Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014 Ran by ad (administrator) on OPTIMUS on 06-06-2014 12:14:37 Running from C:\Users\ad\Favorites\Desktop\fix Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Safe Mode (minimal) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe () C:\Program Files\Lexmark S300-S400 Series\ezprint.exe () C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\System32\mmc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Users\ad\Favorites\Desktop\Nowy folder\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [lxeamon.exe] => C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-24] () HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-24] () HKLM\...\Run: [CryptoCard Suite Cert Monitor] => C:\Program Files\CryptoTech\CryptoCard\CCMonitor.exe [524800 2012-05-08] () HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-05-29] (SweetIM Technologies Ltd.) HKLM\...\Run: [Sweetpacks Communicator] => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4915200 2008-02-13] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3853803772-3165243653-2453907892-1001\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path) HKU\S-1-5-21-3853803772-3165243653-2453907892-1001\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited) HKU\S-1-5-21-3853803772-3165243653-2453907892-1001\...\Run: [LiveSupport] => "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log HKU\S-1-5-21-3853803772-3165243653-2453907892-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3853803772-3165243653-2453907892-1001\...\MountPoints2: {309c4fff-9bdd-11e3-8bca-806e6f6e6963} - E:\program.exe HKU\S-1-5-21-3853803772-3165243653-2453907892-1001\...\MountPoints2: {44c52ef7-e34d-11e0-80b3-0021850f925a} - K:\LaunchU3.exe -a HKU\S-1-5-21-3853803772-3165243653-2453907892-1001\...\MountPoints2: {70563b13-b99c-11dd-a3e9-0021850f925a} - J:\USBNB.exe HKU\S-1-5-21-3853803772-3165243653-2453907892-1001\...\MountPoints2: {d81b99b2-b994-11dd-a90f-806e6f6e6963} - Y:\Start.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bszgierz.pl/#&panel1-1 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://ebank.bankbps.pl/bpswarszawa_k https://www.pf.bgz.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=2.03001.103002&st=12&barid={7587E1B6-2B98-49B3-8912-85EDE59405DC} SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=2.03001.103002&st=12&q={searchTerms}&barid={7587E1B6-2B98-49B3-8912-85EDE59405DC} SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=2.03001.103002&st=12&q={searchTerms}&barid={7587E1B6-2B98-49B3-8912-85EDE59405DC} SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid=&&st=23 SearchScopes: HKCU - {04AE1514-79BF-4FB2-8A44-8A20821043B8} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid=&&st=23 BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: SallesMagnet - {5FCE0159-8827-35B6-4779-72D2937FCDFD} - C:\ProgramData\SallesMagnet\BQi.dll () BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: ClickFOrSale - {7F9797D2-4476-F472-135F-89155B37AB64} - C:\ProgramData\ClickFOrSale\q.dll () BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) BHO: tuoPbuyer - {C22F22FA-C133-5BB2-CAF2-7548197C1AD8} - C:\ProgramData\tuoPbuyer\mY.dll () BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Krajowa Izba Rozliczeniowa S.A\SZAFIR 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) Toolbar: HKLM - Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) Toolbar: HKCU - Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) Tcpip\..\Interfaces\{EAD5250C-45C2-40AB-89D0-C34867372F85}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default FF NewTab: hxxp://home.sweetim.com/?barid=&src=97&&st=23 FF DefaultSearchEngine: SweetIM Search FF SelectedSearchEngine: SweetIM Search FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=6&barid=&&st=23&q= FF NetworkProxy: "type", 0 FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default\searchplugins\MyStart Search.xml FF SearchPlugin: C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default\searchplugins\MyStart.xml FF SearchPlugin: C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default\searchplugins\SweetIM Search.xml FF SearchPlugin: C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default\searchplugins\sweetim.xml FF Extension: ClickiForuSaloe - C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default\Extensions\a-8k@eeeshdcqdjmsw.com [2014-05-21] FF Extension: ToopDeall - C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default\Extensions\bvvcwsqadvm@h-tz.org [2014-03-24] FF Extension: LuckyCOuPon - C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default\Extensions\iau6sw@djsyachf.co.uk [2014-03-31] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012-09-28] FF Extension: Microsoft .NET Framework Assistant - C:\Users\ad\AppData\Roaming\Mozilla\Firefox\Profiles\bubsbde0.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-03-21] FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2014-02-22] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR Extension: (Widget context) - C:\Users\ad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-03-17] CHR HKLM\...