Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02 Ran by Administrator (administrator) on KSIEGOWY-HP on 14-01-2015 09:23:37 Running from C:\Users\Administrator\Downloads Loaded Profile: Administrator (Available profiles: KSIEGOWY & Administrator) Platform: Windows 7 Professional (X64) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Ammyy LLC) C:\Users\KSIEGOWY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21MHOHVE\pomoc.exe (Ammyy LLC) C:\Users\KSIEGOWY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21MHOHVE\pomoc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Panasonic System Networks Co., Ltd.) C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE (Panasonic) C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Panasonic System Networks Co., Ltd.) C:\Program Files (x86)\Panasonic\Device Monitor\DMWakeup.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ( ) C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\spclite.exe (Microsoft Corporation) C:\f25012ed05437a96ab9314\spinstall.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe HKLM-x32\...\Run: [Panasonic Device Monitor Wakeup] => C:\Program Files (x86)\Panasonic\Device Monitor\dmwakeup.exe [413696 2010-01-09] (Panasonic System Networks Co., Ltd.) HKLM-x32\...\Run: [Panasonic Device Manager for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe [135168 2010-02-02] ( ) HKLM-x32\...\Run: [Panasonic PCFAX for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe [765952 2010-01-18] (Panasonic System Networks Co.,Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [{4e8405fa-8ada-47b0-5da9-f8edc703f718}] => "C:\ProgramData\Microsoft\{4e8405fa-8ada-47b0-5da9-f8edc703f718}\{4e8405fa-8ada-47b0-5da9-f8edc703f718}.exe" HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [{4e8405fa-8ada-47b0-5da9-f8edc703f718}] => "C:\ProgramData\Microsoft\{4e8405fa-8ada-47b0-5da9-f8edc703f718}\{4e8405fa-8ada-47b0-5da9-f8edc703f718}.exe" No File BootExecute: autocheck autochk * sh4native Sh4Removal ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF HKU\S-1-5-21-3668452077-1106565234-3799211801-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF HKU\S-1-5-21-3668452077-1106565234-3799211801-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3668452077-1106565234-3799211801-500 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = BHO: No Name -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll No File Toolbar: HKLM-x32 - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKU\S-1-5-21-3668452077-1106565234-3799211801-500 -> No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.2 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AmmyyAdmin; C:\Users\KSIEGOWY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21MHOHVE\pomoc.exe [743704 2014-10-23] (Ammyy LLC) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] R2 Panasonic Local Printer Service; C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed] R2 Panasonic Trap Monitor Service; C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-26] (Panasonic) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X] S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-08-02] (http://libusb-win32.sourceforge.net) S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [98304 2008-07-31] (OEM) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 09:24 - 2015-01-14 09:24 - 00000000 ____D () C:\Windows\system32\SPReview 2015-01-14 09:23 - 2015-01-14 09:23 - 00000000 ____D () C:\Windows\system32\EventProviders 2015-01-14 09:18 - 2015-01-14 09:18 - 00000000 ____D () C:\TDSSKiller_Quarantine 2015-01-14 09:10 - 2015-01-14 09:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe 2015-01-13 17:06 - 2015-01-13 17:06 - 00001725 _____ () C:\Users\Administrator\Desktop\gmerr.txt 2015-01-13 16:15 - 2015-01-13 17:08 - 00000741 _____ () C:\Users\Administrator\Desktop\Nowy dokument tekstowy.txt 2015-01-13 16:09 - 2015-01-13 16:09 - 00002140 _____ () C:\Users\Administrator\Desktop\gmer.log 