Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2014 Ran by damian (administrator) on DAMIAN-KOMPUTER on 25-01-2014 12:54:29 Running from D:\ Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\System32\atiesrxx.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe () C:\Program Files\Dokan\DokanLibrary\mounter.exe (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Autodesk, Inc.) D:\Programy\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (AMD) C:\Windows\System32\atieclxx.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe () C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Opera Software) C:\Program Files\Opera\opera.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5074384 2012-12-21] (ESET) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&q={searchTerms} SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&q={searchTerms} SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_pl SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&q={searchTerms} SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms} Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [814104 2012-09-24] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3704824 2013-12-05] (Acronis) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation) R2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1333424 2012-12-21] (ESET) S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-02-22] (Flexera Software, Inc.) R2 mitsijm2012; D:\Programy\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [579384 2010-12-08] (Autodesk, Inc.) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29262680 2009-05-27] (Microsoft Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () S4 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76888 2012-12-04] () S4 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7025432 2012-09-14] (Acronis) S2 HitmanPro36CrusaderBoot; "G:\antywirusy\hitman-pro.exe" /crusader:boot [x] ==================== Drivers (Whitelisted) ==================== S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-11-21] () R2 Dokan; C:\windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows (R) Win 7 DDK provider) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-01-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-01-10] (ESET) S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [30976 2014-01-14] () R1 HWiNFO32; C:\windows\system32\drivers\HWiNFO32.SYS [20712 2012-12-22] (REALiX(tm)) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-21] () R3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [559208 2011-01-06] (Realtek Semiconductor Corporation ) R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [806184 2013-12-05] (Acronis) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [689672 2013-12-05] (Acronis) R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [139336 2013-12-05] (Acronis) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [99720 2013-12-05] (Acronis) R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S2 avgntflt; system32\DRIVERS\avgntflt.sys [x] S1 avipbb; system32\DRIVERS\avipbb.sys [x] S1 avkmgr; system32\DRIVERS\avkmgr.sys [x] S3 catchme; \??\C:\Users\damian\AppData\Local\Temp\catchme.sys [x] S3 cpuz126; \??\C:\Users\damian\AppData\Local\Temp\cpuz.sys [x] U4 sptd; S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x] U3 TrueSight; \??\ [x] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-25 12:22 - 2014-01-25 12:22 - 00000000 ____D C:\FRST 2014-01-24 20:00 - 2014-01-24 20:00 - 00001125 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-01-24 19:59 - 2014-01-24 19:59 - 00000000 ____D C:\Program Files\TeamViewer 2014-01-24 18:14 - 2014-01-24 18:14 - 00000000 ____D C:\Users\damian\AppData\Roaming\rcru 2014-01-22 17:00 - 2014-01-22 17:00 - 00000000 ____D C:\Users\damian\Desktop\słówka techniczne na ang 2014-01-22 16:56 - 2014-01-22 16:56 - 03366194 _____ C:\Users\damian\Desktop\słówka techniczne na ang.zip 2014-01-21 21:40 - 2014-01-21 21:44 - 00899917 _____ C:\Users\damian\Desktop\Haas prezentacja.pptx 2014-01-21 21:31 - 2014-01-21 21:31 - 02890240 _____ C:\Users\damian\Desktop\Frezowanie teoria.ppt 2014-01-21 16:43 - 2014-01-21 16:43 - 00000000 ____D C:\Users\damian\Desktop\koziorowska sprawko 2014-01-21 15:31 - 2014-01-21 17:33 - 00000000 ____D C:\Users\damian\Desktop\Hass VF Pionowe centra obróbcze Instrukcja obsłógi PL 2014-01-15 15:59 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 15:59 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 15:59 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 15:59 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 15:59 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 15:59 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 15:59 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 15:59 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 15:59 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-14 19:38 - 2014-01-14 19:38 - 00143728 _____ C:\windows\Minidump\011414-28594-01.dmp 2014-01-14 19:38 - 2014-01-14 19:38 - 00030976 _____ C:\windows\system32\Drivers\hitmanpro37.sys 2014-01-14 18:24 - 2014-01-14 19:41 - 00000000 ____D C:\ProgramData\HitmanPro 2014-01-13 21:26 - 2014-01-14 01:09 - 00000000 ____D C:\Users\damian\Desktop\2014-01 (sty) 2014-01-12 21:13 - 2014-01-12 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-09 23:59 - 2014-01-09 23:59 - 00690271 _____ C:\Users\damian\Desktop\Zagrożenia ze strony sieci globalnej-zapobieganie i profilaktyka.pptx 2013-12-29 15:25 - 2013-12-29 15:25 - 00001085 _____ C:\Users\damian\Desktop\AIMP3.lnk 2013-12-27 00:26 - 2013-12-27 00:26 - 00000000 ____D C:\Users\damian\AppData\Local\Smellyriver ==================== One Month Modified Files and Folders ======= 2014-01-25 12:48 - 2012-06-12 12:05 - 00096802 _____ C:\windows\PFRO.log 2014-01-25 12:48 - 2012-03-28 20:03 - 00052733 _____ C:\windows\setupact.log 2014-01-25 12:48 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2014-01-25 12:47 - 2011-01-08 20:38 - 01542564 _____ C:\windows\WindowsUpdate.log 2014-01-25 12:22 - 2014-01-25 12:22 - 00000000 ____D C:\FRST 2014-01-25 12:16 - 2009-07-14 05:34 - 00014736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-25 12:16 - 2009-07-14 05:34 - 00014736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-24 20:56 - 2009-11-18 11:05 - 00165592 _____ C:\Users\damian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-24 20:55 - 2009-07-14 05:33 - 01874640 _____ C:\windows\system32\FNTCACHE.DAT 2014-01-24 20:00 - 2014-01-24 20:00 - 00001125 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-01-24 20:00 - 2013-01-22 14:42 - 00000000 ____D C:\Users\damian\AppData\Roaming\TeamViewer 2014-01-24 19:59 - 2014-01-24 19:59 - 00000000 ____D C:\Program Files\TeamViewer 2014-01-24 19:00 - 2013-10-19 11:08 - 00000657 _____ C:\Users\damian\Desktop\RaidCall.lnk 2014-01-24 18:14 - 2014-01-24 18:14 - 00000000 ____D C:\Users\damian\AppData\Roaming\rcru 2014-01-23 22:44 - 2012-08-31 11:38 - 00000000 ____D C:\Users\damian\AppData\Roaming\AIMP3 2014-01-22 20:13 - 2009-09-28 19:14 - 00812342 _____ C:\windows\system32\perfh015.dat 2014-01-22 20:13 - 2009-09-28 19:14 - 00182908 _____ C:\windows\system32\perfc015.dat 2014-01-22 20:13 - 2009-07-26 21:06 - 01874072 _____ C:\windows\system32\PerfStringBackup.INI 2014-01-22 20:09 - 2011-10-04 18:21 - 00000000 ____D C:\Users\damian\AppData\Roaming\Skype 2014-01-22 17:00 - 2014-01-22 17:00 - 00000000 ____D C:\Users\damian\Desktop\słówka techniczne na ang 2014-01-22 16:56 - 2014-01-22 16:56 - 03366194 _____ C:\Users\damian\Desktop\słówka techniczne na ang.zip 2014-01-21 21:44 - 2014-01-21 21:40 - 00899917 _____ C:\Users\damian\Desktop\Haas prezentacja.pptx 2014-01-21 21:31 - 2014-01-21 21:31 - 02890240 _____ C:\Users\damian\Desktop\Frezowanie teoria.ppt 2014-01-21 17:33 - 2014-01-21 15:31 - 00000000 ____D C:\Users\damian\Desktop\Hass VF Pionowe centra obróbcze Instrukcja obsłógi PL 2014-01-21 16:43 - 2014-01-21 16:43 - 00000000 ____D C:\Users\damian\Desktop\koziorowska sprawko 2014-01-20 22:28 - 2013-11-04 17:08 - 00000000 ____D C:\Users\damian\Desktop\elektronika 2014-01-20 16:03 - 2011-02-04 16:06 - 00000000 ____D C:\Users\damian\AppData\Local\MetaGeek,_LLC 2014-01-15 20:35 - 2013-07-14 14:18 - 00000000 ____D C:\windows\system32\MRT 2014-01-15 20:31 - 2009-11-20 10:42 - 83425928 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-14 20:53 - 2009-07-14 03:37 - 00000000 ____D C:\windows\IME 2014-01-14 19:41 - 2014-01-14 18:24 - 00000000 ____D C:\ProgramData\HitmanPro 2014-01-14 19:38 - 2014-01-14 19:38 - 00143728 _____ C:\windows\Minidump\011414-28594-01.dmp 2014-01-14 19:38 - 2014-01-14 19:38 - 00030976 _____ C:\windows\system32\Drivers\hitmanpro37.sys 2014-01-14 19:38 - 2012-06-04 12:22 - 00000000 ____D C:\windows\Minidump 2014-01-14 19:33 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF 2014-01-14 19:19 - 2012-11-30 23:17 - 00000400 _____ C:\windows\system32\.crusader 2014-01-14 01:09 - 2014-01-13 21:26 - 00000000 ____D C:\Users\damian\Desktop\2014-01 (sty) 2014-01-12 21:13 - 2014-01-12 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-12 18:44 - 2013-11-26 20:08 - 00000198 _____ C:\Users\damian\Desktop\cw.txt 2014-01-11 16:52 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET 2014-01-09 23:59 - 2014-01-09 23:59 - 00690271 _____ C:\Users\damian\Desktop\Zagrożenia ze strony sieci globalnej-zapobieganie i profilaktyka.pptx 2014-01-09 20:50 - 2010-08-26 17:21 - 00000000 ____D C:\Program Files\Common Files\Steam 2014-01-01 15:34 - 2009-07-14 05:53 - 00032604 _____ C:\windows\Tasks\SCHEDLGU.TXT 2014-01-01 14:00 - 2013-05-26 20:17 - 00000000 ____D C:\windows\rescache 2013-12-31 18:17 - 2011-09-21 23:01 - 00000000 ____D C:\Users\damian\AppData\Roaming\vlc 2013-12-29 15:25 - 2013-12-29 15:25 - 00001085 _____ C:\Users\damian\Desktop\AIMP3.lnk 2013-12-27 00:26 - 2013-12-27 00:26 - 00000000 ____D C:\Users\damian\AppData\Local\Smellyriver Files to move or delete: ==================== C:\ProgramData\hash.dat Some content of TEMP: ==================== C:\Users\damian\AppData\Local\temp\adb.exe C:\Users\damian\AppData\Local\temp\AdbWinApi.dll C:\Users\damian\AppData\Local\temp\AdbWinUsbApi.dll C:\Users\damian\AppData\Local\temp\ntdll_dump.dll C:\Users\damian\AppData\Local\temp\SH1.dll C:\Users\damian\AppData\Local\temp\SkypeSetup.exe C:\Users\damian\AppData\Local\temp\wtw-update.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-21 01:31 ==================== End Of Log ============================