Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 12 days old) Ran by SYSTEM at 25-03-2013 18:54:11 Running from E:\ Windows 7 Professional (X86) OS Language: Polish The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [750008 2009-09-16] (ASUSTeK Computer Inc.) HKLM\...\Run: [HotKeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-19] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-11-19] (Synaptics Incorporated) HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\Karolcia\...\Run: [{DC4A01B6-2E20-AD42-40DD-ED237888CE3E}] C:\Users\Karolcia\AppData\Roaming\Anejho\ifitu.exe [248320 2013-02-27] (S_e?) HKU\Karolcia\...\Run: [tieaqa] C:\Users\Karolcia\tieaqa.exe /n [225280 2013-03-25] () HKU\Karolcia\...\Run: [Windows Init] "C:\Users\Karolcia\AppData\Roaming\xpxuhoj3esqphr3hjihxpslixysomkqd2\svcnost.exe" [101888 2013-03-25] () Tcpip\Parameters: [DhcpNameServer] 80.238.112.12 80.238.112.13 ==================== Services (Whitelisted) =================== 2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () 2 KMService; C:\Windows\system32\srvany.exe [8192 2013-02-20] () 2 MSSQL$INSERTGT; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sINSERTGT [29178224 2007-02-10] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== 2 ekaqqped; C:\Windows\System32\Drivers\ekaqqped.sys [78848 2013-03-25] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-03-25 18:53 - 2013-03-25 18:53 - 00000000 ____D C:\FRST 2013-03-25 16:12 - 2013-03-25 17:04 - 00009728 ____H C:\Users\Karolcia\AppData\Roaming\desktop.ini 2013-03-25 16:10 - 2013-03-25 16:10 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\xpxuhoj3esqphr3hjihxpslixysomkqd2 2013-03-25 16:08 - 2013-03-25 16:44 - 00000544 ___AH C:\ProgramData\common.data 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 __RSH C:\Users\Karolcia\tieaqa.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 ____A C:\Users\Karolcia\Sexy.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 ____A C:\Users\Karolcia\Secret.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 ____A C:\Users\Karolcia\Porn.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 ____A C:\Users\Karolcia\Passwords.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00078848 ____A C:\Windows\System32\Drivers\ekaqqped.sys 2013-03-25 16:08 - 2013-03-25 16:08 - 00025088 ____A (?????????? ??????????) C:\Users\Karolcia\2c1.exe 2013-03-24 18:37 - 2013-03-24 18:37 - 00000000 _RASH C:\MSDOS.SYS 2013-03-24 18:37 - 2013-03-24 18:37 - 00000000 _RASH C:\IO.SYS 2013-03-20 22:34 - 2013-03-25 17:03 - 00001064 ____A C:\Windows\setupact.log 2013-03-20 22:34 - 2013-03-25 16:11 - 00002400 ____A C:\Windows\PFRO.log 2013-03-20 22:34 - 2013-03-20 22:34 - 00000000 ____A C:\Windows\setuperr.log 2013-03-18 19:26 - 2013-03-18 19:26 - 00000000 ____D C:\Users\Karolcia\AppData\Local\Adobe 2013-03-18 19:23 - 2013-03-18 19:23 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\ABBYY 2013-03-18 19:23 - 2013-03-18 19:23 - 00000000 ____D C:\Users\Karolcia\AppData\Local\ABBYY 2013-03-18 19:21 - 2013-03-18 19:23 - 00000000 ____D C:\Program Files\ABBYY FineReader 8.0 2013-03-14 11:11 - 2013-03-14 11:11 - 00000000 ____D C:\Program Files\IrfanView 2013-03-09 15:09 - 2013-03-09 15:10 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\WinRAR 2013-03-09 15:08 - 2013-03-09 15:09 - 00000000 ____D C:\Program Files\WinRAR 2013-03-07 08:53 - 2013-03-07 08:53 - 00001178 ____A C:\Users\Karolcia\Desktop\Ula.lnk 2013-03-05 15:41 - 2013-03-05 15:42 - 00001239 ____A C:\Users\Karolcia\Desktop\¯agle 2013.lnk 2013-03-04 21:33 - 2013-03-04 21:33 - 00001554 ____A C:\Users\Karolcia\Desktop\Dokumenty (MAIN).lnk 2013-03-04 21:29 - 2013-03-04 21:29 - 00001265 ____A C:\Users\Karolcia\Desktop\Trawers 2013.lnk 2013-03-04 21:28 - 2013-03-04 21:28 - 00000456 _RASH C:\Users\Karolcia\ntuser.pol 2013-03-04 21:12 - 2013-03-04 21:12 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\Foxit