Wykonałem pożądane czynności, na razie przesyłam jeszcze logi z dwóch innych komputerów. Pierwszy nie był dzisiaj użytkowany, by móc wykonać to działanie. Dwa pozostałe były skanowane bez podłączonych pendrive'ów.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by student (ATTENTION: The logged in user is not administrator) on SKLEP3 on 17-06-2015 17:00:48
Running from C:\Users\student\Desktop
Loaded Profiles: serwis & student (Available Profiles: serwis & student & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process - & gt; smss.exe
Failed to access process - & gt; csrss.exe
Failed to access process - & gt; wininit.exe
Failed to access process - & gt; csrss.exe
Failed to access process - & gt; services.exe
Failed to access process - & gt; lsass.exe
Failed to access process - & gt; lsm.exe
Failed to access process - & gt; winlogon.exe
Failed to access process - & gt; svchost.exe
Failed to access process - & gt; nvvsvc.exe
Failed to access process - & gt; nvSCPAPISvr.exe
Failed to access process - & gt; svchost.exe
Failed to access process - & gt; MsMpEng.exe
Failed to access process - & gt; atiesrxx.exe
Failed to access process - & gt; svchost.exe
Failed to access process - & gt; svchost.exe
Failed to access process - & gt; svchost.exe
Failed to access process - & gt; svchost.exe
Failed to access process - & gt; svchost.exe
Failed to access process - & gt; atieclxx.exe
Failed to access process - & gt; NvXDSync.exe
Failed to access process - & gt; nvvsvc.exe
Failed to access process - & gt; spoolsv.exe
Failed to access process - & gt; svchost.exe
Failed to access process - & gt; svchost.exe
Failed to access process - & gt; armsvc.exe
Failed to access process - & gt; Fuel.Service.exe
Failed to access process - & gt; mbamscheduler.exe
Failed to access process - & gt; mbamservice.exe
Failed to access process - & gt; nvstreamsvc.exe
Failed to access process - & gt; TeamViewer_Service.exe
Failed to access process - & gt; rundll32.exe
Failed to access process - & gt; svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
Failed to access process - & gt; nvstreamsvc.exe
Failed to access process - & gt; conhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
Failed to access process - & gt; SearchIndexer.exe
Failed to access process - & gt; wmpnetwk.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
Failed to access process - & gt; OSPPSVC.EXE
Failed to access process - & gt; SearchProtocolHost.exe
Failed to access process - & gt; SearchFilterHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] = & gt; c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] = & gt; C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [boincmgr] = & gt; C:\Program Files\BOINC\boincmgr.exe [9633776 2014-11-05] (Space Sciences Laboratory)
HKLM\...\Run: [Nvtmru] = & gt; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] = & gt; C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] = & gt; C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [boinctray] = & gt; C:\Program Files\BOINC\boinctray.exe [69616 2014-11-05] (Space Sciences Laboratory)
HKLM-x32\...\Run: [StartCCC] = & gt; C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] = & gt; C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-02-27] (Raptr, Inc)
HKLM\...\RunOnce: [LaunchWebURL] = & gt; C:\ProgramData\LaunchURL.bat [141 2015-03-06] ()
HKLM\...\RunOnce: [*Restore] = & gt; C:\Windows\System32\rstrui.exe [296960 2015-01-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] = & gt; C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\Run: [MCShield Monitor] = & gt; C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\Run: [Google Update] = & gt; C:\Users\student\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\MountPoints2: {132790c8-cc40-11e3-ae64-001fc6d8bb66} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\MountPoints2: {314c6c0c-54f8-11e4-8c25-001fc6d8bb66} - E:\LGAutoRun.exe
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\MountPoints2: {41236ace-13e3-11e5-9fd6-001fc6d8bcd4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\MountPoints2: {6ff2da7a-5f37-11e4-b9ad-001fc6d8bb66} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\MountPoints2: {92862f20-ef9a-11e3-b541-001fc6d8bb66} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\MountPoints2: {9b869473-3f6f-11e2-bd60-001fc6d8bb66} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\MountPoints2: {d9299156-0b1b-11e4-9fa4-001fc6d8bb66} - E:\usb.exe -a
