Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by admin (administrator) on LAPPC on 19-10-2013 09:48:14 Running from F:\ Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (AMD) C:\Windows\system32\atieclxx.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) F:\FRSTx64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKU\Administrator\...\Run: [Google Update] - C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-15] (Google Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.100 Tcpip\..\Interfaces\{67BB412D-8A4B-4FB5-8AB1-74F12C6C7650}: [NameServer]194.204.159.1 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Extension: DoNotTrackMe - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\donottrackplus@abine.com FF Extension: translator - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\translator@zoli.bod.xpi FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}.xpi FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\jyuov92h.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\admin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\admin\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Google Update) - C:\Users\admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 ==================== Services (Whitelisted) ================= S4 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY) S3 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S3 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () S3 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [427520 2013-08-20] (Connectify) R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] (Microsoft Corporation) S3 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation) S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [49152 2011-08-27] () S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [69632 2011-08-27] (Oracle Corporation) S3 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [115773440 2011-08-27] (Oracle Corporation) S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [12800 2011-08-27] (Oracle Corporation) S3 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [512000 2011-08-27] (Oracle Corporation) S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [3825152 2013-04-19] (SafeIP) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4773768 2012-10-02] (RealVNC Ltd) ==================== Drivers (Whitelisted) ==================== R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [34840 2013-09-03] (Connectify) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-03] (Oracle Corporation) S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-10] (ZTE) S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-08-10] (ZTE) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-18 11:38 - 2013-10-18 11:38 - 01050644 _____ C:\Users\admin\Downloads\adwcleaner.exe 2013-10-15 15:37 - 2013-10-15 15:37 - 00000334 _____ C:\Windows\PFRO.log 2013-10-15 15:32 - 2013-10-15 15:32 - 00448512 _____ (OldTimer Tools) C:\Users\admin\Desktop\TFC.exe 2013-10-15 14:18 - 2013-10-15 14:19 - 05833471 _____ C:\Users\admin\Desktop\0.8.8.rar 2013-10-15 14:18 - 2013-10-15 14:18 - 09716282 _____ C:\Users\admin\Desktop\xvm dla widzów.rar 2013-10-14 19:46 - 2013-10-14 19:46 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-10-14 19:41 - 2013-10-14 19:42 - 04009167 _____ C:\Users\admin\Desktop\ServicesRepair.exe 2013-10-13 14:42 - 2013-10-13 14:49 - 24985247 _____ C:\Users\admin\Desktop\Poradnik_wstawiania_torrent_w_Alien_w_tnttorrent.info.flv 2013-10-13 09:40 - 2013-10-13 09:40 - 06573098 _____ C:\Users\admin\Desktop\Jet_Engine_made_on_a_3D_Printer.mp4 2013-10-12 10:37 - 2013-10-12 10:37 - 00442624 _____ C:\Windows\Minidump\101213-57143-01.dmp 2013-10-11 16:16 - 2013-10-11 18:47 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine 2013-10-11 15:40 - 2013-10-14 19:35 - 00000000 ____D C:\FRST 2013-10-06 08:25 - 2013-10-18 11:56 - 00001176 _____ C:\Windows\setupact.log 2013-10-06 08:25 - 2013-10-06 08:25 - 00000000 _____ C:\Windows\setuperr.log 2013-10-06 08:16 - 2013-10-06 08:22 - 00000000 ____D C:\32788R22FWJFW 2013-10-02 20:10 - 2013-10-15 10:37 - 00810850 _____ C:\Windows\system32\perfh015.dat 2013-10-02 20:10 - 2013-10-15 10:37 - 00183126 _____ C:\Windows\system32\perfc015.dat 2013-10-02 20:10 - 2013-10-02 20:06 - 00337158 _____ C:\Windows\system32\perfi015.dat 2013-10-02 20:10 - 2013-10-02 20:06 - 00038710 _____ C:\Windows\system32\perfd015.dat 2013-10-02 20:08 - 2013-10-02 20:08 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2013-10-02 20:07 - 2013-10-02 20:07 - 00000000 ____D C:\Windows\SysWOW64\pl 2013-10-02 20:07 - 2013-10-02 20:07 - 00000000 ____D C:\Windows\system32\pl 2013-10-02 19:48 - 2013-10-02 19:51 - 70112552 _____ (Microsoft Corporation) C:\Users\admin\Desktop\windows6.1-kb2483139-x64-pl-pl_24d00a966a7a75132c3af5627634483d3e2d01e7.exe 2013-10-02 19:46 - 2013-10-02 19:46 - 01159844 _____ (www.froggie.sk) C:\Users\admin\Desktop\Vistalizator.exe 2013-09-30 20:44 - 2013-09-30 20:44 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-09-28 15:09 - 2013-09-28 15:10 - 00784840 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe 2013-09-27 15:13 - 2013-09-27 15:13 - 00000000 ____D C:\Users\admin\AppData\Local\cache 2013-09-27 15:00 - 2013-09-27 15:00 - 00000000 ____D C:\Users\admin\Desktop\tmp_obiektowe 2013-09-27 14:11 - 2013-09-27 14:14 - 20768534 _____ C:\Users\admin\Desktop\Amman_-_A_City_in_Motion_Time_Lapse_Video.flv 2013-09-26 13:46 - 2013-09-26 14:15 - 113494879 _____ C:\Users\admin\Desktop\Programowanie obiektowe26062013.zip 2013-09-26 13:10 - 2013-10-15 15:44 - 00106358 _____ C:\Users\admin\AppData\Roaming\SkrybotConfig.xml 2013-09-26 12:22 - 2013-09-26 13:09 - 206232833 _____ C:\Users\admin\Desktop\Paradygmaty_programowania26092013.zip 2013-09-26 10:05 - 2013-09-26 10:09 - 00000000 ____D C:\Skrybot 2013-09-26 09:59 - 2013-09-26 09:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skrybot DoMowy 2013-09-26 09:59 - 2013-09-26 09:59 - 00000000 ____D C:\Program Files (x86)\SkrybotDoMowy 2013-09-26 09:50 - 2013-09-26 09:50 - 00004096 ____H C:\Users\admin\AppData\Local\keyfile3.drm 2013-09-26 09:48 - 2012-03-27 23:03 - 00000000 ____D C:\Users\admin\Downloads\InstalatorSkrybotDomowyDemo-1.5.3.701 2013-09-26 09:43 - 2013-09-26 10:08 - 114279924 _____ C:\Users\admin\Desktop\skydrive-2013-09-26.zip 2013-09-26 09:15 - 2013-09-26 09:15 - 344408891 _____ C:\Users\admin\Downloads\InstalatorSkrybotDomowyDemo-1.5.3.701.exe 2013-09-26 05:52 - 2013-09-27 14:09 - 00000000 ____D C:\Users\admin\Desktop\sprawozdania_milosz 2013-09-25 18:07 - 2013-09-25 18:07 - 00002460 _____ C:\Users\admin\AppData\Local\recently-used.xbel 2013-09-25 17:12 - 2013-10-18 11:54 - 00000000 ____D C:\AdwCleaner 2013-09-25 07:33 - 2013-09-25 07:33 - 00000000 ____D C:\Users\admin\Desktop\Sprawozdania 2013-09-23 21:29 - 2013-09-23 21:29 - 00030560 _____ C:\Users\admin\Desktop\Untitled.camproj 2013-09-23 21:28 - 2013-09-23 21:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\TechSmith 2013-09-23 21:17 - 2013-09-23 21:19 - 1289795551 _____ C:\Users\admin\Desktop\blend3.camrec 2013-09-23 21:06 - 2013-09-23 21:06 - 00000000 ____D C:\Users\admin\AppData\Local\TechSmith 2013-09-23 20:26 - 2013-09-23 20:26 - 00000000 ____D C:\Users\admin\Documents\Camtasia Studio 2013-09-23 20:22 - 2013-09-23 20:25 - 2183170177 _____ C:\Users\admin\Desktop\blend2.camrec 2013-09-23 18:54 - 2013-09-23 18:55 - 654508032 _____ C:\Users\admin\Desktop\BLEND1.camrec 2013-09-23 18:25 - 2013-09-23 18:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Blender Foundation 2013-09-23 18:24 - 2013-09-23 18:24 - 00002108 _____ C:\Users\Public\Desktop\Blender.lnk 