Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by admin (administrator) on LAPPC on 11-10-2013 18:48:48 Running from F:\ Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (AMD) C:\Windows\system32\atieclxx.exe (Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Connectify) C:\Program Files (x86)\Connectify\ConnectifyD.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (SafeIP) C:\Program Files (x86)\SafeIP\SafeIPs.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Farbar) F:\FRSTx64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] () HKLM\...\Run: [Connectify Hotspot] - C:\Program Files (x86)\Connectify\Connectify.exe [4438816 2013-08-20] (Connectify) HKLM\...\Run: [Connectify Dispatch] - C:\Program Files (x86)\Connectify\DispatchUI.exe [2895136 2013-08-20] (Connectify) HKLM\...\Policies\Explorer: [RestrictRun] 0 HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKCU\...\Policies\Explorer: [RestrictRun] 0 HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM-x32\...\Run: [tuto4pc_pl_17] - [x] HKU\Administrator\...\Run: [Google Update] - C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-15] (Google Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Winsock: Catalog9 01 C:\Windows\system32\SafeIPs.dll File Not found () Winsock: Catalog9 02 C:\Windows\system32\SafeIPs.dll File Not found () Winsock: Catalog9 03 C:\Windows\system32\SafeIPs.dll File Not found () Winsock: Catalog9 04 C:\Windows\system32\SafeIPs.dll File Not found () Winsock: Catalog9 15 C:\Windows\system32\SafeIPs.dll File Not found () Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP) Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP) Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP) Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP) Winsock: Catalog9-x64 15 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.100 Tcpip\..\Interfaces\{67BB412D-8A4B-4FB5-8AB1-74F12C6C7650}: [NameServer]194.204.159.1 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\admin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\admin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Extension: DoNotTrackMe - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\donottrackplus@abine.com FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: translator - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\translator@zoli.bod.xpi FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}.xpi FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: (qvo6) - http://www.google.com CHR DefaultSuggestURL: (qvo6) - "suggest_url": "" CHR Plugin: (Shockwave Flash) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\admin\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\admin\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Google Update) - C:\Users\admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 ==================== Services (Whitelisted) ================= S4 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY) S3 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [427520 2013-08-20] (Connectify) R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () S4 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] () R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] () S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [49152 