Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013 Ran by Joanna (administrator) on DELL on 21-11-2013 19:04:54 Running from C:\anty Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe [405504 2008-12-18] (IDT, Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.) Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKCU\...\Run: [AS2014] - C:\Documents and Settings\All Users\Dane aplikacji\lpgg3333\lpgg3333.exe [776192 2013-11-21] () HKCU\...\Policies\Explorer: [NoSMMyPictures] 0x01000000 MountPoints2: {c95bb3e2-4070-11e2-be66-0019b9824836} - "E:\WD SmartWare.exe" autoplay=true Startup: C:\Documents and Settings\Joanna\Menu Start\Programy\Autostart\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Joanna\Dane aplikacji\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG) S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [69632 2003-04-01] (Sony Corporation) S2 IndieVolumeService; C:\Program Files\IndieVolume\IndieVolume.SVC.exe [160256 2012-06-03] () S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [x] S2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [x] U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{72602069-fc1a-3720-b16f-5fec82ec8f0c}\ \ \???\{72602069-fc1a-3720-b16f-5fec82ec8f0c}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2010-06-30] (Advanced Micro Devices Inc.) S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-02] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-02] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG) S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [3360768 2011-02-15] (Broadcom Corporation) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2005-10-28] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-28] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2005-10-28] (HP) R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-25] (Duplex Secure Ltd.) S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1229949 2009-01-05] (IDT, Inc.) S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-21 18:59 - 2013-11-21 19:00 - 00001300 _____ C:\WINDOWS\WindowsUpdate.log 2013-11-21 09:22 - 2013-11-21 18:50 - 00001960 _____ C:\Documents and Settings\Joanna\Pulpit\Antivirus Security Pro.lnk 2013-11-21 09:22 - 2013-11-21 18:50 - 00000118 _____ C:\Documents and Settings\Joanna\Pulpit\Antivirus Security Pro support.url 2013-11-21 09:22 - 2013-11-21 09:22 - 00000000 ____D C:\Documents and Settings\Joanna\Menu Start\Programy\Antivirus Security Pro 2013-11-21 09:16 - 2013-11-21 18:50 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\lpgg3333 2013-11-21 09:16 - 2013-11-21 09:16 - 00000000 ____D C:\Program Files\Google 2013-11-21 08:55 - 2013-11-21 08:55 - 105483598 _____ C:\WINDOWS\system32\鳂꽉哬; 2013-11-14 23:12 - 2013-11-14 23:12 - 00000000 ____D C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji\uTorrent 2013-11-14 03:02 - 2013-11-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-11-14 03:02 - 2013-11-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-11-14 03:02 - 2013-11-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-11-14 03:02 - 2013-11-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-11-13 12:51 - 2013-11-13 12:51 - 104010312 _____ C:\WINDOWS\system32\걕䥽哬; 2013-11-11 18:53 - 2013-11-11 18:53 - 103716811 _____ C:\WINDOWS\system32\ꖥ핒哬; 2013-11-10 18:49 - 2013-11-11 05:01 - 103551423 _____ C:\WINDOWS\system32\阠ٯ哬; 2013-11-10 16:54 - 2013-11-10 16:54 - 00000038 _____ C:\WINDOWS\AviSplitter.INI 2013-11-09 18:42 - 2013-11-10 02:12 - 103387443 _____ C:\WINDOWS\system32\ꫣ蕿哬; 2013-11-08 01:00 - 2013-11-08 01:00 - 103066299 _____ C:\WINDOWS\system32\尭꒧哬; 2013-11-04 19:21 - 2013-11-04 19:21 - 104964650 _____ C:\WINDOWS\system32\痠з哬; 2013-11-02 23:59 - 2013-11-02 23:59 - 104684788 _____ C:\WINDOWS\system32\哬; 2013-11-02 20:40 - 2013-11-02 20:40 - 00000480 _____ C:\Documents and Settings\Joanna\Pulpit\więzi.lnk 2013-11-02 10:04 - 2013-11-20 20:12 - 00000000 ____D C:\Documents and Settings\Joanna\Dane aplikacji\Mozilla 2013-11-01 18:01 - 2013-11-02 06:19 - 104569497 _____ C:\WINDOWS\system32\ؖ哬; 2013-10-28 20:42 - 2013-10-28 20:42 - 00000000 ____D C:\FRST 2013-10-28 09:41 - 2013-11-21 19:04 - 00000000 ____D C:\anty 2013-10-23 06:06 - 2013-10-23 06:06 - 102541796 _____ C:\WINDOWS\system32\랞㬒哬; ==================== One Month Modified Files and Folders ======= 2013-11-21 19:04 - 2013-10-28 09:41 - 00000000 ____D C:\anty 2013-11-21 19:03 - 2012-12-07 14:12 - 00000000 ___HD C:\Documents and Settings\Joanna\Ustawienia lokalne 2013-11-21 19:00 - 2013-11-21 18:59 - 00001300 _____ C:\WINDOWS\WindowsUpdate.log 2013-11-21 19:00 - 2012-12-07 14:12 - 00000188 ___SH C:\Documents and Settings\Joanna\ntuser.ini 2013-11-21 19:00 - 2012-05-23 15:22 - 00000215 _____ C:\WINDOWS\wiadebug.log 2013-11-21 19:00 - 2012-05-23 15:22 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-11-21 19:00 - 2012-05-23 13:46 - 00032482 _____ C:\WINDOWS\SchedLgU.Txt 2013-11-21 19:00 - 2012-05-23 13:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-11-21 18:59 - 2012-12-07 14:12 - 00000000 ____D C:\Documents and Settings\Joanna 2013-11-21 18:50 - 2013-11-21 09:22 - 00001960 _____ C:\Documents and Settings\Joanna\Pulpit\Antivirus Security Pro.lnk 2013-11-21 18:50 - 2013-11-21 09:22 - 00000118 _____ C:\Documents and Settings\Joanna\Pulpit\Antivirus Security Pro support.url 2013-11-21 18:50 - 2013-11-21 09:16 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\lpgg3333 2013-11-21 09:22 - 2013-11-21 09:22 - 00000000 ____D C:\Documents and Settings\Joanna\Menu Start\Programy\Antivirus Security Pro 2013-11-21 09:22 - 2012-12-07 14:12 - 00000000 ___RD C:\Documents and Settings\Joanna\Menu Start\Programy 2013-11-21 09:22 - 2012-12-07 14:12 - 00000000 ____D C:\Documents and Settings\Joanna\Pulpit 2013-11-21 09:16 - 2013-11-21 09:16 - 00000000 ____D C:\Program Files\Google 2013-11-21 09:16 - 2013-04-19 21:45 - 00000000 ____D C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji\Google 2013-11-21 09:16 - 2012-05-23 15:18 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2013-11-21 09:03 - 2013-03-20 16:37 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-11-21 08:55 - 2013-11-21 08:55 - 105483598 _____ C:\WINDOWS\system32\鳂꽉哬; 2013-11-20 22:46 - 2012-12-22 20:38 - 00107008 _____ C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-20 20:17 - 2012-12-22 19:51 - 00000000 ____D C:\Documents and Settings\Joanna\Dane aplikacji\Dropbox 2013-11-20 20:14 - 2012-12-23 09:44 - 00000000 ___RD C:\Dropbox 2013-11-20 20:12 - 2013-11-02 10:04 - 00000000 ____D C:\Documents and Settings\Joanna\Dane aplikacji\Mozilla 2013-11-20 12:32 - 2006-03-02 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-11-14 23:15 - 2013-07-27 20:20 - 00000000 ____D C:\DOWNLOAD - latest 2013-11-14 23:12 - 2013-11-14 23:12 - 00000000 ____D C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji\uTorrent 2013-11-14 23:12 - 2012-12-07 14:12 - 00000000 ___HD C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji 2013-11-14 03:02 - 2013-11-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-11-14 03:02 - 2013-11-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-11-14 03:02 - 2013-11-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-11-14 03:02 - 2013-11-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-11-14 03:02 - 2012-05-23 15:19 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-11-14 03:01 - 2012-05-23 15:39 - 00000000 ____D C:\WINDOWS\ie8updates 2013-11-13 12:51 - 2013-11-13 12:51 - 104010312 _____ C:\WINDOWS\system32\걕䥽哬; 2013-11-11 18:53 - 2013-11-11 18:53 - 103716811 _____ C:\WINDOWS\system32\ꖥ핒哬; 2013-11-11 05:01 - 2013-11-10 18:49 - 103551423 _____ C:\WINDOWS\system32\阠ٯ哬; 2013-11-10 16:54 - 2013-11-10 16:54 - 00000038 _____ C:\WINDOWS\AviSplitter.INI 2013-11-10 02:12 - 2013-11-09 18:42 - 103387443 _____ C:\WINDOWS\system32\ꫣ蕿哬; 2013-11-08 23:07 - 2012-12-26 13:47 - 00000000 ____D C:\Documents and Settings\Joanna\Dane aplikacji\vlc 2013-11-08 01:00 - 2013-11-08 01:00 - 103066299 _____ C:\WINDOWS\system32\尭꒧哬; 2013-11-04 19:21 - 2013-11-04 19:21 - 104964650 _____ C:\WINDOWS\system32\痠з哬; 2013-11-02 23:59 - 2013-11-02 23:59 - 104684788 _____ C:\WINDOWS\system32\哬; 2013-11-02 20:40 - 2013-11-02 20:40 - 00000480 _____ C:\Documents and Settings\Joanna\Pulpit\więzi.lnk 2013-11-02 12:35 - 2012-12-07 14:12 - 00000000 ___RD C:\Documents and Settings\Joanna\Menu Start\Programy\Autostart 2013-11-02 12:34 - 2012-12-22 19:54 - 00001001 _____ C:\Documents and Settings\Joanna\Pulpit\Dropbox.lnk 2013-11-02 12:34 - 2012-12-22 19:52 - 00000000 ____D C:\Documents and Settings\Joanna\Menu Start\Programy\Dropbox 2013-11-02 10:04 - 2012-12-07 14:12 - 00000000 __RHD C:\Documents and Settings\Joanna\Dane aplikacji 2013-11-02 06:19 - 2013-11-01 18:01 - 104569497 _____ C:\WINDOWS\system32\ؖ哬; 2013-11-01 09:44 - 2012-05-23 15:19 - 01260628 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-11-01 09:44 - 2006-03-02 13:00 - 00558054 _____ C:\WINDOWS\system32\perfh015.dat 2013-11-01 09:44 - 2006-03-02 13:00 - 00105610 _____ C:\WINDOWS\system32\perfc015.dat 2013-10-28 20:42 - 2013-10-28 20:42 - 00000000 ____D C:\FRST 2013-10-28 09:18 - 2013-01-13 02:29 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2013-10-28 09:00 - 2012-05-23 13:31 - 00000000 ____D C:\WINDOWS\Registration 2013-10-27 23:10 - 2012-12-25 19:17 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt 2013-10-23 06:06 - 2013-10-23 06:06 - 102541796 _____ C:\WINDOWS\system32\랞㬒哬; Files to move or delete: ==================== ZeroAccess: C:\Documents and Settings\Joanna\Ustawienia lokalne\Dane aplikacji\Google\Desktop\Install ZeroAccess: C:\Program Files\Google\Desktop\Install ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2006-03-02 13:00] - [2008-04-14 18:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2006-03-02 13:00] - [2008-04-14 18:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2006-03-02 13:00] - [2008-04-14 18:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2006-03-02 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2006-03-02 13:00] - [2008-04-14 18:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2006-03-02 13:00] - [2008-04-14 18:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2006-03-02 13:00] - [2008-04-14 17:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================