Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013 Ran by dom (administrator) on DOM-14A4DD4C930 on 10-12-2013 18:52:40 Running from C:\Documents and Settings\dom\Moje dokumenty\Pobieranie Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16269312 2006-10-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] - C:\WINDOWS\SkyTel.exe [2879488 2006-05-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin [829832 2013-10-08] (Adobe Systems Incorporated) MountPoints2: H - H:\iStudio.exe MountPoints2: {0039a21e-4dd4-11e2-b9b8-001d60c5a800} - H:\iStudio.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\Documents and Settings\dom\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355995419140 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\dom\Dane aplikacji\Mozilla\Firefox\Profiles\vz4pxvtb.default FF SearchEngineOrder.3: Bing FF Homepage: hxxp://msn.gazeta.pl/msn/0,0.html?pc=UP97&ocid=UP97DHP FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF SearchPlugin: C:\Documents and Settings\dom\Dane aplikacji\Mozilla\Firefox\Profiles\vz4pxvtb.default\searchplugins\bingp.xml FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1344224 2009-02-25] (Atheros Communications, Inc.) R3 AtcL002; C:\Windows\System32\DRIVERS\atl02_xp.sys [27776 2006-08-14] (Attansic Technology corporation.) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 SynMini; C:\Windows\System32\Drivers\SynMini.sys [1116544 2006-08-09] () S3 SynScan; C:\Windows\System32\Drivers\SynScan.sys [7808 2006-08-09] () S4 IntelIde; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-10 18:52 - 2013-12-10 18:52 - 00000000 ____D C:\FRST 2013-12-10 18:22 - 2013-12-10 18:22 - 00000000 ____D C:\WINDOWS\CSC 2013-11-19 16:46 - 2013-12-10 18:32 - 00000406 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2013-11-16 13:28 - 2013-11-16 15:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-14 10:34 - 2013-11-14 10:34 - 00009215 _____ C:\WINDOWS\KB2900986.log 2013-11-14 10:34 - 2013-11-14 10:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-11-14 10:34 - 2013-11-14 10:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-11-14 10:34 - 2013-11-14 10:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-11-14 10:34 - 2013-11-14 10:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-11-14 10:33 - 2013-11-14 10:34 - 00011696 _____ C:\WINDOWS\KB2888505-IE8.log 2013-11-14 09:44 - 2013-11-14 10:34 - 00015275 _____ C:\WINDOWS\KB2868626.log 2013-11-14 09:44 - 2013-11-14 10:34 - 00014255 _____ C:\WINDOWS\KB2862152.log 2013-11-14 09:44 - 2013-11-14 10:34 - 00013756 _____ C:\WINDOWS\KB2876331.log ==================== One Month Modified Files and Folders ======= 2013-12-10 18:52 - 2013-12-10 18:52 - 00000000 ____D C:\FRST 2013-12-10 18:52 - 2012-12-20 12:11 - 00000000 ____D C:\Documents and Settings\dom\Moje dokumenty\Pobieranie 2013-12-10 18:32 - 2013-11-19 16:46 - 00000406 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2013-12-10 18:32 - 2012-12-20 08:38 - 01635915 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-10 18:25 - 2008-04-15 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-12-10 18:22 - 2013-12-10 18:22 - 00000000 ____D C:\WINDOWS\CSC 2013-12-10 18:21 - 2012-12-20 08:44 - 00000188 ___SH C:\Documents and Settings\dom\ntuser.ini 2013-12-05 14:43 - 2012-12-20 16:40 - 00000000 ____D C:\Documents and Settings\dom\Dane aplikacji\Skype 2013-12-05 14:43 - 2012-12-20 09:30 - 00000275 _____ C:\WINDOWS\wiadebug.log 2013-12-05 14:43 - 2012-12-20 09:30 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-12-05 14:43 - 2012-12-20 08:43 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt 2013-12-05 14:43 - 2012-12-20 08:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-05 14:37 - 2012-12-20 12:12 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-11-29 12:52 - 2012-12-20 08:44 - 00000000 ____D C:\Documents and Settings\dom 2013-11-24 13:28 - 2012-12-20 08:44 - 00000000 ___RD C:\Documents and Settings\dom\Moje dokumenty\Moje