Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Adam (administrator) on ADAM-KOMPUTER on 18-10-2013 02:28:32 Running from D:\PROGRAMY\antywir\DezynfekcjaPC Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (AMD) C:\Windows\system32\atieclxx.exe () C:\Program Files (x86)\Connectify\ConnectifyService.exe (Connectify) C:\Program Files (x86)\Connectify\ConnectifyD.exe (HP) C:\Windows\system32\HPSIsvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files (x86)\Internet w Cyfrowym Polsacie\Internet w Cyfrowym Polsacie.exe () C:\ProgramData\Internet w Cyfrowym Polsacie\OnlineUpdate\ouc.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Redefine Sp. z o.o.) C:\Program Files (x86)\RedApp\redApp.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log MountPoints2: J - J:\AutoRun.exe MountPoints2: L - L:\AutoRun.exe MountPoints2: M - M:\AutoRun.exe MountPoints2: {23e8be46-fd45-11e2-bfc6-bc5ff41f1675} - N:\AutoRun.exe MountPoints2: {39186c0c-87ac-11e2-80ed-bc5ff41f1675} - J:\AutoRun.exe MountPoints2: {39186c10-87ac-11e2-80ed-bc5ff41f1675} - J:\AutoRun.exe MountPoints2: {4f417b31-9638-11e2-9c58-bc5ff41f1675} - J:\AutoRun.exe MountPoints2: {4f417c9c-9638-11e2-9c58-001e101f3315} - J:\AutoRun.exe MountPoints2: {582a6953-a8ba-11e2-a518-bc5ff41f1675} - K:\setup.exe MountPoints2: {618c455e-8813-11e2-b897-bc5ff41f1675} - J:\AutoRun.exe MountPoints2: {65138057-fd20-11e2-b9e1-bc5ff41f1675} - J:\AutoRun.exe MountPoints2: {6513807f-fd20-11e2-b9e1-bc5ff41f1675} - J:\AutoRun.exe MountPoints2: {953d396d-88f5-11e2-931f-001e101f63cf} - J:\AutoRun.exe MountPoints2: {d34057fa-a042-11e2-b3d1-806e6f6e6963} - J:\AutoRun.exe MountPoints2: {e01e850d-87dc-11e2-b87f-bc5ff41f1675} - J:\AutoRun.exe MountPoints2: {f4881822-2b4e-11e3-a557-bc5ff41f1675} - L:\AutoRun.exe AppInit_DLLs: [97280 2009-07-14] () AppInit_DLLs-x32: c:\progra~2\sshelp~1\psupport.dll [857600 2013-10-06] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=hp&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=hp&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=hp&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=hp&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=hp&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=hp&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=sc&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=ds&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276&type=default&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=ds&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276&type=default&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=ds&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276&type=default&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=ds&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276&type=default&q={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: DownlooaaD keeppEr - {02111ED6-0FD6-3EFE-30FA-43D846CFECAA} - C:\ProgramData\DownlooaaD keeppEr\9Qg4QazB.dll () BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{20BA23C5-2109-4180-A13C-DB4A34A04706}: [NameServer]217.116.104.104 217.116.100.100 Tcpip\..\Interfaces\{65FA3889-361A-49D5-BD41-08A9D5B23E0D}: [NameServer]217.116.104.104 217.116.100.100 Tcpip\..\Interfaces\{FACF58FB-5DE3-4ABF-9347-A03C9521376C}: [NameServer]217.116.104.104 217.116.100.100 FireFox: ======== FF ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\fgb73q09.default FF DefaultSearchEngine: qvo6 FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: qvo6 FF Homepage: hxxp://www.google.pl/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Adam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml FF Extension: DownlooaaD keeppEr - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\fgb73q09.default\Extensions\io5x@iohi.co.uk FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=sc&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276 Chrome: ======= CHR Extension: (Chrome In-App Payments service) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1 CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Adam\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&utm_medium=wpc&utm_campaign=eXQ&utm_content=sc&from=wpc&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF204686646866&ts=1381274276 ==================== Services (Whitelisted) ================= R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [65536 2012-11-09] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Internet w Cyfrowym Polsacie. RunOuc; C:\Program Files (x86)\Internet w Cyfrowym Polsacie\UpdateDog\ouc.exe [246112 2013-09-06] () R2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2013-09-24] () S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2013-08-04] () R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-04] () R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-09-04] () ==================== Drivers (Whitelisted) ==================== R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc) R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2013-10-13] (Connectify) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2013-08-04] (Huawei Technologies Co., Ltd.) R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-04-18] (Duplex Secure Ltd.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-17 13:34 - 2013-10-17 13:34 - 00000000 _____ C:\Users\Adam\Desktop\730366978.txt 2013-10-15 19:31 - 2013-10-15 19:31 - 00354414 _____ C:\Users\Adam\Downloads\Downloads 2.4.zip 2013-10-15 12:52 - 2013-10-17 16:54 - 00000117 _____ C:\Users\Adam\Desktop\SZPTAL.txt 2013-10-13 06:12 - 2013-10-13 06:12 - 00000000 ____D C:\Users\Adam\AppData\Local\ALLConverter 2013-10-13 06:12 - 2013-10-13 06:12 - 00000000 ____D C:\Program Files (x86)\ALLConverter PRO 2013-10-13 06:10 - 2013-10-13 06:10 - 06901005 _____ (ALLCinema, Inc. ) C:\Users\Adam\Downloads\ALLConverterPRO.exe 2013-10-13 04:27 - 2013-10-13 04:27 - 00000000 ____D C:\FRST 2013-10-13 02:33 - 2013-10-13 02:33 - 00031344 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy2.sys 2013-10-13 02:33 - 2013-10-13 02:33 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot 2013-10-13 02:33 - 2013-10-13 02:33 - 00000000 ____D C:\Program Files (x86)\Connectify 2013-10-13 02:32 - 2013-10-13 02:33 - 00000000 ____D C:\ProgramData\Connectify 2013-10-09 19:12 - 2013-10-09 19:12 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-10-09 01:51 - 2013-10-09 01:51 - 00000792 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-10-09 01:51 - 2013-10-09 01:51 - 00000000 ____D C:\Users\Adam\AppData\Local\CRE 2013-10-09 01:51 - 2013-10-09 01:51 - 00000000 ____D C:\Program Files (x86)\Conduit 2013-10-09 01:17 - 2013-10-09 01:18 - 00000000 ____D C:\ProgramData\SummerSoft 2013-10-09 01:17 - 2013-10-09 01:17 - 00000000 ____D C:\ProgramData\DownlooaaD keeppEr 2013-10-09 01:17 - 2013-10-09 01:17 - 00000000 ____D C:\Program Files (x86)\ss helper 2013-10-09 01:16 - 2013-10-09 01:18 - 00000000 ____D C:\ProgramData\InstallMate 2013-10-08 21:04 - 2013-10-08 21:04 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator 2013-10-08 21:04 - 2013-10-08 21:04 - 00000000 ____D C:\Program Files (x86)\WorldUnlock Codes Calculator 2013-10-08 20:15 - 2013-10-17 10:43 - 00000000 ____D C:\Users\Adam\Desktop\Pobrane 2013-10-07 17:16 - 2013-10-07 17:16 - 00000484 _____ C:\Users\Adam\Desktop\Dysk lokalny (C).lnk 2013-10-05 01:33 - 2013-10-05 01:33 - 00000000 ____D C:\Users\Adam\Downloads\ChomikBox 2013-10-01 22:32 - 2013-10-09 18:24 - 00000000 ____D C:\Users\Adam\AppData\Local\Mozilla 2013-10-01 22:32 - 2013-10-01 22:32 - 00001107 _____ C:\Users\Adam\Desktop\Mozilla Firefox.lnk 2013-10-01 22:32 - 2013-10-01 22:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-10-01 22:32 - 2013-10-01 22:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-09-27 22:43 - 2013-09-28 00:47 - 00000000 ____D C:\Users\Adam\Documents\Native Instruments 2013-09-27 20:22 - 2013-09-27 20:22 - 00000000 __HDC C:\ProgramData\{18E5420F-B6DC-45F1-9618-C199435ED6E3} 2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 __HDC C:\ProgramData\{BC91DE36-9EA0-4BE4-9C95-C3ABA1C65900} 2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 __HDC C:\ProgramData\{F2610326-6A40-4BBC-9FBC-7F05356A912A} 2013-09-27 20:11 - 2013-09-27 20:20 - 00000000 ____D C:\Program Files\Native Instruments 2013-09-27 20:11 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files\Common Files\Native Instruments 2013-09-27 20:11 - 2013-09-27 20:12 - 00000000 ____D C:\ProgramData\Native