Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01 Ran by TEST (administrator) on TEST-97C2410A42 on 29-01-2015 22:29:49 Running from C:\Documents and Settings\TEST\Moje dokumenty\Downloads Loaded Profiles: TEST (Available profiles: TEST) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 6 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files\VDO\TIS-Office\TISService\TIS3Service.exe (FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (AbeeLabs Systems Inc.) C:\PSCRIPT\PSCRIPT.EXE () C:\Program Files\VDO\TIS-Office\Bin\TISOfficeTray.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (Google Inc.) C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2219184 2011-01-12] (ESET) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKU\S-1-5-21-2000478354-602162358-1417001333-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2000478354-602162358-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [116648 2012-06-04] (Google Inc.) Lsa: [Authentication Packages] msv1_0 nwprovau Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\PSCRIPT.lnk ShortcutTarget: PSCRIPT.lnk -> C:\PSCRIPT\PSCRIPT.EXE (AbeeLabs Systems Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TISOfficeTray.lnk ShortcutTarget: TISOfficeTray.lnk -> C:\Program Files\VDO\TIS-Office\Bin\TISOfficeTray.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2000478354-602162358-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2000478354-602162358-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKU\S-1-5-21-2000478354-602162358-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-2000478354-602162358-1417001333-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing. BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - &Tłumaczenie - {2F7DB8D7-9BE7-4666-901E-F380555BCAC7} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll (Techland) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303808138109 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 194.204.159.1 194.204.152.34 FireFox: ======== FF ProfilePath: C:\Documents and Settings\TEST\Dane aplikacji\Mozilla\Firefox\Profiles\81monou2.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin HKU\S-1-5-21-2000478354-602162358-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-2000478354-602162358-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-05-08] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-26] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-02-08] FF HKU\S-1-5-21-2000478354-602162358-1417001333-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\39.0.2171.99\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.190.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U19) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Google Update) - C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-04] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-04] CHR Extension: (Google Wallet) - C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR Extension: (Gmail) - C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-04] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path StartMenuInternet: chrome.exe - C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [33584 2011-01-12] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [810144 2011-01-12] (ESET) S2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-09-03] (FirebirdSQL Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2002944 2007-09-03] (FirebirdSQL Project) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-05-08] (Sun Microsystems, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2007-04-27] (SafeNet, Inc.) R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2007-04-27] (SafeNet, Inc) S3 VDO-TISHLaw Service; C:\Program Files\VDO\TIS-Office\TISService\CallHLEngine.exe [57344 2009-01-12] () [File not signed] R2 VDO-TISOffice Service; C:\Program Files\VDO\TIS-Office\TISService\TIS3Service.exe [61440 