Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by Michał (administrator) on MYSTERIIS on 24-09-2013 15:40:24
Running from I:\
Microsoft Windows XP Professional Dodatek Service Pack. 1 (X86) OS Language: Polish
Internet Explorer Version 6
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [MPlayerForWindows_UpdateReminder] - C:\Program Files\MPlayer for Windows\AutoUpdate.exe [235005 2010-10-17] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Winlogon: [System] lsass.exe No File
Winlogon\Notify\crypt: crypts.dll [X]
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Michał\Dane aplikacji\cache.dat [135168 2002-09-20] () <==== ATTENTION 
HKCU\...\Policies\Explorer: [NoBandCustomize] 0
HKCU\...\Policies\Explorer: [NoMovingBands] 0
HKCU\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKCU\...\Policies\Explorer: [NoSetTaskbar] 0
HKCU\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [ClassicShell] 0
Lsa: [Notification Packages]  scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.v9.com/?utm_source=b&utm_medium=vlt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=vlt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.v9.com/?utm_source=b&utm_medium=vlt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.v9.com/?utm_source=b&utm_medium=vlt
SearchScopes: HKLM - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = 
SearchScopes: HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm490YYPL&fl=0&ptb=h5zppQxI3AH2DRyYC69Fxw&ind=2008031914&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms}
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm490YYPL&fl=0&ptb=h5zppQxI3AH2DRyYC69Fxw&ind=2008031914&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} http://mks.com.pl/skaner/SkanerOnline.cab
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {ebf85371-a38f-485b-b28f-0b4c82d25937} http://update.hpphoto.com/download/HPSWUpdate.ocx
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.21.99.95
Tcpip\..\Interfaces\{315B178E-546B-45D9-BA60-FC5643941EFE}: [NameServer]85.255.114.42,85.255.112.20