Software 2013-02-27 09:39 - 2013-02-27 09:39 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\Anejho 2013-02-23 09:27 - 2013-03-14 11:30 - 00000000 ____D C:\Program Files\Foxit Reader ==================== One Month Modified Files and Folders ======== 2013-03-25 18:53 - 2013-03-25 18:53 - 00000000 ____D C:\FRST 2013-03-25 17:04 - 2013-03-25 16:12 - 00009728 ____H C:\Users\Karolcia\AppData\Roaming\desktop.ini 2013-03-25 17:03 - 2013-03-20 22:34 - 00001064 ____A C:\Windows\setupact.log 2013-03-25 17:03 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-03-25 16:44 - 2013-03-25 16:08 - 00000544 ___AH C:\ProgramData\common.data 2013-03-25 16:13 - 2013-02-20 23:31 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-03-25 16:13 - 2013-02-20 23:31 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-03-25 16:11 - 2013-03-20 22:34 - 00002400 ____A C:\Windows\PFRO.log 2013-03-25 16:10 - 2013-03-25 16:10 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\xpxuhoj3esqphr3hjihxpslixysomkqd2 2013-03-25 16:10 - 2013-02-21 10:09 - 00000000 ____D C:\Users\Karolcia\Documents\Pliki programu Outlook 2013-03-25 16:10 - 2013-02-20 12:19 - 00000000 ____D C:\users\Karolcia 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 __RSH C:\Users\Karolcia\tieaqa.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 ____A C:\Users\Karolcia\Sexy.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 ____A C:\Users\Karolcia\Secret.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 ____A C:\Users\Karolcia\Porn.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00225280 ____A C:\Users\Karolcia\Passwords.exe 2013-03-25 16:08 - 2013-03-25 16:08 - 00078848 ____A C:\Windows\System32\Drivers\ekaqqped.sys 2013-03-25 16:08 - 2013-03-25 16:08 - 00025088 ____A (?????????? ??????????) C:\Users\Karolcia\2c1.exe 2013-03-24 20:16 - 2013-02-20 16:18 - 00000000 ____D C:\Users\Karolcia\Dokumenty g³ówne 2013-03-24 20:15 - 2013-02-20 12:11 - 01518296 ____A C:\Windows\WindowsUpdate.log 2013-03-24 18:37 - 2013-03-24 18:37 - 00000000 _RASH C:\MSDOS.SYS 2013-03-24 18:37 - 2013-03-24 18:37 - 00000000 _RASH C:\IO.SYS 2013-03-23 11:19 - 2013-02-20 12:23 - 01663270 ____A C:\Windows\System32\PerfStringBackup.INI 2013-03-23 11:19 - 2009-07-14 09:07 - 00737884 ____A C:\Windows\System32\perfh015.dat 2013-03-23 11:19 - 2009-07-14 09:07 - 00150160 ____A C:\Windows\System32\perfc015.dat 2013-03-21 10:42 - 2009-07-14 05:34 - 00014032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-03-21 10:42 - 2009-07-14 05:34 - 00014032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-03-20 22:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF 2013-03-20 22:34 - 2013-03-20 22:34 - 00000000 ____A C:\Windows\setuperr.log 2013-03-18 19:51 - 2013-02-21 00:08 - 00000969 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-03-18 19:51 - 2013-02-21 00:08 - 00000000 ____D C:\Program Files\CCleaner 2013-03-18 19:26 - 2013-03-18 19:26 - 00000000 ____D C:\Users\Karolcia\AppData\Local\Adobe 2013-03-18 19:23 - 2013-03-18 19:23 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\ABBYY 2013-03-18 19:23 - 2013-03-18 19:23 - 00000000 ____D C:\Users\Karolcia\AppData\Local\ABBYY 2013-03-18 19:23 - 2013-03-18 19:21 - 00000000 ____D C:\Program Files\ABBYY FineReader 8.0 2013-03-14 20:56 - 2013-02-21 08:36 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\uTorrent 2013-03-14 11:30 - 2013-02-23 09:27 - 00000000 ____D C:\Program Files\Foxit Reader 2013-03-14 11:11 - 2013-03-14 11:11 - 00000000 ____D C:\Program Files\IrfanView 2013-03-09 15:10 - 2013-03-09 15:09 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\WinRAR 2013-03-09 15:09 - 2013-03-09 15:08 - 00000000 ____D C:\Program Files\WinRAR 2013-03-07 08:53 - 2013-03-07 08:53 - 00001178 ____A C:\Users\Karolcia\Desktop\Ula.lnk 2013-03-05 15:42 - 2013-03-05 15:41 - 00001239 ____A C:\Users\Karolcia\Desktop\¯agle 2013.lnk 