Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01 Ran by Michał Szczerba (administrator) on MICHALSZCZERBA on 11-09-2013 23:08:58 Running from G:\Programy\Programy do usówania wirusów Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal ==================== Processes (Whitelisted) =================== () E:\PROGRA~1\Icon7\iConfig\iConfig.exe () E:\PROGRA~1\icon7\S500\S500.exe (Intel Corporation) E:\WINDOWS\system32\igfxtray.exe (Intel Corporation) E:\WINDOWS\system32\hkcmd.exe (Intel Corporation) E:\WINDOWS\system32\igfxpers.exe (AVAST Software) E:\Program Files\AVAST Software\Avast\avastUI.exe (Brother Industries, Ltd.) E:\Program Files\Browny02\Brother\BrStMonW.exe (Oracle Corporation) E:\Program Files\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) E:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe (Brother Industries, Ltd.) E:\Program Files\Brother\ControlCenter3\brccMCtl.exe (ABBYY (BIT Software)) E:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (Teruten) E:\WINDOWS\system32\FsUsbExService.Exe (Oracle Corporation) E:\Program Files\Java\jre7\bin\jqs.exe (Nitro PDF Software) E:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe (Nalpeiron Ltd.) E:\WINDOWS\system32\NLSSRV32.EXE (Brother Industries, Ltd.) E:\Program Files\Browny02\BrYNSvc.exe (Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iConfig] - E:\PROGRA~1\Icon7\iConfig\iConfig.exe [2157064 2008-03-26] () HKLM\...\Run: [S500] - E:\PROGRA~1\icon7\S500\S500.exe [125448 2008-03-26] () HKLM\...\Run: [HotKeysCmds] - E:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [avast] - E:\Program Files\AVAST Software\Avast\avastUI.exe [3459712 2011-05-10] (AVAST Software) HKLM\...\Run: [NPSStartup] - [x] HKLM\...\Run: [ControlCenter3] - E:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] - E:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [Adobe ARM] - E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - E:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [ALLUpdate] - E:\Program Files\ALLPlayer\ALLUpdate.exe [1379840 2011-08-16] () MountPoints2: {17e7ff58-930c-11df-9b5c-0026821539c1} - "H:\WD SmartWare.exe" autoplay=true MountPoints2: {5d0ac082-9377-11df-9b5d-0026821539c1} - 09lf.exe MountPoints2: {ca4ad88c-bdf4-11e0-9cd1-0026821539c1} - keyboard/flash.exe Startup: E:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> E:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: E:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> E:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=119998&babsrc=HP_ss&mntrId=3c4f16fa0000000000000026821539c1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home URLSearchHook: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - E:\Program Files\NCH\prxtbNCH.dll (Conduit Ltd.) SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678 SearchScopes: HKCU - {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL} BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - E:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - E:\Documents and Settings\Michał Szczerba\Dane aplikacji\Complitly\Complitly.dll (SimplyGen) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - E:\Program Files\NCH\prxtbNCH.dll (Conduit Ltd.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - E:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - E:\Program Files\NCH\prxtbNCH.dll (Conduit Ltd.) Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\Windows\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU -NCH Toolbar - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - E:\Program Files\NCH\prxtbNCH.dll (Conduit Ltd.