2013-09-23 18:23 - 2013-09-23 18:23 - 00000000 ____D C:\Program Files (x86)\Blender Foundation 2013-09-23 18:15 - 2013-09-23 18:19 - 41676340 _____ C:\Users\admin\Desktop\blender-2.68a-windows32.exe 2013-09-23 18:07 - 2013-09-23 18:07 - 00000000 ____D C:\Users\admin\Documents\plsqldoc 2013-09-23 07:42 - 2013-09-23 07:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PLSQL Developer 2013-09-23 07:41 - 2013-09-23 18:07 - 00000000 ____D C:\Users\admin\AppData\Roaming\PLSQL Developer 2013-09-23 07:41 - 2013-09-23 07:42 - 00000000 ____D C:\Program Files (x86)\PLSQL Developer 2013-09-23 07:41 - 2007-09-04 16:14 - 00180000 _____ C:\Windows\aaRemove.exe 2013-09-23 06:52 - 2013-09-29 22:47 - 00000000 ____D C:\Users\admin\Desktop\bazy-2013-09-22 2013-09-20 23:39 - 2013-09-20 23:40 - 17770370 _____ C:\Users\admin\Desktop\zdjecia_milosz.7z 2013-09-20 20:21 - 2013-09-20 20:21 - 02471809 _____ C:\Users\admin\Downloads\Holdin On - Flume.wav 2013-09-20 20:03 - 2013-09-21 11:06 - 00000000 ____D C:\Users\admin\Desktop\Przygotowania_do_testu 2013-09-20 13:31 - 2013-09-20 14:45 - 294829801 _____ C:\Users\admin\Desktop\skydrive-2013-09-20.zip ==================== One Month Modified Files and Folders ======= 2013-10-19 09:28 - 2013-04-21 04:02 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-19 09:18 - 2012-04-15 14:38 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514451098-3715522499-3830946451-1000UA.job 2013-10-19 07:28 - 2013-04-21 04:02 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-19 02:47 - 2012-04-30 16:48 - 01048566 _____ C:\Windows\WindowsUpdate.log 2013-10-18 19:03 - 2012-04-15 20:41 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C63EF671-1300-489F-A7EF-D9B7C32ABE58} 2013-10-18 15:18 - 2012-04-15 14:38 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514451098-3715522499-3830946451-1000Core.job 2013-10-18 12:05 - 2009-07-14 06:45 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-18 12:05 - 2009-07-14 06:45 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-18 11:56 - 2013-10-06 08:25 - 00001176 _____ C:\Windows\setupact.log 2013-10-18 11:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-18 11:54 - 2013-09-25 17:12 - 00000000 ____D C:\AdwCleaner 2013-10-18 11:38 - 2013-10-18 11:38 - 01050644 _____ C:\Users\admin\Downloads\adwcleaner.exe 2013-10-15 15:44 - 2013-09-26 13:10 - 00106358 _____ C:\Users\admin\AppData\Roaming\SkrybotConfig.xml 2013-10-15 15:37 - 2013-10-15 15:37 - 00000334 _____ C:\Windows\PFRO.log 2013-10-15 15:32 - 2013-10-15 15:32 - 00448512 _____ (OldTimer Tools) C:\Users\admin\Desktop\TFC.exe 2013-10-15 14:19 - 2013-10-15 14:18 - 05833471 _____ C:\Users\admin\Desktop\0.8.8.rar 2013-10-15 14:18 - 2013-10-15 14:18 - 09716282 _____ C:\Users\admin\Desktop\xvm dla widzów.rar 2013-10-15 10:37 - 2013-10-02 20:10 - 00810850 _____ C:\Windows\system32\perfh015.dat 2013-10-15 10:37 - 2013-10-02 20:10 - 00183126 _____ C:\Windows\system32\perfc015.dat 2013-10-15 10:37 - 2009-07-14 07:13 - 01867520 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-15 07:23 - 2013-04-21 04:02 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-15 07:23 - 2013-04-21 04:02 - 00003790 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-14 19:46 - 2013-10-14 19:46 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-10-14 19:42 - 2013-10-14 19:41 - 04009167 _____ C:\Users\admin\Desktop\ServicesRepair.exe 2013-10-14 19:35 - 2013-10-11 15:40 - 00000000 ____D C:\FRST 2013-10-14 19:35 - 2012-04-30 16:02 - 00000000 ____D C:\Program Files (x86)\Google 2013-10-14 19:35 - 2012-04-15 14:38 - 00000000 ____D C:\Users\admin\AppData\Local\Google 2013-10-13 19:12 - 2013-02-10 19:24 - 00000000 ____D C:\Games 2013-10-13 14:49 - 2013-10-13 14:42 - 24985247 _____ C:\Users\admin\Desktop\Poradnik_wstawiania_torrent_w_Alien_w_tnttorrent.info.flv 2013-10-13 09:40 - 2013-10-13 09:40 - 06573098 _____ C:\Users\admin\Desktop\Jet_Engine_made_on_a_3D_Printer.mp4 2013-10-12 16:17 - 2013-02-08 20:36 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps 2013-10-12 15:13 - 2012-04-15 14:38 - 00004032 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2514451098-3715522499-3830946451-1000UA 2013-10-12 15:13 - 2012-04-15 14:38 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2514451098-3715522499-3830946451-1000Core 2013-10-12 14:47 - 2012-05-23 01:30 - 00000000 ____D C:\Users\admin\.VirtualBox 2013-10-12 10:37 - 2013-10-12 10:37 - 00442624 _____ C:\Windows\Minidump\101213-57143-01.dmp 2013-10-12 10:37 - 2013-06-03 10:54 - 00000000 ____D C:\Windows\Minidump 2013-10-11 18:47 - 2013-10-11 16:16 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine 2013-10-06 08:30 - 2013-07-14 17:41 - 00000000 ____D C:\Program Files (x86)\Connectify 2013-10-06 08:25 - 2013-10-06 08:25 - 00000000 _____ C:\Windows\setuperr.log 2013-10-06 08:22 - 2013-10-06 08:16 - 00000000 ____D C:\32788R22FWJFW 2013-10-05 15:09 - 2012-04-28 02:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent 2013-10-02 20:08 - 2013-10-02 20:08 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2013-10-02 20:08 - 2011-04-12 10:28 - 00000000 ____D C:\Program Files\Windows Journal 2013-10-02 20:08 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\SysWOW64\winrm 2013-10-02 20:08 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\SysWOW64\WCN 2013-10-02 20:08 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-10-02 20:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing 2013-10-02 20:08 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System 2013-10-02 20:07 - 2013-10-02 20:07 - 00000000 ____D C:\Windows\SysWOW64\pl 2013-10-02 20:07 - 2013-10-02 20:07 - 00000000 ____D C:\Windows\system32\pl 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\system32\winrm 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\system32\WCN 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\system32\slmgr 2013-10-02 20:07 - 2011-04-12 10:17 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-10-02 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME 2013-10-02 20:06 - 2013-10-02 20:10 - 00337158 _____ C:\Windows\system32\perfi015.dat 2013-10-02 20:06 - 2013-10-02 20:10 - 00038710 _____ C:\Windows\system32\perfd015.dat 2013-10-02 19:51 - 2013-10-02 19:48 - 70112552 _____ (Microsoft Corporation) C:\Users\admin\Desktop\windows6.1-kb2483139-x64-pl-pl_24d00a966a7a75132c3af5627634483d3e2d01e7.exe 2013-10-02 19:46 - 2013-10-02 19:46 - 01159844 _____ (www.froggie.sk) C:\Users\admin\Desktop\Vistalizator.exe 2013-10-01 05:36 - 2012-05-23 16:06 - 00000000 ____D C:\Users\admin\AppData\Roaming\OpenOffice.org2 2013-09-30 20:44 - 2013-09-30 20:44 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-09-29 22:47 - 2013-09-23 06:52 - 00000000 ____D C:\Users\admin\Desktop\bazy-2013-09-22 2013-09-28 15:10 - 2013-09-28 15:09 - 00784840 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe 2013-09-27 15:14 - 2012-05-24 02:16 - 00000000 ____D C:\ProgramData\Autodesk 2013-09-27 15:13 - 2013-09-27 15:13 - 00000000 ____D C:\Users\admin\AppData\Local\cache 2013-09-27 15:12 - 2012-06-01 21:02 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-27 15:00 - 2013-09-27 15:00 - 00000000 ____D C:\Users\admin\Desktop\tmp_obiektowe 2013-09-27 14:14 - 2013-09-27 14:11 - 20768534 _____ C:\Users\admin\Desktop\Amman_-_A_City_in_Motion_Time_Lapse_Video.flv 2013-09-27 14:09 - 2013-09-26 05:52 - 00000000 ____D C:\Users\admin\Desktop\sprawozdania_milosz 2013-09-27 07:18 - 2013-04-21 15:48 - 00000000 ____D C:\Users\admin\Documents\Visual Studio 2010 2013-09-26 14:15 - 2013-09-26 13:46 - 113494879 _____ C:\Users\admin\Desktop\Programowanie obiektowe26062013.zip 2013-09-26 13:09 - 2013-09-26 