Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-9KG3HQH on 11-10-2013 05:43:51
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] ()
HKLM\...\Run: [Connectify Hotspot] - C:\Program Files (x86)\Connectify\Connectify.exe [4438816 2013-08-20] (Connectify)
HKLM\...\Run: [Connectify Dispatch] - C:\Program Files (x86)\Connectify\DispatchUI.exe [2895136 2013-08-20] (Connectify)
HKLM\...\Run: [AS2014] - C:\ProgramData\gX337333\gX337333.exe [556696 2013-10-05] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\gX337333\gX337333.exe -sm,
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [tuto4pc_pl_17] - [x]
HKU\admin\...\Run: [Google Update] - [x]
HKU\admin\...\Run: [AS2014] - C:\ProgramData\gX337333\gX337333.exe [556696 2013-10-05] ()
HKU\admin\...\Run: [crediles] - rundll32 "C:\Users\admin\AppData\Local\Temp\explmmc64.dll",CreateProcessNotify <===== ATTENTION
HKU\Administrator\...\Run: [Google Update] - C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-15] (Google Inc.)

==================== Services (Whitelisted) =================

S4 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-21] (ABBYY)
S3 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [427520 2013-08-20] (Connectify)
S2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
S4 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] ()
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] ()
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [49152 2011-08-26] ()
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [69632 2011-08-26] (Oracle Corporation)
S2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [115773440 2011-08-26] (Oracle Corporation)
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [12800 2011-08-27] (Oracle Corporation)
S2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [512000 2011-08-27] (Oracle Corporation)
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [3825152 2013-04-19] (SafeIP)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-29] (Microsoft Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4773768 2012-10-02] (RealVNC Ltd)
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{44ed8363-71b7-b030-c4a3-bda14e250c8f}\   \...\???\{44ed8363-71b7-b030-c4a3-bda14e250c8f}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-14] (Bytemobile, Inc.)
S1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [34840 2013-09-03] (Connectify)
S2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-10] (ManyCam LLC)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-14] (Bytemobile, Inc.)
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-14] (Bytemobile, Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-03] (Oracle Corporation)
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 pnhynwsk; \??\C:\Windows\system32\drivers\pnhynwsk.sys [x]
S1 rdcjrmhm; \??\C:\Windows\system32\drivers\rdcjrmhm.sys [x]
S1 sqgbkqyb; \??\C:\Windows\system32\drivers\sqgbkqyb.sys [x]
S1 wyemuqbr; \??\C:\Windows\system32\drivers\wyemuqbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 05:40 - 2013-10-11 05:40 - 00000000 ____D C:\FRST
2013-10-07 05:45 - 2013-10-07 05:45 - 00000118 _____ C:\Users\admin\Desktop\Antivirus Security Pro support.url
2013-10-06 01:51 - 2013-10-07 07:42 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-05 22:25 - 2013-10-07 05:44 - 00000392 _____ C:\Windows\setupact.log
2013-10-05 22:25 - 2013-10-05 22:25 - 00000000 _____ C:\Windows\setuperr.log
2013-10-05 22:16 - 2013-10-05 22:22 - 00000000 ____D C:\32788R22FWJFW
