Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01 Ran by Dorota (administrator) on DOROTA-KOMPUTER on 29-01-2015 11:38:33 Running from C:\Users\Dorota\Downloads Loaded Profiles: Dorota & UpdatusUser (Available profiles: Dorota & UpdatusUser) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (www.LANczat.prv.pl) C:\Program Files\LANczat\LANczat.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\...\Run: [LANczat] => C:\Program Files\LANczat\LANczat.exe [336896 2003-03-23] (www.LANczat.prv.pl) HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\...\Run: [Infor Organizer] => "C:\Program Files\Infor PL\Infor Organizer\Infor.Organizer.exe" HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-04-29] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2475440314-2936318858-1982231046-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\hpppfyrb.default FF Homepage: google.pl FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: WOT - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\hpppfyrb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-28] FF Extension: Adblock Plus - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\hpppfyrb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-28] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-08-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-22] Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.pl/" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Profile: C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-24] CHR Extension: (Dysk Google) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-24] CHR Extension: (WOT) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-09-24] CHR Extension: (YouTube) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24] CHR Extension: (Szukaj w Google) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24] CHR Extension: (Avast SafePrice) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-28] CHR Extension: (Avast Online Security) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-22] CHR Extension: (Google Wallet) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR Extension: (Gmail) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-24] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-22] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-22] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-22] (Avast Software) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-22] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-01-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-22] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-22] () S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2015-01-22] (Sysinternals - www.sysinternals.com) [File not signed] R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-22] (Avast Software) S3 catchme; \??\C:\Users\Dorota\AppData\Local\Temp\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 11:36 - 2015-01-29 11:37 - 00015369 _____ () C:\Users\Dorota\Downloads\Addition.txt 2015-01-29 11:35 - 2015-01-29 11:38 - 00011388 _____ () C:\Users\Dorota\Downloads\FRST.txt 2015-01-29 11:33 - 2015-01-29 11:38 - 00000000 ____D () C:\FRST 2015-01-29 11:33 - 2015-01-29 11:33 - 00380416 _____ () C:\Users\Dorota\Downloads\mvolvzbo.exe 2015-01-29 11:32 - 2015-01-29 11:32 - 01121792 _____ (Farbar) C:\Users\Dorota\Downloads\FRST.exe 2015-01-29 11:22 - 2015-01-29 11:23 - 00000197 _____ () C:\Windows\system32\2015-01-29-10-22-34.032-AvastVBoxSVC.exe-2992.log 2015-01-28 13:31 - 2015-01-28 13:31 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-28 13:31 - 2015-01-28 13:31 - 00000000 ____D () C:\Users\Dorota\AppData\Roaming\Mozilla 2015-01-28 13:31 - 2015-01-28 13:31 - 00000000 ____D () C:\Users\Dorota\AppData\Local\Mozilla 2015-01-28 13:31 - 2015-01-28 13:31 - 00000000 ____D () C:\ProgramData\Mozilla 2015-01-28 13:31 - 2015-01-28 13:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-28 13:31 - 2015-01-28 13:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-28 13:19 - 2015-01-28 13:19 - 14113200 _____ (IPS