Analiza logów systemowych - jak usunąć infekcje?
Witam wszystkich :!:
Proszę o analizę logów, jakie czynności mam wykonać do prawidłowego pozbawienia się tych infekcji :idea:
Pobierz plik - link do postu
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Karol (administrator) on SATELLITE on 09-07-2014 12:29:54
Running from C:\Documents and Settings\Karol\Moje dokumenty\Pobrane
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski
Internet Explorer Version 6
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\Crypserv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\screenSHU\screenSHU.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Farbar) C:\Documents and Settings\Karol\Moje dokumenty\Pobrane\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] = & gt; C:\WINDOWS\RTHDCPL.EXE [16384512 2007-11-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] = & gt; C:\WINDOWS\SkyTel.EXE [1826816 2007-11-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] = & gt; C:\WINDOWS\ALCMTR.EXE [69632 2007-11-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] = & gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [888832 2007-11-06] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] = & gt; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [252696 2007-03-21] (Intel Corporation)
HKLM\...\Run: [SSBkgdUpdate] = & gt; C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] = & gt; C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [108072 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] = & gt; C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] = & gt; C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] = & gt; C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] = & gt; C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKU\S-1-5-21-1454471165-1417001333-933670640-1003\...\Run: [AlcoholAutomount] = & gt; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKU\S-1-5-21-1454471165-1417001333-933670640-1003\...\Run: [screenSHU] = & gt; C:\Program Files\screenSHU\screenSHU.exe [2112000 2013-09-04] ()
HKU\S-1-5-21-1454471165-1417001333-933670640-1003\...\Run: [Facebook Update] = & gt; C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [138096 2013-02-06] (Facebook Inc.)
HKU\S-1-5-21-1454471165-1417001333-933670640-1003\...\Run: [Skype] = & gt; C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1454471165-1417001333-933670640-1003\...\Policies\system: [DisableCMD] 0
AlternateShell:
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ŰźĆîZ§’2ąŢpv¨IÍá�*X(Ž2s��(ŰÎŔJşÔÓµť± �vË°!×—(äĽ48и�patm6ęo�^Mp`�Ëő÷_iŁwľ!„Áű�†x˘8€ŮjŔ˙ţ ´Ń;áa´�[¦†8 ş~ŹRŮxśňÜ8'Ł-)�xä URL =
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - & Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - & Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3rgo5psu.default
FF NetworkProxy: " type " , 4
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3rgo5psu.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-02-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-10]
Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-30]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]
========================== Services (Whitelisted) =================
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [73728 2004-04-16] (CrypKey (Canada) Ltd.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-06-23] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-06-23] (AVG Technologies)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [60104 2010-07-12] (FTDI Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-09] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [31654 2004-07-30] () [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-14] (Realtek Semiconductor Corporation)
R3 RTL8187B; C:\WINDOWS\System32\DRIVERS\RTL8187B.sys [264576 2007-11-06] (Realtek Semiconductor Corporation )
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [436792 2011-08-20] () [File not signed]
U3 ai6gl211; C:\WINDOWS\system32\Drivers\ai6gl211.sys [0 ] (Intel Corporation)
S0 dmhoeu; System32\drivers\tujhcbe.sys [X]
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-09 12:29 - 2014-07-09 12:30 - 00000000 ____D () C:\FRST
2014-07-08 17:57 - 2014-07-09 11:26 - 00000076 _____ () C:\WINDOWS\errord.log
2014-07-08 15:44 - 2014-07-08 15:44 - 00000000 ____D () C:\Program Files\NetCrawl