2013-10-05 22:13 - 2013-10-07 05:45 - 00001666 _____ C:\Users\admin\Desktop\Antivirus Security Pro.lnk
2013-10-05 22:07 - 2013-10-07 07:32 - 00000000 ____D C:\ProgramData\gX337333
2013-10-02 10:10 - 2013-10-03 21:51 - 00810850 _____ C:\Windows\System32\perfh015.dat
2013-10-02 10:10 - 2013-10-03 21:51 - 00183126 _____ C:\Windows\System32\perfc015.dat
2013-10-02 10:10 - 2013-10-02 10:06 - 00337158 _____ C:\Windows\System32\perfi015.dat
2013-10-02 10:10 - 2013-10-02 10:06 - 00038710 _____ C:\Windows\System32\perfd015.dat
2013-10-02 10:08 - 2013-10-02 10:08 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-10-02 10:07 - 2013-10-02 10:07 - 00000000 ____D C:\Windows\SysWOW64\pl
2013-10-02 10:07 - 2013-10-02 10:07 - 00000000 ____D C:\Windows\System32\pl
2013-10-02 09:48 - 2013-10-02 09:51 - 70112552 _____ (Microsoft Corporation) C:\Users\admin\Desktop\windows6.1-kb2483139-x64-pl-pl_24d00a966a7a75132c3af5627634483d3e2d01e7.exe
2013-10-02 09:46 - 2013-10-02 09:46 - 01159844 _____ (www.froggie.sk) C:\Users\admin\Desktop\Vistalizator.exe
2013-09-30 10:44 - 2013-09-30 10:44 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-09-28 05:09 - 2013-09-28 05:10 - 00784840 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe
2013-09-27 05:13 - 2013-09-27 05:13 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-09-27 05:00 - 2013-09-27 05:00 - 00000000 ____D C:\Users\admin\Desktop\tmp_obiektowe
2013-09-27 04:11 - 2013-09-27 04:14 - 20768534 _____ C:\Users\admin\Desktop\Amman_-_A_City_in_Motion_Time_Lapse_Video.flv
2013-09-26 03:46 - 2013-09-26 04:15 - 113494879 _____ C:\Users\admin\Desktop\Programowanie obiektowe26062013.zip
2013-09-26 03:10 - 2013-09-30 00:21 - 00106358 _____ C:\Users\admin\AppData\Roaming\SkrybotConfig.xml
2013-09-26 02:22 - 2013-09-26 03:09 - 206232833 _____ C:\Users\admin\Desktop\Paradygmaty_programowania26092013.zip
2013-09-26 00:05 - 2013-09-26 00:09 - 00000000 ____D C:\Skrybot
2013-09-25 23:59 - 2013-09-25 23:59 - 00003035 _____ C:\Users\admin\Desktop\SkrybotDoMowy.lnk
2013-09-25 23:59 - 2013-09-25 23:59 - 00000000 ____D C:\Program Files (x86)\SkrybotDoMowy
2013-09-25 23:50 - 2013-09-25 23:50 - 00004096 ____H C:\Users\admin\AppData\Local\keyfile3.drm
2013-09-25 23:48 - 2012-03-27 13:03 - 00000000 ____D C:\Users\admin\Downloads\InstalatorSkrybotDomowyDemo-1.5.3.701
2013-09-25 23:43 - 2013-09-26 00:08 - 114279924 _____ C:\Users\admin\Desktop\skydrive-2013-09-26.zip
2013-09-25 23:15 - 2013-09-25 23:15 - 344408891 _____ C:\Users\admin\Downloads\InstalatorSkrybotDomowyDemo-1.5.3.701.exe
2013-09-25 22:56 - 2013-09-25 22:56 - 00685248 _____ C:\Users\admin\Desktop\SkryBot-doMowy(22258).exe
2013-09-25 19:52 - 2013-09-27 04:09 - 00000000 ____D C:\Users\admin\Desktop\sprawozdania_milosz
2013-09-25 08:07 - 2013-09-25 08:07 - 00002460 _____ C:\Users\admin\AppData\Local\recently-used.xbel
2013-09-25 07:12 - 2013-09-25 07:15 - 00000000 ____D C:\AdwCleaner
2013-09-25 07:11 - 2013-09-25 07:12 - 01042066 _____ C:\Users\admin\Desktop\adwcleaner.exe
2013-09-24 21:33 - 2013-09-24 21:33 - 00000000 ____D C:\Users\admin\Desktop\Sprawozdania
2013-09-23 11:29 - 2013-09-23 11:29 - 00030560 _____ C:\Users\admin\Desktop\Untitled.camproj
2013-09-23 11:28 - 2013-09-23 11:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\TechSmith
2013-09-23 11:17 - 2013-09-23 11:19 - 1289795551 _____ C:\Users\admin\Desktop\blend3.camrec
2013-09-23 11:06 - 2013-09-23 11:06 - 00000000 ____D C:\Users\admin\AppData\Local\TechSmith
2013-09-23 10:26 - 2013-09-23 10:26 - 00000000 ____D C:\Users\admin\Documents\Camtasia Studio