2011-08-27] () S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [69632 2011-08-27] (Oracle Corporation) S2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [115773440 2011-08-27] (Oracle Corporation) S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [12800 2011-08-27] (Oracle Corporation) S2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [512000 2011-08-27] (Oracle Corporation) S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [3825152 2013-04-19] (SafeIP) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4773768 2012-10-02] (RealVNC Ltd) S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [x] U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{44ed8363-71b7-b030-c4a3-bda14e250c8f}\ \...\???\{44ed8363-71b7-b030-c4a3-bda14e250c8f}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [34840 2013-09-03] (Connectify) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-03] (Oracle Corporation) S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-11 18:46 - 2013-10-11 18:46 - 00001280 _____ C:\Users\admin\Desktop\RKreport[0]_D_10112013_184601.txt 2013-10-11 18:45 - 2013-10-11 18:45 - 00001634 _____ C:\Users\admin\Desktop\RKreport[0]_SC_10112013_184542.txt 2013-10-11 18:45 - 2013-10-11 18:45 - 00001634 _____ C:\Users\admin\Desktop\RKreport[0]_SC_10112013_184518.txt 2013-10-11 18:45 - 2013-10-11 18:45 - 00001128 _____ C:\Users\admin\Desktop\RKreport[0]_H_10112013_184502.txt 2013-10-11 18:44 - 2013-10-11 18:44 - 00001004 _____ C:\Users\admin\Desktop\RKreport[0]_PR_10112013_184459.txt 2013-10-11 18:44 - 2013-10-11 18:44 - 00000955 _____ C:\Users\admin\Desktop\RKreport[0]_DN_10112013_184433.txt 2013-10-11 16:18 - 2013-10-11 16:18 - 00001602 _____ C:\Users\admin\Desktop\RKreport[0]_SC_10112013_161809.txt 2013-10-11 16:16 - 2013-10-11 18:47 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine 2013-10-11 15:40 - 2013-10-11 15:40 - 00000000 ____D C:\FRST 2013-10-07 15:45 - 2013-10-07 15:45 - 00000118 _____ C:\Users\admin\Desktop\Antivirus Security Pro support.url 2013-10-06 11:51 - 2013-10-07 17:42 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-06 08:25 - 2013-10-11 16:13 - 00000448 _____ C:\Windows\setupact.log 2013-10-06 08:25 - 2013-10-06 08:25 - 00000000 _____ C:\Windows\setuperr.log 2013-10-06 08:16 - 2013-10-06 08:22 - 00000000 ____D C:\32788R22FWJFW 2013-10-06 08:13 - 2013-10-07 15:45 - 00001666 _____ C:\Users\admin\Desktop\Antivirus Security Pro.lnk 2013-10-06 08:13 - 2013-10-06 08:13 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro 2013-10-02 20:10 - 2013-10-04 07:51 - 00810850 _____ C:\Windows\system32\perfh015.dat 2013-10-02 20:10 - 2013-10-04 07:51 - 00183126 _____ C:\Windows\system32\perfc015.dat 2013-10-02 20:10 - 2013-10-02 20:06 - 00337158 _____ C:\Windows\system32\perfi015.dat 2013-10-02 20:10 - 2013-10-02 20:06 - 00038710 _____ C:\Windows\system32\perfd015.dat 2013-10-02 20:08 - 2013-10-02 20:08 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2013-10-02 20:07 - 2013-10-02 20:07 - 00000000 ____D C:\Windows\SysWOW64\pl 2013-10-02 20:07 - 2013-10-02 20:07 - 00000000 ____D C:\Windows\system32\pl 2013-10-02 19:48 - 2013-10-02 19:51 - 