Anonim / 3 lata, 7 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Pokój Wychowawców (administrator) on WYCHOWAWCY on 27-05-2014 15:44:36
Running from C:\Documents and Settings\Pokój Wychowawców\Pulpit
Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Palit Microsystems, Inc.) C:\Program Files\VDOTool\TBPANEL.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(ESET) C:\Program Files\Eset\ESET Smart Security\egui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
(ESET) C:\Program Files\Eset\ESET Smart Security\ekrn.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
() C:\Program Files\PCDApp\dgen.exe
() C:\Program Files\SiteAdvisor\6261\SAService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16270848 2006-11-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185872 2009-02-19] (RealNetworks, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2219184 2011-01-12] (ESET)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:13989;https=127.0.0.1:13989
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {4F8E6A76-6364-47F3-8364-7FA9B05F7D79} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: No Name - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrustedShopper - {BBE09607-D9BF-4B2E-88C2-C8D5DF7A7D37} - C:\Program Files\SqueakyChocolate\TrustedShopper\adxloader.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
Toolbar: HKLM - McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8B0C8CF4-17F3-42D5-8D62-95F2E8339C26} http://symantec.softmall.com.tw/ftcdm/ftcdm.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} http://67.15.101.33/g_bin/pl/wordssingle_2_0_0_48.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
Tcpip\..\Interfaces\{D9218895-9E11-4DE1-8978-8C36A969176C}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\Mozilla\Firefox\Profiles\ovq6qpxg.default
FF Homepage: https://www.google.pl/?gfe_rd=cr&ei=mjR9U_6LGIze8gejoYCQBQ
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\Mozilla\Firefox\Profiles\ovq6qpxg.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\Mozilla\Firefox\Profiles\ovq6qpxg.default\searchplugins\BitGuard.xml
FF SearchPlugin: C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\Mozilla\Firefox\Profiles\ovq6qpxg.default\searchplugins\BrowserProtect.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-02-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-05-26]
FF HKCU\...\Firefox\Extensions: [{4CB72F0B-E81D-608B-FC79-DF5F250B0E83}] - C:\Program Files\VeriBrowse-soft\170.xpi

