Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 Ran by weronika (administrator) on WERONIKA-PC on 01-06-2014 16:29:47 Running from C:\Users\weronika\Desktop\BEZPIECZENSTWO Platform: Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe () C:\Windows\System32\WLTRYSVC.EXE (Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Lexmark International, Inc.) C:\Windows\System32\spool\drivers\w32x86\3\lxdeserv.exe ( ) C:\Windows\System32\lxdecoms.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-04-04] (Sun Microsystems, Inc.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-08] (AVAST Software) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-392944919-3480735444-3123389750-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-392944919-3480735444-3123389750-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware) HKU\S-1-5-21-392944919-3480735444-3123389750-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-21-392944919-3480735444-3123389750-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1 HKU\S-1-5-21-392944919-3480735444-3123389750-1000\...\MountPoints2: {1b9fd1f7-d877-11de-a659-002219e21dcf} - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\SYS83.exe HKU\S-1-5-21-392944919-3480735444-3123389750-1000\...\MountPoints2: {a37e2f21-d31f-11e1-9d3b-002219e21dcf} - F:\Install.exe HKU\S-1-5-21-392944919-3480735444-3123389750-1000\...\MountPoints2: {d1e3d435-7637-11df-b357-002219e21dcf} - F:\SLATKO/torta.exe HKU\S-1-5-21-392944919-3480735444-3123389750-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2927104 2009-04-04] (Microsoft Corporation) <==== ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad SearchScopes: HKCU - DefaultScope {B492C9AE-E581-4285-B9D8-B5E9410428C7} URL = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7MERD_plPL503 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {B492C9AE-E581-4285-B9D8-B5E9410428C7} URL = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7MERD_plPL503 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - &Tłumaczenie - {2F7DB8D7-9BE7-4666-901E-F380555BCAC7} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll (Techland) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\weronika\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-08-08] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-08] ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] (SUPERAntiSpyware.com) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-22] (Andrea Electronics Corporation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-08] (AVAST Software) R2 lxdeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [99248 2007-05-29] (Lexmark International, Inc.) R2 lxde_device; C:\Windows\system32\lxdecoms.exe [598960 2007-05-29] ( ) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-22] (IDT, Inc.) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-08] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-11-08] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-08] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2014-04-15] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-11-08] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-11-08] () R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation) R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-07-28] (ITE Tech. Inc. ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-06-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133472 2009-01-19] (Creative Technology Ltd.) R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [279488 2009-01-19] (Creative Technology Ltd.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-01 16:29 - 2014-06-01 16:29 - 00000000 ____D () C:\FRST 2014-06-01 16:13 - 2014-06-01 16:29 - 00000000 ____D () C:\Users\weronika\Desktop\BEZPIECZENSTWO 2014-06-01 15:53 - 2014-06-01 15:54 - 129830011 _____ () C:\Users\weronika\Desktop\natalia.zip 2014-06-01 14:04 - 2014-06-01 15:43 - 00000000 ____D () C:\Users\weronika\Desktop\natalia 2014-05-31 15:45 - 2014-05-31 19:11 - 23492608 _____ () C:\Users\weronika\Desktop\Rewaloryzowanie i koncepcja rewitalizacji.ppt 2014-05-31 13:45 - 2014-05-31 19:31 - 00000000 ____D () C:\Users\weronika\Desktop\logo 2014-05-31 13:01 - 2014-05-31 13:01 - 01347135 _____ () C:\Users\weronika\Desktop\Bez tytułu.psd 2014-05-29 18:00 - 2014-05-29 18:00 - 00032260 _____ () C:\Windows\ZTEInstallInfo.log 2014-05-12 16:56 - 2014-05-12 16:56 - 00000000 ____D () C:\SUPERDelete 2014-05-12 16:54 - 2014-05-12 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-05-12 16:54 - 2014-05-12 16:54 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2014-05-12 16:54 - 2014-05-12 16:54 - 00000000 ____D () C:\Users\weronika\AppData\Roaming\SUPERAntiSpyware.com 2014-05-12 16:53 - 2014-05-12 16:54 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-05-12 16:53 - 2014-05-12 16:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-05-12 16:25 - 2014-06-01 16:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-12 16:23 - 