Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015 Ran by Marcin (administrator) on ANONIM on 04-06-2015 19:44:48 Running from C:\Documents and Settings\Marcin.ANONIM\Pulpit Loaded Profiles: Marcin (Available Profiles: Marcin & Ania i Grześ) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe () C:\Program Files\Faster Light\bin\utilFasterLight.exe () C:\Program Files\Faster Light\bin\FasterLight.expext.exe () C:\Program Files\Faster Light\bin\FasterLight.PurBrowse.exe () C:\Program Files\Faster Light\bin\FasterLight.BrowserAdapter.exe () C:\Program Files\Faster Light\updateFasterLight.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software) HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-07-21] (Hewlett-Packard) HKU\S-1-5-21-1935655697-115176313-1417001333-1004\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation) HKU\S-1-5-21-1935655697-115176313-1417001333-1004\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [2765256 2014-11-03] (ALLPlayer Group Ltd.) HKU\S-1-5-21-1935655697-115176313-1417001333-1004\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5182896 2014-07-23] (ALLPlayer Group Ltd.) HKU\S-1-5-21-1935655697-115176313-1417001333-1004\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-04-16] (Adobe Systems Incorporated) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Windows Search.lnk [2014-10-15] ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Windows Search.lnk [2014-10-15] ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-11-14] (AVAST Software) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141126 HKU\S-1-5-21-1935655697-115176313-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1935655697-115176313-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://rts.dsrlte.com/?m=tab&affID=na" <======= ATTENTION SearchScopes: HKU\S-1-5-21-1935655697-115176313-1417001333-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=pr_b031aad6-f2b7-47ec-a2cf-f426d4087afb&q={searchTerms} SearchScopes: HKU\S-1-5-21-1935655697-115176313-1417001333-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=pr_b031aad6-f2b7-47ec-a2cf-f426d4087afb&q={searchTerms} SearchScopes: HKU\S-1-5-21-1935655697-115176313-1417001333-1004 -> {A025AFD9-7E91-48DE-87CF-812768272A50} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=155 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1413400463046 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Marcin.ANONIM\Dane aplikacji\Mozilla\Firefox\Profiles\53dpm2s2.default FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=616_pr__alt__ddc_dsssyctab_bd_com FF DefaultSearchEngine: Yahoo! Search FF SelectedSearchEngine: Yahoo! Search FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=616_pr__alt__ddc_dsssyc_bd_com FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=616_pr__alt__ddc_dss_bd_com&p= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF SearchPlugin: C:\Documents and Settings\Marcin.ANONIM\Dane aplikacji\Mozilla\Firefox\Profiles\53dpm2s2.default\searchplugins\dsrlte.xml [2015-02-14] FF SearchPlugin: C:\Documents and Settings\Marcin.ANONIM\Dane aplikacji\Mozilla\Firefox\Profiles\53dpm2s2.default\searchplugins\search-simple.xml [2015-04-08] FF Extension: Faster Light 1.0.1 - C:\Documents and Settings\Marcin.ANONIM\Dane aplikacji\Mozilla\Firefox\Profiles\53dpm2s2.default\Extensions\{19e0dd42-6e7b-42ea-b9ce-7baf10a5320d}.xpi [2014-12-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-15] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-14] FF HKLM\...