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [821840 2012-07-19] (ABBYY)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [810144 2011-01-12] (ESET)
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1550896 2007-05-15] (Nero AG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-21] (Oracle Corporation)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [97232 2014-05-09] ()
R2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6261\SAService.exe [345376 2010-06-16] ()
S2 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [0 2009-01-06] ()
S2 d93cc0a5; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\daneap~1\assist~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2008-04-08] (Meetinghouse Data Communications)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [278984 2009-02-21] ()
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 Cardex; C:\WINDOWS\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [141264 2010-12-21] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [134000 2010-12-21] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [33120 2010-12-21] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [55256 2010-08-03] (ESET)
R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [118576 2007-05-15] (Nero AG)
R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [37040 2007-05-15] (Nero AG)
U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16304 2007-05-15] (Nero AG)
R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38576 2007-05-15] (Nero AG)
S3 lgusbsmodem; C:\WINDOWS\System32\DRIVERS\lgusbsmodem.sys [23680 2007-07-09] (LG Electronics Inc.)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25416 2009-02-21] ()
R2 PfModNT; C:\WINDOWS\system32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [343168 2006-05-12] (Ralink Technology, Corp.)
S3 s1039mdm; C:\WINDOWS\System32\DRIVERS\s1039mdm.sys [124016 2009-11-19] (MCCI Corporation)
R2 TBPanel; C:\WINDOWS\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 usbsermptxp; C:\WINDOWS\System32\DRIVERS\usbsermptxp.sys [25600 2009-02-24] (Microsoft Corporation)
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 15:44 - 2014-05-27 15:44 - 01056256 _____ (Farbar) C:\Documents and Settings\Pokój Wychowawców\Pulpit\FRST.exe
2014-05-27 15:44 - 2014-05-27 15:44 - 00014429 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\FRST.txt
2014-05-27 15:44 - 2014-05-27 15:44 - 00000000 ____D () C:\FRST
2014-05-27 15:43 - 2014-04-01 20:47 - 00000426 _____ () C:\AVScanner.ini
2014-05-27 15:35 - 2014-05-27 15:35 - 00492088 _____ () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\cc_20140527_153532.reg
2014-05-27 15:33 - 2014-05-27 15:33 - 04748896 _____ (Piriform Ltd) C:\Documents and Settings\Pokój Wychowawców\Pulpit\ccsetup414.exe
2014-05-27 15:33 - 2014-05-27 15:33 - 00000682 _____ () C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
2014-05-27 15:33 - 2014-05-27 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
2014-05-27 14:53 - 2014-05-27 14:53 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Pokój Wychowawców\Pulpit\OTL.exe
2014-05-27 14:43 - 2014-05-27 15:10 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\Logi
2014-05-27 14:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-27 14:35 - 2014-05-27 14:43 - 00000000 ____D () C:\AdwCleaner
2014-05-27 14:35 - 2014-05-27 14:35 - 01327971 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\AdwCleaner.exe
2014-05-27 14:00 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-05-27 14:00 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-05-27 14:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-05-27 14:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-05-27 14:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-05-27 14:00 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-05-27 14:00 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-05-27 14:00 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-05-27 14:00 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-05-27 13:59 - 2014-05-27 14:26 - 00000000 ____D () C:\Qoobox
2014-05-27 13:59 - 2014-05-27 14:24 - 00000000 ____D () C:\WINDOWS\erdnt
2014-05-27 13:59 - 2014-05-27 13:57 - 05203612 ____R (Swearware) C:\Documents and Settings\Pokój Wychowawców\Pulpit\ComboFix.exe
2014-05-27 00:54 - 2014-05-27 00:54 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\TrustedShopper
2014-05-27 00:50 - 2014-05-27 14:19 - 00000000 ____D () C:\Avenger
2014-05-26 20:36 - 2014-05-26 20:36 - 00001130 _____ () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\aps.scan.quick.results
2014-05-26 20:36 - 2014-05-26 20:36 - 00000316 _____ () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\aps.uninstall.scan.results
2014-05-26 20:36 - 2014-05-26 20:36 - 00000000 _____ () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\aps.scan.results