2013-03-04 21:33 - 2013-03-04 21:33 - 00001554 ____A C:\Users\Karolcia\Desktop\Dokumenty (MAIN).lnk 2013-03-04 21:29 - 2013-03-04 21:29 - 00001265 ____A C:\Users\Karolcia\Desktop\Trawers 2013.lnk 2013-03-04 21:28 - 2013-03-04 21:28 - 00000456 _RASH C:\Users\Karolcia\ntuser.pol 2013-03-04 21:26 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\System32\GroupPolicy 2013-03-04 21:12 - 2013-03-04 21:12 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\Foxit Software 2013-02-27 09:39 - 2013-02-27 09:39 - 00000000 ____D C:\Users\Karolcia\AppData\Roaming\Anejho 2013-02-25 17:51 - 2013-02-20 12:07 - 00000000 ____D C:\Windows\Panther ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2013-02-20 13:55] - [2012-09-06 17:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-02-20 12:27:59 Restore point made on: 2013-02-20 12:53:55 Restore point made on: 2013-02-20 12:59:47 Restore point made on: 2013-02-20 14:04:08 Restore point made on: 2013-02-20 15:56:04 Restore point made on: 2013-02-20 16:33:17 Restore point made on: 2013-02-20 23:20:26 Restore point made on: 2013-02-21 11:46:49 Restore point made on: 2013-03-04 23:09:27 Restore point made on: 2013-03-15 14:09:50 Restore point made on: 2013-03-18 19:17:36 ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 1015.24 MB Available physical RAM: 676.35 MB Total Pagefile: 1015.24 MB Available Pagefile: 668.84 MB Total Virtual: 2047.88 MB Available Virtual: 1962.3 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:149.05 GB) (Free:53.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (SD 4 GB) (Removable) (Total:3.68 GB) (Free:0.56 GB) FAT32 3 Drive e: (USB 1GB) (Removable) (Total:0.96 GB) (Free:0.87 GB) FAT 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Nr dysku Stan Rozmiar Wolne Dyn GPT -------- ------------- ------- ------- --- --- Dysk 0 Online 149 GB 0 B Dysk 1 Online 3780 MB 0 B Dysk 2 Online 988 MB 0 B Partitions of Disk 0: =============== Identyfikator dysku: D5CFB52F Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 149 GB 1024 KB ========================================================= Disk: 0 Partycja 1 Typ : 07 Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 1048576 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 0 C NTFS Partycja 149 GB Zdrowy ========================================================= Partitions of Disk 1: =============== Identyfikator dysku: 00000000 Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 3776 MB 4096 KB ========================================================= Disk: 1 Partycja 1 Typ : 0B Ukryta : Nie Aktywna : Nie Przesuni©cie w bajtach: 4194304 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 1 D SD 4 GB FAT32 Wymienny 3776 MB Zdrowy ========================================================= Partitions of Disk 2: =============== Identyfikator dysku: C3072E18 Partycja ### Typ Rozmiar Przesuni©cie ------------- ---------------- ------- ------------ Partycja 1 Podstawowy 987 MB 16 KB ========================================================= Disk: 2 Partycja 1 Typ : 06 Ukryta : Nie Aktywna : Tak Przesuni©cie w bajtach: 16384 Wolumin ### Lit Etykieta Fs Typ Rozmiar Stan Info ----------- --- ----------- ----- ---------- ------- --------- -------- * Wolumin 2 E USB 1GB FAT Wymienny 987 MB Zdrowy ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: D5CFB52F Partition 1: ========= Hex: 8020210007FEFFFF000800000088A112 Active: YES Type: 07 (NTFS) Size: 149 GB ============================== Partitions of Disk 1: =============== Disk ID: 00000000 Partition 1: ========= Hex: 000203010B7FFFBF0020000000007600 Active: NO Type: 0B Size: 4 GB ============================== Partitions of Disk 2: =============== Disk ID: C3072E18 Partition 1: ========= Hex: 800101000640E0DC20000000E0DF1E00 Active: YES Type: 06 Size: 988 MB Last Boot: 2013-03-15 14:02 ==================== End Of Log ============================