2013-09-23 10:22 - 2013-09-23 10:25 - 2183170177 _____ C:\Users\admin\Desktop\blend2.camrec
2013-09-23 08:54 - 2013-09-23 08:55 - 654508032 _____ C:\Users\admin\Desktop\BLEND1.camrec
2013-09-23 08:25 - 2013-09-23 08:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Blender Foundation
2013-09-23 08:24 - 2013-09-23 08:24 - 00002108 _____ C:\Users\Public\Desktop\Blender.lnk
2013-09-23 08:23 - 2013-09-23 08:23 - 00000000 ____D C:\Program Files (x86)\Blender Foundation
2013-09-23 08:15 - 2013-09-23 08:19 - 41676340 _____ C:\Users\admin\Desktop\blender-2.68a-windows32.exe
2013-09-23 08:07 - 2013-09-23 08:07 - 00000000 ____D C:\Users\admin\Documents\plsqldoc
2013-09-22 21:41 - 2013-09-23 08:07 - 00000000 ____D C:\Users\admin\AppData\Roaming\PLSQL Developer
2013-09-22 21:41 - 2013-09-22 21:42 - 00000000 ____D C:\Program Files (x86)\PLSQL Developer
2013-09-22 21:41 - 2007-09-04 06:14 - 00180000 _____ C:\Windows\aaRemove.exe
2013-09-22 20:52 - 2013-09-29 12:47 - 00000000 ____D C:\Users\admin\Desktop\bazy-2013-09-22
2013-09-20 13:39 - 2013-09-20 13:40 - 17770370 _____ C:\Users\admin\Desktop\zdjecia_milosz.7z
2013-09-20 10:21 - 2013-09-20 10:21 - 02471809 _____ C:\Users\admin\Downloads\Holdin On - Flume.wav
2013-09-20 10:03 - 2013-09-21 01:06 - 00000000 ____D C:\Users\admin\Desktop\Przygotowania_do_testu
2013-09-20 03:31 - 2013-09-20 04:45 - 294829801 _____ C:\Users\admin\Desktop\skydrive-2013-09-20.zip
2013-09-18 01:22 - 2013-09-18 01:22 - 00000000 ____D C:\Program Files (x86)\predm
2013-09-17 08:37 - 2013-09-17 10:38 - 370373090 _____ C:\Users\admin\Desktop\Bazy danych09.zip
2013-09-14 13:35 - 2013-09-14 09:01 - 58408038 ____N C:\Users\admin\Desktop\20130914_190058.mp4
2013-09-14 13:35 - 2013-09-14 09:00 - 98366193 ____N C:\Users\admin\Desktop\20130914_185920.mp4
2013-09-14 11:45 - 2013-09-14 11:45 - 00000000 ____D C:\Users\admin\Desktop\porajgłosy
2013-09-13 22:59 - 2013-09-13 22:59 - 00001089 _____ C:\Users\Administrator\Desktop\ConvertMovie 3.0.lnk
2013-09-13 22:59 - 2013-09-13 22:59 - 00001089 _____ C:\Users\admin\Desktop\ConvertMovie 3.0.lnk
2013-09-13 22:59 - 2013-09-13 22:59 - 00000000 ____D C:\Program Files (x86)\MOVAVI
2013-09-13 22:59 - 2013-09-13 22:59 - 00000000 ____D C:\Program Files (x86)\ConvertMovie 3.0
2013-09-13 22:59 - 2013-09-13 22:58 - 13112366 _____ C:\Users\admin\Downloads\ConvertMovie 3.0.exe
2013-09-13 19:35 - 2013-09-13 21:07 - 625298484 _____ C:\Users\admin\Desktop\mis_desk2013-09-13.zip
2013-09-13 09:01 - 2013-09-18 01:20 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-13 08:45 - 2013-09-13 08:45 - 08268374 _____ (FreeMediaConverter.org                                      ) C:\Users\admin\Downloads\free-media-converter.exe
2013-09-13 04:37 - 2013-09-13 07:24 - 353258432 _____ C:\Users\admin\Desktop\Modelowanie i symulacja.zip.part
2013-09-12 22:47 - 2013-09-12 22:47 - 15252829 _____ C:\Users\admin\Desktop\Rocky_II_-_Gonna_Fly_Now.mp4
2013-09-12 21:37 - 2013-09-12 21:38 - 06268494 _____ C:\Users\admin\Desktop\NOTATKI wyk1,2 numeryczne.zip
2013-09-12 21:36 - 2013-09-12 21:36 - 00635957 _____ C:\Users\admin\Desktop\Metody Numeryczne - sprawka.zip
2013-09-12 21:35 - 2013-09-12 21:38 - 16859611 _____ C:\Users\admin\Desktop\TEMAT IV.zip
2013-09-12 13:24 - 2013-09-12 13:53 - 122256606 _____ C:\Users\admin\Desktop\Sprawozdania.zip
2013-09-12 13:20 - 2013-09-13 03:29 - 00000000 ____D C:\Users\admin\Desktop\praktyki
2013-09-12 09:58 - 2013-09-12 09:59 - 00000000 ____D C:\Users\admin\Desktop\metody_desk
2013-09-12 06:49 - 2013-09-12 06:49 - 00000511 _____ C:\Windows\System32\Drivers\etc\hosts.ics