obrazy 2013-11-19 15:02 - 2012-12-20 12:15 - 00001912 _____ C:\WINDOWS\epplauncher.mif 2013-11-19 15:02 - 2012-12-20 12:14 - 00001698 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Security Essentials.lnk 2013-11-19 15:02 - 2012-12-20 12:14 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-19 15:02 - 2012-12-20 09:26 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2013-11-19 11:21 - 2012-12-20 12:20 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2013-11-16 17:26 - 2012-12-20 12:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-16 15:24 - 2013-11-16 13:28 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-14 10:34 - 2013-11-14 10:34 - 00009215 _____ C:\WINDOWS\KB2900986.log 2013-11-14 10:34 - 2013-11-14 10:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-11-14 10:34 - 2013-11-14 10:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-11-14 10:34 - 2013-11-14 10:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-11-14 10:34 - 2013-11-14 10:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-11-14 10:34 - 2013-11-14 10:33 - 00011696 _____ C:\WINDOWS\KB2888505-IE8.log 2013-11-14 10:34 - 2013-11-14 09:44 - 00015275 _____ C:\WINDOWS\KB2868626.log 2013-11-14 10:34 - 2013-11-14 09:44 - 00014255 _____ C:\WINDOWS\KB2862152.log 2013-11-14 10:34 - 2013-11-14 09:44 - 00013756 _____ C:\WINDOWS\KB2876331.log 2013-11-14 10:34 - 2012-12-20 10:51 - 00100309 _____ C:\WINDOWS\updspapi.log 2013-11-14 10:34 - 2012-12-20 09:27 - 01258774 _____ C:\WINDOWS\iis6.log 2013-11-14 10:34 - 2012-12-20 09:27 - 01118261 _____ C:\WINDOWS\FaxSetup.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00543896 _____ C:\WINDOWS\ocgen.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00517249 _____ C:\WINDOWS\tsoc.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00387628 _____ C:\WINDOWS\comsetup.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00359746 _____ C:\WINDOWS\msmqinst.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00233180 _____ C:\WINDOWS\ntdtcsetup.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00196647 _____ C:\WINDOWS\netfxocm.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00077562 _____ C:\WINDOWS\MedCtrOC.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00069979 _____ C:\WINDOWS\ocmsn.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00058361 _____ C:\WINDOWS\tabletoc.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00056182 _____ C:\WINDOWS\msgsocm.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00001393 _____ C:\WINDOWS\imsins.log 2013-11-14 10:34 - 2012-12-20 09:27 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-11-14 10:33 - 2013-08-14 19:38 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-11-14 10:31 - 2012-12-20 11:01 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-11-14 09:42 - 2012-12-20 16:39 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Skype 2013-11-14 09:41 - 2013-02-11 12:23 - 00000000 ___RD C:\Program Files\Skype 2013-11-11 08:41 - 2012-12-20 08:44 - 00000000 ___RD C:\Documents and Settings\dom\Moje dokumenty Some content of TEMP: ==================== C:\Documents and Settings\dom\Ustawienia lokalne\Temp\Checkupdate.exe C:\Documents and Settings\dom\Ustawienia lokalne\Temp\Foxit Reader Updater.exe C:\Documents and Settings\dom\Ustawienia lokalne\Temp\Foxit Updater.exe C:\Documents and Settings\dom\Ustawienia lokalne\Temp\gcapi_dll.dll C:\Documents and Settings\dom\Ustawienia lokalne\Temp\gtapi_signed.dll C:\Documents and Settings\dom\Ustawienia lokalne\Temp\setup_wm.exe C:\Documents and Settings\dom\Ustawienia lokalne\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2008-04-15 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2008-04-15 13:00] - [2008-04-15 13:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2008-04-15 13:00] - [2008-04-15 13:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2008-04-15 13:00] - [2008-04-15 13:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================