70112552 _____ (Microsoft Corporation) C:\Users\admin\Desktop\windows6.1-kb2483139-x64-pl-pl_24d00a966a7a75132c3af5627634483d3e2d01e7.exe 2013-10-02 19:46 - 2013-10-02 19:46 - 01159844 _____ (www.froggie.sk) C:\Users\admin\Desktop\Vistalizator.exe 2013-09-30 20:44 - 2013-09-30 20:44 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-09-28 15:09 - 2013-09-28 15:10 - 00784840 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe 2013-09-27 15:13 - 2013-09-27 15:13 - 00000000 ____D C:\Users\admin\AppData\Local\cache 2013-09-27 15:00 - 2013-09-27 15:00 - 00000000 ____D C:\Users\admin\Desktop\tmp_obiektowe 2013-09-27 14:11 - 2013-09-27 14:14 - 20768534 _____ C:\Users\admin\Desktop\Amman_-_A_City_in_Motion_Time_Lapse_Video.flv 2013-09-26 13:46 - 2013-09-26 14:15 - 113494879 _____ C:\Users\admin\Desktop\Programowanie obiektowe26062013.zip 2013-09-26 13:10 - 2013-09-30 10:21 - 00106358 _____ C:\Users\admin\AppData\Roaming\SkrybotConfig.xml 2013-09-26 12:22 - 2013-09-26 13:09 - 206232833 _____ C:\Users\admin\Desktop\Paradygmaty_programowania26092013.zip 2013-09-26 10:05 - 2013-09-26 10:09 - 00000000 ____D C:\Skrybot 2013-09-26 09:59 - 2013-09-26 09:59 - 00003035 _____ C:\Users\admin\Desktop\SkrybotDoMowy.lnk 2013-09-26 09:59 - 2013-09-26 09:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skrybot DoMowy 2013-09-26 09:59 - 2013-09-26 09:59 - 00000000 ____D C:\Program Files (x86)\SkrybotDoMowy 2013-09-26 09:50 - 2013-09-26 09:50 - 00004096 ____H C:\Users\admin\AppData\Local\keyfile3.drm 2013-09-26 09:48 - 2012-03-27 23:03 - 00000000 ____D C:\Users\admin\Downloads\InstalatorSkrybotDomowyDemo-1.5.3.701 2013-09-26 09:43 - 2013-09-26 10:08 - 114279924 _____ C:\Users\admin\Desktop\skydrive-2013-09-26.zip 2013-09-26 09:15 - 2013-09-26 09:15 - 344408891 _____ C:\Users\admin\Downloads\InstalatorSkrybotDomowyDemo-1.5.3.701.exe 2013-09-26 08:56 - 2013-09-26 08:56 - 00685248 _____ C:\Users\admin\Desktop\SkryBot-doMowy(22258).exe 2013-09-26 05:52 - 2013-09-27 14:09 - 00000000 ____D C:\Users\admin\Desktop\sprawozdania_milosz 2013-09-25 18:07 - 2013-09-25 18:07 - 00002460 _____ C:\Users\admin\AppData\Local\recently-used.xbel 2013-09-25 17:12 - 2013-09-25 17:15 - 00000000 ____D C:\AdwCleaner 2013-09-25 17:11 - 2013-09-25 17:12 - 01042066 _____ C:\Users\admin\Desktop\adwcleaner.exe 2013-09-25 07:33 - 2013-09-25 07:33 - 00000000 ____D C:\Users\admin\Desktop\Sprawozdania 2013-09-23 21:29 - 2013-09-23 21:29 - 00030560 _____ C:\Users\admin\Desktop\Untitled.camproj 2013-09-23 21:28 - 2013-09-23 21:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\TechSmith 2013-09-23 21:17 - 2013-09-23 21:19 - 1289795551 _____ C:\Users\admin\Desktop\blend3.camrec 2013-09-23 21:06 - 2013-09-23 21:06 - 00000000 ____D C:\Users\admin\AppData\Local\TechSmith 2013-09-23 20:26 - 2013-09-23 20:26 - 00000000 ____D C:\Users\admin\Documents\Camtasia Studio 2013-09-23 20:22 - 2013-09-23 20:25 - 2183170177 _____ C:\Users\admin\Desktop\blend2.camrec 2013-09-23 18:54 - 2013-09-23 18:55 - 654508032 _____ C:\Users\admin\Desktop\BLEND1.camrec 2013-09-23 18:25 - 2013-09-23 18:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Blender Foundation 2013-09-23 18:24 - 2013-09-23 18:24 - 00002108 _____ C:\Users\Public\Desktop\Blender.lnk 2013-09-23 18:23 - 2013-09-23 18:23 - 00000000 ____D C:\Program Files (x86)\Blender Foundation 2013-09-23 18:15 - 2013-09-23 18:19 - 41676340 _____ C:\Users\admin\Desktop\blender-2.68a-windows32.exe 2013-09-23 18:07 - 2013-09-23 18:07 - 00000000 ____D C:\Users\admin\Documents\plsqldoc 2013-09-23 07:42 - 2013-09-23 07:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PLSQL Developer 2013-09-23 07:41 - 2013-09-23 18:07 - 00000000 ____D C:\Users\admin\AppData\Roaming\PLSQL Developer 2013-09-23 07:41 - 2013-09-23 07:42 - 00000000 ____D C:\Program Files (x86)\PLSQL Developer 2013-09-23 07:41 - 2007-09-04 16:14 - 00180000 _____ C:\Windows\aaRemove.exe 2013-09-23 06:52 - 2013-09-29 22:47 - 00000000 ____D C:\Users\admin\Desktop\bazy-2013-09-22 2013-09-20 23:39 - 2013-09-20 23:40 - 17770370 _____ C:\Users\admin\Desktop\zdjecia_milosz.7z 2013-09-20 20:21 - 2013-09-20 20:21 - 02471809 _____ C:\Users\admin\Downloads\Holdin On - Flume.wav 2013-09-20 20:03 - 2013-09-21 11:06 - 00000000 ____D C:\Users\admin\Desktop\Przygotowania_do_testu 2013-09-20 13:31 - 2013-09-20 14:45 - 294829801 _____ C:\Users\admin\Desktop\skydrive-2013-09-20.zip 2013-09-18 11:22 - 2013-09-18 11:22 - 00000000 ____D C:\Program Files (x86)\predm 2013-09-17 18:37 - 2013-09-17 20:38 - 370373090 _____ C:\Users\admin\Desktop\Bazy danych09.zip 2013-09-14 23:35 - 2013-09-14 19:01 - 58408038 ____N C:\Users\admin\Desktop\20130914_190058.mp4 2013-09-14 23:35 - 2013-09-14 19:00 - 98366193 ____N C:\Users\admin\Desktop\20130914_185920.mp4 2013-09-14 21:45 - 2013-09-14 21:45 - 00000000 ____D C:\Users\admin\Desktop\porajgłosy 2013-09-14 08:59 - 2013-09-14 08:59 - 00001089 _____ C:\Users\Administrator\Desktop\ConvertMovie 3.0.lnk 2013-09-14 08:59 - 2013-09-14 08:59 - 00001089 _____ C:\Users\admin\Desktop\ConvertMovie 3.0.lnk 2013-09-14 08:59 - 2013-09-14 08:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ConvertMovie 3.0 2013-09-14 08:59 - 2013-09-14 08:59 - 00000000 ____D C:\Program Files (x86)\MOVAVI 2013-09-14 08:59 - 2013-09-14 08:59 - 00000000 ____D C:\Program Files (x86)\ConvertMovie 3.0 2013-09-14 08:59 - 2013-09-14 08:58 - 13112366 _____ C:\Users\admin\Downloads\ConvertMovie 3.0.exe 2013-09-14 05:35 - 2013-09-14 07:07 - 625298484 _____ C:\Users\admin\Desktop\mis_desk2013-09-13.zip 2013-09-13 18:45 - 2013-09-13 18:45 - 08268374 _____ (FreeMediaConverter.org ) C:\Users\admin\Downloads\free-media-converter.exe 2013-09-13 14:37 - 2013-09-13 17:24 - 353258432 _____ C:\Users\admin\Desktop\Modelowanie i symulacja.zip.part 2013-09-13 08:47 - 2013-09-13 08:47 - 15252829 _____ C:\Users\admin\Desktop\Rocky_II_-_Gonna_Fly_Now.mp4 2013-09-13 07:37 - 2013-09-13 07:38 - 06268494 _____ C:\Users\admin\Desktop\NOTATKI wyk1,2 numeryczne.zip 2013-09-13 07:36 - 2013-09-13 07:36 - 00635957 _____ C:\Users\admin\Desktop\Metody Numeryczne - sprawka.zip 2013-09-13 07:35 - 2013-09-13 07:38 - 16859611 _____ C:\Users\admin\Desktop\TEMAT IV.zip 2013-09-12 23:24 - 2013-09-12 23:53 - 122256606 _____ C:\Users\admin\Desktop\Sprawozdania.zip 2013-09-12 23:20 - 2013-09-13 13:29 - 00000000 ____D C:\Users\admin\Desktop\praktyki 2013-09-12 19:58 - 2013-09-12 19:59 - 00000000 ____D C:\Users\admin\Desktop\metody_desk 