Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 Ran by admin (administrator) on ADMIN-KOMPUTER on 11-09-2013 19:58:39 Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\helppane.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2840352 2010-04-07] (ESET) HKLM\...\Run: [GUCI_AVS] - C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [323584 2007-12-10] (PixArt Imaging Incorporation) HKLM\...\Run: [PACTray] - C:\Windows\PixArt\PAP7501\PACTray.exe [319488 2008-11-14] (PixArt Imaging Incorporation) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2011-04-07] (BitTorrent, Inc.) MountPoints2: {4adef29d-0ec2-11e0-8590-806e6f6e6963} - E:\lanzador.exe HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2171904 2009-06-05] (VIA) HKLM-x32\...\Run: [ORAHSSSessionManager] - C:\Program Files (x86)\Livebox\SessionManager\SessionManager.exe [107248 2008-06-10] (France Telecom SA) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tp.pl URLSearchHook: (No Name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - No File BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ewf43b94.default FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird ==================== Services (Whitelisted) ================= S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42336 2010-04-07] (ESET) S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810120 2010-04-07] (ESET) S2 FTRTSVC; C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536 2008-06-20] (France Telecom SA) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-05-18] () S2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2013-05-18] () ==================== Drivers (Whitelisted) ==================== S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [164912 2010-04-07] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139704 2010-04-07] (ESET) S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [124760 2010-04-07] (ESET) S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [669184 2008-11-14] (PixArt Imaging Incorporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2011-01-11] (Duplex Secure Ltd.) S3 PCAMp50a64; System32\Drivers\PCAMp50a64.sys [x] S3 PCASp50a64; System32\Drivers\PCASp50a64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-08 13:40 - 2013-09-08 13:40 - 00003280 ____N C:\bootsqm.dat 2013-09-08 13:37 - 2013-09-08 13:37 - 00000000 __SHD C:\found.000 2013-08-18 08:48 - 2013-08-18 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 13:51 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-15 13:51 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 13:51 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-15 13:51 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-15 13:51 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-15 13:51 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 13:51 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 13:51 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 13:51 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 13:51 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 13:51 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 13:51 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 13:51 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-15 13:51 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 13:50 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 13:50 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 13:50 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 13:50 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 13:50 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 13:50 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 13:50 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 13:50 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 13:50 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 13:50 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 13:50 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 13:50 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 13:50 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 13:50 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 13:50 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 13:50 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 13:50 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 13:25 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-15 13:25 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-15 13:25 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-15 13:25 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-15 13:25 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 13:25 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 13:25 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-15 13:25 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-15 13:25 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-15 13:25 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-15 13:25 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-15 13:25 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-15 13:25 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-15 13:25 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-15 13:25 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-15 13:25 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-15 13:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-15 13:25 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-15 13:25 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-15 13:25 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-15 13:25 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-15 13:25 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-15 13:25 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-15 13:25 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-15 13:25 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-15 13:25 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-15 13:25 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 22:17 - 2013-08-13 22:17 - 00058880 _____ C:\Users\admin\Downloads\ZPO ==================== One Month Modified Files and Folders ======= 2013-09-11 19:58 - 2013-09-11 19:58 - 00000000 ____D C:\FRST 2013-09-11 19:54 - 2010-12-23 21:37 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-11 19:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-11 19:54 - 2009-07-14 06:51 - 01717221 _____ C:\Windows\setupact.log 2013-09-11 19:16 - 2010-12-23 20:36 - 01872170 _____ C:\Windows\WindowsUpdate.log 2013-09-09 08:52 - 2009-07-14 06:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-09 08:52 - 2009-07-14 06:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-09 08:49 - 2009-07-14 19:55 - 00710294 _____ C:\Windows\system32\perfh015.dat 2013-09-09 08:49 - 2009-07-14 19:55 - 00139208 _____ C:\Windows\system32\perfc015.dat 2013-09-09 08:49 - 2009-07-14 07:13 - 01575516 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-08 13:40 - 2013-09-08 13:40 - 00003280 ____N C:\bootsqm.dat 2013-09-08 13:37 - 2013-09-08 13:37 - 00000000 __SHD C:\found.000 2013-09-08 10:45 - 2011-01-11 18:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent 2013-09-07 09:01 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-06 21:44 - 2012-12-21 17:13 - 00000000 ____D C:\Users\admin\AppData\Roaming\.minecraft 2013-09-01 10:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-20 09:02 - 2012-05-22 15:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-18 08:48 - 2013-08-18 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-13 22:17 - 2013-08-13 22:17 - 00058880 _____ C:\Users\admin\Downloads\ZPO Files to move or delete: ==================== C:\Users\admin\AppData\Local\Temp\drm_dyndata_7380009.dll C:\Users\admin\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\admin\AppData\Local\Temp\i4jdel0.exe C:\Users\admin\AppData\Local\Temp\i4jdel1.exe C:\Users\admin\AppData\Local\Temp\i4jdel2.exe C:\Users\admin\AppData\Local\Temp\ose00000.exe C:\Users\admin\AppData\Local\Temp\Shockwave_Installer_FF-1.exe C:\Users\admin\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\admin\AppData\Local\Temp\svchost.exe C:\Users\admin\AppData\Local\Temp\Vmcap.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-01 10:08 ==================== End Of Log ============================