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\9sfnxklx.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\WINDOWS\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.11.1864 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1924 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.857 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\v9.xml
FF Extension: OneClickDownloader - C:\Documents and Settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\9sfnxklx.default\Extensions\OneClickDownload@OneClickDownload.com
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF HKLM\...\firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-06-12] (Avira GmbH)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2009-08-06] (Avira GmbH)
S4 SymWSC; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [316544 2004-11-02] (Symantec Corporation)
S2 uploadmgr; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [29696 2002-09-20] (Microsoft Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [400384 2004-02-24] (Sensaura)
S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [626204 2004-06-21] (Realtek Semiconductor Corp.)
S1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R1 avgntdd; C:\Windows\System32\DRIVERS\avgntdd.sys [45416 2009-02-13] (Avira GmbH)
R0 avgntmgr; C:\Windows\System32\DRIVERS\avgntmgr.sys [22360 2009-02-13] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S3 ENTECH; C:\WINDOWS\System32\DRIVERS\ENTECH.sys [20400 1999-10-21] (EnTech Taiwan)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\Windows\System32\DRIVERS\fetnd5b.sys [41984 2003-09-04] (VIA Technologies, Inc.              )
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S3 hpzid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP)
S3 hpzipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP)
S3 hpzius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2004-10-17] (Padus, Inc.)
S1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2003-03-14] (PowerQuest Corporation)
S1 prodrv04; C:\Windows\System32\drivers\prodrv04.sys [114496 2007-04-04] (Protection Technology Co.)
S1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [51744 2003-09-06] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [62656 2003-09-06] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-09-06] (Protection Technology)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-08-27] ()
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-06-12] (Avira GmbH)
S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123248 2006-01-31] (Symantec Corporation)
R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
S3 CnxEtP; System32\DRIVERS\CnxEtP.sys [x]
S3 CnxEtU; System32\DRIVERS\CnxEtU.sys [x]
S3 CnxTgNW; System32\DRIVERS\CnxTgNW.sys [x]
S4 IntelIde; No ImagePath
U5 scsiport; C:\Windows\system32\drivers\scsiport.sys [90240 2002-08-29] (Microsoft Corporation)
U4 wscsvc; 
U3 ay6ue0et; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-24 15:04 - 2013-09-24 15:10 - 00000004 _____ C:\Documents and Settings\Michał\Dane aplikacji\cache.ini
2013-09-24 14:05 - 2013-09-24 14:05 - 00000000 ____D C:\FRST
2013-09-24 10:50 - 2013-09-24 10:50 - 00026296 _____ C:\Documents and Settings\Michał\Pulpit\09242013_104432.log
2013-09-23 14:35 - 2013-09-23 14:35 - 00055855 _____ C:\Documents and Settings\Michał\Pulpit\getImage.jpeg
2013-09-23 14:29 - 2013-09-23 14:29 - 07695180 _____ C:\Documents and Settings\Michał\Pulpit\pereval'sk.zip
2013-09-12 16:44 - 2013-09-12 16:44 - 00000000 ____D C:\Documents and Settings\Micha³\Dane aplikacji\Sun
2013-09-12 16:44 - 2013-09-12 16:44 - 00000000 ____D C:\Documents and Settings\Micha³\Dane aplikacji
2013-09-12 16:44 - 2013-09-12 16:44 - 00000000 ____D C:\Documents and Settings\Micha³
2013-09-09 12:05 - 2013-09-09 12:05 - 00000587 _____ C:\Documents and Settings\Michał\Pulpit\New Features of Heroes III In the Wake of Gods.lnk
2013-09-09 12:05 - 2013-09-09 12:05 - 00000562 _____ C:\Documents and Settings\Michał\Pulpit\Heroes III In the Wake of Gods.lnk
2013-09-09 12:05 - 2013-09-09 12:05 - 00000000 ____D C:\Documents and Settings\Michał\Menu Start\Programy\New Life of Heroes
2013-09-08 14:49 - 2013-09-08 14:49 - 00574046 _____ C:\Documents and Settings\Michał\Pulpit\wielka_inwazja.h3c
2013-08-29 16:43 - 2013-08-29 16:44 - 00000000 ____D C:\Documents and Settings\Michał\Pulpit\PENDRIVE2

