Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-09-2013 ([color=red]ATTENTION: ====> FRST version is 34 days old and could be outdated[/color]) Ran by pastucha (administrator) on patucha-dom on 12-10-2013 00:58:34 Running from G:\ Microsoft Windows 7 Home Premium (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Farbar) G:\FRST(dobreprogramy.pl).exe ==================== Registry (Whitelisted) ================== HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Policies\Explorer: [NoDrives] 0 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10 ========================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) U3 catchme; \??\C:\Users\pastucha\AppData\Local\Temp\catchme.sys [x] U3 mbr; \??\C:\ComboFix\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-12 01:21 - 2013-10-12 00:36 - 00000000 ____D C:\Windows\Panther 2013-10-12 00:58 - 2013-10-12 00:58 - 00000000 ____D C:\FRST 2013-10-12 00:55 - 2013-10-12 00:55 - 00002092 _____ C:\ComboFix.txt 2013-10-12 00:43 - 2013-10-12 00:55 - 00000000 ____D C:\Qoobox 2013-10-12 00:43 - 2013-10-12 00:53 - 00000000 ____D C:\Windows\erdnt 2013-10-12 00:43 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-12 00:43 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-12 00:43 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-12 00:43 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-12 00:43 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-12 00:43 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-12 00:43 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-12 00:43 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-12 00:42 - 2013-10-12 00:44 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-12 00:37 - 2013-10-12 00:37 - 00001413 _____ C:\Users\pastucha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-10-12 00:36 - 2013-10-12 00:37 - 00000000 ____D C:\Users\pastucha 2013-10-12 00:36 - 2013-10-12 00:36 - 00000020 ___SH C:\Users\pastucha\ntuser.ini 2013-10-12 00:36 - 2013-10-12 00:36 - 00000000 ____D C:\Users\pastucha\AppData\Local\VirtualStore 2013-10-12 00:36 - 2013-10-12 00:36 - 00000000 ____D C:\Recovery 2013-10-12 00:36 - 2009-07-13 21:42 - 00000000 ___RD C:\Users\pastucha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-10-12 00:36 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\pastucha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-10-12 00:29 - 2013-10-12 00:58 - 00013700 _____ C:\Windows\WindowsUpdate.log 2013-10-12 00:28 - 2013-10-12 00:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-12 00:27 - 2013-10-12 00:30 - 00001313 _____ C:\Windows\TSSysprep.log ==================== One Month Modified Files and Folders ======= 2013-10-12 01:21 - 2009-07-13 21:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template 2013-10-12 00:58 - 2013-10-12 00:58 - 00000000 ____D C:\FRST 2013-10-12 00:58 - 2013-10-12 00:29 - 00013700 _____ C:\Windows\WindowsUpdate.log 2013-10-12 00:55 - 2013-10-12 00:55 - 00002092 _____ C:\ComboFix.txt 2013-10-12 00:55 - 2013-10-12 00:43 - 00000000 ____D C:\Qoobox 2013-10-12 00:55 - 2009-07-13 19:37 - 00000000 __RHD C:\Users\Default 2013-10-12 00:55 - 2009-07-13 19:37 - 00000000 ___RD C:\Users\Public 2013-10-12 00:53 - 2013-10-12 00:43 - 00000000 ____D C:\Windows\erdnt 2013-10-12 00:53 - 2009-07-13 19:04 - 00000215 _____ C:\Windows\system.ini 2013-10-12 00:44 - 2013-10-12 00:42 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-12 00:43 - 2009-07-13 21:52 - 00000000 ____D C:\Windows\system32\restore 2013-10-12 00:42 - 2009-07-13 21:39 - 00017700 _____ C:\Windows\setupact.log 2013-10-12 00:39 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-12 00:37 - 2013-10-12 00:37 - 00001413 _____ C:\Users\pastucha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-10-12 00:37 - 2013-10-12 00:36 - 00000000 ____D C:\Users\pastucha 2013-10-12 00:37 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache 2013-10-12 00:36 - 2013-10-12 01:21 - 00000000 ____D C:\Windows\Panther 2013-10-12 00:36 - 2013-10-12 00:36 - 00000020 ___SH C:\Users\pastucha\ntuser.ini 2013-10-12 00:36 - 2013-10-12 00:36 - 00000000 ____D C:\Users\pastucha\AppData\Local\VirtualStore 2013-10-12 00:36 - 2013-10-12 00:36 - 00000000 ____D C:\Recovery 2013-10-12 00:36 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-12 00:36 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\Recovery 2013-10-12 00:32 - 2009-07-13 21:33 - 00266808 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-12 00:31 - 2009-07-13 21:34 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-12 00:31 - 2009-07-13 21:34 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-12 00:30 - 2013-10-12 00:27 - 00001313 _____ C:\Windows\TSSysprep.log 2013-10-12 00:28 - 2013-10-12 00:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-10-12 00:27 - 2009-07-13 21:34 - 00001774 _____ C:\Windows\DtcInstall.log ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-12 00:26 ==================== End Of Log ============================