?Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02 Ran by Domek (administrator) on DOMEK-PC on 28-02-2014 18:07:05 Running from C:\Users\Domek\Desktop\programy_do_logow\programy do logów Microsoft® Windows Vista™ Home Premium (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (OldTimer Tools) C:\Users\Domek\Desktop\programy_do_logow\programy do logów\OTL (1).exe (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-11-16] (Microsoft Corporation) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor) HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [107112 2006-10-25] (Symantec Corporation) HKLM\...\Run: [osCheck] - C:\Program Files\Norton Internet Security\osCheck.exe [22696 2006-10-27] (Symantec Corporation) HKLM\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [5724184 2007-10-18] (Microsoft Corporation) HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [NSU_agent] - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] () HKLM\...\Policies\Explorer\Run: [50047] - C:\PROGRA~2\LOCALS~1\Temp\msibohesy.pif No File HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [5724184 2007-10-18] (Microsoft Corporation) HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation) HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\Run: [{DF33528E-FBCD-D94C-37C0-1D7B33BA90DE}] - C:\Users\Domek\AppData\Roaming\Bomeen\rudy.exe HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\Run: [Tech Net Audio] - "C:\ProgramData\Tech Net Audio\qpqpdndnn.exe" HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\CurrentVersion\Windows: [Load] C:\Users\Domek\LOCALS~1\Temp\msfriq.exe <===== ATTENTION HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\MountPoints2: {b67f4224-e42c-11de-b424-001c2538b347} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\MountPoints2: {bbdfdb6d-3f62-11e1-a455-001c2538b347} - F:\LaunchU3.exe -a HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\MountPoints2: {e3e9b742-649e-11e1-89ac-001c2538b347} - E:\Nokia_Ovi_Suite_installer_ALL.exe HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\MountPoints2: {ed5062c2-942a-11dd-921b-001c2538b347} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe HKU\S-1-5-21-2657755483-786395162-1712897653-1001\...\MountPoints2: {f3259639-95d4-11df-8803-001c2538b347} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - {7724124F-D712-4B0F-A3C4-097FF6F38B32} URL = http://www.google.com/search?hl=pl&q={searchTerms} BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: No Name - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ========================== Services (Whitelisted) ================= R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-25] (Symantec Corporation) R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-25] (Symantec Corporation) R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-25] (Symantec Corporation) S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-10-13] (Symantec Corporation) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [57520 2013-10-23] (Bitdefender) R2 Harmonogram automatycznej usługi LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation) S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-10-27] (Symantec Corporation) R3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation) R2 LiveUpdate Notice Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-25] (Symantec Corporation) S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation) S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2008-07-21] () R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-09-20] (Symantec Corporation) S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation) S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) S2 syshost32; "C:\Windows\Installer\{84203DD0-9401-A263-35D7-ECE315C2EAD6}\syshost.exe" /service [X] ==================== Drivers (Whitelisted) ==================== R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender) R1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17] (Bitdefender SRL) R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2008-09-02] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [99376 2008-09-02] (Symantec Corporation) R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC) R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSvix86.sys [270384 2008-09-12] (Symantec Corporation) R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation) R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20081018.004\NAVENG.SYS [89104 2008-08-20] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20081018.004\NAVEX15.SYS [873552 2008-08-20] (Symantec Corporation) R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-11-30] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-11-30] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-11-30] (Symantec Corporation) R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11792 2006-10-24] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-07-21] (Symantec Corporation) R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [144784 2006-10-24] (Symantec Corporation) R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [38928 2006-10-24] (Symantec Corporation) R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [37008 2006-10-24] (Symantec Corporation) R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-24] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-24] (Symantec Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [242504 2012-11-02] (BitDefender) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 pltrzmiy; \??\C:\Windows\system32\drivers\pltrzmiy.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-28 18:06 - 2014-02-28 18:07 - 00000000 ____D () C:\FRST 2014-02-28 17:41 - 2014-02-28 17:41 - 00000000 ____D () C:\Users\Domek\Desktop\programy_do_logow 2014-02-28 17:08 - 2014-02-28 17:23 - 00023040 _____ () C:\Windows\system32\bddel.exe 2014-02-28 17:08 - 2014-02-28 17:23 - 00003404 _____ () C:\Windows\system32\bddel.dat 2014-02-28 17:01 - 2014-02-28 17:01 - 00224671 _____ () C:\ProgramData\1393602521.bdinstall.bin 2014-02-28 16:53 - 2014-02-28 16:57 - 00002842 _____ () C:\Windows\system32\lic2.xml2205 2014-02-28 16:52 - 2014-02-28 16:52 - 00002007 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk 2014-02-28 16:52 - 2013-04-17 14:59 - 00633344 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2014-02-28 16:52 - 2013-04-17 14:59 - 00486536 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys 2014-02-28 16:52 - 2012-11-02 14:17 - 00242504 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys 2014-02-28 16:49 - 2014-02-28 16:52 - 00000000 ____D () C:\Program Files\Bitdefender 2014-02-28 16:49 - 2013-05-28 12:11 - 00355744 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2014-02-28 16:49 - 2013-04-22 13:20 - 00164952 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys 2014-02-28 16:48 - 2014-02-28 16:48 - 09927424 _____ () C:\Users\Domek\Desktop\Antivirus_Free_Edition_x86.exe 2014-02-28 16:48 - 2014-02-28 16:48 - 00162208 _____ () C:\Users\Domek\Desktop\Antivirus_Free_Edition.exe 2014-02-28 16:43 - 2014-02-28 16:43 - 00001629 _____ () C:\ProgramData\1393602167.5656.bin 2014-02-28 16:42 - 2014-02-28 16:43 - 00044482 _____ () C:\ProgramData\1393602167.4288.bin 2014-02-28 16:42 - 2014-02-28 16:42 - 00002056 _____ () C:\ProgramData\1393602167.2052.bin 2014-02-28 16:41 - 2014-02-28 16:41 - 00044298 _____ () C:\ProgramData\1393602012.bdinstall.bin 2014-02-28 16:39 - 2014-02-28 16:51 - 00000000 ____D () C:\Users\Domek\AppData\Roaming\QuickScan 2014-02-28 16:30 - 2014-02-28 16:31 - 00139008 _____ () C:\Windows\Minidump\Mini022814-02.dmp 2014-02-28 16:28 - 2014-02-28 16:28 - 00143224 _____ () C:\Windows\Minidump\Mini022814-01.dmp 2014-02-26 22:05 - 2014-01-19 08:32 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-02-26 