Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-09-2013 Ran by Właściciel (administrator) on PC on 04-09-2013 22:21:18 Running from C:\Documents and Settings\Właściciel\Moje dokumenty\Pobieranie Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe ( ) C:\WINDOWS\system32\lxdicoms.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [8466432 2007-06-28] (NVIDIA Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /install [x] HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [81920 2007-06-28] (NVIDIA Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [] - [x] HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u [x] BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=147 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=147 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {5B160960-3E29-4D0B-9D63-0DD2F279E83F} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=3CABE8A4-B093-4A10-9B29-288EE2C7C8F2&apn_sauid=851B3376-A153-4BC2-8441-C6E03E43A220 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365701599421 Tcpip\Parameters: [DhcpNameServer] 10.20.30.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\dwxo2u5p.default FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\dwxo2u5p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 lxdi_device; C:\WINDOWS\system32\lxdicoms.exe [517040 2007-03-06] ( ) S4 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] () S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R3 FETNDISB; C:\Windows\System32\DRIVERS\fetnd5b.sys [42496 2004-04-15] (VIA Technologies, Inc. ) R3 HdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [136448 2006-11-09] (VIA Technologies, Inc.) S3 NTSIM; C:\WINDOWS\system32\ntsim.sys [7040 2003-07-17] (VIA Networking Technologies, Inc. ) R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.) R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc) R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; U3 pxtdapow; \??\C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\pxtdapow.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-04 22:08 - 2013-09-04 22:08 - 00040171 _____ C:\Documents and Settings\Właściciel\Pulpit\Gmer.txt 2013-09-04 21:14 - 2013-09-04 21:14 - 00000000 ___RD C:\Documents and Settings\Właściciel\Menu Start\Programy\Narzędzia administracyjne 2013-09-04 20:25 - 2013-09-04 20:25 - 00000000 ____D C:\Program Files\Microsoft.NET 2013-09-04 20:07 - 2013-09-04 20:12 - 00000000 ____D C:\AdwCleaner 2013-09-01 17:07 - 2013-09-01 17:35 - 00008753 _____ C:\Documents and Settings\Właściciel\Pulpit\Przychody.xlsx 2013-08-31 21:32 - 2013-08-31 21:32 - 23147456 _____ (Mozilla) C:\Documents and Settings\Właściciel\Moje dokumenty\Firefox%20Setup%2023.0.1.exe 2013-08-28 20:00 - 2013-08-28 20:00 - 00004184 _____ C:\WINDOWS\KB2834904-v2.log 2013-08-28 20:00 - 2013-08-28 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2013-08-28 14:08 - 2013-08-28 14:21 - 00008757 _____ C:\Documents and Settings\Właściciel\Pulpit\Szmaragdy.xlsx 2013-08-18 20:09 - 2013-08-18 20:09 - 00012523 _____ C:\WINDOWS\KB2862772-IE8.log 2013-08-18 20:06 - 2013-08-18 20:08 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-18 20:05 - 2013-08-18 20:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$ 2013-08-18 20:04 - 2013-08-18 20:04 - 00005184 _____ C:\WINDOWS\KB2863058.log 2013-08-18 20:04 - 2013-08-18 20:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$ 2013-08-18 20:04 - 2013-08-18 20:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$ 2013-08-18 20:04 - 2013-08-18 20:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$ 2013-08-18 19:17 - 2013-08-31 21:32 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-18 18:51 - 2013-08-18 20:05 - 00010725 _____ C:\WINDOWS\KB2859537.log 2013-08-18 18:51 - 2013-08-18 20:05 - 00009911 _____ C:\WINDOWS\KB2850869.log 2013-08-13 12:24 - 2013-09-04 09:29 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit\specogrodnicy ==================== One Month Modified Files and Folders ======= 2013-09-04 22:20 - 2013-09-04 22:20 - 00000000 ____D C:\FRST 2013-09-04 22:18 - 2013-04-11 18:45 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\Pobieranie 2013-09-04 22:08 - 2013-09-04 22:08 - 00040171 _____ C:\Documents and Settings\Właściciel\Pulpit\Gmer.txt 2013-09-04 22:08 - 2013-04-11 17:21 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit 2013-09-04 21:49 - 2013-04-11 19:50 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-09-04 21:43 - 2013-04-11 17:17 - 01872102 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-04 21:43 - 2013-04-11 17:15 - 00016315 _____ C:\WINDOWS\wmsetup.log 2013-09-04 21:14 - 2013-09-04 21:14 - 00000000 ___RD C:\Documents and Settings\Właściciel\Menu Start\Programy\Narzędzia administracyjne 2013-09-04 21:14 - 2013-04-11 17:21 - 00000000 ___RD C:\Documents and Settings\Właściciel\Menu Start\Programy 2013-09-04 20:57 - 2013-04-11 19:12 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-09-04 20:41 - 2013-04-12 16:48 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-09-04 20:31 - 2013-04-11 19:10 - 01218028 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-09-04 