==================== One Month Modified Files and Folders =======

2013-10-11 05:40 - 2013-10-11 05:40 - 00000000 ____D C:\FRST
2013-10-07 07:42 - 2013-10-06 01:51 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-07 07:32 - 2013-10-05 22:07 - 00000000 ____D C:\ProgramData\gX337333
2013-10-07 05:45 - 2013-10-07 05:45 - 00000118 _____ C:\Users\admin\Desktop\Antivirus Security Pro support.url
2013-10-07 05:45 - 2013-10-05 22:13 - 00001666 _____ C:\Users\admin\Desktop\Antivirus Security Pro.lnk
2013-10-07 05:45 - 2013-04-20 18:02 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 05:44 - 2013-10-05 22:25 - 00000392 _____ C:\Windows\setupact.log
2013-10-07 05:44 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 22:30 - 2013-07-14 07:41 - 00000000 ____D C:\Program Files (x86)\Connectify
2013-10-05 22:25 - 2013-10-05 22:25 - 00000000 _____ C:\Windows\setuperr.log
2013-10-05 22:22 - 2013-10-05 22:16 - 00000000 ____D C:\32788R22FWJFW
2013-10-05 22:22 - 2013-04-20 18:02 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-05 22:13 - 2012-04-30 06:48 - 01988568 _____ C:\Windows\WindowsUpdate.log
2013-10-05 22:12 - 2012-04-15 04:38 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514451098-3715522499-3830946451-1000UA.job
2013-10-05 22:08 - 2012-04-30 06:02 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-05 22:07 - 2012-04-15 04:38 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-10-05 14:12 - 2012-04-15 04:38 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514451098-3715522499-3830946451-1000Core.job
2013-10-05 10:10 - 2009-07-13 20:45 - 00022208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 10:10 - 2009-07-13 20:45 - 00022208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 05:09 - 2012-04-27 16:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-10-05 03:03 - 2012-04-15 10:41 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C63EF671-1300-489F-A7EF-D9B7C32ABE58}
2013-10-05 03:01 - 2013-02-08 10:36 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2013-10-03 21:51 - 2013-10-02 10:10 - 00810850 _____ C:\Windows\System32\perfh015.dat
2013-10-03 21:51 - 2013-10-02 10:10 - 00183126 _____ C:\Windows\System32\perfc015.dat
2013-10-03 21:51 - 2009-07-13 21:13 - 01867710 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-02 10:08 - 2013-10-02 10:08 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-10-02 10:08 - 2011-04-12 00:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-02 10:08 - 2011-04-12 00:17 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-10-02 10:08 - 2011-04-12 00:17 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-10-02 10:08 - 2011-04-12 00:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-10-02 10:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-10-02 10:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-10-02 10:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-02 10:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-10-02 10:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-10-02 10:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-10-02 10:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-10-02 10:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-10-02 10:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-10-02 10:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-10-02 10:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-10-02 10:08 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-02 10:07 - 2013-10-02 10:07 - 00000000 ____D C:\Windows\SysWOW64\pl