2013-09-12 16:49 - 2013-09-12 16:49 - 00000511 _____ C:\Windows\system32\Drivers\etc\hosts.ics ==================== One Month Modified Files and Folders ======= 2013-10-11 18:47 - 2013-10-11 16:16 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine 2013-10-11 18:46 - 2013-10-11 18:46 - 00001280 _____ C:\Users\admin\Desktop\RKreport[0]_D_10112013_184601.txt 2013-10-11 18:45 - 2013-10-11 18:45 - 00001634 _____ C:\Users\admin\Desktop\RKreport[0]_SC_10112013_184542.txt 2013-10-11 18:45 - 2013-10-11 18:45 - 00001634 _____ C:\Users\admin\Desktop\RKreport[0]_SC_10112013_184518.txt 2013-10-11 18:45 - 2013-10-11 18:45 - 00001128 _____ C:\Users\admin\Desktop\RKreport[0]_H_10112013_184502.txt 2013-10-11 18:44 - 2013-10-11 18:44 - 00001004 _____ C:\Users\admin\Desktop\RKreport[0]_PR_10112013_184459.txt 2013-10-11 18:44 - 2013-10-11 18:44 - 00000955 _____ C:\Users\admin\Desktop\RKreport[0]_DN_10112013_184433.txt 2013-10-11 18:22 - 2013-04-21 04:02 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-11 18:12 - 2012-04-15 14:38 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514451098-3715522499-3830946451-1000UA.job 2013-10-11 16:22 - 2009-07-14 06:45 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-11 16:22 - 2009-07-14 06:45 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-11 16:18 - 2013-10-11 16:18 - 00001602 _____ C:\Users\admin\Desktop\RKreport[0]_SC_10112013_161809.txt 2013-10-11 16:18 - 2012-04-15 20:41 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C63EF671-1300-489F-A7EF-D9B7C32ABE58} 2013-10-11 16:14 - 2013-04-21 04:02 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-11 16:13 - 2013-10-06 08:25 - 00000448 _____ C:\Windows\setupact.log 2013-10-11 16:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-11 15:40 - 2013-10-11 15:40 - 00000000 ____D C:\FRST 2013-10-07 17:42 - 2013-10-06 11:51 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-07 15:45 - 2013-10-07 15:45 - 00000118 _____ C:\Users\admin\Desktop\Antivirus Security Pro support.url 2013-10-07 15:45 - 2013-10-06 08:13 - 00001666 _____ C:\Users\admin\Desktop\Antivirus Security Pro.lnk 2013-10-06 08:30 - 2013-07-14 17:41 - 00000000 ____D C:\Program Files (x86)\Connectify 2013-10-06 08:25 - 2013-10-06 08:25 - 00000000 _____ C:\Windows\setuperr.log 2013-10-06 08:22 - 2013-10-06 08:16 - 00000000 ____D C:\32788R22FWJFW 2013-10-06 08:13 - 2013-10-06 08:13 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro 2013-10-06 08:13 - 2012-04-30 16:48 - 01988568 _____ C:\Windows\WindowsUpdate.log 2013-10-06 08:08 - 2012-04-30 16:02 - 00000000 ____D C:\Program Files (x86)\Google 2013-10-06 08:07 - 2012-04-15 14:38 - 00000000 ____D C:\Users\admin\AppData\Local\Google 2013-10-06 00:12 - 2012-04-15 14:38 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514451098-3715522499-3830946451-1000Core.job 2013-10-05 15:09 - 2012-04-28 02:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent 2013-10-05 13:01 - 2013-02-08 20:36 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps 2013-10-04 07:51 - 2013-10-02 20:10 - 00810850 _____ C:\Windows\system32\perfh015.dat 2013-10-04 07:51 - 2013-10-02 20:10 - 00183126 _____ C:\Windows\system32\perfc015.dat 2013-10-04 07:51 - 2009-07-14 07:13 - 