==================== One Month Modified Files and Folders =======

2013-09-24 15:10 - 2013-09-24 15:04 - 00000004 _____ C:\Documents and Settings\Michał\Dane aplikacji\cache.ini
2013-09-24 15:04 - 2008-04-03 17:55 - 00000569 _____ C:\WINDOWS\System32\Drivers\etc\hosts.ics
2013-09-24 15:04 - 2004-10-16 22:35 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-09-24 15:04 - 2004-10-16 22:35 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-09-24 15:04 - 2004-10-16 21:55 - 00000000 __RHD C:\Documents and Settings\Michał\Dane aplikacji
2013-09-24 15:03 - 2004-10-16 21:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-24 14:05 - 2013-09-24 14:05 - 00000000 ____D C:\FRST
2013-09-24 14:01 - 2012-04-03 18:00 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-24 13:41 - 2004-10-16 21:55 - 00000190 __SHC C:\Documents and Settings\Michał\ntuser.ini
2013-09-24 10:50 - 2013-09-24 10:50 - 00026296 _____ C:\Documents and Settings\Michał\Pulpit\09242013_104432.log
2013-09-24 10:50 - 2004-10-16 21:55 - 00000000 ____D C:\Documents and Settings\Michał\Pulpit
2013-09-23 17:01 - 2004-10-16 21:51 - 00032524 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-23 14:35 - 2013-09-23 14:35 - 00055855 _____ C:\Documents and Settings\Michał\Pulpit\getImage.jpeg
2013-09-23 14:29 - 2013-09-23 14:29 - 07695180 _____ C:\Documents and Settings\Michał\Pulpit\pereval'sk.zip
2013-09-22 18:51 - 2013-05-29 11:37 - 00380063 _____ C:\WINDOWS\setupapi.log
2013-09-22 13:31 - 2001-07-22 00:17 - 00002206 _____ C:\WINDOWS\System32\wpa.dbl
2013-09-17 18:34 - 2010-05-26 16:17 - 00000000 ____D C:\Program Files\MPlayer for Windows
2013-09-12 16:44 - 2013-09-12 16:44 - 00000000 ____D C:\Documents and Settings\Micha³\Dane aplikacji\Sun
2013-09-12 16:44 - 2013-09-12 16:44 - 00000000 ____D C:\Documents and Settings\Micha³\Dane aplikacji
2013-09-12 16:44 - 2013-09-12 16:44 - 00000000 ____D C:\Documents and Settings\Micha³
2013-09-10 23:01 - 2012-04-03 18:00 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\System32\FlashPlayerApp.exe
2013-09-10 23:01 - 2011-05-24 11:35 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
2013-09-10 22:55 - 2012-02-15 16:36 - 00002347 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk
2013-09-10 22:55 - 2004-10-16 22:33 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy
2013-09-10 22:54 - 2012-02-15 16:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-09 12:05 - 2013-09-09 12:05 - 00000587 _____ C:\Documents and Settings\Michał\Pulpit\New Features of Heroes III In the Wake of Gods.lnk
2013-09-09 12:05 - 2013-09-09 12:05 - 00000562 _____ C:\Documents and Settings\Michał\Pulpit\Heroes III In the Wake of Gods.lnk
2013-09-09 12:05 - 2013-09-09 12:05 - 00000000 ____D C:\Documents and Settings\Michał\Menu Start\Programy\New Life of Heroes
2013-09-09 12:05 - 2004-10-16 21:55 - 00000000 ___RD C:\Documents and Settings\Michał\Menu Start\Programy
2013-09-08 20:35 - 2004-10-17 14:42 - 00000049 ____C C:\WINDOWS\NeroDigital.ini
2013-09-08 14:49 - 2013-09-08 14:49 - 00574046 _____ C:\Documents and Settings\Michał\Pulpit\wielka_inwazja.h3c
2013-08-29 16:44 - 2013-08-29 16:43 - 00000000 ____D C:\Documents and Settings\Michał\Pulpit\PENDRIVE2

Files to move or delete:
====================
C:\Documents and Settings\Michał\Dane aplikacji\cache.dat
C:\Documents and Settings\Michał\Dane aplikacji\cache.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-04-03 21:57] - [2002-09-20 20:05] - 1005568 ____A (Microsoft Corporation) f4af85d918e83d71341fce2aa5318181 

C:\Windows\System32\winlogon.exe
[2008-04-03 21:56] - [2002-09-20 20:05] - 0519168 ____A (Microsoft Corporation) 8b6e6bb5d451f8bbc0621203b687d993 

C:\Windows\System32\svchost.exe
[2008-04-03 21:56] - [2001-10-26 19:30] - 0012800 ____A (Microsoft Corporation) b3c95bfeef6781a82a1c429f466a3a11 

C:\Windows\System32\services.exe
[2008-04-03 21:56] - [2001-10-26 19:30] - 0101888 ____A (Microsoft Corporation) bf4cbefdce42a699389791647cb95ca2 

C:\Windows\System32\User32.dll
[2008-04-03 21:56] - [2002-09-20 20:04] - 0561664 ____A (Microsoft Corporation) 3a4892a57cfe05d61e4bbc3ec3e24a63 

C:\Windows\System32\userinit.exe
[2008-04-03 21:56] - [2002-09-20 20:05] - 0022528 ____A (Microsoft Corporation) 323d3ffcbf99c59b2d20b4c5a7ece347 

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-03 21:56] - [2001-10-26 18:57] - 0049664 ____A (Microsoft Corporation) 281e71650c277f4edbb3d531c514352f 


==================== End Of Log ============================