22:03 - 2014-02-28 16:42 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-02-26 21:59 - 2014-02-28 15:42 - 05242934 _____ () C:\Users\Domek\AppData\Roaming\BitCrypt.bmp 2014-02-26 21:59 - 2014-02-28 15:42 - 00000085 _____ () C:\Users\Domek\AppData\Roaming\del.bat 2014-02-26 21:53 - 2014-02-26 21:53 - 00014001 _____ () C:\Users\Domek\Documents\BitCrypt.txt.bitcrypt2 2014-02-26 21:53 - 2014-02-26 21:53 - 00014001 _____ () C:\Users\Domek\Desktop\BitCrypt.txt.bitcrypt2 2014-02-26 21:51 - 2014-02-26 21:51 - 00014001 _____ () C:\Users\Public\Documents\BitCrypt.txt.bitcrypt2 2014-02-26 21:43 - 2014-02-26 21:43 - 00143224 _____ () C:\Windows\Minidump\Mini022614-01.dmp 2014-02-26 21:29 - 2014-02-26 21:51 - 00013609 _____ () C:\Users\Public\Documents\BitCrypt.txt 2014-02-26 21:29 - 2014-02-26 21:29 - 00037350 _____ () C:\Users\Public\Documents\SIGVERIF.TXT.bitcrypt2 2014-02-26 21:28 - 2014-02-26 21:28 - 00010373 _____ () C:\Users\Domek\Documents\Nalewki - słodycz minionego lata.txt.bitcrypt2 2014-02-26 21:25 - 2014-02-26 21:25 - 00000427 _____ () C:\Users\Domek\Documents\Office2007TrialActivationKey.txt.bitcrypt2 2014-02-26 21:18 - 2014-02-26 21:18 - 00029576 _____ () C:\Users\Domek\Desktop\pismo.doc.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 01347705 _____ () C:\Users\Domek\Desktop\ScanImage001l4.jpg.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 00253186 _____ () C:\Users\Domek\Documents\Form-PIT-36-grudzie%C5%84-2012.pdf.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 00131046 _____ () C:\Users\Domek\Documents\Form-PIT-B-2011.pdf.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 00013890 _____ () C:\Users\Domek\Documents\Storczyki.txt.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 00010483 _____ () C:\Users\Domek\Documents\Wrzosy.txt.bitcrypt2 2014-02-26 21:14 - 2014-02-26 21:53 - 00013609 _____ () C:\Users\Domek\Documents\BitCrypt.txt 2014-02-26 21:14 - 2014-02-26 21:14 - 01216801 _____ () C:\Users\Domek\Desktop\VCR.docx.bitcrypt2 2014-02-26 21:13 - 2014-02-26 21:53 - 00013609 _____ () C:\Users\Domek\Desktop\BitCrypt.txt 2014-02-26 21:13 - 2014-02-26 21:14 - 09358400 _____ () C:\Users\Domek\Documents\dzumi270910.pdf.bitcrypt2 2014-02-26 21:13 - 2014-02-26 21:13 - 01701946 _____ () C:\Users\Domek\Desktop\Mala_ksiazeczka_o_zmianach_w_przepisach.pdf.bitcrypt2 2014-02-26 21:13 - 2014-02-26 21:13 - 00012175 _____ () C:\Users\Domek\Desktop\Agatha Christie.docx.bitcrypt2 2014-02-26 20:43 - 2014-02-26 22:47 - 00000000 ____D () C:\Users\Domek\AppData\Roaming\10062552 2014-02-26 20:40 - 2014-02-28 15:42 - 00000207 _____ () C:\Users\Domek\AppData\Roaming\bitcrypt.ccw 2014-02-26 20:40 - 2014-02-26 20:40 - 00013609 _____ () C:\Users\Domek\AppData\Roaming\BitCrypt.txt 2014-02-26 20:39 - 2014-02-28 17:23 - 00000000 __SHD () C:\ProgramData\Tech Net Audio 2014-02-17 01:31 - 2014-02-17 01:31 - 00001652 _____ () C:\Users\Domek\AppData\Roaming\Microsoft\Windows\Start Menu\SKP2014_2.lnk 2014-02-17 01:31 - 2014-02-17 01:31 - 00001628 _____ () C:\Users\Domek\Desktop\SKP2014_2.lnk 2014-02-16 16:45 - 2014-02-16 16:45 - 00001652 _____ () C:\Users\Domek\AppData\Roaming\Microsoft\Windows\Start Menu\SKP2014_1.lnk 2014-02-16 16:45 - 2014-02-16 16:45 - 00001628 _____ () C:\Users\Domek\Desktop\2014 wersja 2.lnk 2014-02-16 15:48 - 2014-02-16 15:48 - 00001632 _____ () C:\Users\Domek\AppData\Roaming\Microsoft\Windows\Start Menu\SKP2014.lnk 2014-02-16 15:48 - 2014-02-16 15:48 - 00001608 _____ () C:\Users\Domek\Desktop\1 wersja 2914.lnk ==================== One Month Modified Files and Folders ======= 2014-02-28 18:07 - 2014-02-28 18:06 - 00000000 ____D () C:\FRST 2014-02-28 18:05 - 2006-11-02 13:47 - 00003856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-28 18:05 - 2006-11-02 13:47 - 00003856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-28 17:41 - 2014-02-28 17:41 - 00000000 ____D () C:\Users\Domek\Desktop\programy_do_logow 2014-02-28 17:41 - 2006-12-05 06:22 - 00535330 _____ () C:\Windows\system32\perfh015.dat 2014-02-28 17:41 - 2006-12-05 06:22 - 00086210 _____ () C:\Windows\system32\perfc015.dat 2014-02-28 17:41 - 2006-11-02 11:33 - 01326240 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-28 17:23 - 2014-02-28 17:08 - 00023040 _____ () C:\Windows\system32\bddel.exe 2014-02-28 17:23 - 2014-02-28 17:08 - 00003404 _____ () C:\Windows\system32\bddel.dat 2014-02-28 17:23 - 2014-02-26 20:39 - 00000000 __SHD () C:\ProgramData\Tech Net Audio 2014-02-28 17:11 - 2006-11-02 13:52 - 01171070 _____ () C:\Windows\WindowsUpdate.log 2014-02-28 17:06 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-28 17:04 - 2006-11-02 14:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-28 17:01 - 2014-02-28 17:01 - 00224671 _____ () C:\ProgramData\1393602521.bdinstall.bin 2014-02-28 17:00 - 2008-07-10 16:32 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{B6D20347-D746-4471-BF6F-B67CF8CF3AA3}.job 2014-02-28 16:57 - 2014-02-28 16:53 - 00002842 _____ () C:\Windows\system32\lic2.xml2205 2014-02-28 16:52 - 2014-02-28 16:52 - 00002007 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk 2014-02-28 16:52 - 2014-02-28 16:49 - 00000000 ____D () C:\Program Files\Bitdefender 2014-02-28 16:52 - 2008-07-09 20:58 - 00000000 ____D () C:\Users\Domek 2014-02-28 16:52 - 2006-11-02 13:52 - 00056747 _____ () C:\Windows\setupact.log 2014-02-28 16:51 - 2014-02-28 16:39 - 00000000 ____D () C:\Users\Domek\AppData\Roaming\QuickScan 2014-02-28 16:48 - 2014-02-28 16:48 - 09927424 _____ () C:\Users\Domek\Desktop\Antivirus_Free_Edition_x86.exe 2014-02-28 16:48 - 2014-02-28 16:48 - 00162208 _____ () C:\Users\Domek\Desktop\Antivirus_Free_Edition.exe 2014-02-28 16:43 - 2014-02-28 16:43 - 00001629 _____ () C:\ProgramData\1393602167.5656.bin 2014-02-28 16:43 - 2014-02-28 16:42 - 00044482 _____ () C:\ProgramData\1393602167.4288.bin 2014-02-28 16:42 - 2014-02-28 16:42 - 00002056 _____ () C:\ProgramData\1393602167.2052.bin 2014-02-28 16:42 - 2014-02-26 22:03 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-02-28 16:42 - 2013-02-23 19:55 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-28 16:41 - 2014-02-28 16:41 - 00044298 _____ () C:\ProgramData\1393602012.bdinstall.bin 2014-02-28 16:31 - 2014-02-28 16:30 - 00139008 _____ () C:\Windows\Minidump\Mini022814-02.dmp 2014-02-28 16:30 - 2009-10-17 19:44 - 123920119 _____ () C:\Windows\MEMORY.DMP 2014-02-28 16:30 - 2009-10-17 19:44 - 00000000 ____D () C:\Windows\Minidump 2014-02-28 16:28 - 2014-02-28 16:28 - 00143224 _____ () C:\Windows\Minidump\Mini022814-01.dmp 2014-02-28 16:28 - 2007-11-16 12:20 - 00043964 _____ () C:\Windows\PFRO.log 2014-02-28 16:24 - 2012-11-01 15:54 - 00000000 ____D () C:\Users\Domek\Desktop\ANNA 2014-02-28 16:05 - 2007-11-21 17:04 - 00000270 _____ () C:\Windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job 2014-02-28 15:42 - 2014-02-26 21:59 - 05242934 _____ () C:\Users\Domek\AppData\Roaming\BitCrypt.bmp 2014-02-28 15:42 - 2014-02-26 21:59 - 00000085 _____ () C:\Users\Domek\AppData\Roaming\del.bat 2014-02-28 15:42 - 2014-02-26 20:40 - 00000207 _____ () C:\Users\Domek\AppData\Roaming\bitcrypt.ccw 2014-02-26 22:47 - 2014-02-26 20:43 - 00000000 ____D () C:\Users\Domek\AppData\Roaming\10062552 2014-02-26 21:59 - 2013-10-14 19:15 - 00000000 ____D () C:\Users\Domek\Desktop\Propozycje 2014-02-26 21:57 - 2008-06-17 09:47 - 00000000 ____D () C:\Users\Domek\Desktop\opisowka 2014-02-26 21:53 - 2014-02-26 21:53 - 00014001 _____ () C:\Users\Domek\Documents\BitCrypt.txt.bitcrypt2 2014-02-26 21:53 - 2014-02-26 21:53 - 00014001 _____ () C:\Users\Domek\Desktop\BitCrypt.txt.bitcrypt2 2014-02-26 21:53 - 2014-02-26 21:14 - 00013609 _____ () C:\Users\Domek\Documents\BitCrypt.txt 2014-02-26 21:53 - 2014-02-26 21:13 - 00013609 _____ () C:\Users\Domek\Desktop\BitCrypt.txt 2014-02-26 21:52 - 2014-01-04 