Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01 Ran by Smółko Anna (administrator) on SEVENTH-WAVE on 23-12-2013 02:49:02 Running from D:\Dokumenty\Czyszczenie Windows 7 Professional (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe () C:\ProgramData\DataCardService\DCService.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2012-02-25] (Adobe Systems Incorporated) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKCU\...\Policies\Explorer: [NoSMHelp] 1 HKCU\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1 HKCU\...\Policies\Explorer: [GreyMSIAds] 0 HKCU\...\Policies\Explorer: [NoCDBurning] 1 HKCU\...\Policies\Explorer: [NoInternetOpenWith] 1 HKCU\...\Policies\Explorer: [NoInstrumentation] 1 HKCU\...\Policies\Explorer: [] MountPoints2: {0527f119-5761-11e2-8b23-f07bcbf63a6a} - F:\AutoRun.exe MountPoints2: {78f8ca60-607b-11e1-9c4f-f07bcbf63a6a} - F:\AutoRun.exe MountPoints2: {78f8ca6b-607b-11e1-9c4f-f07bcbf63a6a} - F:\AutoRun.exe MountPoints2: {8f207000-22ed-11e3-ba8f-f07bcbf63a6a} - F:\AutoRun.exe MountPoints2: {e2d97258-25e3-11e3-9f0b-f07bcbf63a6a} - F:\iLinker.exe HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-12-23] () HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{0A7A7562-31C7-4644-AF98-8D18EF7C8B99}: [NameServer]89.108.195.20 89.108.202.20 Tcpip\..\Interfaces\{4E1F4A06-0936-4A5C-8D18-BCDAF77FEC57}: [NameServer]89.108.195.20 89.108.202.20 Tcpip\..\Interfaces\{FCEEDBC8-835C-4709-9690-EB3B8F186608}: [NameServer]89.108.195.21 217.17.34.10 FireFox: ======== FF ProfilePath: C:\Users\Smółko Anna\AppData\Roaming\Mozilla\Firefox\Profiles\za0ejvw3.default FF SearchEngineOrder.1: Ask Search FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Smółko Anna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wolnelektury-pl.xml FF Extension: Ant Video Downloader - C:\Users\Smółko Anna\AppData\Roaming\Mozilla\Firefox\Profiles\za0ejvw3.default\Extensions\anttoolbar@ant.com FF Extension: Bitdefender QuickScan - C:\Users\Smółko Anna\AppData\Roaming\Mozilla\Firefox\Profiles\za0ejvw3.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF Extension: SearchPreview - C:\Users\Smółko Anna\AppData\Roaming\Mozilla\Firefox\Profiles\za0ejvw3.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} FF Extension: Adblock Plus - C:\Users\Smółko Anna\AppData\Roaming\Mozilla\Firefox\Profiles\za0ejvw3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} ==================== Services (Whitelisted) ================= R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-12-23] () R2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-01-08] () R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-15] () S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-12-16] (DT Soft Ltd) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2013-12-22] (Duplex Secure Ltd.) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2011-12-14] () U3 apx8gksx; C:\Windows\System32\Drivers\apx8gksx.sys [0 ] (Advanced Micro Devices) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-23 02:08 - 2013-12-23 02:08 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs 2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\FRST 2013-12-23 00:10 - 2013-12-23 00:10 - 00000000 ____D C:\Users\Smółko Anna\AppData\Roaming\InstallShield 2013-12-22 23:55 - 2013-12-22 23:55 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2013-12-22 23:54 - 2013-12-23 00:20 - 00000000 ____D C:\Users\Smółko Anna\AppData\Roaming\newnext.me 2013-12-22 23:54 - 2013-12-22 23:55 - 00000201 _____ C:\Users\Smółko Anna\daemonprocess.txt 2013-12-22 23:54 - 2013-12-22 23:54 - 00000000 ____D C:\Users\Smółko Anna\AppData\Local\genienext 2013-12-22 23:54 - 2013-12-22 23:54 - 00000000 ____D C:\Users\Smółko Anna\.android 2013-12-16 13:58 - 2013-12-16 13:58 - 00000000 ____D C:\Users\Smółko Anna\AppData\Roaming\Blender Foundation 2013-12-12 10:52 - 2013-12-12 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-12-23 02:13 - 2009-07-14 05:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-23 02:13 - 2009-07-14 05:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-23 02:09 - 2011-12-14 19:18 - 01806776 _____ C:\Windows\WindowsUpdate.log 2013-12-23 02:08 - 2013-12-23 02:08 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs 2013-12-23 02:07 - 2013-10-02 15:01 - 00000000 ____D C:\AdwCleaner 2013-12-23 02:05 - 2012-02-25 16:33 - 00137761 _____ C:\Windows\setupact.log 2013-12-23 02:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-23 01:55 - 2012-04-02 17:13 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-23 01:03 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\FRST 2013-12-23 00:39 - 2013-08-12 09:58 - 00000000 ____D C:\Users\Smółko Anna\AppData\Roaming\QuickScan 2013-12-23 00:20 - 2013-12-22 23:54 - 00000000 ____D C:\Users\Smółko Anna\AppData\Roaming\newnext.me 2013-12-23 00:19 - 2012-03-03 17:28 - 00164440 _____ C:\Windows\PFRO.log 2013-12-23 00:10 - 2013-12-23 00:10 - 00000000 ____D C:\Users\Smółko Anna\AppData\Roaming\InstallShield 2013-12-23 00:10 - 2011-12-15 00:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-22 23:55 - 2013-12-22 23:55 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2013-12-22 23:55 - 2013-12-22 23:54 - 00000201 _____ C:\Users\Smółko Anna\daemonprocess.txt 2013-12-22 23:54 - 2013-12-22 23:54 - 00000000 ____D C:\Users\Smółko Anna\AppData\Local\genienext 2013-12-22 23:54 - 2013-12-22 23:54 - 00000000 ____D C:\Users\Smółko Anna\.android 2013-12-22 23:54 - 2013-09-27 14:38 - 00000000 ____D C:\Users\Smółko Anna\AppData\Local\cache 2013-12-22 23:54 - 2012-02-25 15:56 - 00000000 ____D C:\Users\Smółko Anna 2013-12-22 15:17 - 2009-07-14 18:55 - 00803548 _____ C:\Windows\system32\perfh015.dat 2013-12-22 15:17 - 2009-07-14 18:55 - 00179294 _____ C:\Windows\system32\perfc015.dat 2013-12-22 15:17 - 2009-07-14 06:13 - 01846862 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-16 13:58 - 2013-12-16 13:58 - 00000000 ____D C:\Users\Smółko Anna\AppData\Roaming\Blender Foundation 2013-12-15 22:47 - 2013-10-01 13:17 - 00000000 ____D C:\Users\Smółko Anna\.thumbnails 2013-12-15 20:04 - 2012-05-04 06:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-12 10:52 - 2013-12-12 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-10 20:55 - 2012-04-02 17:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-10 20:55 - 2012-04-02 17:13 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-10 20:55 - 2011-12-16 13:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-06 16:49 - 2013-07-27 18:26 - 00000000 ____D C:\Users\Smółko Anna\AppData\Local\Apple Computer 2013-11-25 22:02 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT Files to move or delete: ==================== C:\ProgramData\hash.dat Some content of TEMP: ==================== C:\Users\Smółko Anna\AppData\Local\Temp\AcDeltree.exe C:\Users\Smółko Anna\AppData\Local\Temp\APNSetup.exe C:\Users\Smółko Anna\AppData\Local\Temp\AxSFADownloader.exe C:\Users\Smółko Anna\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe C:\Users\Smółko Anna\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-10 18:26 ==================== End Of Log ============================