Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01 Ran by Jarek i Ela (administrator) on JAREKIELA-PC on 26-11-2013 22:27:09 Running from C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\Nowy folder Windows Vista (TM) Home Basic Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Could not list processes =============== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files\STOPzilla!\sbrc.exe [201608 2013-11-19] (GFI Software) HKCU\...\Run: [Mobile Partner] - C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe [114688 2010-01-12] () HKCU\...\Run: [Gadu-Gadu] - C:\Program Files\Gadu-Gadu\gg.exe [2396160 2006-02-17] (Gadu-Gadu Sp. z oo) HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA) HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA) HKU\Jarek i Ela\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Jarek i Ela\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{91DC16E0-4E4E-43AB-9DE8-B2270F131CC6}: [NameServer]89.108.202.20 89.108.195.20 FireFox: ======== FF ProfilePath: C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tq63o6br.default FF user.js: detected! => C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tq63o6br.default\user.js FF Plugin: @java.com/DTPlugin,version=10.4.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: BonanzaDeals - C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tq63o6br.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 ========================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) S3 GAPNVWQKS; C:\Users\JAREKI~1.JAR\AppData\Local\Temp\GAPNVWQKS.exe [416640 2013-11-25] (Sysinternals - www.sysinternals.com) S3 MAODQ; C:\Users\JAREKI~1.JAR\AppData\Local\Temp\MAODQ.exe [445312 2013-11-25] (Sysinternals - www.sysinternals.com) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () R2 szserver; c:\Program Files\STOPzilla!\SZServer.exe [57136 2013-11-19] (iS3, Inc.) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) S4 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] S4 BTOA; C:\Users\JAREKI~1.JAR\AppData\Local\Temp\BTOA.exe [x] ==================== Drivers (Whitelisted) ==================== S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] () R0 DwProt; C:\Windows\System32\drivers\dwprot.sys [135032 2011-01-21] (Doctor Web, Ltd.) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET) R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) S0 is3srv; C:\Windows\System32\drivers\is3srv.sys [61328 2013-11-19] (iS3 Inc.) S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-03-11] (MCCI) S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-03-11] (MCCI) S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-03-11] (MCCI) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2013-11-19] (GFI Software) S3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2007-08-09] (Symantec Corporation) R0 szkg5; C:\Windows\System32\DRIVERS\szkg.sys [61328 2013-11-19] (iS3 Inc.) R3 UVCFTR; C:\Windows\System32\DRIVERS\UVCFTR_S.SYS [17712 2007-01-26] (Chicony Electronics Co., Ltd.) R0 z9fahttb; C:\Windows\System32\Drivers\z9fahttb.sys [70024 2013-11-25] (VirusBlokAda Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S2 Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [x] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x] S3 MEMSWEEP2; \??\C:\Windows\system32\337E.tmp [x] U4 Messenger; S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [x] S0 szkgfs; system32\drivers\szkgfs.sys [x] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-26 22:26 - 2013-11-26 22:26 - 00000000 ____D C:\FRST 2013-11-26 22:25 - 2013-11-26 22:25 - 00000472 _____ C:\Windows\system32\Drivers\kgpcpy.cfg 2013-11-26 22:21 - 2013-11-26 22:22 - 00139016 _____ C:\Windows\Minidump\Mini112613-01.dmp 2013-11-26 22:20 - 2013-11-26 22:21 - 316607357 _____ C:\Windows\MEMORY.DMP 2013-11-26 22:17 - 2013-11-26 22:17 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Avg2013 2013-11-26 21:59 - 2013-11-26 22:27 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\Nowy folder 2013-11-26 15:29 - 2013-11-26 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-26 15:29 - 2013-11-26 15:29 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-11-26 11:54 - 2013-11-26 11:54 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Adobe 2013-11-26 11:45 - 2013-11-19 14:15 - 00066344 ____R (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys 2013-11-26 11:45 - 2013-11-19 14:15 - 00044424 ____R (GFI Software) C:\Windows\system32\SBBD.EXE 2013-11-26 11:45 - 2013-11-19 14:15 - 00022064 ____R (GFI Software) C:\Windows\system32\Drivers\sbaphd.sys 2013-11-25 21:30 - 2013-11-25 21:30 - 00070024 _____ (VirusBlokAda Ltd.) C:\Windows\system32\Drivers\z9fahttb.sys 2013-11-19 14:15 - 2013-11-19 14:15 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\SZKG.sys 2013-11-19 14:15 - 2013-11-19 14:15 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\is3srv.sys 2013-11-08 20:52 - 2013-11-08 20:58 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\WOJTUŚ listopad 2013r 2013-11-05 19:36 - 2013-11-05 19:36 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Nowy folder 2013-11-04 23:04 - 2013-11-04 23:04 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Downloads\Microsoft.Windows.Vista.x86.sp2.pl.melkor 2013-11-02 21:42 - 2013-11-04 17:17 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\TECZKA MIANOWANEGO 2013-11-02 09:39 - 2013-11-02 09:39 - 00007668 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\RKREVEAL150.SYS 2013-10-30 12:29 - 2013-10-30 12:29 - 00000763 _____ C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-10-30 12:27 - 2013-11-10 23:44 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\uTorrent 2013-10-30 11:49 - 2013-10-30 11:48 - 01141328 _____ (BitTorrent Inc.) C:\Users\Jarek i Ela.JarekiEla-PC\Downloads\utorrent(dobreprogramy.pl).exe ==================== One Month Modified Files and Folders ======= 2013-11-26 22:28 - 2013-10-25 14:42 - 00000000 ____D C:\ProgramData\STOPzilla! 