2014-07-08 15:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-08 15:22 - 2014-07-08 15:32 - 00000000 ____D () C:\AdwCleaner
2014-07-06 12:14 - 2014-07-06 12:14 - 00000000 ____D () C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\Opera Software
2014-07-06 12:14 - 2014-07-06 12:14 - 00000000 ____D () C:\Documents and Settings\Karol\Dane aplikacji\Opera Software
2014-07-06 12:10 - 2014-07-06 12:15 - 00000000 ____D () C:\Program Files\Opera
2014-07-06 10:38 - 2014-07-06 10:38 - 00086218 _____ () C:\Documents and Settings\Karol\Pulpit\niedziela.txt
2014-07-06 09:20 - 2014-07-09 11:55 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 09:19 - 2014-07-06 09:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-06 09:19 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-21 15:43 - 2014-07-09 12:29 - 00000000 ____D () C:\Documents and Settings\Karol\Moje dokumenty\Pobrane
2014-06-21 15:43 - 2014-06-21 16:17 - 00000000 ____D () C:\Documents and Settings\Karol\Pulpit\zdj
2014-06-20 10:20 - 2014-07-08 15:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-12 11:59 - 2014-06-12 11:59 - 00000952 _____ () C:\Documents and Settings\Karol\Pulpit\337 GAMES.lnk
2014-06-11 16:56 - 2014-06-11 16:56 - 00000000 ____D () C:\Documents and Settings\Karol\Moje dokumenty\Skype Voice Records
2014-06-11 16:56 - 2014-06-11 16:56 - 00000000 ____D () C:\Documents and Settings\Karol\Moje dokumenty\Clownfish Avatars
2014-06-11 16:55 - 2014-06-11 16:55 - 00637624 _____ (Shark Labs) C:\Documents and Settings\Karol\Pulpit\CFSetup295.exe
2014-06-11 16:55 - 2014-06-11 16:55 - 00001564 _____ () C:\Documents and Settings\Karol\Pulpit\Clownfish.lnk
==================== One Month Modified Files and Folders =======
2014-07-09 12:30 - 2014-07-09 12:29 - 00000000 ____D () C:\FRST
2014-07-09 12:30 - 2011-02-09 08:00 - 00000000 ____D () C:\Documents and Settings\Karol\Ustawienia lokalne\Temp
2014-07-09 12:29 - 2014-06-21 15:43 - 00000000 ____D () C:\Documents and Settings\Karol\Moje dokumenty\Pobrane
2014-07-09 12:27 - 2011-04-07 12:16 - 00000000 ____D () C:\Documents and Settings\Karol\Dane aplikacji\Skype
2014-07-09 12:15 - 2013-02-06 19:09 - 00001002 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1454471165-1417001333-933670640-1003UA.job
2014-07-09 12:06 - 2013-10-10 10:06 - 00000440 _____ () C:\WINDOWS\Tasks\At1.job
2014-07-09 12:06 - 2013-02-21 09:49 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-09 11:55 - 2014-07-06 09:20 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 11:45 - 2011-02-09 07:54 - 01860142 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-09 11:44 - 2011-04-07 12:16 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 11:27 - 2013-06-08 20:36 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-07-09 11:27 - 2013-05-31 20:55 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-07-09 11:27 - 2012-10-04 16:52 - 00000000 ____D () C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\screenSHU
2014-07-09 11:27 - 2011-07-29 13:41 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc4de46d9a0296.job
2014-07-09 11:27 - 2011-02-09 08:45 - 00000211 _____ () C:\WINDOWS\wiadebug.log
2014-07-09 11:27 - 2011-02-09 08:45 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-07-09 11:27 - 2011-02-09 07:59 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-09 11:26 - 2014-07-08 17:57 - 00000076 _____ () C:\WINDOWS\errord.log
2014-07-08 22:10 - 2011-02-09 08:00 - 00000292 ___SH () C:\Documents and Settings\Karol\ntuser.ini
2014-07-08 22:10 - 2011-02-09 07:59 - 00032458 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-08 18:15 - 2013-02-06 19:09 - 00000980 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1454471165-1417001333-933670640-1003Core.job
2014-07-08 15:44 - 2014-07-08 15:44 - 00000000 ____D () C:\Program Files\NetCrawl
2014-07-08 15:41 - 2011-02-09 08:00 - 00000000 ____D () C:\Documents and Settings\Karol
2014-07-08 15:32 - 2014-07-08 15:22 - 00000000 ____D () C:\AdwCleaner
2014-07-08 15:28 - 2011-02-09 08:00 - 00000000 ____D () C:\Documents and Settings\Karol\Pulpit
2014-07-08 15:24 - 2014-06-20 10:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-08 15:24 - 2011-02-09 08:43 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-07-08 15:24 - 2011-02-09 08:42 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-07-08 15:24 - 2011-02-09 08:00 - 00000000 __RHD () C:\Documents and Settings\Karol\Dane aplikacji