2014-05-26 20:35 - 2014-05-26 20:35 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Menu Start\Programy\AnyProtect PC Backup
2014-05-22 17:25 - 2014-05-22 17:25 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\SmileysWeLove
2014-05-21 23:07 - 2014-05-27 14:49 - 00000000 _____ () C:\WINDOWS\system32\s.o
2014-05-21 23:04 - 2014-05-21 23:03 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-05-21 23:04 - 2014-05-21 23:03 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-05-21 23:03 - 2014-05-21 23:03 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-05-21 23:03 - 2014-05-21 23:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-05-21 23:03 - 2014-05-21 23:03 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-05-21 23:03 - 2014-05-21 23:03 - 00000000 ____D () C:\Program Files\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java
2014-05-21 23:00 - 2014-05-27 00:50 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\VOPackage
2014-05-21 23:00 - 2014-05-21 23:00 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Menu Start\Programy\VOPackage
2014-05-21 22:59 - 2014-05-21 23:01 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\Java
2014-05-21 22:58 - 2014-05-27 14:35 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\Genesis
2014-05-21 22:58 - 2014-05-26 17:57 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\Mobogenie
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\UpdateChecker
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\Mobogenie
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Menu Start\Programy\Mobogenie
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\.android
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 _____ () C:\Documents and Settings\Pokój Wychowawców\daemonprocess.txt
2014-05-21 22:57 - 2014-05-22 17:24 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\Add-in Express
2014-05-21 22:57 - 2014-05-21 22:57 - 00000000 ____D () C:\Program Files\SqueakyChocolate
2014-05-21 22:57 - 2014-05-21 22:57 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\Apple Computer
2014-05-21 22:56 - 2014-05-21 22:57 - 00000000 ____D () C:\Program Files\PCDApp
2014-05-21 21:58 - 2014-05-21 21:58 - 00608354 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\asdzxc.bmp
2014-05-21 17:33 - 2014-05-21 17:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Menu Start\Programy
2014-05-21 17:33 - 2014-05-21 17:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Menu Start
2014-05-20 22:30 - 2014-05-27 14:43 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 22:29 - 2014-05-20 22:29 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-05-20 22:29 - 2014-05-20 22:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-20 22:29 - 2014-05-20 22:29 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2014-05-20 22:29 - 2014-05-20 22:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-05-20 22:29 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-20 22:29 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-19 19:08 - 2014-05-26 17:02 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\kaja
2014-05-15 22:47 - 2014-05-20 22:28 - 00000000 ____D () C:\UsbFix
2014-05-15 22:47 - 2014-05-15 22:47 - 00001364 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\UsbFix.lnk
2014-05-15 04:52 - 2014-05-15 04:52 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 21:56 - 2014-05-14 22:09 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk
2014-05-14 21:56 - 2014-05-14 21:56 - 00001734 _____ () C:\Documents and Settings\All Users\Pulpit\Adobe Reader XI.lnk
2014-05-14 21:55 - 2014-05-14 21:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-14 20:50 - 2014-05-14 20:50 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\ABBYY
2014-05-14 20:47 - 2014-05-19 19:41 - 00002509 _____ () C:\Documents and Settings\All Users\Pulpit\ABBYY FineReader 11.lnk
2014-05-14 20:47 - 2014-05-14 20:47 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\ABBYY FineReader 11
2014-05-14 20:45 - 2014-05-14 20:45 - 00000000 ____D () C:\Program Files\Common Files\ABBYY
2014-05-14 20:40 - 2014-05-19 19:42 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\ABBYY
2014-05-14 20:40 - 2014-05-14 20:49 - 00000000 ____D () C:\Program Files\ABBYY FineReader 11
2014-05-14 20:40 - 2014-05-14 20:40 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\ABBYY
2014-05-13 21:08 - 2014-05-13 21:08 - 17938608 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-05-13 19:23 - 2014-05-13 19:31 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\Korektywa
2014-05-11 19:06 - 2014-05-11 19:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-04 20:00 - 2014-05-04 20:02 - 00005595 _____ () C:\WINDOWS\KB2964358-IE7.log
2014-04-29 14:22 - 2014-04-29 14:54 - 01074078 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\Prezentacja1 folder.pptx