01867710 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-02 20:08 - 2013-10-02 20:08 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2013-10-02 20:08 - 2011-04-12 10:28 - 00000000 ____D C:\Program Files\Windows Journal 2013-10-02 20:08 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\SysWOW64\winrm 2013-10-02 20:08 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\SysWOW64\WCN 2013-10-02 20:08 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System 2013-10-02 20:07 - 2013-10-02 20:07 - 00000000 ____D C:\Windows\SysWOW64\pl 2013-10-02 20:07 - 2013-10-02 20:07 - 00000000 ____D C:\Windows\system32\pl 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\system32\winrm 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\system32\WCN 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\system32\slmgr 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME 2013-10-02 20:06 - 2013-10-02 20:10 - 00337158 _____ C:\Windows\system32\perfi015.dat 2013-10-02 20:06 - 2013-10-02 20:10 - 00038710 _____ C:\Windows\system32\perfd015.dat 2013-10-02 19:51 - 2013-10-02 19:48 - 70112552 _____ (Microsoft Corporation) C:\Users\admin\Desktop\windows6.1-kb2483139-x64-pl-pl_24d00a966a7a75132c3af5627634483d3e2d01e7.exe 2013-10-02 19:46 - 2013-10-02 19:46 - 01159844 _____ (www.froggie.sk) C:\Users\admin\Desktop\Vistalizator.exe 2013-10-01 05:36 - 2012-05-23 16:06 - 00000000 ____D C:\Users\admin\AppData\Roaming\OpenOffice.org2 2013-09-30 20:44 - 2013-09-30 20:44 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-09-30 10:21 - 2013-09-26 13:10 - 00106358 _____ C:\Users\admin\AppData\Roaming\SkrybotConfig.xml 2013-09-29 22:47 - 2013-09-23 06:52 - 00000000 ____D C:\Users\admin\Desktop\bazy-2013-09-22 2013-09-28 15:10 - 2013-09-28 15:09 - 00784840 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe 2013-09-27 15:14 - 2012-05-24 02:16 - 00000000 ____D C:\ProgramData\Autodesk 2013-09-27 15:13 - 2013-09-27 15:13 - 00000000 ____D C:\Users\admin\AppData\Local\cache 2013-09-27 15:12 - 2012-06-01 21:02 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-27 15:00 - 2013-09-27 15:00 - 00000000 ____D C:\Users\admin\Desktop\tmp_obiektowe 2013-09-27 14:14 - 2013-09-27 14:11 - 20768534 _____ C:\Users\admin\Desktop\Amman_-_A_City_in_Motion_Time_Lapse_Video.flv 2013-09-27 14:09 - 2013-09-26 05:52 - 00000000 ____D C:\Users\admin\Desktop\sprawozdania_milosz 2013-09-27 07:18 - 2013-04-21 15:48 - 00000000 ____D C:\Users\admin\Documents\Visual Studio 2010 2013-09-26 14:15 - 2013-09-26 13:46 - 113494879 _____ C:\Users\admin\Desktop\Programowanie obiektowe26062013.zip 2013-09-26 13:09 - 2013-09-26 12:22 - 206232833 _____ C:\Users\admin\Desktop\Paradygmaty_programowania26092013.zip 2013-09-26 10:09 - 2013-09-26 10:05 - 00000000 ____D C:\Skrybot 2013-09-26 10:08 - 2013-09-26 09:43 - 114279924 _____ C:\Users\admin\Desktop\skydrive-2013-09-26.zip 2013-09-26 09:59 - 2013-09-26 09:59 - 00003035 _____ C:\Users\admin\Desktop\SkrybotDoMowy.lnk 2013-09-26 09:59 - 2013-09-26 09:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skrybot DoMowy 2013-09-26 09:59 - 2013-09-26 09:59 - 00000000 ____D C:\Program Files (x86)\SkrybotDoMowy 2013-09-26 09:50 - 2013-09-26 09:50 - 00004096 ____H