Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by admin (administrator) on ADMIN-PC on 03-10-2013 11:21:27 Running from H:\wirusy Microsoft® Windows Vista™ Business Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\STacSV.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\aestsrv.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Program Files\iPlus\iPlusManager.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [nwiz] - nwiz.exe /installquiet HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-10] (IDT, Inc.) HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM\...\Run: [iPlusManager] - C:\Program Files\iPlus\iPlusChecker.exe [468288 2010-11-26] () HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.) HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [663552 2007-03-12] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2007-01-26] (Brother Industries, Ltd.) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-23] (Google Inc.) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () BootExecute: autocheck autochk /p \??\I:autocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Savensharee - {670BA3DF-57B2-1B12-10E5-BBCB35590E6B} - C:\ProgramData\Savensharee\9asrfx.dll () BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 217.116.104.104 217.116.100.100 Tcpip\..\Interfaces\{BA17342A-C7DA-41D0-BDD7-C813D1787E8B}: [NameServer]192.168.1.1,192.168.1.2 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR StartMenuInternet: Google Chrome - C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation) R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2010-03-24] (Broadcom Corporation) R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2010-03-24] (Broadcom Corporation) S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\STacSV.exe [229458 2010-03-10] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== R3 CCIDFILTER; C:\Windows\System32\DRIVERS\ccidflt.SYS [12840 2009-11-03] (Broadcom Corporation) R0 CLFS; C:\Windows\System32\CLFS.sys [247352 2008-01-21] (Microsoft Corporation) R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-11-03] (Broadcom Corporation) R3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [6680064 2010-07-14] (Intel Corporation) R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) R3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] U3 mbr; \??\C:\Users\admin\AppData\Local\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-03 11:20 - 2013-10-03 11:20 - 00000000 ____D C:\FRST 2013-10-03 11:16 - 2013-10-03 11:19 - 01087213 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe 2013-10-03 09:54 - 2013-10-03 09:57 - 01954124 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe 2013-10-03 03:18 - 2013-10-03 03:36 - 00026247 _____ C:\Users\admin\Desktop\baska.odt 2013-10-03 02:21 - 2013-10-03 02:21 - 00011860 _____ C:\ComboFix.txt 2013-10-03 02:19 - 2013-10-03 09:46 - 00018470 _____ C:\Windows\WindowsUpdate.log 2013-10-03 02:15 - 2013-10-03 02:15 - 00000546 _____ C:\Windows\PFRO.log 2013-10-03 02:05 - 2013-10-03 02:21 - 00000000 ____D C:\ComboFix 2013-10-03 02:05 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-03 02:05 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-03 02:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-03 02:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-03 02:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-03 02:05 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-03 02:05 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-03 02:05 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-02 23:29 - 2013-10-03 01:52 - 00000118 _____ C:\Users\admin\Desktop\Antivirus Security Pro support.url 2013-09-25 20:45 - 2013-09-25 20:45 - 09199412 _____ C:\Users\admin\Downloads\rezyjemystatushibernacja.zip 2013-09-20 18:30 - 2013-09-20 18:30 - 00203823 _____ C:\Users\admin\Downloads\Polbruk Petra 1.zip 2013-09-20 15:40 - 2013-09-20 15:57 - 01868991 _____ C:\Users\admin\Downloads\vds75.zip 2013-09-17 17:00 - 2013-09-19 11:56 - 00000000 ____D C:\ProgramData\Savensharee 2013-09-17 16:59 - 2013-09-17 16:59 - 00000000 ____D C:\ProgramData\SummerSoft 2013-09-17 16:58 - 2013-09-17 17:00 - 00000000 ____D C:\ProgramData\InstallMate 2013-09-17 16:57 - 2013-09-17 16:58 - 00321720 _____ (SummerSoft) C:\Users\admin\Downloads\Masha.i.niedzwiedz.02 diakonfrost.avi.exe 2013-09-13 13:11 - 2013-10-03 02:21 - 00000000 ____D C:\Qoobox 2013-09-13 13:10 - 2013-10-03 02:15 - 00000000 ____D C:\Windows\erdnt 2013-09-13 11:41 - 2013-09-13 13:06 - 00000004 _____ C:\Users\admin\AppData\Roaming\settings.ini 2013-09-12 09:33 - 2013-09-12 09:39 - 05497908 _____ C:\Users\admin\Downloads\AdobeFanHeitiStd-Bold.otf 2013-09-11 10:39 - 2013-09-11 10:39 - 00034037 _____ C:\Users\admin\Downloads\zeyada.zip 2013-09-11 10:37 - 2013-09-11 10:37 - 00077205 _____ C:\Users\admin\Downloads\miodrag.zip 2013-09-11 10:37 - 2013-09-11 10:37 - 00014956 _____ C:\Users\admin\Downloads\bart_handschrift.zip 2013-09-10 13:06 - 2013-09-10 14:32 - 00000000 ____D C:\Users\admin\Desktop\warzywa 2013-09-03 09:52 - 