==================== One Month Modified Files and Folders =======

2014-05-27 15:44 - 2014-05-27 15:44 - 01056256 _____ (Farbar) C:\Documents and Settings\Pokój Wychowawców\Pulpit\FRST.exe
2014-05-27 15:44 - 2014-05-27 15:44 - 00014429 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\FRST.txt
2014-05-27 15:44 - 2014-05-27 15:44 - 00000000 ____D () C:\FRST
2014-05-27 15:44 - 2008-04-03 16:49 - 00000000 __SHD () C:\Documents and Settings\Pokój Wychowawców\Pulpit
2014-05-27 15:44 - 2008-04-03 16:07 - 01092626 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-27 15:43 - 2008-04-03 18:00 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-05-27 15:43 - 2008-04-03 18:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-05-27 15:43 - 2008-04-03 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-05-27 15:37 - 2011-12-13 16:37 - 00000478 _____ () C:\WINDOWS\Tasks\At3.job
2014-05-27 15:35 - 2014-05-27 15:35 - 00492088 _____ () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\cc_20140527_153532.reg
2014-05-27 15:35 - 2008-04-03 16:49 - 00000000 __SHD () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty
2014-05-27 15:34 - 2009-03-17 17:03 - 00000000 ____D () C:\WINDOWS\pss
2014-05-27 15:34 - 2008-04-03 18:00 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
2014-05-27 15:34 - 2008-04-03 16:49 - 00000000 ___RD () C:\Documents and Settings\Pokój Wychowawców\Menu Start\Programy\Autostart
2014-05-27 15:33 - 2014-05-27 15:33 - 04748896 _____ (Piriform Ltd) C:\Documents and Settings\Pokój Wychowawców\Pulpit\ccsetup414.exe
2014-05-27 15:33 - 2014-05-27 15:33 - 00000682 _____ () C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
2014-05-27 15:33 - 2014-05-27 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
2014-05-27 15:33 - 2008-10-25 17:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-27 15:30 - 2013-06-07 16:59 - 00001250 _____ () C:\Documents and Settings\All Users\Pulpit\YTD Video Downloader.lnk
2014-05-27 15:12 - 2014-03-12 19:07 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-05-27 15:12 - 2010-05-12 16:24 - 00001058 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 15:10 - 2014-05-27 14:43 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\Logi
2014-05-27 15:08 - 2013-12-13 17:33 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-27 15:08 - 2008-04-03 16:29 - 00032372 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-27 14:53 - 2014-05-27 14:53 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Pokój Wychowawców\Pulpit\OTL.exe
2014-05-27 14:49 - 2014-05-21 23:07 - 00000000 _____ () C:\WINDOWS\system32\s.o
2014-05-27 14:49 - 2009-03-31 19:32 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-27 14:49 - 2009-03-31 19:32 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-05-27 14:49 - 2008-04-03 20:38 - 00000558 _____ () C:\WINDOWS\DFC.INI
2014-05-27 14:48 - 2014-03-19 19:10 - 00000246 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP  logowanie.job
2014-05-27 14:48 - 2010-05-12 16:24 - 00001054 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 14:48 - 2008-04-03 16:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-27 14:48 - 2006-03-02 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-27 14:47 - 2013-03-12 21:08 - 01029655 _____ () C:\WINDOWS\setupapi.log
2014-05-27 14:47 - 2008-04-03 16:49 - 00000292 ___SH () C:\Documents and Settings\Pokój Wychowawców\ntuser.ini
2014-05-27 14:45 - 2014-03-25 13:41 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\337Games
2014-05-27 14:45 - 2008-04-03 16:49 - 00000000 ___RD () C:\Documents and Settings\Pokój Wychowawców\Menu Start\Programy
2014-05-27 14:43 - 2014-05-27 14:35 - 00000000 ____D () C:\AdwCleaner
2014-05-27 14:43 - 2014-05-20 22:30 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 14:39 - 2014-03-27 21:26 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Ustawienia lokalne\Dane aplikacji
2014-05-27 14:39 - 2014-03-27 21:26 - 00000000 ____D () C:\Documents and Settings\Pomocnik\Ustawienia lokalne\Dane aplikacji
2014-05-27 14:39 - 2014-03-27 21:26 - 00000000 ____D () C:\Documents and Settings\Gość\Ustawienia lokalne\Dane aplikacji
2014-05-27 14:39 - 2009-02-05 15:49 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji
2014-05-27 14:35 - 2014-05-27 14:35 - 01327971 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\AdwCleaner.exe
2014-05-27 14:35 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\Genesis
2014-05-27 14:34 - 2008-04-03 16:49 - 00000000 __SHD () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji
2014-05-27 14:26 - 2014-05-27 13:59 - 00000000 ____D () C:\Qoobox
2014-05-27 14:26 - 2009-02-05 15:49 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne
2014-05-27 14:26 - 2008-04-03 18:00 - 00000000 __RHD () C:\Documents and Settings\Default User\Ustawienia lokalne
2014-05-27 14:26 - 2008-04-03 16:29 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne
2014-05-27 14:26 - 2008-04-03 16:11 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-05-27 14:26 - 2008-04-03 16:11 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne
2014-05-27 14:24 - 2014-05-27 13:59 - 00000000 ____D () C:\WINDOWS\erdnt
2014-05-27 14:19 - 2014-05-27 00:50 - 00000000 ____D () C:\Avenger
2014-05-27 14:19 - 2006-03-02 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-05-27 14:14 - 2008-04-03 16:49 - 00000000 ___HD () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne
2014-05-27 14:13 - 2008-04-03 16:49 - 00000000 ___HD () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji
2014-05-27 14:00 - 2012-10-21 20:58 - 00000476 _____ () C:\WINDOWS\Tasks\At8.job
2014-05-27 14:00 - 2011-12-13 16:37 - 00000478 _____ () C:\WINDOWS\Tasks\At4.job
2014-05-27 13:57 - 2014-05-27 13:59 - 05203612 ____R (Swearware) C:\Documents and Settings\Pokój Wychowawców\Pulpit\ComboFix.exe
2014-05-27 13:45 - 2012-03-14 18:23 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\plany miesięczne
2014-05-27 00:54 - 2014-05-27 00:54 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\TrustedShopper
2014-05-27 00:50 - 2014-05-21 23:00 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\VOPackage
2014-05-27 00:50 - 2009-10-27 22:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112_0$
2014-05-27 00:47 - 2014-03-25 13:41 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\SupTab
2014-05-27 00:47 - 2014-01-10 22:11 - 00000000 ____D () C:\ATI
2014-05-27 00:47 - 2010-06-16 11:47 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\Pobieranie
2014-05-26 20:58 - 2012-10-21 20:58 - 00000476 _____ () C:\WINDOWS\Tasks\At7.job
2014-05-26 20:40 - 2012-10-21 20:58 - 00000476 _____ () C:\WINDOWS\Tasks\At6.job
2014-05-26 20:40 - 2011-12-13 16:37 - 00000478 _____ () C:\WINDOWS\Tasks\At2.job
2014-05-26 20:36 - 2014-05-26 20:36 - 00001130 _____ () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\aps.scan.quick.results
2014-05-26 20:36 - 2014-05-26 20:36 - 00000316 _____ () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\aps.uninstall.scan.results
2014-05-26 20:36 - 2014-05-26 20:36 - 00000000 _____ () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\aps.scan.results
2014-05-26 20:35 - 2014-05-26 20:35 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Menu Start\Programy\AnyProtect PC Backup
2014-05-26 19:44 - 2010-05-12 16:28 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-05-26 19:39 - 2009-10-27 22:32 - 00024223 _____ () C:\WINDOWS\wmsetup.log
2014-05-26 18:12 - 2014-03-12 19:07 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-05-26 17:57 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\Mobogenie
2014-05-26 17:21 - 2011-01-30 19:09 - 00841788 ___SH () C:\Documents and Settings\Pokój Wychowawców\Pulpit\Thumbs.db
2014-05-26 17:02 - 2014-05-19 19:08 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\kaja
2014-05-26 17:02 - 2014-04-22 18:15 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\do usunięcia
2014-05-26 12:27 - 2014-04-22 18:13 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\ewonka
2014-05-22 17:25 - 2014-05-22 17:25 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\SmileysWeLove
2014-05-22 17:24 - 2014-05-21 22:57 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\Add-in Express
2014-05-22 01:40 - 2014-01-12 19:40 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\1751598a899da43d
2014-05-21 23:03 - 2014-05-21 23:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-05-21 23:03 - 2014-05-21 23:04 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-05-21 23:03 - 2014-05-21 23:03 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-05-21 23:03 - 2014-05-21 23:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-05-21 23:03 - 2014-05-21 23:03 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-05-21 23:03 - 2014-05-21 23:03 - 00000000 ____D () C:\Program Files\Java
2014-05-21 23:03 - 2014-05-21 23:03 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java
2014-05-21 23:01 - 2014-05-21 22:59 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\Java
2014-05-21 23:00 - 2014-05-21 23:00 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Menu Start\Programy\VOPackage
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\UpdateChecker
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\Mobogenie
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Menu Start\Programy\Mobogenie
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\.android
2014-05-21 22:58 - 2014-05-21 22:58 - 00000000 _____ () C:\Documents and Settings\Pokój Wychowawców\daemonprocess.txt
2014-05-21 22:58 - 2009-09-10 19:51 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\cache
2014-05-21 22:58 - 2008-04-03 16:49 - 00000000 __SHD () C:\Documents and Settings\Pokój Wychowawców
2014-05-21 22:57 - 2014-05-21 22:57 - 00000000 ____D () C:\Program Files\SqueakyChocolate
2014-05-21 22:57 - 2014-05-21 22:57 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\Apple Computer
2014-05-21 22:57 - 2014-05-21 22:56 - 00000000 ____D () C:\Program Files\PCDApp
2014-05-21 21:58 - 2014-05-21 21:58 - 00608354 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\asdzxc.bmp
2014-05-21 17:33 - 2014-05-21 17:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Menu Start\Programy
2014-05-21 17:33 - 2014-05-21 17:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Menu Start
2014-05-21 17:33 - 2008-04-03 16:29 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-20 22:29 - 2014-05-20 22:29 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-05-20 22:29 - 2014-05-20 22:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-20 22:29 - 2014-05-20 22:29 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2014-05-20 22:29 - 2014-05-20 22:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-05-20 22:28 - 2014-05-15 22:47 - 00000000 ____D () C:\UsbFix
2014-05-19 20:27 - 2008-04-07 18:13 - 00207872 _____ () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-19 19:42 - 2014-05-14 20:40 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\ABBYY