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - E:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 FireFox: ======== FF ProfilePath: E:\Documents and Settings\Michał Szczerba\Dane aplikacji\Mozilla\Firefox\Profiles\ssc3ndqr.default FF user.js: detected! => E:\Documents and Settings\Michał Szczerba\Dane aplikacji\Mozilla\Firefox\Profiles\ssc3ndqr.default\user.js FF Plugin: @adobe.com/FlashPlayer - E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - E:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - E:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: Adobe Reader - E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: E:\Documents and Settings\Michał Szczerba\Dane aplikacji\Mozilla\Firefox\Profiles\ssc3ndqr.default\searchplugins\softonic.xml FF SearchPlugin: E:\Program Files\mozilla firefox\searchplugins\babylon.xml FF Extension: Complitly - Speed up your search with your personal search suggestions tool - E:\Documents and Settings\Michał Szczerba\Dane aplikacji\Mozilla\Firefox\Profiles\ssc3ndqr.default\Extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} FF Extension: Skype Click to Call - E:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - E:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HKLM\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - E:\Program Files\Complitly\chrome\ComplitlyChrome.crx CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Professional.9.0; E:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY (BIT Software)) S2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184 2011-05-10] (AVAST Software) R3 BrYNSvc; E:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) S3 McComponentHostService; E:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NitroDriverReadSpool2; E:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [198136 2012-02-08] (Nitro PDF Software) R2 JavaQuickStarterService; "E:\Program Files\Java\jre7\bin\jqs.exe" -service -config "E:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R1 Aavmker4; E:\Windows\System32\Drivers\Aavmker4.sys [30808 2011-05-10] (AVAST Software) R2 aswFsBlk; E:\Windows\System32\Drivers\aswFsBlk.sys [19544 2011-05-10] (AVAST Software) R2 aswMon2; E:\Windows\System32\Drivers\aswMon2.sys [102616 2011-05-10] (AVAST Software) R1 aswRdr; E:\Windows\System32\Drivers\aswRdr.sys [25432 2011-05-10] (AVAST Software) R1 aswSnx; E:\Windows\System32\Drivers\aswSnx.sys [441176 2011-05-10] (AVAST Software) R1 aswSP; E:\Windows\System32\Drivers\aswSP.sys [307928 2011-05-10] (AVAST Software) R1 aswTdi; E:\Windows\System32\Drivers\aswTdi.sys [49240 2011-05-10] (AVAST Software) R3 b57w2k; E:\Windows\System32\DRIVERS\b57xp32.sys [187392 2008-10-23] (Broadcom Corporation) R3 BCM43XX; E:\Windows\System32\DRIVERS\bcmwl5.sys [1386624 2008-09-10] (Broadcom Corporation) R3 CnxtHdAudService; E:\Windows\System32\drivers\CHDAU32.sys [814592 2009-04-23] (Conexant Systems Inc.) R3 FsUsbExDisk; E:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R2 HMuFtI7S500; E:\Windows\System32\DRIVERS\HMuFtI7S500.sys [33928 2007-08-09] (Dritek System Inc.) S3 NdisIP; E:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-11 21:01 - 2013-09-11 21:01 - 00000000 ____D E:\FRST 2013-09-11 20:02 - 2013-09-11 20:02 - 00685248 _____ E:\Documents and Settings\Michał Szczerba\Pulpit\Dr.WEB-CureIt(12976).exe 2013-09-11 00:15 - 2013-09-11 00:33 - 00065536 _____ E:\WINDOWS\system32\config\Doctor Web.evt 2013-09-11 00:15 - 2013-09-11 00:31 - 00000000 ____D E:\Documents and Settings\Michał Szczerba\Doctor Web 2013-09-06 11:57 - 2013-09-06 12:00 - 00000000 ____D E:\Documents and Settings\Michał Szczerba\Pulpit\MAPY KIRYK 2013-09-05 14:00 - 2013-09-06 12:38 - 00000000 ____D E:\Documents and Settings\Michał Szczerba\Pulpit\Mistrzowie historiografi zdję 2013-08-19 19:40 - 2013-08-19 20:01 - 00000000 ____D E:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-09-11 22:55 - 2013-07-19 01:52 - 00000930 _____ E:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-09-11 21:49 - 2010-01-13 22:37 - 00351664 _____ E:\WINDOWS\WindowsUpdate.log 2013-09-11 21:44 - 2010-01-13 06:27 - 00000259 _____ E:\WINDOWS\wiadebug.log 2013-09-11 21:44 - 2010-01-13 06:27 - 00000050 _____ E:\WINDOWS\wiaservc.log 2013-09-11 21:43 - 2010-01-13 22:42 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT 2013-09-11 21:38 - 2010-01-13 22:43 - 00000188 ___SH E:\Documents and Settings\Michał