\Chrome\Extension: [ljlbhjeioccdadoagmkjknpdkcdoloog] - C:\Users\ad\AppData\Local\Razoss\Application\googlechrome\razoss.crx [2014-03-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= S2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-03] () S2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2008-04-23] (FirebirdSQL Project) S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2015232 2008-04-23] (FirebirdSQL Project) S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1863984 2014-04-07] () S4 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [193192 2010-04-14] (Lexmark International, Inc.) S4 lxea_device; C:\Windows\system32\lxeacoms.exe [598696 2010-04-14] ( ) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S2 MSSQL$PLATNIK2005; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S2 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S2 TeamViewer5; C:\Users\ad\AppData\Local\Temp\TeamViewer\Version5\TeamViewer_Service.exe [173352 2010-04-16] (TeamViewer GmbH) S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation) S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X] S4 szserver; C:\Program Files\STOPzilla!\SZServer.exe [X] ==================== Drivers (Whitelisted) ==================== S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [119040 2011-09-06] (HID Global Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X] S3 GEARAspiWDM; System32\Drivers\GEARAspiWDM.sys [X] S3 gfiark; system32\drivers\gfiark.sys [X] S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S0 is3srv; system32\drivers\is3srv.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 pcrwevos; \??\C:\Windows\system32\drivers\pcrwevos.sys [X] S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] S0 szkg5; system32\DRIVERS\szkg.sys [X] S0 szkgfs; system32\drivers\szkgfs.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 12:14 - 2014-06-06 12:14 - 00000000 ____D () C:\FRST 2014-06-05 09:07 - 2014-06-05 09:07 - 00006934 _____ () C:\Windows\system32\PerfStringBackup.TMP 2014-05-21 08:20 - 2014-05-21 08:21 - 00000000 ____D () C:\ProgramData\SallesMagnet 2014-05-16 08:27 - 2014-05-16 08:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-16 08:13 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-16 08:12 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-16 08:12 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 08:17 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-12 09:45 - 2014-05-12 09:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-06-06 12:14 - 2014-06-06 12:14 - 00000000 ____D () C:\FRST 2014-06-06 12:14 - 2008-11-23 21:54 - 00000000 ____D () C:\Users\ad\AppData\Local\Temp 2014-06-06 12:10 - 2012-06-25 13:29 - 00013963 _____ () C:\ProgramData\lxea.log 2014-06-06 12:10 - 2011-08-29 20:43 - 00156386 _____ () C:\ProgramData\lxeascan.log 2014-06-06 11:13 - 2008-11-23 21:31 - 01691426 _____ () C:\Windows\WindowsUpdate.log 2014-06-06 10:58 - 2011-05-20 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.0 2014-06-06 10:53 - 2011-07-20 14:08 - 00000000 ____D () C:\Users\ad\AppData\Roaming\TeamViewer 2014-06-05 15:50 - 2005-07-27 00:11 - 00097315 _____ () C:\Windows\system32\SQLServerManager.msc 2014-06-05 13:55 - 2012-03-06 13:56 - 02599845 _____ () C:\Users\ad\keylog.log 2014-06-05 13:35 - 2010-01-26 09:25 - 00000073 _____ () C:\Users\ad\AppData\default.pls 2014-06-05 11:26 - 2008-08-29 13:43 - 00000000 ____D () C:\Users\Optimus\AppData\Local\Temp 2014-06-05 09:07 - 2014-06-05 09:07 - 00006934 _____ () C:\Windows\system32\PerfStringBackup.TMP 2014-06-05 09:07 - 2008-01-21 08:20 - 00807910 _____ () C:\Windows\system32\perfh015.dat 2014-06-05 09:07 - 2008-01-21 08:20 - 00185202 _____ () C:\Windows\system32\perfc015.dat 2014-06-04 16:08 - 2006-11-02 14:58 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-04 16:08 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-04 16:08 - 2006-11-02 14:45 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-04 16:08 - 2006-11-02 14:45 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-04 08:23 - 2010-03-29 08:15 - 01831196 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-30 08:32 - 2013-03-15 11:14 - 00000000 ____D () C:\Users\ad\Documents\Moje zeskanowane obrazy 2014-05-30 08:16 - 2012-05-24 09:05 - 00000000 ____D () C:\Users\ad\AppData\Local\CrashDumps 2014-05-21 08:21 - 2014-05-21 08:20 - 00000000 ____D () C:\ProgramData\SallesMagnet 2014-05-21 08:21 - 2014-03-24 09:39 - 00000000 ____D () C:\ProgramData\19771f7fe4d8ae1 2014-05-19 09:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-19 08:10 - 2011-08-29 20:53 - 00000000 ____D () C:\ProgramData\Lx_cats 2014-05-16 08:28 - 2008-08-29 14:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-16 08:27 - 2014-05-16 08:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-13 08:03 - 2014-03-21 14:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-12 09:46 - 2014-05-12 09:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox ZeroAccess: C:\Users\ad\AppData\Local\Google\Desktop\Install Files to move or delete: ==================== C:\Users\ad\AdbeRdr910_pl_PL.exe C:\Users\ad\disktoken.dll C:\Users\ad\token.dll Some content of TEMP: ==================== C:\Users\ad\AppData\Local\Temp\7z921.exe C:\Users\ad\AppData\Local\Temp\gkc.exe C:\Users\ad\AppData\Local\Temp\InstHelper.exe C:\Users\ad\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\ad\AppData\Local\Temp\OptimizerPro.exe C:\Users\ad\AppData\Local\Temp\Pit2013_7.0.21.52.exe C:\Users\ad\AppData\Local\Temp\SHSetup.exe C:\Users\ad\AppData\Local\Temp\_is7637.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-06 11:18 ==================== End Of Log ============================