Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by ADFX (administrator) on ADFX-KOMPUTER on 12-05-2014 18:32:17 Running from C:\Users\ADFX\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe (MetaQuotes Software Corp.) C:\Program Files (x86)\Inwestor online FX\terminal.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (The Eraser Project) C:\Program Files\Eraser\Eraser.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Mozilla Corporation) E:\WIN7_OLD\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\AntiVirus\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe, HKU\S-1-5-21-1431558860-975398864-1428295374-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-03-30] (TrueCrypt Foundation) HKU\S-1-5-21-1431558860-975398864-1428295374-1000\...\MountPoints2: D - D:\SYSTEM\AUTOSTRT.EXE HKU\S-1-5-21-1431558860-975398864-1428295374-1000\...\MountPoints2: {14b595ad-b6d6-11e3-a919-0023ae920570} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1431558860-975398864-1428295374-1000\...\MountPoints2: {14b59622-b6d6-11e3-a919-0023ae920570} - F:\setup.exe HKU\S-1-5-21-1431558860-975398864-1428295374-1000\...\MountPoints2: {aa312884-73d4-11e3-bb88-0023ae920570} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-1431558860-975398864-1428295374-1000\...\MountPoints2: {b61c378f-91c2-11e3-a0ee-0023ae920570} - H:\setup.exe HKU\S-1-5-21-1431558860-975398864-1428295374-1000\...\MountPoints2: {b61c37b1-91c2-11e3-a0ee-0023ae920570} - F:\setup.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C13E77F1763CF01 SearchScopes: HKCU - {5653652B-E1B6-4A4D-9E0B-48BEC281790C} URL = http://ask-tb.com/web?tpid=FXT-RG&o=Y10001&pf=V7&p2=%5EB9M%5EYYYYYY%5EYY%5EPL&gct=&itbv=12.10.0.3815&apn_uid=B9E6D12C-CECC-4510-9A01-F6F97D2B233B&apn_ptnrs=%5EB9M&apn_dtid=%5EYYYYYY%5EYY%5EPL&apn_dbr=cr_32.0.1700.76&doi=2014-01-20&trgb=ALL&q={searchTerms}&psv= BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\ADFX\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-21] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-21] Chrome: ======= CHR HomePage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=KINGSTONXSH103S3120G_50026B733102E9D9&ts=1367827844 CHR StartupUrls: "hxxp://google.pl/", "hxxp://ask-tb.com/?tpid=FXT-RG&o=Y10001&pf=V7&trgb=ALL&p2=%5EB9M%5EYYYYYY%5EYY%5EPL&gct=hp&apn_ptnrs=%5EB9M&apn_dtid=%5EYYYYYY%5EYY%5EPL&apn_dbr=cr_32.0.1700.76&apn_uid=B9E6D12C-CECC-4510-9A01-F6F97D2B233B&itbv=12.10.0.3815&doi=2014-01-20&psv=" CHR Extension: (Google Translate) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-12-10] CHR Extension: (Przelewy24) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2013-12-10] CHR Extension: (Dokumenty Google) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09] CHR Extension: (Dysk Google) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-09] CHR Extension: (News Reader (by Google)) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhhcdlggicnjoobiphdkdgmblbknkjjp [2013-12-10] CHR Extension: (YouTube) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-09] CHR Extension: (Szukaj w Google) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-09] CHR Extension: (Kalendarz Google) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-12] CHR Extension: (Mini Radio Player) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeaebedjghkdbccfenjbiilalegknlj [2013-12-10] CHR Extension: (AdBlock) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-09] CHR Extension: (Adres IP) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh [2013-12-10] CHR Extension: (Konwersja PDF do Word) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclbidlajocjmicnpgpfmkblhdhjelfe [2013-12-10] CHR Extension: (Google Wallet) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-09] CHR Extension: (Przeglądarka dokumentów PDF/PowerPoint (od Google)) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-03-12] CHR Extension: (Gmail) - C:\Users\ADFX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-09] ==================== Services (Whitelisted) ================= R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2723400 2014-03-25] (G Data Software AG) R2 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2274592 