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\MountPoints2: {dcdb8b99-0d9a-11e5-bf42-001fc6d8bcd4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\...\MountPoints2: {dcdb8ba5-0d9a-11e5-bf42-001fc6d8bcd4} - E:\LaunchU3.exe -a
Startup: C:\Users\student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i.lnk [2015-06-08]
ShortcutTarget: i.lnk - & gt; C:\Users\student\AppData\Roaming\obloprtvxh.exe ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] - & gt; {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = & gt; C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1668390990-2693116749-3062202487-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
URLSearchHook: [S-1-5-21-1668390990-2693116749-3062202487-1000] ATTENTION == & gt; Default URLSearchHook is missing
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-28] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7E0EB5C1-53A2-447A-BE7F-1215B36105CF}: [NameServer] 192.168.1.1,194.204.159.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - & gt; disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - & gt; C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - & gt; C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - & gt; disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - & gt; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - & gt; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1668390990-2693116749-3062202487-1004: @tools.google.com/Google Update;version=3 - & gt; C:\Users\student\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-1668390990-2693116749-3062202487-1004: @tools.google.com/Google Update;version=9 - & gt; C:\Users\student\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\student\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\student\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\student\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Google Wallet) - C:\Users\student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
StartMenuInternet: Google Chrome - C:\Users\serwis\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375728 2012-11-06] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147888 2012-11-06] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-17 17:00 - 2015-06-17 17:01 - 00015359 _____ C:\Users\student\Desktop\FRST.txt
2015-06-17 17:00 - 2015-06-17 17:00 - 00000000 ____D C:\FRST
2015-06-17 16:55 - 2015-06-17 16:55 - 03186440 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\student\Downloads\UsbFix_2015_7.957.exe
2015-06-17 16:55 - 2015-06-17 16:55 - 03186440 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\student\Desktop\UsbFix_2015_7.957.exe
2015-06-17 16:55 - 2015-06-17 16:43 - 02109952 _____ (Farbar) C:\Users\student\Desktop\FRST64.exe
2015-06-17 16:43 - 2015-06-17 16:43 - 02109952 _____ (Farbar) C:\Users\student\Downloads\FRST64.exe
2015-06-17 08:09 - 2015-06-17 08:14 - 00001380 _____ C:\Users\student\Desktop\hardcopy.log
2015-06-17 07:22 - 2015-06-17 07:22 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 07:21 - 2015-06-17 07:21 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-17 07:21 - 2015-06-17 07:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-17 07:20 - 2015-06-17 07:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-17 07:20 - 2015-06-17 07:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-17 07:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 07:20 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-17 07:20 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 10:37 - 2015-06-16 10:37 - 00000000 ____D C:\Users\student\Downloads\zalaczniki
2015-06-08 15:15 - 2015-06-08 15:15 - 103882752 __RSH C:\Users\student\AppData\Roaming\obloprtvxh.exe
2015-06-08 12:11 - 2015-06-08 12:23 - 00000000 ____D C:\Users\student\Downloads\OneDrive-2015-06-08
2015-06-02 13:10 - 2015-06-02 13:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2015-06-02 08:19 - 2015-06-02 08:41 - 00000000 ____D C:\Users\student\Desktop\Autoruns
2015-05-29 12:28 - 2015-05-29 12:28 - 00000000 ____D C:\Users\student\AppData\Roaming\TeamViewer
2015-05-22 10:47 - 2015-05-22 11:23 - 00000162 _____ C:\Users\student\Desktop\Strefa Kultury Studenckiej – Wrocław – Kawiarnia, Sala koncertowa - Facebook.url
2015-05-20 09:55 - 2015-05-08 02:34 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-17 16:37 - 2011-07-02 16:00 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1668390990-2693116749-3062202487-1004UA.job
2015-06-17 16:12 - 2010-11-21 14:53 - 48953618 _____ C:\Windows\system32\perfc015.dat