2014-07-08 15:24 - 2011-02-09 08:00 - 00000000 ___RD () C:\Documents and Settings\Karol\Menu Start\Programy
2014-07-08 15:24 - 2011-02-09 08:00 - 00000000 ___HD () C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji
2014-07-07 13:15 - 2011-05-12 22:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981322$
2014-07-07 11:33 - 2001-07-22 00:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-06 13:03 - 2014-01-28 15:52 - 00000000 ____D () C:\Program Files\Przyspiesz
2014-07-06 13:03 - 2011-02-09 08:43 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-07-06 12:15 - 2014-07-06 12:10 - 00000000 ____D () C:\Program Files\Opera
2014-07-06 12:14 - 2014-07-06 12:14 - 00000000 ____D () C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\Opera Software
2014-07-06 12:14 - 2014-07-06 12:14 - 00000000 ____D () C:\Documents and Settings\Karol\Dane aplikacji\Opera Software
2014-07-06 10:38 - 2014-07-06 10:38 - 00086218 _____ () C:\Documents and Settings\Karol\Pulpit\niedziela.txt
2014-07-06 09:19 - 2014-07-06 09:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-06 09:19 - 2013-05-10 10:10 - 00000793 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2014-07-06 09:19 - 2011-05-09 20:29 - 00000000 ____D () C:\Documents and Settings\Karol\Dane aplikacji\Malwarebytes
2014-07-06 09:19 - 2011-05-09 20:28 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-07-06 08:40 - 2011-05-11 11:21 - 00000000 ____D () C:\Documents and Settings\Karol\Dane aplikacji\Media Player Classic
2014-06-30 11:42 - 2012-03-24 18:58 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-23 12:40 - 2013-06-27 14:49 - 00003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-06-23 12:39 - 2012-11-27 17:59 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-06-23 12:39 - 2012-11-26 18:57 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-06-21 16:17 - 2014-06-21 15:43 - 00000000 ____D () C:\Documents and Settings\Karol\Pulpit\zdj
2014-06-21 16:05 - 2014-02-17 13:58 - 00000736 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
2014-06-21 16:05 - 2014-02-17 13:55 - 00000730 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
2014-06-21 16:05 - 2011-02-09 08:00 - 00000767 _____ () C:\Documents and Settings\Karol\Menu Start\Programy\Internet Explorer.lnk
2014-06-21 15:43 - 2011-02-09 08:00 - 00000000 ___RD () C:\Documents and Settings\Karol\Moje dokumenty
2014-06-20 18:09 - 2014-02-17 13:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-16 18:28 - 2013-03-30 08:30 - 00000000 ____D () C:\Documents and Settings\Karol\Pulpit\My Shared Folder
2014-06-16 18:14 - 2014-02-17 13:36 - 00002461 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader 6.0 CE.lnk
2014-06-16 18:14 - 2014-02-17 13:36 - 00001759 _____ () C:\Documents and Settings\All Users\Pulpit\Adobe Reader 6.0 CE.lnk
2014-06-16 18:14 - 2014-02-17 13:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\PrintMe Internet Printing
2014-06-12 11:59 - 2014-06-12 11:59 - 00000952 _____ () C:\Documents and Settings\Karol\Pulpit\337 GAMES.lnk
2014-06-11 16:56 - 2014-06-11 16:56 - 00000000 ____D () C:\Documents and Settings\Karol\Moje dokumenty\Skype Voice Records
2014-06-11 16:56 - 2014-06-11 16:56 - 00000000 ____D () C:\Documents and Settings\Karol\Moje dokumenty\Clownfish Avatars
2014-06-11 16:55 - 2014-06-11 16:55 - 00637624 _____ (Shark Labs) C:\Documents and Settings\Karol\Pulpit\CFSetup295.exe
2014-06-11 16:55 - 2014-06-11 16:55 - 00001564 _____ () C:\Documents and Settings\Karol\Pulpit\Clownfish.lnk
2014-06-11 16:54 - 2011-02-09 09:13 - 00000000 ____D () C:\Documents and Settings\Karol\Moje dokumenty\Pobieranie
2014-06-09 10:34 - 2011-06-08 21:09 - 00000000 ____D () C:\WINDOWS\Minidump
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
Some content of TEMP:
====================
C:\Documents and Settings\Karol\Ustawienia lokalne\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe = & gt; File is digitally signed
C:\WINDOWS\system32\winlogon.exe = & gt; File is digitally signed
C:\WINDOWS\system32\svchost.exe = & gt; File is digitally signed
C:\WINDOWS\system32\services.exe = & gt; File is digitally signed
C:\WINDOWS\system32\User32.dll = & gt; File is digitally signed
C:\WINDOWS\system32\userinit.exe = & gt; File is digitally signed
C:\WINDOWS\system32\rpcss.dll = & gt; File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys = & gt; File is digitally signed
==================== End Of Log ============================