C:\Users\admin\AppData\Local\keyfile3.drm 2013-09-26 09:15 - 2013-09-26 09:15 - 344408891 _____ C:\Users\admin\Downloads\InstalatorSkrybotDomowyDemo-1.5.3.701.exe 2013-09-26 08:56 - 2013-09-26 08:56 - 00685248 _____ C:\Users\admin\Desktop\SkryBot-doMowy(22258).exe 2013-09-25 18:21 - 2012-09-17 12:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\AIMP 2013-09-25 18:10 - 2012-05-13 20:03 - 00000000 ____D C:\Users\admin\.gimp-2.8 2013-09-25 18:07 - 2013-09-25 18:07 - 00002460 _____ C:\Users\admin\AppData\Local\recently-used.xbel 2013-09-25 17:15 - 2013-09-25 17:12 - 00000000 ____D C:\AdwCleaner 2013-09-25 17:14 - 2012-04-15 14:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-25 17:14 - 2012-04-15 02:54 - 00001176 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-25 17:14 - 2012-04-15 02:54 - 00000989 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-09-25 17:12 - 2013-09-25 17:11 - 01042066 _____ C:\Users\admin\Desktop\adwcleaner.exe 2013-09-25 07:33 - 2013-09-25 07:33 - 00000000 ____D C:\Users\admin\Desktop\Sprawozdania 2013-09-23 21:29 - 2013-09-23 21:29 - 00030560 _____ C:\Users\admin\Desktop\Untitled.camproj 2013-09-23 21:28 - 2013-09-23 21:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\TechSmith 2013-09-23 21:19 - 2013-09-23 21:17 - 1289795551 _____ C:\Users\admin\Desktop\blend3.camrec 2013-09-23 21:17 - 2012-05-10 22:21 - 00005120 _____ C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-23 21:06 - 2013-09-23 21:06 - 00000000 ____D C:\Users\admin\AppData\Local\TechSmith 2013-09-23 20:26 - 2013-09-23 20:26 - 00000000 ____D C:\Users\admin\Documents\Camtasia Studio 2013-09-23 20:25 - 2013-09-23 20:22 - 2183170177 _____ C:\Users\admin\Desktop\blend2.camrec 2013-09-23 18:55 - 2013-09-23 18:54 - 654508032 _____ C:\Users\admin\Desktop\BLEND1.camrec 2013-09-23 18:25 - 2013-09-23 18:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Blender Foundation 2013-09-23 18:25 - 2012-05-13 20:05 - 00000000 ____D C:\Users\admin\.thumbnails 2013-09-23 18:24 - 2013-09-23 18:24 - 00002108 _____ C:\Users\Public\Desktop\Blender.lnk 2013-09-23 18:23 - 2013-09-23 18:23 - 00000000 ____D C:\Program Files (x86)\Blender Foundation 2013-09-23 18:19 - 2013-09-23 18:15 - 41676340 _____ C:\Users\admin\Desktop\blender-2.68a-windows32.exe 2013-09-23 18:07 - 2013-09-23 18:07 - 00000000 ____D C:\Users\admin\Documents\plsqldoc 2013-09-23 18:07 - 2013-09-23 07:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\PLSQL Developer 2013-09-23 18:01 - 2013-06-17 10:48 - 99617096 _____ C:\Users\admin\Desktop\MIS - WYNIKOWA (BEZ SWIATEL).avi 2013-09-23 07:42 - 2013-09-23 07:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PLSQL Developer 2013-09-23 07:42 - 2013-09-23 07:41 - 00000000 ____D C:\Program Files (x86)\PLSQL Developer 2013-09-23 07:39 - 2013-04-16 12:45 - 00000000 ____D C:\Users\admin\Desktop\sqloracle 2013-09-21 11:06 - 2013-09-20 20:03 - 00000000 ____D C:\Users\admin\Desktop\Przygotowania_do_testu 2013-09-20 23:40 - 2013-09-20 23:39 - 17770370 _____ C:\Users\admin\Desktop\zdjecia_milosz.7z 2013-09-20 20:31 - 2012-04-15 20:33 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-09-20 20:21 - 2013-09-20 20:21 - 02471809 _____ C:\Users\admin\Downloads\Holdin On - Flume.wav 2013-09-20 14:45 - 2013-09-20 13:31 - 294829801 _____ C:\Users\admin\Desktop\skydrive-2013-09-20.zip 2013-09-20 11:19 - 2013-02-10 19:24 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-09-20 11:19 - 2013-02-10 19:24 - 00000000 ____D C:\Windows\SysWOW64\directx 2013-09-20 11:09 - 2013-02-10 19:24 - 00000000 ____D C:\Games 2013-09-18 11:22 - 2013-09-18 11:22 - 00000000 ____D C:\Program Files (x86)\predm 2013-09-18 11:19 - 2013-01-23 11:28 - 00000000 ____D C:\Program Files (x86)\Arena 2013-09-17 20:38 - 2013-09-17 18:37 - 370373090 _____ C:\Users\admin\Desktop\Bazy danych09.zip 2013-09-14 21:45 - 2013-09-14 21:45 - 00000000 ____D C:\Users\admin\Desktop\porajgłosy 2013-09-14 21:31 - 2013-01-07 19:53 - 00000000 ____D C:\output 2013-09-14 19:01 - 2013-09-14 23:35 - 58408038 ____N C:\Users\admin\Desktop\20130914_190058.mp4 2013-09-14 19:00 - 2013-09-14 23:35 - 98366193 ____N C:\Users\admin\Desktop\20130914_185920.mp4 2013-09-14 08:59 - 2013-09-14 08:59 - 00001089 _____ C:\Users\Administrator\Desktop\ConvertMovie 3.0.lnk 2013-09-14 08:59 - 2013-09-14 08:59 - 00001089 _____ C:\Users\admin\Desktop\ConvertMovie 3.0.lnk 2013-09-14 08:59 - 2013-09-14 08:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ConvertMovie 3.0 2013-09-14 08:59 - 2013-09-14 08:59 - 00000000 ____D C:\Program Files (x86)\MOVAVI 2013-09-14 08:59 - 2013-09-14 08:59 - 00000000 ____D C:\Program Files (x86)\ConvertMovie 3.0 2013-09-14 08:58 - 2013-09-14 08:59 - 13112366 _____ C:\Users\admin\Downloads\ConvertMovie 3.0.exe 2013-09-14 07:07 - 2013-09-14 05:35 - 625298484 _____ C:\Users\admin\Desktop\mis_desk2013-09-13.zip 2013-09-13 18:45 - 2013-09-13 18:45 - 08268374 _____ (FreeMediaConverter.org ) C:\Users\admin\Downloads\free-media-converter.exe 2013-09-13 17:24 - 2013-09-13 14:37 - 353258432 _____ C:\Users\admin\Desktop\Modelowanie i symulacja.zip.part 2013-09-13 13:29 - 2013-09-12 23:20 - 00000000 ____D C:\Users\admin\Desktop\praktyki 2013-09-13 08:47 - 2013-09-13 08:47 - 15252829 _____ C:\Users\admin\Desktop\Rocky_II_-_Gonna_Fly_Now.mp4 2013-09-13 07:38 - 2013-09-13 07:37 - 06268494 _____ C:\Users\admin\Desktop\NOTATKI wyk1,2 numeryczne.zip 2013-09-13 07:38 - 2013-09-13 07:35 - 16859611 _____ C:\Users\admin\Desktop\TEMAT IV.zip 2013-09-13 07:36 - 2013-09-13 07:36 - 00635957 _____ C:\Users\admin\Desktop\Metody Numeryczne - sprawka.zip 2013-09-12 23:53 - 2013-09-12 23:24 - 122256606 _____ C:\Users\admin\Desktop\Sprawozdania.zip 2013-09-12 19:59 - 2013-09-12 19:58 - 00000000 ____D C:\Users\admin\Desktop\metody_desk 2013-09-12 18:07 - 2012-12-18 05:52 - 00000000 ____D C:\Users\admin\Desktop\angielski 2013-09-12 17:01 - 2013-02-03 12:35 - 00000000 ____D C:\Users\admin\Desktop\statystyka 2013-09-12 16:58 - 2013-06-01 20:04 - 00000000 ____D C:\Users\admin\Desktop\drracket 2013-09-12 16:49 - 2013-09-12 16:49 - 00000511 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-09-12 12:56 - 2013-06-01 22:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\Racket Some content of TEMP: ==================== C:\Users\admin\AppData\Local\temp\ComboFix.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client LastRegBack: 2013-10-01 02:11 ==================== End Of Log ============================