2015-01-13 15:54 - 2015-01-12 15:22 - 00087216 _____ () C:\Users\Administrator\Desktop\Kaspersky.txt 2015-01-13 15:52 - 2015-01-13 15:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR 2015-01-13 15:52 - 2015-01-13 15:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-13 15:16 - 2015-01-13 15:16 - 00380416 _____ () C:\Users\Administrator\Downloads\40r2otdc.exe 2015-01-13 15:11 - 2015-01-13 15:11 - 00179531 _____ () C:\Users\Administrator\Downloads\Shortcut.txt 2015-01-13 15:11 - 2015-01-13 15:11 - 00022143 _____ () C:\Users\Administrator\Downloads\Addition.txt 2015-01-13 15:10 - 2015-01-14 09:23 - 00011716 _____ () C:\Users\Administrator\Downloads\FRST.txt 2015-01-13 15:09 - 2015-01-14 09:23 - 00000000 ____D () C:\FRST 2015-01-13 15:08 - 2015-01-13 15:09 - 02124288 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2015-01-13 12:48 - 2015-01-13 12:48 - 00000000 ____D () C:\ProgramData\ESET 2015-01-13 12:40 - 2015-01-13 12:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-13 12:40 - 2015-01-13 12:40 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-01-12 11:25 - 2015-01-12 15:23 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2015-01-12 11:24 - 2015-01-12 11:24 - 00089992 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-12 11:23 - 2015-01-13 13:17 - 00000000 ____D () C:\Users\Administrator\Desktop\SpyHunter 2015-01-12 11:22 - 2015-01-12 11:22 - 00000000 ____D () C:\Users\Administrator\Documents\Panasonic 2015-01-12 11:22 - 2015-01-12 11:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Panasonic 2015-01-12 11:22 - 2015-01-12 11:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2015-01-12 11:21 - 2015-01-12 11:21 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-01-12 11:21 - 2015-01-12 11:21 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Ustawienia lokalne 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Szablony 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Moje dokumenty 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Menu Start 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje wideo 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje obrazy 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moja muzyka 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\Dane aplikacji 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Historia 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 ___SH () C:\Users\Administrator\ntuser.ini 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 ____D () C:\Users\Administrator\temp 2015-01-12 11:21 - 2015-01-12 11:21 - 00000000 ____D () C:\Users\Administrator 2015-01-12 11:21 - 2011-11-08 12:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2015-01-12 11:21 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-12 11:21 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-12 10:58 - 2015-01-13 13:57 - 00566099 _____ () C:\spyhunter.fix 2015-01-12 10:58 - 2010-05-13 18:34 - 00014232 _____ () C:\Windows\SysWOW64\sh4native.exe 2015-01-12 10:11 - 2015-01-13 12:44 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\SpyHunter 2015-01-12 10:05 - 2015-01-12 10:05 - 00005711 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2015-01-12 10:05 - 2015-01-12 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-12 10:05 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-12 10:05 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-12 10:05 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-12 10:05 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-12 10:02 - 2015-01-12 10:08 - 47564800 _____ () C:\Users\KSIEGOWY\Downloads\eav_nt64_plk.msi 2015-01-12 09:55 - 2015-01-12 09:56 - 00000012 _____ () C:\Users\KSIEGOWY\Desktop\Nowy dokument tekstowy.txt 2015-01-12 08:11 - 2015-01-12 08:11 - 03888054 _____ () C:\Users\KSIEGOWY\Desktop\Nowy obraz mapy bitowej.bmp 2015-01-12 08:10 - 2015-01-12 08:10 - 03888054 _____ () C:\Users\KSIEGOWY\Documents\Decrypt All Files fafktzg.bmp 2015-01-12 08:10 - 2015-01-12 08:10 - 