2014-05-19 19:41 - 2014-05-14 20:47 - 00002509 _____ () C:\Documents and Settings\All Users\Pulpit\ABBYY FineReader 11.lnk
2014-05-19 15:30 - 2011-05-19 19:40 - 00000388 _____ () C:\Documents and Settings\Pokój Wychowawców\Moje dokumenty\spider.sav
2014-05-19 11:58 - 2010-12-22 14:59 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\Softonic-Eng7
2014-05-15 22:47 - 2014-05-15 22:47 - 00001364 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\UsbFix.lnk
2014-05-15 04:56 - 2011-03-13 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2014-05-15 04:53 - 2008-10-26 20:08 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-15 04:52 - 2014-05-15 04:52 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:09 - 2014-05-14 21:56 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk
2014-05-14 21:59 - 2008-04-17 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2014-05-14 21:58 - 2008-04-17 11:20 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\Dane aplikacji\Adobe
2014-05-14 21:58 - 2008-04-17 11:20 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\Adobe
2014-05-14 21:56 - 2014-05-14 21:56 - 00001734 _____ () C:\Documents and Settings\All Users\Pulpit\Adobe Reader XI.lnk
2014-05-14 21:56 - 2014-05-14 21:55 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-14 21:55 - 2008-04-17 11:19 - 00000000 ____D () C:\Program Files\Adobe
2014-05-14 20:50 - 2014-05-14 20:50 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Dane aplikacji\ABBYY
2014-05-14 20:49 - 2014-05-14 20:40 - 00000000 ____D () C:\Program Files\ABBYY FineReader 11
2014-05-14 20:47 - 2014-05-14 20:47 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\ABBYY FineReader 11
2014-05-14 20:45 - 2014-05-14 20:45 - 00000000 ____D () C:\Program Files\Common Files\ABBYY
2014-05-14 20:40 - 2014-05-14 20:40 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\ABBYY
2014-05-14 19:48 - 2010-03-02 12:41 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\M
2014-05-13 21:08 - 2014-05-13 21:08 - 17938608 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-05-13 21:08 - 2012-04-25 15:44 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-13 21:08 - 2011-06-15 19:54 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-13 19:31 - 2014-05-13 19:23 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\Korektywa
2014-05-13 18:03 - 2014-02-10 17:07 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\rady pedagogiczne
2014-05-12 23:30 - 2014-02-10 17:08 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\listy
2014-05-12 20:35 - 2012-03-14 18:26 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\ankiety
2014-05-12 11:42 - 2012-05-15 21:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-11 19:06 - 2014-05-11 19:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 17:58 - 2014-03-19 19:10 - 00000240 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP  co miesiąc.job
2014-05-06 17:58 - 2013-12-07 13:27 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\MOJE ZAPISKI
2014-05-04 20:02 - 2014-05-04 20:00 - 00005595 _____ () C:\WINDOWS\KB2964358-IE7.log
2014-05-04 20:02 - 2009-10-27 22:30 - 00395427 _____ () C:\WINDOWS\updspapi.log
2014-05-04 20:02 - 2009-10-10 16:35 - 02250500 _____ () C:\WINDOWS\FaxSetup.log
2014-05-04 20:02 - 2009-10-10 16:35 - 01088098 _____ () C:\WINDOWS\ocgen.log
2014-05-04 20:02 - 2009-10-10 16:35 - 00865360 _____ () C:\WINDOWS\tsoc.log
2014-05-04 20:02 - 2009-10-10 16:35 - 00627778 _____ () C:\WINDOWS\comsetup.log
2014-05-04 20:02 - 2009-10-10 16:35 - 00381965 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-04 20:02 - 2009-10-10 16:35 - 00357718 _____ () C:\WINDOWS\iis6.log
2014-05-04 20:02 - 2009-10-10 16:35 - 00118986 _____ () C:\WINDOWS\ocmsn.log
2014-05-04 20:02 - 2009-10-10 16:35 - 00112919 _____ () C:\WINDOWS\msgsocm.log
2014-05-04 20:02 - 2009-10-10 16:35 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-30 10:01 - 2006-03-02 14:00 - 03628032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 10:01 - 2006-03-02 14:00 - 03628032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-29 14:54 - 2014-04-29 14:22 - 01074078 _____ () C:\Documents and Settings\Pokój Wychowawców\Pulpit\Prezentacja1 folder.pptx
2014-04-29 14:07 - 2014-02-10 17:02 - 00000000 ____D () C:\Documents and Settings\Pokój Wychowawców\Pulpit\gazetki

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job


Some content of TEMP:
====================
C:\Documents and Settings\Pokój Wychowawców\Ustawienia lokalne\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2006-03-02 14:00] - [2008-04-14 19:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a 

C:\WINDOWS\system32\winlogon.exe
[2006-03-02 14:00] - [2008-04-14 19:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 

C:\WINDOWS\system32\svchost.exe
[2006-03-02 14:00] - [2008-04-14 19:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce 

C:\WINDOWS\system32\services.exe
[2006-03-02 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f 

C:\WINDOWS\system32\User32.dll
[2006-03-02 14:00] - [2008-04-14 19:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 

C:\WINDOWS\system32\userinit.exe
[2006-03-02 14:00] - [2008-04-14 19:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 

C:\WINDOWS\system32\rpcss.dll
[2006-03-02 14:00] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) a37311d9d628c1042a2836731787f0f3 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2006-03-02 14:00] - [2008-04-14 18:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 


==================== End Of Log ============================