20:31 - 2006-03-02 14:00 - 00559754 _____ C:\WINDOWS\system32\perfh015.dat 2013-09-04 20:31 - 2006-03-02 14:00 - 00106694 _____ C:\WINDOWS\system32\perfc015.dat 2013-09-04 20:25 - 2013-09-04 20:25 - 00000000 ____D C:\Program Files\Microsoft.NET 2013-09-04 20:23 - 2013-04-11 19:07 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2013-09-04 20:17 - 2013-04-11 19:12 - 00000313 _____ C:\WINDOWS\wiaservc.log 2013-09-04 20:17 - 2013-04-11 19:12 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-09-04 20:17 - 2013-04-11 17:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-04 20:12 - 2013-09-04 20:07 - 00000000 ____D C:\AdwCleaner 2013-09-04 20:12 - 2013-04-11 17:21 - 00032582 _____ C:\WINDOWS\SchedLgU.Txt 2013-09-04 09:29 - 2013-08-13 12:24 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit\specogrodnicy 2013-09-01 17:35 - 2013-09-01 17:07 - 00008753 _____ C:\Documents and Settings\Właściciel\Pulpit\Przychody.xlsx 2013-09-01 06:26 - 2013-04-11 18:44 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-31 22:36 - 2013-04-11 19:09 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2013-08-31 21:32 - 2013-08-31 21:32 - 23147456 _____ (Mozilla) C:\Documents and Settings\Właściciel\Moje dokumenty\Firefox%20Setup%2023.0.1.exe 2013-08-31 21:32 - 2013-08-18 19:17 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-31 21:32 - 2013-04-11 17:21 - 00000000 ___RD C:\Documents and Settings\Właściciel\Moje dokumenty 2013-08-31 18:35 - 2006-03-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-08-29 18:45 - 2013-05-07 16:00 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit\Nowy folder 2013-08-28 20:00 - 2013-08-28 20:00 - 00004184 _____ C:\WINDOWS\KB2834904-v2.log 2013-08-28 20:00 - 2013-08-28 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2013-08-28 20:00 - 2013-04-11 19:10 - 01038509 _____ C:\WINDOWS\FaxSetup.log 2013-08-28 20:00 - 2013-04-11 19:10 - 00508023 _____ C:\WINDOWS\ocgen.log 2013-08-28 20:00 - 2013-04-11 19:10 - 00401881 _____ C:\WINDOWS\tsoc.log 2013-08-28 20:00 - 2013-04-11 19:10 - 00355161 _____ C:\WINDOWS\comsetup.log 2013-08-28 20:00 - 2013-04-11 19:10 - 00213389 _____ C:\WINDOWS\ntdtcsetup.log 2013-08-28 20:00 - 2013-04-11 19:10 - 00163698 _____ C:\WINDOWS\iis6.log 2013-08-28 20:00 - 2013-04-11 19:10 - 00064863 _____ C:\WINDOWS\ocmsn.log 2013-08-28 20:00 - 2013-04-11 19:10 - 00052179 _____ C:\WINDOWS\msgsocm.log 2013-08-28 20:00 - 2013-04-11 19:10 - 00001374 _____ C:\WINDOWS\imsins.log 2013-08-28 20:00 - 2013-04-11 19:07 - 00872804 _____ C:\WINDOWS\setupapi.log 2013-08-28 14:21 - 2013-08-28 14:08 - 00008757 _____ C:\Documents and Settings\Właściciel\Pulpit\Szmaragdy.xlsx 2013-08-26 15:17 - 2013-06-27 16:40 - 00000022 _____ C:\WINDOWS\popcinfot.dat 2013-08-26 15:17 - 2013-06-27 15:49 - 00000000 ____D C:\Program Files\Peggle Nights Deluxe 2013-08-18 20:09 - 2013-08-18 20:09 - 00012523 _____ C:\WINDOWS\KB2862772-IE8.log 2013-08-18 20:09 - 2013-04-12 16:26 - 00000000 ____D C:\WINDOWS\ie8updates 2013-08-18 20:09 - 2013-04-11 20:27 - 00189713 _____ C:\WINDOWS\updspapi.log 2013-08-18 20:09 - 2013-04-11 19:10 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-08-18 20:08 - 2013-08-18 20:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-18 20:06 - 2013-04-12 16:20 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-08-18 20:05 - 2013-08-18 20:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$ 2013-08-18 20:05 - 2013-08-18 18:51 - 00010725 _____ C:\WINDOWS\KB2859537.log 2013-08-18 20:05 - 2013-08-18 18:51 - 00009911 _____ C:\WINDOWS\KB2850869.log 2013-08-18 20:04 - 2013-08-18 20:04 - 00005184 _____ C:\WINDOWS\KB2863058.log 2013-08-18 20:04 - 2013-08-18 20:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$ 2013-08-18 20:04 - 2013-08-18 20:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$ 2013-08-18 20:04 - 2013-08-18 20:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$ 2013-08-18 20:04 - 2013-04-12 16:31 - 00012552 _____ C:\WINDOWS\system32\TZLog.log 2013-08-13 12:26 - 2013-07-15 13:05 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit\z telefonu lipiec Files to move or delete: ==================== C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ose00000.exe C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\Quarantine.exe C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\is1890775716\15566531_Setup.EXE C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\is1890775716\DeltaTB.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2006-03-02 14:00] - [2008-04-14 22:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2006-03-02 14:00] - [2008-04-14 22:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2006-03-02 14:00] - [2008-04-14 22:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2006-03-02 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2006-03-02 14:00] - [2008-04-14 22:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2006-03-02 14:00] - [2008-04-14 22:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2006-03-02 14:00] - [2008-04-14 21:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================