00001240 _____ () C:\Users\KSIEGOWY\Documents\Decrypt All Files fafktzg.txt 2015-01-12 07:56 - 2015-01-12 07:59 - 01548174 _____ () C:\Users\KSIEGOWY\Desktop\nałęczów.bmp 2015-01-12 07:33 - 2015-01-12 07:33 - 00002870 _____ () C:\Windows\System32\Tasks\wckfgeb 2015-01-12 07:33 - 2015-01-12 07:33 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt 2015-01-11 06:52 - 2015-01-11 06:52 - 00032768 _____ () C:\Users\KSIEGOWY\AppData\Roaming\guttersnipes.ds 2015-01-07 10:45 - 2015-01-12 07:50 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\EMA ELFA 2014-12-30 10:47 - 2015-01-12 07:49 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\WIT-POL 2014-12-16 08:29 - 2015-01-12 07:48 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\JOASIA ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 09:24 - 2011-02-01 23:50 - 01574053 _____ () C:\Windows\WindowsUpdate.log 2015-01-14 09:19 - 2011-11-08 12:14 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-14 09:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-14 09:19 - 2009-07-14 05:51 - 00115725 _____ () C:\Windows\setupact.log 2015-01-14 09:18 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-14 09:18 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-14 09:04 - 2011-11-08 12:14 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-14 09:03 - 2011-02-02 00:27 - 00743002 _____ () C:\Windows\system32\perfh015.dat 2015-01-14 09:03 - 2011-02-02 00:27 - 00156542 _____ () C:\Windows\system32\perfc015.dat 2015-01-14 09:03 - 2009-07-14 06:13 - 01672820 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-13 16:44 - 2014-09-02 12:39 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-13 15:52 - 2014-08-18 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-13 12:41 - 2011-02-02 02:46 - 00033970 _____ () C:\Windows\PFRO.log 2015-01-13 12:40 - 2011-11-08 12:17 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-13 12:40 - 2011-11-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-01-13 12:38 - 2011-11-08 13:12 - 00000000 ____D () C:\Users\KSIEGOWY\AppData\Roaming\Skype 2015-01-12 11:21 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-01-12 10:09 - 2013-10-11 12:53 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-12 10:05 - 2014-01-15 13:08 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-12 09:10 - 2012-11-08 13:54 - 00000000 ____D () C:\Users\KSIEGOWY\AppData\Roaming\Humansoft 2015-01-12 08:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-12 08:10 - 2013-12-02 10:01 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\Kopia 2015-01-12 08:07 - 2011-11-04 09:45 - 00000000 ___RD () C:\Users\KSIEGOWY\Desktop\KAROLA 2015-01-12 08:05 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\Dokumenty 2015-01-12 08:03 - 2014-10-13 13:30 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\25 LECIE 2015-01-12 08:02 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\WIZYTÓWKI 2011 2015-01-12 07:55 - 2014-08-27 08:31 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\MV 2015-01-12 07:52 - 2012-01-17 14:03 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\Akcyza wyroby węglowe 2015-01-12 07:51 - 2014-08-08 11:40 - 00000000 ____D () C:\Program Files (x86)\RCP58 2015-01-12 07:50 - 2011-11-07 15:21 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\ISTAT2.09 DATA UTW.08.05.09 2015-01-12 07:49 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\formularze GUS 2015-01-12 07:47 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\zdjęcia żeliwiaka 2015-01-12 07:47 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\ZDJECIA DO GUSS-RINGA 2015-01-12 07:47 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\scany zdjęć 2015-01-12 07:47 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\Pobieranie 2015-01-12 07:47 - 2011-11-07 15:12 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\Moje skany 2015-01-12 07:47 - 2011-11-04 15:53 - 00000000 ____D () C:\Users\KSIEGOWY 2015-01-12 07:46 - 2014-01-28 09:41 