2013-10-02 10:07 - 2013-10-02 10:07 - 00000000 ____D C:\Windows\System32\pl
2013-10-02 10:07 - 2011-04-12 00:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-10-02 10:07 - 2011-04-12 00:17 - 00000000 ____D C:\Windows\System32\winrm
2013-10-02 10:07 - 2011-04-12 00:17 - 00000000 ____D C:\Windows\System32\WCN
2013-10-02 10:07 - 2011-04-12 00:17 - 00000000 ____D C:\Windows\System32\slmgr
2013-10-02 10:07 - 2011-04-12 00:17 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-10-02 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-10-02 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-10-02 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-10-02 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2013-10-02 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-10-02 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-10-02 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2013-10-02 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-10-02 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-10-02 10:06 - 2013-10-02 10:10 - 00337158 _____ C:\Windows\System32\perfi015.dat
2013-10-02 10:06 - 2013-10-02 10:10 - 00038710 _____ C:\Windows\System32\perfd015.dat
2013-10-02 09:51 - 2013-10-02 09:48 - 70112552 _____ (Microsoft Corporation) C:\Users\admin\Desktop\windows6.1-kb2483139-x64-pl-pl_24d00a966a7a75132c3af5627634483d3e2d01e7.exe
2013-10-02 09:46 - 2013-10-02 09:46 - 01159844 _____ (www.froggie.sk) C:\Users\admin\Desktop\Vistalizator.exe
2013-09-30 19:36 - 2012-05-23 06:06 - 00000000 ____D C:\Users\admin\AppData\Roaming\OpenOffice.org2
2013-09-30 10:44 - 2013-09-30 10:44 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-09-30 00:21 - 2013-09-26 03:10 - 00106358 _____ C:\Users\admin\AppData\Roaming\SkrybotConfig.xml
2013-09-29 12:47 - 2013-09-22 20:52 - 00000000 ____D C:\Users\admin\Desktop\bazy-2013-09-22
2013-09-28 05:10 - 2013-09-28 05:09 - 00784840 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe
2013-09-27 05:14 - 2012-05-23 16:16 - 00000000 ____D C:\ProgramData\Autodesk
2013-09-27 05:13 - 2013-09-27 05:13 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-09-27 05:12 - 2012-06-01 11:02 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-27 05:00 - 2013-09-27 05:00 - 00000000 ____D C:\Users\admin\Desktop\tmp_obiektowe
2013-09-27 04:14 - 2013-09-27 04:11 - 20768534 _____ C:\Users\admin\Desktop\Amman_-_A_City_in_Motion_Time_Lapse_Video.flv
2013-09-27 04:09 - 2013-09-25 19:52 - 00000000 ____D C:\Users\admin\Desktop\sprawozdania_milosz
2013-09-26 21:18 - 2013-04-21 05:48 - 00000000 ____D C:\Users\admin\Documents\Visual Studio 2010
2013-09-26 04:15 - 2013-09-26 03:46 - 113494879 _____ C:\Users\admin\Desktop\Programowanie obiektowe26062013.zip
2013-09-26 03:09 - 2013-09-26 02:22 - 206232833 _____ C:\Users\admin\Desktop\Paradygmaty_programowania26092013.zip
2013-09-26 00:09 - 2013-09-26 00:05 - 00000000 ____D C:\Skrybot
2013-09-26 00:08 - 2013-09-25 23:43 - 114279924 _____ C:\Users\admin\Desktop\skydrive-2013-09-26.zip
2013-09-25 23:59 - 2013-09-25 23:59 - 00003035 _____ C:\Users\admin\Desktop\SkrybotDoMowy.lnk
2013-09-25 23:59 - 2013-09-25 23:59 - 00000000 ____D C:\Program Files (x86)\SkrybotDoMowy
2013-09-25 23:50 - 2013-09-25 23:50 - 00004096 ____H C:\Users\admin\AppData\Local\keyfile3.drm
2013-09-25 23:15 - 2013-09-25 23:15 - 344408891 _____ C:\Users\admin\Downloads\InstalatorSkrybotDomowyDemo-1.5.3.701.exe
2013-09-25 22:56 - 2013-09-25 22:56 - 00685248 _____ C:\Users\admin\Desktop\SkryBot-doMowy(22258).exe