Przedsiębiorstwo Informatyczne ) C:\Users\Dorota\Desktop\pity2014ngsetup (2).exe 2015-01-28 07:23 - 2015-01-28 07:23 - 00000197 _____ () C:\Windows\system32\2015-01-28-06-23-54.015-AvastVBoxSVC.exe-2752.log 2015-01-27 09:08 - 2015-01-27 09:08 - 00000197 _____ () C:\Windows\system32\2015-01-27-08-08-47.090-AvastVBoxSVC.exe-3032.log 2015-01-26 12:05 - 2015-01-26 12:05 - 00000197 _____ () C:\Windows\system32\2015-01-26-11-05-18.004-AvastVBoxSVC.exe-2836.log 2015-01-23 13:00 - 2015-01-23 13:00 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-01-23 12:57 - 2015-01-23 12:57 - 00000197 _____ () C:\Windows\system32\2015-01-23-11-57-36.021-AvastVBoxSVC.exe-2612.log 2015-01-23 12:51 - 2015-01-23 13:05 - 00000000 ____D () C:\AdwCleaner 2015-01-23 12:50 - 2015-01-23 12:50 - 02186752 _____ () C:\Users\Dorota\Desktop\AdwCleaner_4.exe 2015-01-23 11:03 - 2015-01-23 11:03 - 00000000 ____D () C:\Users\Dorota\Desktop\UPL 2015-01-23 10:58 - 2015-01-23 10:58 - 00796391 _____ () C:\Users\Dorota\Desktop\upl-1-4-pelnomocnictwo-do-podpisywania-deklaracji-skladanej-za-pomoca-srodkow-komunikacji-elektronicznej.gofin 2015-01-23 10:56 - 2015-01-23 10:58 - 00000000 ____D () C:\Users\Dorota\AppData\Roaming\GofinDruki 2015-01-23 10:56 - 2015-01-23 10:56 - 00633973 _____ () C:\Users\Dorota\Desktop\upl-1-3-pelnomocnictwo-do-podpisywania-deklaracji-skladanej-za-pomoca-srodkow-komunikacji-elektronicznej.gofin 2015-01-23 10:56 - 2015-01-23 10:56 - 00001056 _____ () C:\Users\Public\Desktop\DRUKI Gofin.lnk 2015-01-23 10:56 - 2015-01-23 10:56 - 00000000 ____D () C:\Users\Dorota\Documents\DRUKI Gofin 2015-01-23 10:56 - 2015-01-23 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOFIN 2015-01-23 10:56 - 2015-01-23 10:56 - 00000000 ____D () C:\Program Files\GOFIN 2015-01-23 10:42 - 2015-01-23 10:42 - 24018944 _____ () C:\Users\Dorota\Desktop\DrukiGofin_2.2.19.0_n.msi 2015-01-22 15:20 - 2015-01-22 15:20 - 00000197 _____ () C:\Windows\system32\2015-01-22-14-20-44.084-AvastVBoxSVC.exe-2584.log 2015-01-22 15:17 - 2015-01-29 11:20 - 00000392 _____ () C:\Windows\setupact.log 2015-01-22 15:17 - 2015-01-23 12:55 - 00001070 _____ () C:\Windows\PFRO.log 2015-01-22 15:17 - 2015-01-22 15:17 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-22 14:35 - 2015-01-22 14:35 - 00000247 _____ () C:\Windows\system32\2015-01-22-13-35-16.004-aswFe.exe-6468.log 2015-01-22 14:28 - 2015-01-22 14:35 - 00000247 _____ () C:\Windows\system32\2015-01-22-13-28-53.010-aswFe.exe-4196.log 2015-01-22 14:27 - 2015-01-22 14:27 - 00007414 _____ () C:\Users\Dorota\Documents\cc_20150122_142710.reg 2015-01-22 14:25 - 2015-01-22 14:25 - 00000000 ____D () C:\Windows\system32\vbox 2015-01-22 14:25 - 2015-01-22 14:25 - 00000000 ____D () C:\Users\Dorota\AppData\Roaming\AVAST Software 2015-01-22 14:24 - 2015-01-22 14:24 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-22 14:24 - 2015-01-22 14:24 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-01-22 14:24 - 2015-01-22 14:24 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-22 14:24 - 2015-01-22 14:24 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-22 14:24 - 2015-01-22 14:24 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-22 14:24 - 2015-01-22 14:24 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-22 14:24 - 2015-01-22 14:24 - 00073480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-01-22 14:24 - 2015-01-22 14:24 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-22 14:24 - 2015-01-22 14:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-22 14:24 - 2015-01-22 14:24 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-22 14:24 - 2015-01-22 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-22 14:22 - 2015-01-22 14:22 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-22 14:22 - 2015-01-22 14:22 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-22 14:19 - 2015-01-22 14:19 - 00000000 ___SD () C:\Users\Dorota\Documents\Passwords Database 2015-01-22 14:11 - 2015-01-22 14:11 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS 2015-01-22 14:11 - 2015-01-22 14:11 - 00011050 _____ () C:\ComboFix.txt 2015-01-22 12:04 - 2015-01-22 14:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-22 10:57 - 2015-01-28 13:20 - 00001976 _____ () C:\Users\Dorota\Desktop\PITy 2014.lnk 2015-01-22 10:54 - 2015-01-22 10:54 - 14097528 _____ (IPS Przedsiębiorstwo Informatyczne ) C:\Users\Dorota\Desktop\pity2014ngsetup (1).exe 2015-01-22 10:53 - 2015-01-22 10:54 - 14097528 _____ (IPS Przedsiębiorstwo Informatyczne ) C:\Users\Dorota\Desktop\pity2014ngsetup.exe 2015-01-21 10:59 - 2015-01-21 16:27 - 00000000 ____D () C:\Users\Dorota\Desktop\2015 2015-01-20 12:42 - 2015-01-20 12:42 - 00208896 _____ () C:\Users\Dorota\Desktop\archiwum_tab_a_2014 (2).xls 2015-01-19 18:46 - 2015-01-19 18:46 - 00208896 _____ () C:\Users\Dorota\Desktop\archiwum_tab_a_2014 (1).xls 2015-01-14 13:37 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 13:37 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 13:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 13:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 13:37 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 13:37 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 13:37 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 13:37 - 2012-10-03 17:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-07 10:17 - 2015-01-07 10:17 - 00000000 __SHD () C:\Users\Dorota\AppData\Local\EmieUserList 2015-01-07 10:17 - 2015-01-07 10:17 - 00000000 __SHD () C:\Users\Dorota\AppData\Local\EmieSiteList 2015-01-07 10:17 - 2015-01-07 10:17 - 00000000 __SHD () C:\Users\Dorota\AppData\Local\EmieBrowserModeList 2014-12-30 14:54 - 2014-12-30 14:54 - 00000000 ____D () C:\Users\Dorota\AppData\Roaming\Infor PL 2014-12-30 14:49 - 2014-12-30 14:50 - 33470976 _____ () C:\Users\Dorota\Desktop\SetupInforOrganizerFK-2.0.msi ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 11:36 - 2009-07-14 05:34 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-29 11:36 - 2009-07-14 05:34 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-29 11:24 - 2013-04-24 08:56 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-29 11:24 - 2013-04-24 08:47 - 01218471 _____ () C:\Windows\WindowsUpdate.log 2015-01-29 11:24 - 2009-07-14 09:07 - 00687590 _____ () C:\Windows\system32\perfh015.dat 2015-01-29 11:24 - 2009-07-14 09:07 - 00131176 _____ () C:\Windows\system32\perfc015.dat 2015-01-29 11:20 - 2013-04-25 09:46 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-29 11:20 - 2013-04-24 09:13 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-29 11:20 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-28 19:30 - 2013-04-24 11:33 - 00000000 ____D () C:\Users\Dorota\Documents\Dokumenty AFi 2015-01-28 19:15 - 2013-04-24 09:13 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-28 18:48 - 2013-04-24 08:56 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-26 12:48 - 2013-04-24 08:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-26 12:48 - 2013-04-24 08:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-22 14:19 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-01-22 14:12 - 2014-05-06 14:23 - 00000000 ____D () C:\Qoobox 2015-01-22 14:07 - 2014-05-06 14:23 - 00000000 ____D () C:\Windows\erdnt 2015-01-22 14:07 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-01-22 14:00 - 2014-05-06 14:21 - 05609919 ____R (Swearware) C:\Users\Dorota\Desktop\ComboFix.exe 2015-01-22 10:57 - 2013-04-24 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formularze IPS 2015-01-22 10:57 - 2013-04-24 10:16 - 00000000 ____D () C:\Program Files\PITy 2015-01-14 18:28 - 2013-07-12 15:03 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 18:26 - 2013-05-13 14:29 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-07 15:22 - 2013-04-24 09:59 - 00000000 ____D () C:\PCB_kopia 2015-01-06 04:36 - 2013-04-24 09:12 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-30 12:44 - 2014-09-19 16:46 - 00000000 ____D () C:\Users\Dorota\Desktop\z pulpitu ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-26 12:51 ==================== End Of Log ============================