2009-02-04] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [141264 2010-12-21] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [20400 1999-10-21] (EnTech Taiwan) [File not signed] R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [134000 2010-12-21] (ESET) R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [33120 2010-12-21] (ESET) R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [55256 2010-08-03] (ESET) S3 HPKBCCID; C:\WINDOWS\System32\DRIVERS\HPKBCCID.sys [48000 2012-03-05] (Hewlett-Packard Company) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-29] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-29] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-29] (HP) S3 ip100xp; C:\WINDOWS\System32\DRIVERS\ipfnd51.sys [26752 2006-03-27] (ASUSTek Computer Inc. ) [File not signed] R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [53632 2007-09-20] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2007-09-20] (NVIDIA Corporation) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation) R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation) S3 SNTNLUSB; C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS [35328 2007-04-27] (SafeNet, Inc.) U5 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 CertPropSvc; No ImagePath S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 22:29 - 2015-01-29 22:29 - 00000000 ____D () C:\FRST 2015-01-28 16:48 - 2015-01-28 16:48 - 03379254 _____ () C:\Documents and Settings\TEST\Pulpit\eset pliki2.bmp 2015-01-28 16:48 - 2015-01-28 16:48 - 03379254 _____ () C:\Documents and Settings\TEST\Pulpit\eset pliki1.bmp 2015-01-21 09:42 - 2015-01-21 09:42 - 00000602 _____ () C:\Documents and Settings\TEST\Pulpit\GPS ATRAX XML.lnk 2015-01-20 13:30 - 2015-01-20 13:30 - 02949174 _____ () C:\Documents and Settings\TEST\Moje dokumenty\Decrypt All Files ziwcstm.bmp 2015-01-20 13:10 - 2015-01-20 13:30 - 00977589 _____ () C:\Documents and Settings\All Users\Dane aplikacji\osjolki.html 2015-01-19 10:39 - 2015-01-20 11:44 - 00061072 _____ () C:\Documents and Settings\TEST\Pulpit\potwierdzenia zapłaty.PDF.ziwcstm 2015-01-19 10:39 - 2015-01-19 10:39 - 00060864 _____ () C:\Documents and Settings\TEST\Pulpit\E100.PDF.ziwcstm 2015-01-19 10:39 - 2015-01-19 10:34 - 00061168 _____ () C:\Documents and Settings\TEST\Pulpit\POTWIERDZENIE ZAPŁATY.PDF.ziwcstm 2015-01-14 09:33 - 2015-01-14 09:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-12 13:24 - 2015-01-12 13:24 - 00427520 _____ () C:\Documents and Settings\TEST\Pulpit\Iwaniuk.JPG.ziwcstm 2015-01-12 13:24 - 2014-12-31 12:49 - 00497904 _____ () C:\Documents and Settings\TEST\Pulpit\podanie o anulowanie odsetek Bordamex.JPG.ziwcstm 2015-01-12 13:24 - 2014-12-05 14:17 - 00463888 _____ () C:\Documents and Settings\TEST\Pulpit\POTWIERDZENIE ZDANIA PALET.JPG.ziwcstm 2015-01-02 16:19 - 2015-01-02 16:20 - 00333440 _____ () C:\Documents and Settings\TEST\Pulpit\kosztorys naprawy naczepy WLS N234 str 1.JPG.ziwcstm 2015-01-02 15:53 - 2015-01-02 15:53 - 00006112 _____ () C:\Documents and Settings\TEST\Pulpit\umowa Piotrek poprawiona.DOC.ziwcstm 2015-01-02 15:53 - 2014-12-29 13:13 - 00007056 _____ () C:\Documents and Settings\TEST\Pulpit\ADRESY FIRM.DOC.ziwcstm 2015-01-02 15:47 - 2015-01-20 13:22 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\Szkoda z OC na Rumunii ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 22:30 - 2012-06-04 10:52 - 00000000 ____D () C:\Documents and Settings\TEST\Ustawienia lokalne\temp 2015-01-29 22:24 - 2012-09-26 14:20 - 00000000 ____D () C:\Documents and Settings\TEST\Dane aplikacji\Skype 2015-01-29 22:14 - 2012-06-04 09:01 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-602162358-1417001333-1003UA.job 2015-01-29 21:57 - 2010-05-08 10:01 - 00000000 __RHD () C:\Documents and Settings\TEST\Dane aplikacji 2015-01-29 21:57 - 2010-05-08 10:01 - 00000000 ___HD () C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji 2015-01-29 21:23 - 2010-05-08 11:43 - 01083816 _____ () C:\WINDOWS\setupapi.log 2015-01-29 21:23 - 2010-05-08 11:43 - 00176810 _____ () C:\WINDOWS\setupact.log 2015-01-29 21:22 - 2010-05-08 09:51 - 01834523 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-29 21:21 - 2010-05-08 11:46 - 00000157 _____ () C:\WINDOWS\wiadebug.log 2015-01-29 21:21 - 2010-05-08 11:46 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-01-29 21:21 - 2010-05-08 10:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-29 21:03 - 2010-05-08 10:00 - 00032538 _____ () C:\WINDOWS\SchedLgU.Txt 2015-01-29 20:40 - 2014-07-30 14:44 - 00000468 _____ () C:\WINDOWS\Tasks\At2.job 2015-01-29 20:39 - 2010-05-08 10:01 - 00000000 ___RD () C:\Documents and Settings\TEST\Moje dokumenty 2015-01-29 19:15 - 2001-07-22 01:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-01-28 16:49 - 2010-10-06 10:12 - 00000000 ____D () C:\TS 2015-01-28 16:48 - 2010-05-08 10:01 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit 2015-01-23 15:44 - 2014-07-30 14:44 - 00000468 _____ () C:\WINDOWS\Tasks\At3.job 2015-01-23 14:13 - 2012-06-04 09:01 - 00001076 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-602162358-1417001333-1003Core.job 2015-01-23 14:00 - 2014-07-30 14:44 - 00000468 _____ () C:\WINDOWS\Tasks\At4.job 2015-01-23 10:10 - 2014-07-30 14:44 - 00000468 _____ () C:\WINDOWS\Tasks\At1.job 2015-01-21 15:55 - 2013-04-10 10:16 - 00000000 ____D () C:\ATRAX_TerminalXML 2015-01-21 08:26 - 2010-05-08 10:13 - 00002539 _____ () C:\Documents and Settings\TEST\Pulpit\Microsoft Office Word 2003.lnk 2015-01-20 13:26 - 2010-05-10 11:25 - 00000000 ____D () C:\Documents and Settings\TEST\Moje dokumenty\Pobieranie 2015-01-20 13:23 - 2014-06-25 11:54 - 00000000 ____D () C:\Documents and Settings\TEST\Moje dokumenty\Pobrane 2015-01-20 13:23 - 2012-04-04 08:09 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\dowody rejestracyjne 2015-01-20 13:23 - 2010-08-05 10:29 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\Dokumenty firmowe BORDAMEX Marcin Boruta 2015-01-20 13:22 - 2012-06-13 09:22 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\MAPY 2015-01-20 13:22 - 2011-08-30 13:14 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\CONSULT TRANS 2015-01-20 13:22 - 2010-06-15 10:07 - 00000000 ____D () C:\Documents and Settings\TEST\Moje dokumenty\karta czasowego pobytu 2015-01-20 13:22 - 2010-05-10 11:22 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\Dokumenty firmowe ANPOL 2015-01-20 13:21 - 2014-10-17 09:50 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\szkoda nektarynka 2015-01-20 13:21 - 2013-12-19 13:16 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\PODATEK OD ŚT ANPOL 2015-01-20 13:21 - 2013-04-08 09:38 - 00000000 ____D () C:\TS5 2015-01-20 13:21 - 2012-07-30 11:00 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\szkoda HDI 2015-01-20 13:21 - 2011-09-20 10:11 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\Ewelina 2015-01-20 13:21 - 2011-02-02 15:29 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\PISMA 2015-01-20 13:21 - 2010-07-22 10:39 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\Dokumenty do Agencji 2015-01-20 13:20 - 2014-02-25 16:03 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\TAMORZNIA 2015-01-20 13:20 - 2012-10-19 07:45 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\URLOPÓWKI 2015-01-20 13:20 - 2012-01-25 12:31 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\SKANY Z CANON 2015-01-20 13:20 - 2010-10-27 10:01 - 00000000 ____D () C:\Kopia TS 2015-01-20 13:20 - 2010-05-08 10:01 - 00000000 ___RD () C:\Documents and Settings\TEST\Moje dokumenty\Moje obrazy 2015-01-20 13:19 - 2011-04-26 10:00 - 00000000 ____D () C:\Program Files\Microsoft AutoRoute 2010 2015-01-20 13:19 - 2011-03-31 09:40 - 00000000 ____D () C:\Documents and Settings\TEST\Moje dokumenty\LOGO BORDAMEX 2015-01-20 13:19 - 2010-10-06 10:14 - 00000000 ____D () C:\PIRUT 2015-01-20 13:15 - 2014-10-09 13:51 - 00000000 ___RD () C:\Program Files\Skype 2015-01-20 13:15 - 2012-06-04 10:29 - 00000000 ____D () C:\Qoobox 2015-01-20 13:15 - 2010-05-08 10:09 - 00000000 ____D () C:\Program Files\Winamp 2015-01-20 13:15 - 2010-05-08 10:05 - 00000000 ____D () C:\Program Files\NAPI-PROJEKT 2015-01-20 13:15 - 2010-05-08 09:50 - 00000000 ____D () C:\Program Files\Outlook Express 2015-01-20 13:14 - 2010-05-08 10:04 - 00000000 ____D () C:\Program Files\IrfanView 2015-01-20 13:13 - 2013-04-08 09:36 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\bordam-marcin 2015-01-20 13:13 - 2013-02-25 08:48 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\ts 2015-01-20 13:13 - 2012-05-09 08:51 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\WNIOSKI 2015-01-20 13:13 - 2011-09-16 17:53 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\ANPOL RUTKOWSKI 2015-01-20 13:13 - 2010-05-10 08:29 - 00000000 ____D () C:\Documents and Settings\TEST\Moje dokumenty\Dotacje 2015-01-20 13:12 - 2014-12-22 15:42 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\wyjaśnienia 2015-01-20 13:12 - 2012-02-14 13:18 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\SZKODY 2015-01-20 13:12 - 2012-02-14 13:11 - 00000000 ____D () C:\Documents and Settings\TEST\Pulpit\ZESTAWIENIA 2015-01-20 13:12 - 2010-05-10 08:29 - 00000000 ____D () C:\Documents and Settings\TEST\Moje dokumenty\Zezwolenie na pracę cudzoziemca 2015-01-20 13:11 - 2010-05-10 08:29 - 00000000 ____D () C:\Documents and Settings\TEST\Moje dokumenty\PWPW S_A_ - System Tachografów Cyfrowych - ZŁÓŻ WNIOSEK O WYDANIE KARTY KIEROWCY (KK)_pliki 2015-01-20 13:11 - 2010-05-08 11:44 - 00000000 ___HD () C:\Documents and Settings\Default User\Szablony 2015-01-20 13:11 - 2010-05-08 10:01 - 00000000 ___HD () C:\Documents and Settings\TEST\Szablony 2015-01-20 13:10 - 2010-05-08 11:43 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-01-20 13:08 - 2010-05-10 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\HP 2015-01-16 18:44 - 2014-08-04 12:26 - 00006640 _____ () C:\Documents and Settings\TEST\Pulpit\Kopia ROZLICZENIE KIEROWCY ANATOLI SACHUK.XLS.ziwcstm 2015-01-16 13:16 - 2012-06-04 11:41 - 00002301 _____ () C:\Documents and Settings\TEST\Pulpit\google chrome.lnk 2015-01-16 08:00 - 2012-06-08 15:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-12 12:57 - 2011-06-17 12:41 - 00003248 _____ () C:\Documents and Settings\TEST\Moje dokumenty\zaświadczenie do ZMPD bank.DOC.ziwcstm 2015-01-09 08:10 - 2012-09-26 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2015-01-02 16:21 - 2014-09-15 10:39 - 00239824 _____ () C:\Documents and Settings\TEST\Pulpit\kosztorys naprawy naczepy WLS N234 str 2.JPG.ziwcstm 2014-12-31 12:50 - 2014-07-07 13:54 - 00399872 _____ () C:\Documents and Settings\TEST\Pulpit\podanie o anulowanie odsetek Anpol.JPG.ziwcstm 2014-12-31 12:47 - 2011-06-17 12:41 - 00003904 _____ () C:\Documents and Settings\TEST\Moje dokumenty\podanie do Platerowa.DOC.ziwcstm 2014-12-31 10:05 - 2011-06-17 12:41 - 00003744 _____ () C:\Documents and Settings\TEST\Moje dokumenty\upoważnienie do konsulatu Białorusi.DOC.ziwcstm ==================== Files in the root of some directories ======= 2010-06-20 12:53 - 2014-11-06 14:16 - 0005632 _____ () C:\Documents and Settings\TEST\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some content of TEMP: ==================== C:\Documents and Settings\TEST\Ustawienia lokalne\temp\18101515.exe C:\Documents and Settings\TEST\Ustawienia lokalne\temp\ARS.exe C:\Documents and Settings\TEST\Ustawienia lokalne\temp\Pit2013_7.0.16.42.exe C:\Documents and Settings\TEST\Ustawienia lokalne\temp\Pit2013_7.0.20.49.exe C:\Documents and Settings\TEST\Ustawienia lokalne\temp\qfkqmfl.exe C:\Documents and Settings\TEST\Ustawienia lokalne\temp\setup.exe C:\Documents and Settings\TEST\Ustawienia lokalne\temp\{ABFFC01B-70DC-4939-8FA5-6829B2599357}-24.0.1312.56_24.0.1312.52_chrome_updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================