2013-09-25 08:21 - 2012-09-17 02:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\AIMP
2013-09-25 08:10 - 2012-05-13 10:03 - 00000000 ____D C:\Users\admin\.gimp-2.8
2013-09-25 08:07 - 2013-09-25 08:07 - 00002460 _____ C:\Users\admin\AppData\Local\recently-used.xbel
2013-09-25 07:15 - 2013-09-25 07:12 - 00000000 ____D C:\AdwCleaner
2013-09-25 07:12 - 2013-09-25 07:11 - 01042066 _____ C:\Users\admin\Desktop\adwcleaner.exe
2013-09-24 21:33 - 2013-09-24 21:33 - 00000000 ____D C:\Users\admin\Desktop\Sprawozdania
2013-09-23 11:29 - 2013-09-23 11:29 - 00030560 _____ C:\Users\admin\Desktop\Untitled.camproj
2013-09-23 11:28 - 2013-09-23 11:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\TechSmith
2013-09-23 11:19 - 2013-09-23 11:17 - 1289795551 _____ C:\Users\admin\Desktop\blend3.camrec
2013-09-23 11:17 - 2012-05-10 12:21 - 00005120 _____ C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-23 11:06 - 2013-09-23 11:06 - 00000000 ____D C:\Users\admin\AppData\Local\TechSmith
2013-09-23 10:26 - 2013-09-23 10:26 - 00000000 ____D C:\Users\admin\Documents\Camtasia Studio
2013-09-23 10:25 - 2013-09-23 10:22 - 2183170177 _____ C:\Users\admin\Desktop\blend2.camrec
2013-09-23 08:55 - 2013-09-23 08:54 - 654508032 _____ C:\Users\admin\Desktop\BLEND1.camrec
2013-09-23 08:25 - 2013-09-23 08:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Blender Foundation
2013-09-23 08:25 - 2012-05-13 10:05 - 00000000 ____D C:\Users\admin\.thumbnails
2013-09-23 08:24 - 2013-09-23 08:24 - 00002108 _____ C:\Users\Public\Desktop\Blender.lnk
2013-09-23 08:23 - 2013-09-23 08:23 - 00000000 ____D C:\Program Files (x86)\Blender Foundation
2013-09-23 08:19 - 2013-09-23 08:15 - 41676340 _____ C:\Users\admin\Desktop\blender-2.68a-windows32.exe
2013-09-23 08:07 - 2013-09-23 08:07 - 00000000 ____D C:\Users\admin\Documents\plsqldoc
2013-09-23 08:07 - 2013-09-22 21:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\PLSQL Developer
2013-09-23 08:01 - 2013-06-17 00:48 - 99617096 _____ C:\Users\admin\Desktop\MIS - WYNIKOWA (BEZ SWIATEL).avi
2013-09-22 21:42 - 2013-09-22 21:41 - 00000000 ____D C:\Program Files (x86)\PLSQL Developer
2013-09-22 21:39 - 2013-04-16 02:45 - 00000000 ____D C:\Users\admin\Desktop\sqloracle
2013-09-21 01:06 - 2013-09-20 10:03 - 00000000 ____D C:\Users\admin\Desktop\Przygotowania_do_testu
2013-09-20 13:40 - 2013-09-20 13:39 - 17770370 _____ C:\Users\admin\Desktop\zdjecia_milosz.7z
2013-09-20 10:31 - 2012-04-15 10:33 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-09-20 10:21 - 2013-09-20 10:21 - 02471809 _____ C:\Users\admin\Downloads\Holdin On - Flume.wav
2013-09-20 04:45 - 2013-09-20 03:31 - 294829801 _____ C:\Users\admin\Desktop\skydrive-2013-09-20.zip
2013-09-20 01:19 - 2013-02-10 09:24 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-09-20 01:19 - 2013-02-10 09:24 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-09-20 01:09 - 2013-02-10 09:24 - 00000000 ____D C:\Games
2013-09-18 01:22 - 2013-09-18 01:22 - 00000000 ____D C:\Program Files (x86)\predm
2013-09-18 01:20 - 2013-09-13 09:01 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-18 01:19 - 2013-01-23 01:28 - 00000000 ____D C:\Program Files (x86)\Arena
2013-09-17 10:38 - 2013-09-17 08:37 - 370373090 _____ C:\Users\admin\Desktop\Bazy danych09.zip
2013-09-14 11:45 - 2013-09-14 11:45 - 00000000 ____D C:\Users\admin\Desktop\porajgłosy
2013-09-14 11:31 - 2013-01-07 09:53 - 00000000 ____D C:\output
2013-09-14 09:01 - 2013-09-14 13:35 - 58408038 ____N C:\Users\admin\Desktop\20130914_190058.mp4
