20 - 2012-06-23 11:55 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-19 15:20 - 2010-09-22 00:09 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-19 15:19 - 2014-02-15 22:40 - 00490008 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2014-12-19 15:19 - 2010-09-22 00:11 - 00000292 ___SH () C:\Documents and Settings\x\ntuser.ini 2014-12-19 15:19 - 2010-09-22 00:11 - 00000000 ____D () C:\Documents and Settings\x 2014-12-19 15:19 - 2010-09-22 00:09 - 00032580 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-19 15:19 - 2010-09-22 00:09 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2014-12-19 15:16 - 2012-06-23 11:55 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-19 15:09 - 2013-06-15 10:04 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-12-19 15:09 - 2013-06-15 10:03 - 00000000 ____D () C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Adobe 2014-12-19 15:09 - 2012-03-17 19:56 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-12-19 15:05 - 2010-09-22 00:11 - 00000000 __RHD () C:\Documents and Settings\x\Dane aplikacji 2014-12-19 15:00 - 2010-09-22 01:54 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-12-19 14:57 - 2010-09-22 01:10 - 00000000 ____D () C:\Program Files\Java 2014-12-19 13:57 - 2014-01-11 14:39 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\firebird 2014-12-19 13:57 - 2010-09-22 06:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2014-12-19 13:49 - 2010-11-29 20:36 - 00000000 ____D () C:\Documents and Settings\x\Pulpit\Export Kopia 2014-12-19 12:18 - 2010-09-22 19:35 - 00000000 ____D () C:\Documents and Settings\x\Pulpit\Dokumenty 2014-12-19 11:32 - 2010-09-22 06:23 - 00000783 _____ () C:\Documents and Settings\x\Pulpit\AgroSystem.lnk 2014-12-19 11:32 - 2010-09-22 06:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\AgroSystem 2014-12-18 22:27 - 2010-11-13 20:27 - 00000000 ____D () C:\Program Files\PiggyV4 2014-12-18 20:42 - 2010-09-22 01:54 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-12-18 20:38 - 2010-09-22 00:11 - 00000000 ___RD () C:\Documents and Settings\x\Menu Start\Programy\Autostart 2014-12-18 20:35 - 2010-09-22 00:09 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-12-18 20:35 - 2010-09-22 00:09 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-12-18 20:34 - 2010-09-22 01:54 - 00000000 ___HD () C:\Documents and Settings\All Users\Dane aplikacji 2014-12-18 20:16 - 2010-09-22 01:47 - 00000000 ____D () C:\WINDOWS\security 2014-12-18 19:52 - 2010-09-22 19:30 - 00053008 _____ () C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-12-18 19:51 - 2010-09-22 01:54 - 00241536 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-12-18 19:32 - 2010-09-22 00:11 - 00000000 ___RD () C:\Documents and Settings\x\Menu Start\Programy 2014-12-18 18:19 - 2010-09-22 00:03 - 00000000 ____D () C:\WINDOWS\system32\Restore 2014-12-18 17:46 - 2006-03-02 16:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-13 16:16 - 2010-09-22 00:11 - 00000000 ___HD () C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji 2014-12-11 23:01 - 2010-09-22 02:41 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-11 13:53 - 2013-06-15 09:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-09 22:19 - 2014-05-12 21:14 - 00000000 ____D () C:\Documents and Settings\x\Moje dokumenty\Rejestr byd³a do 12 miesiêcy 2014-12-09 22:19 - 2010-09-22 00:11 - 00000000 ___RD () C:\Documents and Settings\x\Moje dokumenty Some content of TEMP: ==================== C:\Documents and Settings\x\Ustawienia lokalne\Temp\jre-7u71-windows-i586-iftw.exe C:\Documents and Settings\x\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\x\Ustawienia lokalne\Temp\ReimagePackage.exe C:\Documents and Settings\x\Ustawienia lokalne\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2008-05-01 11:02] - [2008-05-01 11:02] - 1034752 ____A (Microsoft Corporation) 0ffe2299a37932d32e0d32758155b928 C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================