2015-06-17 16:12 - 2010-11-21 14:53 - 139552170 _____ C:\Windows\system32\perfh015.dat
2015-06-17 16:12 - 2009-07-14 07:13 - 00006296 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-17 16:11 - 2013-10-31 10:46 - 00000000 ____D C:\ProgramData\MCShield
2015-06-17 16:08 - 2011-06-12 19:35 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1668390990-2693116749-3062202487-1000UA.job
2015-06-17 15:42 - 2009-07-14 06:51 - 03990787 _____ C:\Windows\setupact.log
2015-06-17 11:08 - 2011-06-12 19:35 - 00001010 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1668390990-2693116749-3062202487-1000Core.job
2015-06-17 10:37 - 2011-07-02 16:00 - 00001014 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1668390990-2693116749-3062202487-1004Core.job
2015-06-17 09:28 - 2011-06-12 19:14 - 01159131 _____ C:\Windows\WindowsUpdate.log
2015-06-17 08:20 - 2011-06-12 19:21 - 00000000 ____D C:\ProgramData\BOINC
2015-06-17 08:13 - 2013-12-03 10:33 - 00000791 _____ C:\Users\student\Desktop\plot.log
2015-06-17 07:58 - 2015-03-09 09:41 - 00000000 ____D C:\Users\student\AppData\Roaming\Raptr
2015-06-17 07:56 - 2009-07-14 06:45 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-17 07:56 - 2009-07-14 06:45 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-17 07:47 - 2011-06-12 19:30 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-17 07:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 07:46 - 2010-11-21 05:47 - 00368100 _____ C:\Windows\PFRO.log
2015-06-17 07:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\TAPI
2015-06-16 14:40 - 2014-12-16 18:53 - 00000000 ____D C:\Users\student\.VirtualBox
2015-06-03 13:41 - 2011-06-12 19:18 - 00000000 ____D C:\Users\serwis
2015-06-02 08:43 - 2011-06-12 19:24 - 00000000 ____D C:\Users\student
2015-06-02 08:43 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-02 08:41 - 2015-01-15 17:15 - 00000000 ___HD C:\_rpcs
2015-06-02 08:41 - 2011-07-02 16:00 - 00000000 ____D C:\Users\student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-02 08:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-02 08:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-02 08:40 - 2011-06-12 19:44 - 00000000 __RHD C:\MSOCache
2015-05-29 12:28 - 2012-02-13 12:16 - 00000000 ____D C:\Users\student\Documents\Pliki programu Outlook
2015-05-27 15:55 - 2011-06-14 11:37 - 00025409 _____ C:\Users\student\Documents\plot.log
2015-05-21 09:41 - 2014-01-02 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-21 09:41 - 2011-06-12 19:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-05-21 09:40 - 2011-06-12 19:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-05-21 09:40 - 2010-11-21 15:03 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-05-21 09:38 - 2011-06-12 19:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
==================== Files in the root of some directories =======
2015-06-08 15:15 - 2015-06-08 15:15 - 103882752 __RSH () C:\Users\student\AppData\Roaming\obloprtvxh.exe
2015-03-06 18:07 - 2015-03-06 18:07 - 0000141 _____ () C:\ProgramData\LaunchURL.bat
Files to move or delete:
====================
C:\ProgramData\LaunchURL.bat
Some files in TEMP:
====================
C:\Users\student\AppData\Local\Temp\cdo1406097454.dll
C:\Users\student\AppData\Local\Temp\cdo2345684644.dll
C:\Users\student\AppData\Local\Temp\cdo3265017988.dll
C:\Users\student\AppData\Local\Temp\cdo4141073050.dll
C:\Users\student\AppData\Local\Temp\cdo49340823.dll
C:\Users\student\AppData\Local\Temp\cdo947042190.dll
C:\Users\student\AppData\Local\Temp\GUR2BE0.exe
C:\Users\student\AppData\Local\Temp\GURF4BA.exe
C:\Users\student\AppData\Local\Temp\MCShield-Setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe = & gt; File is digitally signed
C:\Windows\System32\wininit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe = & gt; File is digitally signed
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe = & gt; File is digitally signed
C:\Windows\System32\svchost.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe = & gt; File is digitally signed
C:\Windows\System32\services.exe = & gt; File is digitally signed
C:\Windows\System32\User32.dll = & gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll = & gt; File is digitally signed
C:\Windows\System32\userinit.exe = & gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe = & gt; File is digitally signed
C:\Windows\System32\rpcss.dll = & gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys = & gt; File is digitally signed
==================== End of log ============================