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\kornelia 2015-01-12 07:46 - 2011-11-07 15:12 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\korespondencja 2015-01-12 07:45 - 2012-10-25 13:37 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\DANE EXCEL 2015-01-12 07:45 - 2011-11-07 15:17 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\DANE SUROWCE 2015-01-12 07:45 - 2011-11-07 15:12 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\Nieużywane 2015-01-12 07:44 - 2011-12-21 09:24 - 00000000 ____D () C:\Users\KSIEGOWY\AppData\Roaming\Babylon 2015-01-12 07:42 - 2013-12-12 14:31 - 00000000 ____D () C:\Users\KSIEGOWY\Documents\klucz i certyufikat pfron2 k.ch 2015-01-12 07:39 - 2014-08-18 10:37 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\Do wysłania 2015-01-12 07:37 - 2011-11-04 16:28 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2015-01-12 07:37 - 2010-06-15 03:07 - 00000000 ____D () C:\swsetup 2015-01-12 07:37 - 2009-08-04 22:46 - 00000000 ___HD () C:\SYSTEM.SAV 2015-01-12 07:36 - 2012-05-21 06:33 - 00000000 ____D () C:\ProgramData\Recovery 2015-01-12 07:35 - 2014-08-18 10:36 - 00000000 ____D () C:\Program Files (x86)\WinRAR 2015-01-12 07:35 - 2011-11-08 13:12 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-12 07:34 - 2014-10-29 12:17 - 00000000 ____D () C:\Program Files (x86)\Corax 2015-01-12 07:34 - 2013-01-09 09:41 - 00000000 ____D () C:\Program Files\WF-Gang 2015-01-12 07:34 - 2012-03-21 11:52 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2015-01-12 07:34 - 2011-11-04 17:08 - 00000000 ____D () C:\Program Files\Windows XP Mode 2015-01-12 07:33 - 2012-03-14 09:17 - 00000000 ____D () C:\klucze i cert pfron 2015-01-12 07:33 - 2012-02-15 09:45 - 00000000 ____D () C:\PIT Format 2011 2015-01-12 07:33 - 2011-11-09 14:24 - 00000000 ____D () C:\Nowy folder 2015-01-12 07:33 - 2011-11-09 14:15 - 00000000 ____D () C:\lj1000hb 2015-01-12 07:33 - 2011-11-04 16:46 - 00000000 ____D () C:\97966dc59e5b41adfe4d42416859c852 2015-01-12 07:33 - 2011-02-01 23:59 - 00000000 ____D () C:\ProgramData\HPQLOG 2015-01-09 14:53 - 2014-09-25 07:33 - 00013030 _____ () C:\PDOXUSRS.NET 2015-01-09 12:55 - 2011-11-09 11:53 - 00002533 _____ () C:\Users\KSIEGOWY\intlname.ols 2015-01-08 13:22 - 2011-11-04 16:46 - 00000512 _____ () C:\rcp58_log_file.TXT.fafktzg 2015-01-07 11:46 - 2011-11-04 16:46 - 00006928 _____ () C:\log.TXT.fafktzg 2015-01-07 10:44 - 2014-11-19 13:24 - 00000000 ____D () C:\Users\KSIEGOWY\Desktop\zdjęcia tadeusz gardecki 2015-01-07 08:20 - 2011-12-05 10:41 - 00003224 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKSIEGOWY-HP$ 2015-01-07 08:20 - 2011-12-05 10:41 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForKSIEGOWY-HP$.job 2014-12-29 10:17 - 2011-11-09 09:19 - 00000396 _____ () C:\Windows\KmPcFax.INI 2014-12-16 10:04 - 2011-11-04 16:46 - 00374608 _____ () C:\Users\KSIEGOWY\Desktop\KARTKA ŚWIĄTECZNA 2014.JPG.fafktzg 2014-12-16 09:45 - 2011-11-04 16:46 - 00002336 _____ () C:\Users\KSIEGOWY\Desktop\życzenia.DOC.fafktzg 2014-12-15 11:50 - 2011-11-04 16:46 - 00002560 _____ () C:\Users\KSIEGOWY\Desktop\ADVERTI.DOC.fafktzg Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\{988C6F6A-1056-4F47-A87F-1211EFFAD348}.exe C:\Users\KSIEGOWY\AppData\Local\Temp\APNSetup.exe C:\Users\KSIEGOWY\AppData\Local\Temp\AskSLib.dll C:\Users\KSIEGOWY\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe C:\Users\KSIEGOWY\AppData\Local\Temp\installhelper.dll C:\Users\KSIEGOWY\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\KSIEGOWY\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\KSIEGOWY\AppData\Local\Temp\MSNE33E.exe C:\Users\KSIEGOWY\AppData\Local\Temp\SkypeSetup.exe C:\Users\KSIEGOWY\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\KSIEGOWY\AppData\Local\Temp\uninstall.exe C:\Users\KSIEGOWY\AppData\Local\Temp\_is4A1B.exe C:\Users\KSIEGOWY\AppData\Local\Temp\_isC6D8.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2015-01-07 08:16 ==================== End Of Log ============================