Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013 Ran by Właściciel (administrator) on LO-72F85604F4FE on 31-10-2013 13:01:06 Running from C:\Documents and Settings\Właściciel\Pulpit\Programy do usuwania syfu Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe (ComArch S.A.) C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe (HP) C:\WINDOWS\system32\HPSIsvc.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE () C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [18084864 2009-01-13] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [507904 2006-02-14] () HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation) HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,, HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-26] (Google Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://niezalezna.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A3E} https://start.ingbusinessonline.pl/login/components/SignActivXIng.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\xqu88txo.default FF Homepage: hxxp://www.wp.pl/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\xqu88txo.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff ========================== Services (Whitelisted) ================= R2 ComarchCardServer; C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe [143455 2009-06-05] (ComArch S.A.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation) R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [41984 2004-08-11] (Samsung Electronics Co., Ltd.) S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2012-08-29] (Windows (R) 2000 DDK provider) S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [87424 2009-06-05] (Gemalto) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) U3 TrueSight; C:\WINDOWS\system32\TrueSight.sys [26624 2013-10-31] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-31 12:58 - 2013-10-31 12:58 - 00000160 _____ C:\Documents and Settings\Właściciel\Pulpit\fixlist.txt 2013-10-31 11:49 - 2013-10-31 11:49 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit\CC Support 2013-10-31 09:44 - 2013-10-31 13:01 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit\Programy do usuwania syfu 2013-10-31 09:22 - 2013-10-31 09:23 - 00000000 ____D C:\AdwCleaner 2013-10-31 09:18 - 2013-10-31 12:01 - 00005773 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-31 09:16 - 2013-10-31 09:16 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys 2013-10-31 08:55 - 2013-10-31 08:55 - 00000000 ____D C:\_OTL 2013-10-30 12:15 - 2013-10-30 12:15 - 00000000 ____D C:\FRST 2013-10-29 09:24 - 2013-10-29 09:24 - 00000000 ____D C:\WINDOWS\system32\LogFiles 2013-10-17 02:10 - 2013-10-31 12:01 - 00000406 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2013-10-11 11:26 - 2013-10-11 11:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-11 11:25 - 2013-10-11 11:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-11 11:17 - 2013-10-11 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-11 11:17 - 2013-10-11 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-11 07:35 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2013-10-11 07:34 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2013-10-11 07:34 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys 2013-10-04 07:38 - 2013-10-04 07:57 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\Matura 2013-10-01 11:19 - 2013-10-01 11:22 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit\spotkanie z Kurtykową ==================== One Month Modified Files and Folders ======= 2013-10-31 13:01 - 2013-10-31 09:44 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit\Programy do usuwania syfu 2013-10-31 12:58 - 2013-10-31 12:58 - 00000160 _____ C:\Documents and Settings\Właściciel\Pulpit\fixlist.txt 2013-10-31 12:58 - 2009-12-30 15:31 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit 2013-10-31 12:55 - 2010-02-16 11:41 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\PISMA BIEŻĄCE 2013-10-31 12:53 - 2012-04-11 07:19 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-31 12:53 - 2009-12-30 15:31 - 00032502 _____ C:\WINDOWS\SchedLgU.Txt 2013-10-31 12:29 - 2010-02-16 11:44 - 00002513 _____ C:\Documents and Settings\Właściciel\Pulpit\Microsoft Office Word 2007.lnk 2013-10-31 12:01 - 2013-10-31 09:18 - 00005773 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-31 12:01 - 2013-10-17 02:10 - 00000406 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2013-10-31 11:51 - 2009-12-30 23:18 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-10-31 11:51 - 2009-12-30 23:18 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-31 11:51 - 2009-12-30 15:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-31 11:51 - 2009-09-27 18:19 - 00253748 _____ C:\WINDOWS\system32\NvApps.xml 2013-10-31 11:49 - 2013-10-31 11:49 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit\CC Support 2013-10-31 11:49 - 2009-12-30 23:16 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2013-10-31 11:40 - 2009-12-30 23:14 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2013-10-31 