2013-11-13] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () ==================== Drivers (Whitelisted) ==================== S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [41984 2010-11-20] (Microsoft Corporation) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-10] (G Data Software AG) R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-05-10] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-05-10] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-05-10] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-05-10] (G Data Software AG) S3 GPUZ; C:\Windows\TEMP\GPUZ.sys [27008 2014-01-02] () R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-05-10] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-05-10] (G Data Software AG) S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [41984 2010-11-20] (Microsoft Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-12] (Malwarebytes Corporation) S3 qcusbnet; C:\Windows\System32\DRIVERS\innosusbnet.sys [510976 2012-10-26] (QUALCOMM Incorporated) S3 qcusbser; C:\Windows\System32\DRIVERS\innosusbser.sys [369792 2012-10-26] (QUALCOMM Incorporated) R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib) S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] R3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X] R3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-12 18:32 - 2014-05-12 18:32 - 00016475 _____ () C:\Users\ADFX\Downloads\FRST.txt 2014-05-12 18:30 - 2014-05-12 18:32 - 00000000 ____D () C:\FRST 2014-05-12 18:26 - 2014-05-12 18:26 - 00052594 _____ () C:\Users\ADFX\Desktop\Extras.Txt 2014-05-12 18:25 - 2014-05-12 18:25 - 00097852 _____ () C:\Users\ADFX\Desktop\OTL.Txt 2014-05-12 18:22 - 2014-05-12 18:22 - 02066944 _____ (Farbar) C:\Users\ADFX\Downloads\FRST64.exe 2014-05-12 18:17 - 2014-05-12 18:17 - 00602112 _____ (OldTimer Tools) C:\Users\ADFX\Downloads\OTL.exe 2014-05-12 18:15 - 2014-05-12 18:15 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\ADFX\Downloads\SPTDinst-v186-x64.exe 2014-05-12 18:08 - 2014-05-12 18:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-12 17:58 - 2014-05-12 17:58 - 00550371 _____ () C:\Users\ADFX\Downloads\Autoruns.zip 2014-05-12 17:58 - 2014-05-12 17:58 - 00550371 _____ () C:\Users\ADFX\Downloads\Autoruns (1).zip 2014-05-12 17:58 - 2014-05-12 17:58 - 00000000 ____D () C:\Users\ADFX\Downloads\Autoruns (1) 2014-05-12 17:54 - 2014-05-12 18:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-12 17:54 - 2014-05-12 17:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ADFX\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-12 17:54 - 2014-05-12 17:54 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-12 17:54 - 2014-05-12 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-12 17:54 - 2014-05-12 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-12 17:52 - 2014-05-12 17:52 - 00702752 _____ () C:\Users\ADFX\Downloads\Malwarebytes-AntiMalware(13117).exe 2014-05-12 17:46 - 2014-05-12 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-12 17:46 - 2014-05-12 17:45 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-05-12 17:46 - 2014-05-12 17:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-05-12 17:46 - 2014-05-12 17:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-05-12 17:46 - 2014-05-12 17:45 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-05-12 17:45 - 2014-05-12 17:45 - 00000000 ____D () C:\Program Files\Java 2014-05-12 17:44 - 2014-05-12 17:45 - 30818216 _____ (Oracle Corporation) C:\Users\ADFX\Downloads\jre-7u55-windows-x64.exe 2014-05-12 17:22 - 2014-05-12 17:22 - 00003160 _____ () C:\Windows\System32\Tasks\{F41E6F7F-3B3E-410A-B99E-2BE7AC878276} 2014-05-12 17:19 - 2014-05-12 17:49 - 00001935 _____ () C:\Users\Public\Desktop\Inwestor online FX.lnk 2014-05-12 17:18 - 2014-05-12 17:18 - 00428160 _____ (MetaQuotes Software Corp.) C:\Users\ADFX\Downloads\inwestor_online_fx_setup.exe 2014-05-11 20:31 - 2014-05-11 20:31 - 04474014 _____ () C:\Users\ADFX\Desktop\AttendeeViewerImage000.bmp 2014-05-11 18:36 - 2014-05-12 17:54 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1431558860-975398864-1428295374-1000.job 2014-05-11 18:36 - 