12:06 - 00000000 ____D () C:\Users\Domek\Desktop\SPIS Z NATURY 2014-02-26 21:52 - 2008-11-22 13:28 - 00000000 ____D () C:\Users\Domek\Desktop\Arek 2014-02-26 21:51 - 2014-02-26 21:51 - 00014001 _____ () C:\Users\Public\Documents\BitCrypt.txt.bitcrypt2 2014-02-26 21:51 - 2014-02-26 21:29 - 00013609 _____ () C:\Users\Public\Documents\BitCrypt.txt 2014-02-26 21:43 - 2014-02-26 21:43 - 00143224 _____ () C:\Windows\Minidump\Mini022614-01.dmp 2014-02-26 21:29 - 2014-02-26 21:29 - 00037350 _____ () C:\Users\Public\Documents\SIGVERIF.TXT.bitcrypt2 2014-02-26 21:28 - 2014-02-26 21:28 - 00010373 _____ () C:\Users\Domek\Documents\Nalewki - słodycz minionego lata.txt.bitcrypt2 2014-02-26 21:25 - 2014-02-26 21:25 - 00000427 _____ () C:\Users\Domek\Documents\Office2007TrialActivationKey.txt.bitcrypt2 2014-02-26 21:18 - 2014-02-26 21:18 - 00029576 _____ () C:\Users\Domek\Desktop\pismo.doc.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 01347705 _____ () C:\Users\Domek\Desktop\ScanImage001l4.jpg.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 00253186 _____ () C:\Users\Domek\Documents\Form-PIT-36-grudzie%C5%84-2012.pdf.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 00131046 _____ () C:\Users\Domek\Documents\Form-PIT-B-2011.pdf.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 00013890 _____ () C:\Users\Domek\Documents\Storczyki.txt.bitcrypt2 2014-02-26 21:15 - 2014-02-26 21:15 - 00010483 _____ () C:\Users\Domek\Documents\Wrzosy.txt.bitcrypt2 2014-02-26 21:14 - 2014-02-26 21:14 - 01216801 _____ () C:\Users\Domek\Desktop\VCR.docx.bitcrypt2 2014-02-26 21:14 - 2014-02-26 21:13 - 09358400 _____ () C:\Users\Domek\Documents\dzumi270910.pdf.bitcrypt2 2014-02-26 21:13 - 2014-02-26 21:13 - 01701946 _____ () C:\Users\Domek\Desktop\Mala_ksiazeczka_o_zmianach_w_przepisach.pdf.bitcrypt2 2014-02-26 21:13 - 2014-02-26 21:13 - 00012175 _____ () C:\Users\Domek\Desktop\Agatha Christie.docx.bitcrypt2 2014-02-26 20:40 - 2014-02-26 20:40 - 00013609 _____ () C:\Users\Domek\AppData\Roaming\BitCrypt.txt 2014-02-21 21:20 - 2008-07-21 18:55 - 00000522 _____ () C:\Windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Domek.job 2014-02-21 16:42 - 2013-02-23 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-21 16:42 - 2013-02-23 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-17 01:31 - 2014-02-17 01:31 - 00001652 _____ () C:\Users\Domek\AppData\Roaming\Microsoft\Windows\Start Menu\SKP2014_2.lnk 2014-02-17 01:31 - 2014-02-17 01:31 - 00001628 _____ () C:\Users\Domek\Desktop\SKP2014_2.lnk 2014-02-17 01:31 - 2012-07-12 16:48 - 00000000 ____D () C:\Users\Domek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SKP 2014-02-17 01:31 - 2012-07-12 16:47 - 00000000 ____D () C:\Programy firmy FORMAT 2014-02-16 16:45 - 2014-02-16 16:45 - 00001652 _____ () C:\Users\Domek\AppData\Roaming\Microsoft\Windows\Start Menu\SKP2014_1.lnk 2014-02-16 16:45 - 2014-02-16 16:45 - 00001628 _____ () C:\Users\Domek\Desktop\2014 wersja 2.lnk 2014-02-16 15:48 - 2014-02-16 15:48 - 00001632 _____ () C:\Users\Domek\AppData\Roaming\Microsoft\Windows\Start Menu\SKP2014.lnk 2014-02-16 15:48 - 2014-02-16 15:48 - 00001608 _____ () C:\Users\Domek\Desktop\1 wersja 2914.lnk 2014-02-13 20:53 - 2013-08-19 05:51 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-13 20:48 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP: ==================== C:\Users\Domek\AppData\Local\Temp\0000bad5.exe C:\Users\Domek\AppData\Local\Temp\0002ddd0.exe C:\Users\Domek\AppData\Local\Temp\00069cea.exe C:\Users\Domek\AppData\Local\Temp\0006b8a4.exe C:\Users\Domek\AppData\Local\Temp\002a2e50.exe C:\Users\Domek\AppData\Local\Temp\413886.exe C:\Users\Domek\AppData\Local\Temp\bucp2bfa.dll C:\Users\Domek\AppData\Local\Temp\ginst0.dll C:\Users\Domek\AppData\Local\Temp\symlcsv1.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-28 17:17 ==================== End Of Log ============================