Szczerba\ntuser.ini 2013-09-11 21:38 - 2010-01-13 22:43 - 00000000 ____D E:\Documents and Settings\Michał Szczerba 2013-09-11 21:38 - 2010-01-13 22:42 - 00032314 _____ E:\WINDOWS\SchedLgU.Txt 2013-09-11 21:01 - 2013-09-11 21:01 - 00000000 ____D E:\FRST 2013-09-11 20:39 - 2010-01-13 22:43 - 00000000 ____D E:\Documents and Settings\Michał Szczerba\Pulpit 2013-09-11 20:02 - 2013-09-11 20:02 - 00685248 _____ E:\Documents and Settings\Michał Szczerba\Pulpit\Dr.WEB-CureIt(12976).exe 2013-09-11 17:55 - 2012-10-10 12:41 - 00692616 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe 2013-09-11 17:55 - 2011-08-24 00:47 - 00071048 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-09-11 17:29 - 2013-07-03 11:33 - 00000000 ____D E:\Documents and Settings\Michał Szczerba\Pulpit\Księga Pamiętnicza 2013-09-11 00:33 - 2013-09-11 00:15 - 00065536 _____ E:\WINDOWS\system32\config\Doctor Web.evt 2013-09-11 00:31 - 2013-09-11 00:15 - 00000000 ____D E:\Documents and Settings\Michał Szczerba\Doctor Web 2013-09-11 00:31 - 2010-01-14 01:15 - 00000000 ____D E:\Documents and Settings\Michał Szczerba\Moje dokumenty\Pobieranie 2013-09-07 11:39 - 2001-07-22 01:17 - 00002206 _____ E:\WINDOWS\system32\wpa.dbl 2013-09-06 12:38 - 2013-09-05 14:00 - 00000000 ____D E:\Documents and Settings\Michał Szczerba\Pulpit\Mistrzowie historiografi zdję 2013-09-06 12:00 - 2013-09-06 11:57 - 00000000 ____D E:\Documents and Settings\Michał Szczerba\Pulpit\MAPY KIRYK 2013-08-19 20:01 - 2013-08-19 19:40 - 00000000 ____D E:\Program Files\Mozilla Firefox 2013-08-19 20:01 - 2012-05-07 11:54 - 00000000 ____D E:\Program Files\Mozilla Maintenance Service 2013-08-15 00:06 - 2010-01-14 01:48 - 00000000 ____D E:\Program Files\Microsoft Office 2013-08-15 00:06 - 2010-01-13 06:26 - 00000000 ____D E:\Program Files\Common Files\Microsoft Shared 2013-08-15 00:06 - 2010-01-13 06:22 - 00000000 ____D E:\WINDOWS\system Files to move or delete: ==================== E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\aswV5Hlp.dll E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\GdiPlus.dll E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\GoogleChromeInstaller.exe E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\htmlayout.dll E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\InstallerMessageBox.exe E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\install_flashplayer10_chra_aih.exe E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\jre-7u11-windows-i586-iftw.exe E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\jre-7u17-windows-i586-iftw.exe E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\jre-7u25-windows-i586-iftw.exe E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\NPSInstallerProxy.exe E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\NPSInstallerProxyMessageBoxHookDll.dll E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\SkypeSetup.exe E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\t.dll E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\uninst.exe E:\DOCUME~1\MICHAS~1\USTAWI~1\Temp\_isF.exe ==================== Bamital & volsnap Check ================= E:\Windows\explorer.exe [2008-04-14 21:51] - [2008-04-14 21:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a E:\Windows\System32\winlogon.exe [2008-04-14 21:51] - [2008-04-14 21:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 E:\Windows\System32\svchost.exe [2008-04-14 21:51] - [2008-04-14 21:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce E:\Windows\System32\services.exe [2008-04-14 21:51] - [2008-04-14 21:51] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea E:\Windows\System32\User32.dll [2008-04-14 21:50] - [2008-04-14 21:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 E:\Windows\System32\userinit.exe [2008-04-14 21:51] - [2008-04-14 21:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 E:\Windows\System32\Drivers\volsnap.sys [2008-04-14 20:31] - [2008-04-14 20:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================