2014-05-11 18:36 - 00003590 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1431558860-975398864-1428295374-1000 2014-05-11 08:59 - 2014-05-11 08:59 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\Oracle 2014-05-11 08:57 - 2014-05-11 08:57 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-10 17:00 - 2014-05-10 17:00 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2014-05-10 17:00 - 2014-05-10 17:00 - 00001889 _____ () C:\Users\Public\Desktop\G Data AntiVirus.lnk 2014-05-10 17:00 - 2014-05-10 17:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf 2014-05-10 17:00 - 2014-05-10 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2014-05-10 16:54 - 2014-05-10 16:54 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-10 16:54 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-10 16:54 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-10 16:54 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-10 16:54 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 10:16 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 10:16 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-04-30 09:06 - 2014-04-30 09:06 - 00000879 _____ () C:\Users\ADFX\Desktop\MWSnap 3.lnk 2014-04-30 09:06 - 2014-04-30 09:06 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWSnap 2014-04-30 09:06 - 2014-04-30 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWSnap 2014-04-30 09:06 - 2014-04-30 09:06 - 00000000 ____D () C:\Program Files (x86)\MWSnap 2014-04-30 09:05 - 2014-04-30 09:05 - 00658771 _____ () C:\Users\ADFX\Downloads\MWSnap300.exe 2014-04-29 21:59 - 2014-04-29 21:59 - 21987032 _____ (e-file sp. z o.o. ) C:\Users\ADFX\Downloads\setup_e-pity2013.exe 2014-04-28 21:25 - 2014-04-28 21:25 - 00000000 __SHD () C:\Users\ADFX\AppData\Local\EmieUserList 2014-04-28 21:25 - 2014-04-28 21:25 - 00000000 __SHD () C:\Users\ADFX\AppData\Local\EmieSiteList 2014-04-28 10:46 - 2014-04-24 12:32 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys 2014-04-28 01:26 - 2014-04-28 01:30 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-04-28 01:26 - 2014-04-28 01:26 - 00000991 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-04-28 01:26 - 2014-04-28 01:26 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\pdfforge 2014-04-28 01:26 - 2014-04-28 01:26 - 00000000 ____D () C:\ProgramData\PDF Architect 2 2014-04-28 01:26 - 2014-04-28 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-04-28 01:26 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX 2014-04-28 01:26 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2014-04-28 01:26 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-04-28 01:26 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-04-28 01:26 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-04-28 01:24 - 2014-04-28 01:24 - 27843432 _____ (pdfforge ) C:\Users\ADFX\Downloads\PDFCreator-1_7_3_setup.exe 2014-04-27 12:53 - 2014-05-10 16:52 - 00000000 ____D () C:\Users\ADFX\Desktop\dla rafała 2014-04-25 11:48 - 2014-04-25 12:12 - 02154372 _____ () C:\Users\ADFX\Desktop\Dorota Bełz przykłady poprawione.odt 2014-04-23 20:33 - 2014-04-23 20:34 - 08860778 _____ () C:\Users\ADFX\Downloads\Moje dokumenty.rar 2014-04-22 21:47 - 2014-04-24 10:21 - 01965733 _____ () C:\Users\ADFX\Desktop\przykłady scenariuszy Dorota Bełz.odt 2014-04-15 22:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-15 22:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-15 22:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-15 22:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-15 22:00 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-15 22:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-15 22:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-15 22:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-15 22:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-15 22:00 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-15 22:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-15 22:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-15 22:00 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-15 22:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-15 22:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-15 22:00 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-15 22:00 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-15 22:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-15 22:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-15 22:00 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-15 22:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-15 22:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-15 22:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-15 22:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-15 22:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-15 22:00 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-15 22:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-15 22:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-15 22:00 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-15 22:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-15 22:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-15 22:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-15 22:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-15 22:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-15 22:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-15 22:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-15 22:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-15 22:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-15 22:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-15 22:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-15 22:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-15 22:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-15 22:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-15 22:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll ==================== One Month Modified Files and Folders ======= 2014-05-12 18:32 - 2014-05-12 18:32 - 00016475 _____ () C:\Users\ADFX\Downloads\FRST.txt 2014-05-12 18:32 - 2014-05-12 18:30 - 00000000 ____D () C:\FRST 2014-05-12 18:29 - 2013-12-09 19:32 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-12 18:26 - 2014-05-12 18:26 - 00052594 _____ () C:\Users\ADFX\Desktop\Extras.Txt 2014-05-12 18:25 - 2014-05-12 18:25 - 00097852 _____ () C:\Users\ADFX\Desktop\OTL.Txt 2014-05-12 18:22 - 2014-05-12 18:22 - 02066944 _____ (Farbar) C:\Users\ADFX\Downloads\FRST64.exe 2014-05-12 18:17 - 2014-05-12 18:17 - 00602112 _____ (OldTimer Tools) C:\Users\ADFX\Downloads\OTL.exe 2014-05-12 18:15 - 2014-05-12 18:15 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\ADFX\Downloads\SPTDinst-v186-x64.exe 2014-05-12 18:08 - 2014-05-12 18:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-12 18:07 - 2014-05-12 17:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-12 17:58 - 2014-05-12 17:58 - 00550371 _____ () C:\Users\ADFX\Downloads\Autoruns.zip 2014-05-12 17:58 - 2014-05-12 17:58 - 00550371 _____ () C:\Users\ADFX\Downloads\Autoruns (1).zip 2014-05-12 17:58 - 2014-05-12 17:58 - 00000000 ____D () C:\Users\ADFX\Downloads\Autoruns (1) 2014-05-12 17:54 - 2014-05-12 17:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ADFX\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-12 17:54 - 2014-05-12 17:54 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-12 17:54 - 2014-05-12 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-12 17:54 - 2014-05-12 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-12 17:54 - 2014-05-11 18:36 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1431558860-975398864-1428295374-1000.job 2014-05-12 17:54 - 2011-04-12 15:21 - 00741664 _____ () C:\Windows\system32\perfh015.dat 2014-05-12 17:54 - 2011-04-12 15:21 - 00156308 _____ () C:\Windows\system32\perfc015.dat 2014-05-12 17:54 - 2009-07-14 07:13 - 01669190 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-12 17:54 - 2009-07-14 06:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-12 17:54 - 2009-07-14 06:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-12 17:52 - 2014-05-12 17:52 - 00702752 _____ () C:\Users\ADFX\Downloads\Malwarebytes-AntiMalware(13117).exe 2014-05-12 17:51 - 2014-02-09 21:46 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-12 17:50 - 