2013-11-26 22:27 - 2013-11-26 21:59 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\Nowy folder 2013-11-26 22:27 - 2012-04-15 10:03 - 00928238 _____ C:\Windows\WindowsUpdate.log 2013-11-26 22:26 - 2013-11-26 22:26 - 00000000 ____D C:\FRST 2013-11-26 22:25 - 2013-11-26 22:25 - 00000472 _____ C:\Windows\system32\Drivers\kgpcpy.cfg 2013-11-26 22:23 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\tracing 2013-11-26 22:22 - 2013-11-26 22:21 - 00139016 _____ C:\Windows\Minidump\Mini112613-01.dmp 2013-11-26 22:22 - 2009-05-20 16:24 - 00002816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-26 22:22 - 2009-05-20 16:24 - 00002816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-26 22:21 - 2013-11-26 22:20 - 316607357 _____ C:\Windows\MEMORY.DMP 2013-11-26 22:21 - 2009-01-30 14:51 - 00000000 ____D C:\Windows\Minidump 2013-11-26 22:20 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-26 22:17 - 2013-11-26 22:17 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Avg2013 2013-11-26 21:03 - 2011-03-25 18:48 - 00000000 ____D C:\ProgramData\MFAData 2013-11-26 16:11 - 2013-11-26 15:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-26 15:29 - 2013-11-26 15:29 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-11-26 15:27 - 2012-01-02 19:39 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-26 11:54 - 2013-11-26 11:54 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Adobe 2013-11-26 11:50 - 2013-10-25 14:42 - 00000000 ____D C:\Program Files\STOPzilla! 2013-11-26 11:18 - 2006-12-05 06:19 - 00677982 _____ C:\Windows\system32\perfh015.dat 2013-11-26 11:18 - 2006-12-05 06:19 - 00135002 _____ C:\Windows\system32\perfc015.dat 2013-11-26 11:18 - 2006-11-02 11:33 - 01514662 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-25 21:30 - 2013-11-25 21:30 - 00070024 _____ (VirusBlokAda Ltd.) C:\Windows\system32\Drivers\z9fahttb.sys 2013-11-25 21:20 - 2013-10-26 18:15 - 00000000 ____D C:\AdwCleaner 2013-11-20 19:29 - 2013-09-11 15:42 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\PLANY WYNIKOWE 2013R 2013-11-19 14:15 - 2013-11-26 11:45 - 00066344 ____R (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys 2013-11-19 14:15 - 2013-11-26 11:45 - 00044424 ____R (GFI Software) C:\Windows\system32\SBBD.EXE 2013-11-19 14:15 - 2013-11-26 11:45 - 00022064 ____R (GFI Software) C:\Windows\system32\Drivers\sbaphd.sys 2013-11-19 14:15 - 2013-11-19 14:15 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\SZKG.sys 2013-11-19 14:15 - 2013-11-19 14:15 - 00061328 ____R (iS3 Inc.) C:\Windows\system32\Drivers\is3srv.sys 2013-11-18 22:18 - 2006-11-02 13:58 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-15 03:11 - 2013-08-16 14:40 - 00000000 ____D C:\Windows\system32\MRT 2013-11-15 03:06 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-11-11 17:58 - 2007-08-06 19:44 - 00068608 _____ C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-10 23:44 - 2013-10-30 12:27 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\uTorrent 2013-11-08 20:58 - 2013-11-08 20:52 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\WOJTUŚ listopad 2013r 2013-11-08 20:13 - 2011-03-25 20:31 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\Media Player Classic 2013-11-05 19:36 - 2013-11-05 19:36 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Nowy folder 2013-11-05 19:36 - 2007-08-06 19:39 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC 2013-11-05 17:07 - 2007-03-15 10:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-11-04 23:08 - 2011-03-25 20:27 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Google 2013-11-04 23:04 - 2013-11-04 23:04 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Downloads\Microsoft.Windows.Vista.x86.sp2.pl.melkor 2013-11-04 17:17 - 2013-11-02 21:42 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\TECZKA MIANOWANEGO 2013-11-02 21:21 - 2013-02-16 14:52 - 00000000 ____D C:\Users\Jarek i Ela.JarekiEla-PC\Desktop\CV ELA I JAREK 2013-11-02 09:39 - 2013-11-02 09:39 - 00007668 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\RKREVEAL150.SYS 2013-10-30 12:29 - 2013-10-30 12:29 - 00000763 _____ C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-10-30 11:48 - 2013-10-30 11:49 - 01141328 _____ (BitTorrent Inc.) C:\Users\Jarek i Ela.JarekiEla-PC\Downloads\utorrent(dobreprogramy.pl).exe 2013-10-27 21:38 - 2012-04-08 19:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-27 21:38 - 2012-04-08 19:40 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-27 21:38 - 2011-10-09 07:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\ezsid.dat C:\Windows\Tasks\{DD552472-A185-4a0c-AC58-90AA40E9E26A}.job Some content of TEMP: ==================== C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Temp\GAPNVWQKS.exe C:\Users\Jarek i Ela.JarekiEla-PC\AppData\Local\Temp\MAODQ.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit