Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01 Ran by Galileus (administrator) on GALILEUS002 on 01-10-2013 11:47:42 Running from C:\Users\Galileus\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE (Fortinet Inc.) C:\Windows\system32\FortiSSLVPNdaemon.exe (F-Secure Corporation) C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) C:\Program Files\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation) C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation) C:\Program Files\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) C:\Program Files\F-Secure\Anti-Virus\fsav32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE () C:\Users\G256385\AppData\Local\Temp\b34btbztdb0vavaw.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (F-Secure Corporation) C:\Program Files\F-Secure\Common\FSM32.EXE (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Unizeto Technologies SA) C:\Program Files\Unizeto\proCertum CardManager\cryptoCertumScanner.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.107.0\SeaPort.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (OldTimer Tools) C:\Users\Galileus\Downloads\OTL.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1474560 2009-07-15] (VIA) HKLM\...\Run: [F-Secure Manager] - C:\Program Files\F-Secure\Common\FSM32.EXE [201128 2009-11-18] (F-Secure Corporation) HKLM\...\Run: [F-Secure TNB] - C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [1655208 2009-11-18] (F-Secure Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [AutoRegisterCerts] - C:\Program Files\Unizeto\proCertum CardManager\cryptoCertumScanner.exe [109832 2009-10-28] (Unizeto Technologies SA) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17420464 2012-07-13] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.komputronik.pl/office HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.komputronik.pl/runpage BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Browsing Protection Class - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 02 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 03 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 04 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 05 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 06 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 07 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 08 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 09 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 10 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Winsock: Catalog9 21 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation) Tcpip\Parameters: [DhcpNameServer] 10.1.0.10 FireFox: ======== FF ProfilePath: C:\Users\Galileus\AppData\Roaming\Mozilla\Firefox\Profiles\wl9t7n69.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @FortinetCacheClean - C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.) FF Plugin: @FortinetTunnelControl - C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com FF Extension: No Name - C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com ========================== Services (Whitelisted) ================= R2 F-Secure Gatekeeper Handler Starter; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [221608 2009-11-18] (F-Secure Corporation) R2 FortiSslvpnDaemon; C:\Windows\system32\FortiSSLVPNdaemon.exe [866920 2012-02-15] (Fortinet Inc.) R3 FSDFWD; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [524712 2009-11-18] (F-Secure Corporation) R2 FSMA; C:\Program Files\F-Secure\Common\FSMA32.EXE [188840 2009-11-18] (F-Secure Corporation) R3 FSORSPClient; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [60352 2013-08-13] (F-Secure Corporation) ==================== Drivers (Whitelisted) ==================== R3 ACSSCR; C:\Windows\System32\DRIVERS\a38usb.sys [37632 2009-06-15] (Advanced Card Systems Ltd) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) S4 F-Secure Filter; C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41640 2009-11-18] () R3 F-Secure Gatekeeper; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [145856 2013-08-13] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files\F-Secure\HIPS\drivers\fshs.sys [69928 2009-11-18] (F-Secure Corporation) S4 F-Secure Recognizer; C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [27048 2009-11-18] () R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2013-08-13] () R1 FSES; C:\Windows\System32\drivers\fses.sys [38728 2010-08-01] (F-Secure Corporation) R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72904 2009-11-18] (F-Secure Corporation) R1 fsvista; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [14248 2009-11-18] () R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 pppop; C:\Windows\System32\DRIVERS\pppop.sys [36384 2009-07-21] (Fortinet Inc.) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1067008 2009-07-10] (VIA Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-01 11:47 - 2013-10-01 11:47 - 00000000 ____D C:\FRST 2013-10-01 11:46 - 2013-10-01 11:46 - 01086873 _____ (Farbar) C:\Users\Galileus\Downloads\FRST.exe 2013-10-01 11:20 - 2013-10-01 11:20 - 00045088 _____ C:\Users\Galileus\Downloads\Extras.Txt 2013-10-01 11:18 - 2013-10-01 11:18 - 00057626 _____ C:\Users\Galileus\Downloads\OTL.Txt 2013-10-01 11:14 - 2013-10-01 11:14 - 00602112 _____ (OldTimer Tools) C:\Users\Galileus\Downloads\OTL.exe 2013-10-01 11:14 - 2013-10-01 11:14 - 00000000 ____D C:\Users\Galileus\AppData\Local\Macromedia 2013-10-01 10:42 - 2013-10-01 10:42 - 00001673 _____ C:\Users\G256385\Desktop\Antivirus Security Pro.lnk 2013-10-01 10:42 - 2013-10-01 10:42 - 00000118 _____ C:\Users\G256385\Desktop\Antivirus Security Pro support.url 2013-10-01 10:42 - 2013-10-01 10:42 - 00000000 ____D C:\Users\G256385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro 2013-10-01 10:41 - 2013-10-01 10:41 - 00000000 ____D C:\ProgramData\6XgVgp9n 2013-09-16 09:37 - 2013-09-16 09:37 - 25827440 _____ C:\Users\G256385\Downloads\2013.zip 2013-09-11 16:02 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-11 16:02 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-11 16:02 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-11 16:02 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-11 16:02 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-11 16:02 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-11 16:02 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-11 08:14 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-11 08:14 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-11 08:14 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-11 08:14 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-11 08:14 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 08:14 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 08:14 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-11 08:14 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-04 14:02 - 2013-09-30 08:58 - 00042066 _____ C:\Users\G256385\Desktop\dziennik.xlsx 2013-09-04 14:00 - 2013-09-04 14:00 - 00009728 _____ C:\Users\G256385\Desktop\budżet.xlsx 2013-09-03 12:29 - 2013-09-11 08:49 - 00000315 _____ C:\Users\G256385\Documents\RK130831.txt ==================== One Month Modified Files and Folders ======= 2013-10-01 11:47 - 2013-10-01 11:47 - 00000000 ____D C:\FRST 2013-10-01 11:46 - 2013-10-01 11:46 - 01086873 _____ (Farbar) C:\Users\Galileus\Downloads\FRST.exe 2013-10-01 11:45 - 2013-03-08 09:46 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-01 11:20 - 2013-10-01 11:20 - 00045088 _____ C:\Users\Galileus\Downloads\Extras.Txt 2013-10-01 11:18 - 2013-10-01 11:18 - 00057626 _____ C:\Users\Galileus\Downloads\OTL.Txt 2013-10-01 11:14 - 2013-10-01 11:14 - 00602112 _____ (OldTimer Tools) C:\Users\Galileus\Downloads\OTL.exe 2013-10-01 11:14 - 2013-10-01 11:14 - 00000000 ____D C:\Users\Galileus\AppData\Local\Macromedia 2013-10-01 10:57 - 2009-07-14 06:39 - 00492355 _____ C:\Windows\setupact.log 2013-10-01 10:42 - 2013-10-01 10:42 - 00001673 _____ C:\Users\G256385\Desktop\Antivirus Security Pro.lnk 2013-10-01 10:42 - 2013-10-01 10:42 - 00000118 _____ C:\Users\G256385\Desktop\Antivirus Security Pro support.url 2013-10-01 10:42 - 2013-10-01 10:42 - 00000000 ____D C:\Users\G256385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro 2013-10-01 10:41 - 2013-10-01 10:41 - 00000000 ____D C:\ProgramData\6XgVgp9n 2013-10-01 10:17 - 2010-07-30 18:59 - 01228811 _____ C:\Windows\WindowsUpdate.log 2013-10-01 10:14 - 2010-12-28 16:06 - 00000000 ____D C:\Users\G256385\Documents\Pliki programu Outlook 2013-10-01 08:23 - 2009-07-14 06:34 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-01 08:23 - 2009-07-14 06:34 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-01 08:16 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-30 08:58 - 2013-09-04 14:02 - 00042066 _____ C:\Users\G256385\Desktop\dziennik.xlsx 2013-09-26 09:30 - 2010-09-27 12:51 - 00000000 ____D C:\Users\G256385\AppData\Roaming\PrimoPDF 2013-09-25 09:28 - 2010-10-19 11:52 - 00002006 ____H C:\Users\G256385\Documents\Default.rdp 2013-09-20 14:45 - 2013-03-08 09:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-20 14:45 - 2013-03-08 09:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-16 09:37 - 2013-09-16 09:37 - 25827440 _____ C:\Users\G256385\Downloads\2013.zip 2013-09-12 08:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-09-12 08:18 - 2009-07-14 06:33 - 00430680 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 08:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL 2013-09-11 16:06 - 2010-01-29 14:21 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-11 16:00 - 2013-08-14 14:58 - 00000000 ____D C:\Windows\system32\MRT 2013-09-11 15:59 - 2010-01-29 13:31 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-11 15:21 - 2010-10-20 09:58 - 00000000 ____D C:\Users\G256385\Desktop\Pliki Płatnik 2013-09-11 08:49 - 2013-09-03 12:29 - 00000315 _____ C:\Users\G256385\Documents\RK130831.txt 2013-09-05 15:25 - 2010-10-15 10:12 - 00001991 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-09-05 15:25 - 2010-08-15 20:12 - 00000000 ____D C:\ProgramData\Adobe 2013-09-05 15:21 - 2013-03-18 08:47 - 00000000 ____D C:\Users\Galileus\AppData\Roaming\Skype 2013-09-04 14:00 - 2013-09-04 14:00 - 00009728 _____ C:\Users\G256385\Desktop\budżet.xlsx 2013-09-03 12:28 - 2013-08-06 10:58 - 00000315 _____ C:\Users\G256385\Documents\RK130731.txt Some content of TEMP: ==================== C:\Users\G256385\AppData\Local\Temp\b34btbztdb0vavaw.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-24 09:28 ==================== End Of Log ============================