2013-12-09 20:15 - 00000000 ____D () C:\Program Files (x86)\Inwestor online FX 2014-05-12 17:50 - 2013-12-09 19:00 - 01710224 _____ () C:\Windows\WindowsUpdate.log 2014-05-12 17:49 - 2014-05-12 17:19 - 00001935 _____ () C:\Users\Public\Desktop\Inwestor online FX.lnk 2014-05-12 17:47 - 2014-04-10 11:08 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\Skype 2014-05-12 17:47 - 2013-12-10 09:16 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-12 17:47 - 2013-12-09 19:32 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-12 17:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-12 17:47 - 2009-07-14 06:51 - 00076675 _____ () C:\Windows\setupact.log 2014-05-12 17:46 - 2014-05-12 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-12 17:45 - 2014-05-12 17:46 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-05-12 17:45 - 2014-05-12 17:46 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-05-12 17:45 - 2014-05-12 17:46 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-05-12 17:45 - 2014-05-12 17:46 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-05-12 17:45 - 2014-05-12 17:45 - 00000000 ____D () C:\Program Files\Java 2014-05-12 17:45 - 2014-05-12 17:44 - 30818216 _____ (Oracle Corporation) C:\Users\ADFX\Downloads\jre-7u55-windows-x64.exe 2014-05-12 17:40 - 2014-03-01 21:15 - 00000000 ___RD () C:\Users\ADFX\Virtual Machines 2014-05-12 17:32 - 2013-12-12 10:36 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-12 17:23 - 2014-03-01 22:32 - 00000000 ____D () C:\VIRTUALPC 2014-05-12 17:22 - 2014-05-12 17:22 - 00003160 _____ () C:\Windows\System32\Tasks\{F41E6F7F-3B3E-410A-B99E-2BE7AC878276} 2014-05-12 17:18 - 2014-05-12 17:18 - 00428160 _____ (MetaQuotes Software Corp.) C:\Users\ADFX\Downloads\inwestor_online_fx_setup.exe 2014-05-12 17:15 - 2014-03-21 22:41 - 00000000 ____D () C:\Program Files (x86)\mForex Trader 2014-05-12 16:58 - 2013-12-09 20:25 - 00000000 ____D () C:\Program Files (x86)\BOSSAFX 2014-05-12 10:43 - 2014-03-25 08:11 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll 2014-05-11 20:31 - 2014-05-11 20:31 - 04474014 _____ () C:\Users\ADFX\Desktop\AttendeeViewerImage000.bmp 2014-05-11 19:33 - 2014-03-02 12:10 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC 2014-05-11 18:36 - 2014-05-11 18:36 - 00003590 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1431558860-975398864-1428295374-1000 2014-05-11 08:59 - 2014-05-11 08:59 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\Oracle 2014-05-11 08:57 - 2014-05-11 08:57 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-11 08:57 - 2013-12-12 10:36 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-10 18:10 - 2014-01-02 22:45 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2014-05-10 18:10 - 2014-01-02 22:45 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2014-05-10 17:01 - 2013-12-09 20:08 - 00068608 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2014-05-10 17:00 - 2014-05-10 17:00 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2014-05-10 17:00 - 2014-05-10 17:00 - 00001889 _____ () C:\Users\Public\Desktop\G Data AntiVirus.lnk 2014-05-10 17:00 - 2014-05-10 17:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf 2014-05-10 17:00 - 2014-05-10 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2014-05-10 17:00 - 2014-01-02 22:14 - 00026058 _____ () C:\Windows\DPINST.LOG 2014-05-10 17:00 - 2013-12-09 20:07 - 00135168 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2014-05-10 17:00 - 2013-12-09 20:07 - 00065024 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2014-05-10 17:00 - 2013-12-09 20:07 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2014-05-10 17:00 - 2013-12-09 20:07 - 00057344 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2014-05-10 17:00 - 2013-12-09 20:07 - 00000000 ____D () C:\ProgramData\G DATA 2014-05-10 16:54 - 2014-05-10 16:54 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-10 16:52 - 2014-04-27 12:53 - 00000000 ____D () C:\Users\ADFX\Desktop\dla rafała 2014-05-09 07:24 - 2013-12-09 19:32 - 00004040 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 07:24 - 2013-12-09 19:32 - 00003788 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 