12:22 - 206232833 _____ C:\Users\admin\Desktop\Paradygmaty_programowania26092013.zip 2013-09-26 10:09 - 2013-09-26 10:05 - 00000000 ____D C:\Skrybot 2013-09-26 10:08 - 2013-09-26 09:43 - 114279924 _____ C:\Users\admin\Desktop\skydrive-2013-09-26.zip 2013-09-26 09:59 - 2013-09-26 09:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skrybot DoMowy 2013-09-26 09:59 - 2013-09-26 09:59 - 00000000 ____D C:\Program Files (x86)\SkrybotDoMowy 2013-09-26 09:50 - 2013-09-26 09:50 - 00004096 ____H C:\Users\admin\AppData\Local\keyfile3.drm 2013-09-26 09:15 - 2013-09-26 09:15 - 344408891 _____ C:\Users\admin\Downloads\InstalatorSkrybotDomowyDemo-1.5.3.701.exe 2013-09-25 18:21 - 2012-09-17 12:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\AIMP 2013-09-25 18:10 - 2012-05-13 20:03 - 00000000 ____D C:\Users\admin\.gimp-2.8 2013-09-25 18:07 - 2013-09-25 18:07 - 00002460 _____ C:\Users\admin\AppData\Local\recently-used.xbel 2013-09-25 17:14 - 2012-04-15 14:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-25 17:14 - 2012-04-15 02:54 - 00001176 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-25 17:14 - 2012-04-15 02:54 - 00000989 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-09-25 07:33 - 2013-09-25 07:33 - 00000000 ____D C:\Users\admin\Desktop\Sprawozdania 2013-09-23 21:29 - 2013-09-23 21:29 - 00030560 _____ C:\Users\admin\Desktop\Untitled.camproj 2013-09-23 21:28 - 2013-09-23 21:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\TechSmith 2013-09-23 21:19 - 2013-09-23 21:17 - 1289795551 _____ C:\Users\admin\Desktop\blend3.camrec 2013-09-23 21:17 - 2012-05-10 22:21 - 00005120 _____ C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-23 21:06 - 2013-09-23 21:06 - 00000000 ____D C:\Users\admin\AppData\Local\TechSmith 2013-09-23 20:26 - 2013-09-23 20:26 - 00000000 ____D C:\Users\admin\Documents\Camtasia Studio 2013-09-23 20:25 - 2013-09-23 20:22 - 2183170177 _____ C:\Users\admin\Desktop\blend2.camrec 2013-09-23 18:55 - 2013-09-23 18:54 - 654508032 _____ C:\Users\admin\Desktop\BLEND1.camrec 2013-09-23 18:25 - 2013-09-23 18:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Blender Foundation 2013-09-23 18:25 - 2012-05-13 20:05 - 00000000 ____D C:\Users\admin\.thumbnails 2013-09-23 18:24 - 2013-09-23 18:24 - 00002108 _____ C:\Users\Public\Desktop\Blender.lnk 2013-09-23 18:23 - 2013-09-23 18:23 - 00000000 ____D C:\Program Files (x86)\Blender Foundation 2013-09-23 18:19 - 2013-09-23 18:15 - 41676340 _____ C:\Users\admin\Desktop\blender-2.68a-windows32.exe 2013-09-23 18:07 - 2013-09-23 18:07 - 00000000 ____D C:\Users\admin\Documents\plsqldoc 2013-09-23 18:07 - 2013-09-23 07:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\PLSQL Developer 2013-09-23 18:01 - 2013-06-17 10:48 - 99617096 _____ C:\Users\admin\Desktop\MIS - WYNIKOWA (BEZ SWIATEL).avi 2013-09-23 07:42 - 2013-09-23 07:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PLSQL Developer 2013-09-23 07:42 - 2013-09-23 07:41 - 00000000 ____D C:\Program Files (x86)\PLSQL Developer 2013-09-23 07:39 - 2013-04-16 12:45 - 00000000 ____D C:\Users\admin\Desktop\sqloracle 2013-09-21 11:06 - 2013-09-20 20:03 - 00000000 ____D C:\Users\admin\Desktop\Przygotowania_do_testu 2013-09-20 23:40 - 2013-09-20 23:39 - 17770370 _____ C:\Users\admin\Desktop\zdjecia_milosz.7z 2013-09-20 20:31 - 2012-04-15 20:33 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-09-20 20:21 - 2013-09-20 20:21 - 02471809 _____ C:\Users\admin\Downloads\Holdin On - Flume.wav 2013-09-20 14:45 - 2013-09-20 13:31 - 294829801 _____ C:\Users\admin\Desktop\skydrive-2013-09-20.zip 2013-09-20 11:19 - 2013-02-10 19:24 - 00000000 ____D C:\Windows\SysWOW64\directx Some content of TEMP: ==================== C:\Users\admin\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-11 20:23 ==================== End Of Log ============================