\Firefox\Extensions: [{190bc294-c8e5-471c-9466-3eb945b09542}] - C:\Program Files\Mozilla Firefox\extensions\{190bc294-c8e5-471c-9466-3eb945b09542} Chrome: ======= CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-14] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14] Opera: ======= OPR StartupUrls: "hxxp://www.gazeta.pl/0,0.html?p=170" ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software) R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation) [File not signed] R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.) R2 Update Faster Light; C:\Program Files\Faster Light\updateFasterLight.exe [466160 2015-06-04] () R2 Util Faster Light; C:\Program Files\Faster Light\bin\utilFasterLight.exe [466160 2015-06-04] () R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-14] () R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-11-14] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-14] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-14] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-14] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-14] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-14] () S3 CE3; C:\WINDOWS\System32\DRIVERS\ce3n5.sys [27164 2001-10-26] (Xircom, Inc.) R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.) R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) R1 {19e0dd42-6e7b-42ea-b9ce-7baf10a5320d}t; C:\WINDOWS\System32\drivers\{19e0dd42-6e7b-42ea-b9ce-7baf10a5320d}t.sys [55832 2014-12-07] (StdLib) R1 {26c0e773-8915-4ae2-90ba-954e6737ff14}t; C:\WINDOWS\System32\drivers\{26c0e773-8915-4ae2-90ba-954e6737ff14}t.sys [55832 2014-12-09] (StdLib) R1 {2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}t; C:\WINDOWS\System32\drivers\{2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}t.sys [55832 2014-12-30] (StdLib) R1 {442ad619-2fad-4d96-9434-49e6d1c6e280}t; C:\WINDOWS\System32\drivers\{442ad619-2fad-4d96-9434-49e6d1c6e280}t.sys [55832 2014-12-20] (StdLib) R1 {5fa86e60-a54d-4e77-b1f1-f7bc1e215749}t; C:\WINDOWS\System32\drivers\{5fa86e60-a54d-4e77-b1f1-f7bc1e215749}t.sys [55824 2015-01-30] (StdLib) R1 {82adbb5d-7d8c-4f2d-9936-53071e499858}t; C:\WINDOWS\System32\drivers\{82adbb5d-7d8c-4f2d-9936-53071e499858}t.sys [55832 2015-01-02] (StdLib) R1 {8fb4e628-35c6-4275-89be-ce3462febcc4}t; C:\WINDOWS\System32\drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}t.sys [55832 2014-12-27] (StdLib) R1 {a081059f-4e06-4f49-9a1e-4b92e171ba25}t; C:\WINDOWS\System32\drivers\{a081059f-4e06-4f49-9a1e-4b92e171ba25}t.sys [55832 2015-01-05] (StdLib) R1 {ca6b750a-d001-404b-be03-93ff7fa91d1b}t; C:\WINDOWS\System32\drivers\{ca6b750a-d001-404b-be03-93ff7fa91d1b}t.sys [55832 2014-12-14] (StdLib) R1 {d274785e-a122-4588-b510-cd4d0fe10348}t; C:\WINDOWS\System32\drivers\{d274785e-a122-4588-b510-cd4d0fe10348}t.sys [55832 2014-12-12] (StdLib) R1 {db4225e9-90b8-4ca5-99da-da423e504d3d}t; C:\WINDOWS\System32\drivers\{db4225e9-90b8-4ca5-99da-da423e504d3d}t.sys [55832 2014-12-18] (StdLib) R1 {f17a6425-9752-4042-9063-36eef24d8b77}t; C:\WINDOWS\System32\drivers\{f17a6425-9752-4042-9063-36eef24d8b77}t.sys [55832 2014-12-24] (StdLib) S1 ccnfd_1_10_0_2; system32\drivers\ccnfd_1_10_0_2.sys [X] S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath U3 pgtdrpog; \??\C:\DOCUME~1\MARCIN~1.ANO\USTAWI~1\Temp\pgtdrpog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-04 19:44 - 2015-06-04 19:45 - 00014065 _____ C:\Documents and Settings\Marcin.ANONIM\Pulpit\FRST.txt 2015-06-04 19:21 - 2015-06-04 19:21 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Hewlett-Packard 2015-06-04 19:21 - 2015-06-04 19:21 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Hewlett-Packard 2015-06-04 19:18 - 2015-06-04 19:21 - 00000000 ____D C:\Program Files\Hewlett-Packard 2015-06-04 19:18 - 2015-06-04 19:18 - 00000000 ___HD C:\Program Files\Zenographics 2015-06-04 19:18 - 2015-06-04 19:18 - 00000000 ____D C:\WINDOWS\LastGood 2015-06-04 19:18 - 2015-06-04 19:18 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\HP 2015-06-04 19:18 - 2015-06-04 19:18 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\HP 2015-06-04 19:18 - 2006-07-21 04:00 - 00574100 ____R C:\WINDOWS\system32\hp1022n.img 2015-06-04 19:18 - 2006-07-21 04:00 - 00442368 ____R () C:\WINDOWS\system32\zshp1020.exe 2015-06-04 19:18 - 2006-07-21 04:00 - 00206768 ____R C:\WINDOWS\system32\hp1022.img 2015-06-04 19:18 - 2006-07-21 04:00 - 00143360 ____R (Zenographics) C:\WINDOWS\apptune1020.exe 2015-06-04 19:18 - 2006-07-21 04:00 - 00128820 ____R C:\WINDOWS\system32\hp1020.img 2015-06-04 19:18 - 2006-07-21 04:00 - 00106496 ____R C:\WINDOWS\system32\vshp1020.dll 2015-06-04 19:18 - 2006-07-21 04:00 - 00102400 ____R (Zenographics, Inc.) C:\WINDOWS\system32\ZLhp1020.dll 2015-06-04 19:18 - 2006-07-21 04:00 - 00086016 ____R (Zenographics, Inc.) C:\WINDOWS\system32\ZSPOOL.DLL 2015-06-04 19:18 - 2006-07-21 04:00 - 00028672 ____R (Zenographics, Inc.) C:\WINDOWS\system32\zlm.dll 2015-06-04 19:18 - 2006-07-21 04:00 - 00028672 ____R (Zenographics, Inc.) C:\WINDOWS\system32\IMF32.DLL 2015-06-04 19:18 - 2006-07-21 04:00 - 00024576 ____R (Zenographics, Inc.) C:\WINDOWS\system32\ZTAG32.DLL 2015-06-04 19:18 - 2006-07-21 04:00 - 00007578 ____R C:\WINDOWS\system32\ZSHP1020.HLP 2015-06-04 19:02 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys 2015-06-04 19:02 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys 2015-06-04 15:20 - 2014-01-28 18:36 - 00380416 _____ C:\Documents and Settings\Marcin.ANONIM\Pulpit\gmer.exe 2015-06-04 15:11 - 2015-06-04 19:45 - 00000000 ____D C:\FRST 2015-06-04 14:15 - 2015-06-04 14:15 - 00370943 _____ C:\Documents and Settings\Marcin.ANONIM\Pulpit\gmer.zip 2015-06-04 14:13 - 2015-06-04 14:13 - 01147392 _____ (Farbar) C:\Documents and Settings\Marcin.ANONIM\Pulpit\FRST.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-04 19:45 - 2014-06-17 21:09 - 00000000 ____D C:\Documents and Settings\Marcin.ANONIM\Ustawienia lokalne\Temp 2015-06-04 19:44 - 2014-06-17 21:09 - 00000000 ____D C:\Documents and Settings\Marcin.ANONIM\Pulpit 2015-06-04 19:21 - 2014-06-17 22:51 - 00872193 _____ C:\WINDOWS\setupapi.log 2015-06-04 19:21 - 2014-06-17 22:51 - 00000000 ___RD C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2015-06-04 19:21 - 2014-06-17 22:51 - 00000000 ___RD C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2015-06-04 19:13 - 2014-10-15 19:56 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-06-04 18:51 - 2014-12-06 15:52 - 00000000 ____D C:\Program Files\Faster Light 2015-06-04 18:51 - 2008-04-15 14:00 - 00000705 _____ C:\WINDOWS\win.ini 2015-06-04 14:05 - 2014-06-17 21:01 - 01601896 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-04 13:59 - 2014-10-25 07:53 - 00000000 ____D C:\Documents and Settings\Ania i Grześ\Moje dokumenty\Pobrane 2015-06-04 13:58 - 2014-10-15 19:34 - 00000000 ___RD C:\Documents and Settings\Ania i Grześ\Moje dokumenty 2015-06-04 13:47 - 2014-11-28 20:01 - 00000000 ____D C:\Program Files\Steam 2015-06-04 13:47 - 2014-11-14 21:26 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-06-04 13:46 - 2014-10-11 08:02 - 00000224 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-06-04 13:46 - 2014-06-17 21:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-04 13:46 - 2008-04-15 14:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl 2015-05-31 11:16 - 2014-10-15 19:34 - 00000292 ___SH C:\Documents and Settings\Ania i Grześ\ntuser.ini 2015-05-31 11:16 - 2014-06-17 21:08 - 00032408 _____ C:\WINDOWS\SchedLgU.Txt 2015-05-31 11:15 - 2014-10-15 19:34 - 00000000 ____D C:\Documents and Settings\Ania i Grześ\Ustawienia lokalne\Temp 2015-05-23 11:05 - 2014-10-13 10:11 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-05-23 11:00 - 2014-10-13 10:11 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-05-17 10:58 - 2015-04-14 16:51 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Files in the root of some directories ======= 2015-04-14 16:01 - 2015-04-14 16:01 - 0004608 _____ () C:\Documents and Settings\Marcin.ANONIM\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-15 22:54 - 2014-10-15 22:54 - 0000138 _____ () C:\Documents and Settings\Marcin.ANONIM\Ustawienia lokalne\Dane aplikacji\fusioncache.dat Some files in TEMP: ==================== C:\Documents and Settings\Marcin.ANONIM\Ustawienia lokalne\Temp\res.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================