2014-05-12 16:23 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-12 16:23 - 2014-05-12 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-12 16:23 - 2014-05-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-12 16:23 - 2014-05-12 16:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-12 16:23 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 16:23 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 16:23 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 14:19 - 2014-05-15 21:14 - 00000000 ____D () C:\Users\weronika\Desktop\artykuly ==================== One Month Modified Files and Folders ======= 2014-06-01 16:30 - 2009-04-17 18:44 - 00000000 ____D () C:\Users\weronika\AppData\Local\Temp 2014-06-01 16:29 - 2014-06-01 16:29 - 00000000 ____D () C:\FRST 2014-06-01 16:29 - 2014-06-01 16:13 - 00000000 ____D () C:\Users\weronika\Desktop\BEZPIECZENSTWO 2014-06-01 16:13 - 2014-05-12 16:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-01 16:10 - 2006-11-02 14:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-01 16:10 - 2006-11-02 14:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-01 15:54 - 2014-06-01 15:53 - 129830011 _____ () C:\Users\weronika\Desktop\natalia.zip 2014-06-01 15:53 - 2012-01-07 14:12 - 01956525 _____ () C:\Windows\WindowsUpdate.log 2014-06-01 15:46 - 2012-01-06 19:15 - 00000000 ____D () C:\Weronika 2014-06-01 15:45 - 2010-02-16 20:24 - 00002651 _____ () C:\Users\weronika\Desktop\Microsoft Office Word 2003.lnk 2014-06-01 15:43 - 2014-06-01 14:04 - 00000000 ____D () C:\Users\weronika\Desktop\natalia 2014-06-01 14:11 - 2014-03-24 21:06 - 00000000 ____D () C:\Users\weronika\Desktop\ODK 4 rok, semestr zimowy 2014-06-01 14:00 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-01 12:08 - 2006-11-02 14:58 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-31 19:31 - 2014-05-31 13:45 - 00000000 ____D () C:\Users\weronika\Desktop\logo 2014-05-31 19:11 - 2014-05-31 15:45 - 23492608 _____ () C:\Users\weronika\Desktop\Rewaloryzowanie i koncepcja rewitalizacji.ppt 2014-05-31 15:45 - 2013-12-22 18:28 - 00000000 ____D () C:\Users\weronika\Desktop\AFFELT tabele 2014-05-31 13:01 - 2014-05-31 13:01 - 01347135 _____ () C:\Users\weronika\Desktop\Bez tytułu.psd 2014-05-30 16:24 - 2012-08-06 09:46 - 00144568 _____ () C:\Windows\PFRO.log 2014-05-29 18:00 - 2014-05-29 18:00 - 00032260 _____ () C:\Windows\ZTEInstallInfo.log 2014-05-29 18:00 - 2009-04-04 12:43 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-05-29 17:59 - 2012-09-24 16:47 - 00000000 ____D () C:\Program Files\Google 2014-05-29 17:58 - 2012-09-24 16:47 - 00000000 ____D () C:\Users\weronika\AppData\Local\Google 2014-05-29 17:57 - 2009-04-17 18:45 - 00000951 _____ () C:\Users\weronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-16 20:53 - 2013-09-01 12:43 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-16 20:45 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-05-15 21:14 - 2014-05-11 14:19 - 00000000 ____D () C:\Users\weronika\Desktop\artykuly 2014-05-14 20:03 - 2013-10-27 12:20 - 00000000 ____D () C:\Users\weronika\Desktop\kosciol stolarka 2014-05-12 19:33 - 2006-11-02 14:35 - 00000000 ____D () C:\Windows\DigitalLocker 2014-05-12 16:56 - 2014-05-12 16:56 - 00000000 ____D () C:\SUPERDelete 2014-05-12 16:55 - 2014-05-12 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-05-12 16:54 - 2014-05-12 16:54 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2014-05-12 16:54 - 2014-05-12 16:54 - 00000000 ____D () C:\Users\weronika\AppData\Roaming\SUPERAntiSpyware.com 2014-05-12 16:54 - 2014-05-12 16:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-05-12 16:53 - 2014-05-12 16:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-05-12 16:23 - 2014-05-12 16:23 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-12 16:23 - 2014-05-12 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-12 16:23 - 2014-05-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-12 16:23 - 2014-05-12 16:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-08 21:17 - 2014-04-14 19:51 - 00000000 ____D () C:\Users\weronika\Desktop\dekanat gniewkowski 2014-05-08 21:11 - 2008-01-21 08:21 - 00060704 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-08 21:11 - 2008-01-21 08:20 - 00057664 _____ () C:\Windows\system32\perfh015.dat 2014-05-08 21:11 - 2008-01-21 08:20 - 00015142 _____ () C:\Windows\system32\perfc015.dat 2014-05-08 20:21 - 2009-07-16 18:47 - 00000424 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{9B0967BC-2815-48C6-AD07-B0AD09069B0F}.job 2014-05-07 17:00 - 2009-04-17 20:34 - 00000000 ____D () C:\ProgramData\Lx_cats Files to move or delete: ==================== C:\Users\weronika\Silverlight.exe Some content of TEMP: ==================== C:\Users\weronika\AppData\Local\Temp\{2655FB3A-965E-415B-A819-C80C0C2D90D6}-27.0.1453.116_27.0.1453.110_chrome_updater.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-01 14:07 ==================== End Of Log ============================