2013-09-17 11:29 - 00000000 ____D C:\Users\admin\Desktop\kopp ==================== One Month Modified Files and Folders ======= 2013-10-03 11:20 - 2013-10-03 11:20 - 00000000 ____D C:\FRST 2013-10-03 11:19 - 2013-10-03 11:16 - 01087213 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe 2013-10-03 10:45 - 2007-03-07 10:07 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211883320-545247881-625460645-1000UA.job 2013-10-03 10:45 - 2007-03-07 10:07 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211883320-545247881-625460645-1000Core.job 2013-10-03 10:35 - 2006-11-02 14:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-03 10:35 - 2006-11-02 14:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-03 10:30 - 2011-11-23 21:51 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-03 10:30 - 2011-11-23 21:51 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-03 09:57 - 2013-10-03 09:54 - 01954124 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe 2013-10-03 09:46 - 2013-10-03 02:19 - 00018470 _____ C:\Windows\WindowsUpdate.log 2013-10-03 09:34 - 2011-11-15 15:00 - 00031877 _____ C:\ProgramData\nvModes.dat 2013-10-03 09:34 - 2011-11-15 15:00 - 00031877 _____ C:\ProgramData\nvModes.001 2013-10-03 03:36 - 2013-10-03 03:18 - 00026247 _____ C:\Users\admin\Desktop\baska.odt 2013-10-03 03:19 - 2007-03-07 10:25 - 00002042 _____ C:\Users\admin\Desktop\Google Chrome.lnk 2013-10-03 02:21 - 2013-10-03 02:21 - 00011860 _____ C:\ComboFix.txt 2013-10-03 02:21 - 2013-10-03 02:05 - 00000000 ____D C:\ComboFix 2013-10-03 02:21 - 2013-09-13 13:11 - 00000000 ____D C:\Qoobox 2013-10-03 02:16 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-10-03 02:15 - 2013-10-03 02:15 - 00000546 _____ C:\Windows\PFRO.log 2013-10-03 02:15 - 2013-09-13 13:10 - 00000000 ____D C:\Windows\erdnt 2013-10-03 02:15 - 2006-11-02 15:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-03 02:15 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-03 01:52 - 2013-10-02 23:29 - 00000118 _____ C:\Users\admin\Desktop\Antivirus Security Pro support.url 2013-10-02 23:23 - 2011-11-23 21:50 - 00000000 ____D C:\Users\admin\AppData\Local\Google 2013-10-02 23:23 - 2011-11-23 21:50 - 00000000 ____D C:\Program Files\Google 2013-10-01 14:38 - 2002-09-10 14:41 - 00000116 _____ C:\Windows\NeroDigital.ini 2013-10-01 08:29 - 2012-09-22 14:18 - 00000119 _____ C:\Users\admin\AppData\default.pls 2013-10-01 08:28 - 2012-09-22 14:19 - 00000000 _____ C:\dump_dvd.vob 2013-09-29 16:11 - 2008-01-21 08:23 - 01469036 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-29 16:11 - 2008-01-21 08:22 - 00662112 _____ C:\Windows\system32\perfh015.dat 2013-09-29 16:11 - 2008-01-21 08:22 - 00126908 _____ C:\Windows\system32\perfc015.dat 2013-09-27 21:34 - 2011-12-29 00:17 - 00070656 _____ C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-25 20:45 - 2013-09-25 20:45 - 09199412 _____ C:\Users\admin\Downloads\rezyjemystatushibernacja.zip 2013-09-25 16:10 - 2013-04-17 12:22 - 00000000 ____D C:\Users\admin\Desktop\ARTUR dzialalnosc 2013-09-24 09:38 - 2000-03-19 20:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\FileZilla 2013-09-23 13:26 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\LogFiles 2013-09-20 18:30 - 2013-09-20 18:30 - 00203823 _____ C:\Users\admin\Downloads\Polbruk Petra 1.zip 2013-09-20 15:57 - 2013-09-20 15:40 - 01868991 _____ C:\Users\admin\Downloads\vds75.zip 2013-09-20 11:15 - 2012-11-12 16:47 - 00000000 ____D C:\Users\admin\Desktop\spa 2013-09-19 11:56 - 2013-09-17 17:00 - 00000000 ____D C:\ProgramData\Savensharee 2013-09-17 17:00 - 2013-09-17 16:58 - 00000000 ____D C:\ProgramData\InstallMate 2013-09-17 16:59 - 2013-09-17 16:59 - 00000000 ____D C:\ProgramData\SummerSoft 2013-09-17 16:58 - 2013-09-17 16:57 - 00321720 _____ (SummerSoft) C:\Users\admin\Downloads\Masha.i.niedzwiedz.02 diakonfrost.avi.exe 2013-09-17 11:29 - 2013-09-03 09:52 - 00000000 ____D C:\Users\admin\Desktop\kopp 2013-09-15 12:56 - 2011-11-15 10:26 - 00000680 _____ C:\Users\admin\AppData\Local\d3d9caps.dat 2013-09-13 13:18 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-09-13 13:06 - 2013-09-13 11:41 - 00000004 _____ C:\Users\admin\AppData\Roaming\settings.ini 2013-09-12 11:34 - 2002-09-15 11:41 - 00000151 _____ C:\Windows\PhotoSnapViewer.INI 2013-09-12 09:39 - 2013-09-12 09:33 - 05497908 _____ C:\Users\admin\Downloads\AdobeFanHeitiStd-Bold.otf 2013-09-11 10:39 - 2013-09-11 10:39 - 00034037 _____ C:\Users\admin\Downloads\zeyada.zip 2013-09-11 10:37 - 2013-09-11 10:37 - 00077205 _____ C:\Users\admin\Downloads\miodrag.zip 2013-09-11 10:37 - 2013-09-11 10:37 - 00014956 _____ C:\Users\admin\Downloads\bart_handschrift.zip 2013-09-10 14:32 - 2013-09-10 13:06 - 00000000 ____D C:\Users\admin\Desktop\warzywa 2013-09-06 17:11 - 2013-02-14 15:16 - 00000000 ____D C:\Users\admin\Desktop\NoTextures Files to move or delete: ==================== C:\Users\admin\AppData\Roaming\settings.ini C:\Users\admin\AppData\Roaming\i.ini ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-03 02:22 ==================== End Of Log ============================