11:40 - 2009-12-30 15:31 - 00000000 __RHD C:\Documents and Settings\Właściciel\Dane aplikacji 2013-10-31 11:00 - 2012-03-06 10:55 - 00000472 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F42540E-B187-4460-993D-A026467167FC}.job 2013-10-31 09:36 - 2009-12-30 15:31 - 00000000 ___RD C:\Documents and Settings\Właściciel\Menu Start\Programy 2013-10-31 09:23 - 2013-10-31 09:22 - 00000000 ____D C:\AdwCleaner 2013-10-31 09:23 - 2009-12-30 15:31 - 00000000 ___HD C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji 2013-10-31 09:20 - 2009-12-30 15:31 - 00000000 ___HD C:\Documents and Settings\Właściciel\Ustawienia lokalne 2013-10-31 09:18 - 2009-12-30 15:31 - 00000188 ___SH C:\Documents and Settings\Właściciel\ntuser.ini 2013-10-31 09:16 - 2013-10-31 09:16 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys 2013-10-31 08:55 - 2013-10-31 08:55 - 00000000 ____D C:\_OTL 2013-10-30 12:15 - 2013-10-30 12:15 - 00000000 ____D C:\FRST 2013-10-29 09:24 - 2013-10-29 09:24 - 00000000 ____D C:\WINDOWS\system32\LogFiles 2013-10-29 09:24 - 2010-04-21 08:52 - 00000000 ____D C:\Program Files\Google 2013-10-29 09:24 - 2010-04-21 08:52 - 00000000 ____D C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google 2013-10-28 08:55 - 2009-12-30 23:16 - 01266716 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-28 08:55 - 2008-04-15 13:00 - 00559768 _____ C:\WINDOWS\system32\perfh015.dat 2013-10-28 08:55 - 2008-04-15 13:00 - 00106708 _____ C:\WINDOWS\system32\perfc015.dat 2013-10-28 08:54 - 2008-04-15 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-25 11:04 - 2010-02-16 11:41 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\Nauczanie indywidualne 2013-10-24 12:21 - 2009-12-30 15:31 - 00000000 ____D C:\Documents and Settings\Właściciel 2013-10-24 09:34 - 2010-02-16 11:40 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\FUNDUSZ SOCJALNY 2013-10-24 09:10 - 2010-02-16 11:41 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\OGŁOSZENIA 2013-10-23 12:05 - 2010-02-16 11:41 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\PRAWO SZKOLNE - 2 2013-10-22 12:15 - 2012-03-06 11:41 - 00008704 _____ C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-22 11:47 - 2010-02-16 11:41 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\Prawo oświatowe 2013-10-22 11:13 - 2013-03-21 11:00 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\NADZÓR I KONTROLA 2013-10-22 11:12 - 2009-12-30 15:31 - 00000000 ___RD C:\Documents and Settings\Właściciel\Moje dokumenty 2013-10-22 08:48 - 2011-10-13 07:45 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit\Telefony, adresy 2013-10-21 08:34 - 2010-02-16 11:41 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\ORGANIZACJA SZKOŁY 2013-10-17 02:00 - 2013-03-11 11:21 - 00001912 _____ C:\WINDOWS\epplauncher.mif 2013-10-17 02:00 - 2013-03-11 11:21 - 00001698 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Security Essentials.lnk 2013-10-17 02:00 - 2013-03-11 11:21 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-17 02:00 - 2009-12-30 23:16 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2013-10-16 07:08 - 2010-05-05 14:04 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-10-15 07:10 - 2011-05-17 10:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-15 07:10 - 2009-12-30 23:14 - 00270984 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-11 11:28 - 2010-02-16 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2013-10-11 11:26 - 2013-10-11 11:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-11 11:25 - 2013-10-11 11:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-11 11:25 - 2009-12-30 23:16 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-10-11 11:23 - 2013-08-19 09:42 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-11 11:20 - 2011-05-17 10:55 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight 2013-10-11 11:20 - 2010-02-23 13:00 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-11 11:17 - 2013-10-11 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-11 11:17 - 2013-10-11 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-10 09:53 - 2012-04-11 07:19 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-10-10 09:53 - 2011-05-18 15:21 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-10-08 11:15 - 2010-02-16 11:41 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\SPRAWY GOSPODARCZE 2013-10-04 07:57 - 2013-10-04 07:38 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\Matura 2013-10-04 07:52 - 2010-11-03 10:32 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\Pobieranie 2013-10-04 07:43 - 2012-08-29 07:59 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\MATURA 2013 2013-10-04 07:42 - 2013-08-29 10:27 - 00000000 ____D C:\Documents and Settings\Właściciel\Moje dokumenty\Matura 2014 2013-10-01 11:22 - 2013-10-01 11:19 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit\spotkanie z Kurtykową ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2008-04-15 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================