18:50 - 2014-03-30 21:34 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\TrueCrypt 2014-04-30 09:27 - 2014-01-03 08:56 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-04-30 09:27 - 2014-01-03 08:56 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-04-30 09:06 - 2014-04-30 09:06 - 00000879 _____ () C:\Users\ADFX\Desktop\MWSnap 3.lnk 2014-04-30 09:06 - 2014-04-30 09:06 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWSnap 2014-04-30 09:06 - 2014-04-30 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWSnap 2014-04-30 09:06 - 2014-04-30 09:06 - 00000000 ____D () C:\Program Files (x86)\MWSnap 2014-04-30 09:05 - 2014-04-30 09:05 - 00658771 _____ () C:\Users\ADFX\Downloads\MWSnap300.exe 2014-04-29 21:59 - 2014-04-29 21:59 - 21987032 _____ (e-file sp. z o.o. ) C:\Users\ADFX\Downloads\setup_e-pity2013.exe 2014-04-29 21:52 - 2014-01-28 22:21 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\Foxit Software 2014-04-29 21:29 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-04-29 16:01 - 2014-05-10 16:54 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-10 16:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-10 16:54 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-10 16:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-29 09:45 - 2010-11-21 05:47 - 00328730 _____ () C:\Windows\PFRO.log 2014-04-29 08:06 - 2014-02-09 21:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 08:06 - 2014-02-09 21:46 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 08:06 - 2014-02-09 21:46 - 00003868 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-28 21:25 - 2014-04-28 21:25 - 00000000 __SHD () C:\Users\ADFX\AppData\Local\EmieUserList 2014-04-28 21:25 - 2014-04-28 21:25 - 00000000 __SHD () C:\Users\ADFX\AppData\Local\EmieSiteList 2014-04-28 10:52 - 2009-07-14 04:34 - 00000540 _____ () C:\Windows\win.ini 2014-04-28 01:30 - 2014-04-28 01:26 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-04-28 01:26 - 2014-04-28 01:26 - 00000991 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-04-28 01:26 - 2014-04-28 01:26 - 00000000 ____D () C:\Users\ADFX\AppData\Roaming\pdfforge 2014-04-28 01:26 - 2014-04-28 01:26 - 00000000 ____D () C:\ProgramData\PDF Architect 2 2014-04-28 01:26 - 2014-04-28 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-04-28 01:24 - 2014-04-28 01:24 - 27843432 _____ (pdfforge ) C:\Users\ADFX\Downloads\PDFCreator-1_7_3_setup.exe 2014-04-25 17:44 - 2014-04-28 01:26 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX 2014-04-25 17:44 - 2014-04-28 01:26 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2014-04-25 17:44 - 2014-04-28 01:26 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-04-25 17:44 - 2014-04-28 01:26 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-04-25 17:44 - 2014-04-28 01:26 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-04-25 12:12 - 2014-04-25 11:48 - 02154372 _____ () C:\Users\ADFX\Desktop\Dorota Bełz przykłady poprawione.odt 2014-04-24 12:32 - 2014-04-28 10:46 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys 2014-04-24 10:21 - 2014-04-22 21:47 - 01965733 _____ () C:\Users\ADFX\Desktop\przykłady scenariuszy Dorota Bełz.odt 2014-04-23 20:34 - 2014-04-23 20:33 - 08860778 _____ () C:\Users\ADFX\Downloads\Moje dokumenty.rar 2014-04-16 18:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-16 17:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-15 22:00 - 2013-12-09 20:33 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-15 21:59 - 2013-12-09 20:33 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-14 04:24 - 2014-05-06 10:16 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-06 10:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\ADFX\AppData\Local\Temp\Foxit Updater.exe C:\Users\ADFX\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\ADFX\AppData\Local\Temp\install_reader11_pl_mssd_aaa_aih.exe C:\Users\ADFX\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\ADFX\AppData\Local\Temp\sfamcc00001.dll C:\Users\ADFX\AppData\Local\Temp\sfextra.dll C:\Users\ADFX\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-11 22:18 ==================== End Of Log ============================