2013-09-14 09:00 - 2013-09-14 13:35 - 98366193 ____N C:\Users\admin\Desktop\20130914_185920.mp4
2013-09-13 22:59 - 2013-09-13 22:59 - 00001089 _____ C:\Users\Administrator\Desktop\ConvertMovie 3.0.lnk
2013-09-13 22:59 - 2013-09-13 22:59 - 00001089 _____ C:\Users\admin\Desktop\ConvertMovie 3.0.lnk
2013-09-13 22:59 - 2013-09-13 22:59 - 00000000 ____D C:\Program Files (x86)\MOVAVI
2013-09-13 22:59 - 2013-09-13 22:59 - 00000000 ____D C:\Program Files (x86)\ConvertMovie 3.0
2013-09-13 22:58 - 2013-09-13 22:59 - 13112366 _____ C:\Users\admin\Downloads\ConvertMovie 3.0.exe
2013-09-13 21:07 - 2013-09-13 19:35 - 625298484 _____ C:\Users\admin\Desktop\mis_desk2013-09-13.zip
2013-09-13 08:45 - 2013-09-13 08:45 - 08268374 _____ (FreeMediaConverter.org                                      ) C:\Users\admin\Downloads\free-media-converter.exe
2013-09-13 07:24 - 2013-09-13 04:37 - 353258432 _____ C:\Users\admin\Desktop\Modelowanie i symulacja.zip.part
2013-09-13 03:29 - 2013-09-12 13:20 - 00000000 ____D C:\Users\admin\Desktop\praktyki
2013-09-12 22:47 - 2013-09-12 22:47 - 15252829 _____ C:\Users\admin\Desktop\Rocky_II_-_Gonna_Fly_Now.mp4
2013-09-12 21:38 - 2013-09-12 21:37 - 06268494 _____ C:\Users\admin\Desktop\NOTATKI wyk1,2 numeryczne.zip
2013-09-12 21:38 - 2013-09-12 21:35 - 16859611 _____ C:\Users\admin\Desktop\TEMAT IV.zip
2013-09-12 21:36 - 2013-09-12 21:36 - 00635957 _____ C:\Users\admin\Desktop\Metody Numeryczne - sprawka.zip
2013-09-12 13:53 - 2013-09-12 13:24 - 122256606 _____ C:\Users\admin\Desktop\Sprawozdania.zip
2013-09-12 09:59 - 2013-09-12 09:58 - 00000000 ____D C:\Users\admin\Desktop\metody_desk
2013-09-12 08:07 - 2012-12-17 19:52 - 00000000 ____D C:\Users\admin\Desktop\angielski
2013-09-12 07:01 - 2013-02-03 02:35 - 00000000 ____D C:\Users\admin\Desktop\statystyka
2013-09-12 06:58 - 2013-06-01 10:04 - 00000000 ____D C:\Users\admin\Desktop\drracket
2013-09-12 06:49 - 2013-09-12 06:49 - 00000511 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-09-12 02:56 - 2013-06-01 12:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\Racket

Files to move or delete:
====================
ZeroAccess:
C:\Users\admin\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\dsgsdgdsgdsgw.bat
C:\ProgramData\dsgsdgdsgdsgw.reg


Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\ComboFix.exe
C:\Users\admin\AppData\Local\Temp\explmmc64.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

5
Restore point made on: 2013-09-25 23:59:19
Restore point made on: 2013-09-26 09:56:53
Restore point made on: 2013-09-29 11:21:19
Restore point made on: 2013-10-02 09:54:00
Restore point made on: 2013-10-03 21:10:09

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4063.19 MB
Available physical RAM: 3386.22 MB
Total Pagefile: 4061.39 MB
Available Pagefile: 3385.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.91 GB) (Free:6.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:64.39 GB) (Free:6.76 GB) NTFS
Drive e: (GSP1RMCPRXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive f: (DOROTA) (Removable) (Total:0.12 GB) (Free:0.01 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 3069A20B)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=86 GB) - (Type=05)
Partition 3: (Not Active) - (Size=20 GB) - (Type=83)
Partition 4: (Not Active) - (Size=20 GB) - (Type=83)

========================================================
Disk: 1 (Size: 125 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=125 MB) - (Type=06)


LastRegBack: 2013-09-30 16:11

==================== End Of Log ============================