Instruments 2013-09-27 19:18 - 2013-09-27 19:28 - 00000000 ____D C:\Users\Adam\Documents\Traktor3 2013-09-27 19:18 - 2013-09-27 19:18 - 00000000 ____D C:\Users\Adam\AppData\Local\Native Instruments 2013-09-26 16:03 - 2013-09-26 16:03 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2013-09-26 16:03 - 2013-09-26 16:03 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll 2013-09-26 16:03 - 2013-09-26 16:03 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2013-09-26 00:51 - 2013-10-17 09:34 - 00000000 ____D C:\Users\Adam\Desktop\hobby 2013-09-24 18:13 - 2013-09-24 18:13 - 00000000 ____D C:\ProgramData\Steam 2013-09-24 06:04 - 2013-09-24 06:04 - 00446258 _____ C:\Windows\AutoKMS.exe 2013-09-24 06:04 - 2013-09-24 06:04 - 00003058 _____ C:\Windows\System32\Tasks\AutoKMS 2013-09-24 06:00 - 2013-09-24 06:00 - 00151552 _____ C:\Windows\KMService.exe 2013-09-24 06:00 - 2013-09-24 06:00 - 00008192 _____ C:\Windows\SysWOW64\srvany.exe 2013-09-24 05:42 - 2013-09-24 05:42 - 00000000 _____ C:\Users\Adam\cscript 2013-09-24 02:57 - 2013-09-24 02:57 - 00013600 _____ C:\Windows\DPINST.LOG 2013-09-23 19:10 - 2013-09-23 19:10 - 00000000 ____D C:\Users\Adam\Documents\My Games ==================== One Month Modified Files and Folders ======= 2013-10-18 01:59 - 2013-04-13 15:39 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-18 01:32 - 2009-07-14 19:55 - 00700578 _____ C:\Windows\system32\perfh015.dat 2013-10-18 01:32 - 2009-07-14 19:55 - 00135628 _____ C:\Windows\system32\perfc015.dat 2013-10-18 01:32 - 2009-07-14 07:13 - 01557524 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-18 01:31 - 2013-03-08 06:51 - 01837430 _____ C:\Windows\WindowsUpdate.log 2013-10-18 01:25 - 2013-09-04 20:42 - 00023594 _____ C:\Windows\setupact.log 2013-10-18 01:25 - 2013-04-13 15:39 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-18 01:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-17 16:54 - 2013-10-15 12:52 - 00000117 _____ C:\Users\Adam\Desktop\SZPTAL.txt 2013-10-17 15:31 - 2013-08-11 18:54 - 00000000 ___RD C:\Users\Adam\Desktop\FIRMA 2013-10-17 13:34 - 2013-10-17 13:34 - 00000000 _____ C:\Users\Adam\Desktop\730366978.txt 2013-10-17 10:43 - 2013-10-08 20:15 - 00000000 ____D C:\Users\Adam\Desktop\Pobrane 2013-10-17 09:34 - 2013-09-26 00:51 - 00000000 ____D C:\Users\Adam\Desktop\hobby 2013-10-16 19:54 - 2013-04-13 15:39 - 00004040 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-16 19:54 - 2013-04-13 15:39 - 00003788 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-15 20:59 - 2013-09-07 12:58 - 00004502 _____ C:\Users\Adam\Documents\TombRaider.log 2013-10-15 19:31 - 2013-10-15 19:31 - 00354414 _____ C:\Users\Adam\Downloads\Downloads 2.4.zip 2013-10-13 06:12 - 2013-10-13 06:12 - 00000000 ____D C:\Users\Adam\AppData\Local\ALLConverter 2013-10-13 06:12 - 2013-10-13 06:12 - 00000000 ____D C:\Program Files (x86)\ALLConverter PRO 2013-10-13 06:10 - 2013-10-13 06:10 - 06901005 _____ (ALLCinema, Inc. ) C:\Users\Adam\Downloads\ALLConverterPRO.exe 2013-10-13 04:52 - 2013-09-08 14:42 - 00000000 ____D C:\Users\Adam\.gstreamer-0.10 2013-10-13 04:51 - 2013-09-11 10:11 - 00002160 _____ C:\Windows\PFRO.log 2013-10-13 04:50 - 2009-07-14 06:45 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-13 04:50 - 2009-07-14 06:45 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-13 04:47 - 2013-09-10 22:06 - 00000000 ____D C:\Users\Adam\AppData\Roaming\uTorrent 2013-10-13 04:27 - 2013-10-13 04:27 - 00000000 ____D C:\FRST 2013-10-13 03:43 - 2013-09-08 14:42 - 00000000 ____D C:\Users\Adam\AppData\Local\ChomikBox 2013-10-13 02:33 - 2013-10-13 02:33 - 00031344 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy2.sys 2013-10-13 02:33 - 2013-10-13 02:33 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot 2013-10-13 02:33 - 2013-10-13 02:33 - 00000000 ____D C:\Program Files (x86)\Connectify 2013-10-13 02:33 - 2013-10-13 02:32 - 00000000 ____D C:\ProgramData\Connectify 2013-10-09 19:12 - 2013-10-09 19:12 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-10-09 18:24 - 2013-10-01 22:32 - 00000000 ____D C:\Users\Adam\AppData\Local\Mozilla 2013-10-09 01:51 - 2013-10-09 01:51 - 00000792 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-10-09 01:51 - 2013-10-09 01:51 - 00000000 ____D C:\Users\Adam\AppData\Local\CRE 2013-10-09 01:51 - 2013-10-09 01:51 - 00000000 ____D C:\Program Files (x86)\Conduit 2013-10-09 01:51 - 2013-09-10 22:07 - 00000000 ____D C:\Program Files (x86)\uTorrent 2013-10-09 01:18 - 2013-10-09 01:17 - 00000000 ____D C:\ProgramData\SummerSoft 2013-10-09 01:18 - 2013-10-09 01:16 - 00000000 ____D C:\ProgramData\InstallMate 2013-10-09 01:18 - 2013-03-08 07:05 - 00001753 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-10-09 01:18 - 2013-03-08 07:05 - 00001731 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-10-09 01:17 - 2013-10-09 01:17 - 00000000 ____D C:\ProgramData\DownlooaaD keeppEr 2013-10-09 01:17 - 2013-10-09 01:17 - 00000000 ____D C:\Program Files (x86)\ss helper 2013-10-08 21:04 - 2013-10-08 21:04 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator 2013-10-08 21:04 - 2013-10-08 21:04 - 00000000 ____D C:\Program Files (x86)\WorldUnlock Codes Calculator 2013-10-07 17:16 - 2013-10-07 17:16 - 00000484 _____ C:\Users\Adam\Desktop\Dysk lokalny (C).lnk 2013-10-05 01:33 - 2013-10-05 01:33 - 00000000 ____D C:\Users\Adam\Downloads\ChomikBox 2013-10-04 11:43 - 2013-05-23 21:39 - 00000000 ____D C:\Users\Adam\AppData\Roaming\GG 2013-10-01 22:32 - 2013-10-01 22:32 - 00001107 _____ C:\Users\Adam\Desktop\Mozilla Firefox.lnk 2013-10-01 22:32 - 2013-10-01 22:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-10-01 22:32 - 2013-10-01 22:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-01 22:32 - 2013-05-23 21:41 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Mozilla 2013-10-01 22:32 - 2013-04-13 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-28 03:17 - 2013-03-08 19:15 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Media Player Classic 2013-09-28 00:47 - 2013-09-27 22:43 - 00000000 ____D C:\Users\Adam\Documents\Native Instruments 2013-09-27 21:25 - 2013-04-13 20:24 - 00000000 ____D C:\Users\Adam\Documents\VirtualDJ 2013-09-27 20:22 - 2013-09-27 20:22 - 00000000 __HDC C:\ProgramData\{18E5420F-B6DC-45F1-9618-C199435ED6E3} 2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 __HDC C:\ProgramData\{BC91DE36-9EA0-4BE4-9C95-C3ABA1C65900} 2013-09-27 20:20 - 2013-09-27 20:11 - 00000000 ____D C:\Program Files\Native Instruments 2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 __HDC C:\ProgramData\{F2610326-6A40-4BBC-9FBC-7F05356A912A} 2013-09-27 20:19 - 2013-09-27 20:11 - 00000000 ____D C:\Program Files\Common Files\Native Instruments 2013-09-27 20:12 - 2013-09-27 20:11 - 00000000 ____D C:\ProgramData\Native Instruments 2013-09-27 19:28 - 2013-09-27 19:18 - 00000000 ____D C:\Users\Adam\Documents\Traktor3 2013-09-27 19:18 - 2013-09-27 19:18 - 00000000 ____D C:\Users\Adam\AppData\Local\Native Instruments 2013-09-26 16:03 - 2013-09-26 16:03 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2013-09-26 16:03 - 2013-09-26 16:03 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll 2013-09-26 16:03 - 2013-09-26 16:03 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2013-09-24 19:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-09-24 18:13 - 2013-09-24 18:13 - 00000000 ____D C:\ProgramData\Steam 2013-09-24 06:04 - 2013-09-24 06:04 - 00446258 _____ C:\Windows\AutoKMS.exe 2013-09-24 06:04 - 2013-09-24 06:04 - 00003058 _____ C:\Windows\System32\Tasks\AutoKMS 2013-09-24 06:00 - 2013-09-24 06:00 - 00151552 _____ C:\Windows\KMService.exe 2013-09-24 06:00 - 2013-09-24 06:00 - 00008192 _____ C:\Windows\SysWOW64\srvany.exe 2013-09-24 05:42 - 2013-09-24 05:42 - 00000000 _____ C:\Users\Adam\cscript 2013-09-24 05:42 - 2013-03-08 07:05 - 00000000 ____D C:\Users\Adam 2013-09-24 02:57 - 2013-09-24 02:57 - 00013600 _____ C:\Windows\DPINST.LOG 2013-09-24 02:57 - 2013-03-08 07:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-23 19:10 - 2013-09-23 19:10 - 00000000 ____D C:\Users\Adam\Documents\My Games Some content of TEMP: ==================== C:\Users\Adam\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Adam\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\Adam\AppData\Local\Temp\SkypeSetup.exe C:\Users\Adam\AppData\Local\Temp\Tsu8808E1F4.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-11 12:06 ==================== End Of Log ============================