Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014 Ran by Marii (administrator) on MARI on 15-08-2014 21:31:42 Running from C:\Documents and Settings\Marii\Pulpit Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtbws.exe (Opera Software) D:\Programy instalki\Opera\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-2025429265-583907252-1801674531-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKU\S-1-5-21-2025429265-583907252-1801674531-1003\...\MountPoints2: {c54a6fab-15ab-11e1-b1d2-00210079971c} - F:\Startme.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programy instalki\Java\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programy instalki\Java\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Documents and Settings\Marii\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.204.159.1 195.116.5.3 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> D:\Programy instalki\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> D:\Programy instalki\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-02] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-08] FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-16] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-16] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-16] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-16] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-16] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-20] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-08-20] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-08-20] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-20] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-08-20] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-11-16] (Kaspersky Lab ZAO) S3 CoordinatorServiceHost; D:\Solidworks 2012\SolidWorks\swScheduler\DTSCoordinatorService.exe [89160 2012-01-20] (Dassault Systèmes SolidWorks Corp.) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-04-04] (Flexera Software, Inc.) S3 JavaQuickStarterService; D:\Programy instalki\Java\bin\jqs.exe [181664 2013-04-19] (Oracle Corporation) S2 KMService; C:\WINDOWS\system32\srvany.exe [8192 2011-09-28] () [File not signed] S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2011-09-28] (Broadcom Corporation) S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2013-11-16] (Kaspersky Lab ZAO) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [576096 2014-03-20] (Kaspersky Lab ZAO) R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO) R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24672 2014-02-17] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-11-16] (Kaspersky Lab ZAO) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [144992 2013-12-19] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [93792 2014-03-20] (Kaspersky Lab ZAO) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 21:31 - 2014-08-15 21:31 - 00011710 _____ () C:\Documents and Settings\Marii\Pulpit\FRST.txt 2014-08-15 21:28 - 2014-08-15 21:31 - 00000000 ____D () C:\FRST 2014-08-15 21:24 - 2014-08-15 21:24 - 01092096 _____ (Farbar) C:\Documents and Settings\Marii\Pulpit\FRST.exe 2014-08-15 20:30 - 2014-08-15 20:34 - 00005879 _____ () C:\WINDOWS\setupapi.log 2014-08-03 10:25 - 2014-08-15 16:46 - 00003360 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-02 21:03 - 2014-08-02 21:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 21:31 - 2014-08-15 21:31 - 00011710 _____ () C:\Documents and Settings\Marii\Pulpit\FRST.txt 2014-08-15 21:31 - 2014-08-15 21:28 - 00000000 ____D () C:\FRST 2014-08-15 21:31 - 2011-09-27 22:35 - 00000000 ____D () C:\Documents and Settings\Marii\Ustawienia lokalne\Temp 2014-08-15 21:31 - 2011-09-27 22:35 - 00000000 ____D () C:\Documents and Settings\Marii\Pulpit 2014-08-15 21:24 - 2014-08-15 21:24 - 01092096 _____ (Farbar) C:\Documents and Settings\Marii\Pulpit\FRST.exe 2014-08-15 21:18 - 2012-02-10 22:49 - 01151552 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-15 20:49 - 2013-11-16 20:12 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2014-08-15 20:35 - 2011-09-28 00:18 - 01200212 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-15 20:35 - 2008-04-15 14:00 - 00536496 _____ () C:\WINDOWS\system32\perfh015.dat 2014-08-15 20:35 - 2008-04-15 14:00 - 00095670 _____ () C:\WINDOWS\system32\perfc015.dat 2014-08-15 20:34 - 2014-08-15 20:30 - 00005879 _____ () C:\WINDOWS\setupapi.log 2014-08-15 20:33 - 2014-05-03 21:23 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-15 20:30 - 2012-02-10 22:50 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-08-15 20:30 - 2012-02-10 22:50 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-08-15 20:29 - 2011-09-27 22:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-15 16:46 - 2014-08-03 10:25 - 00003360 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-15 16:46 - 2013-11-16 23:34 - 00352070 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-2025429265-583907252-1801674531-1003-0.dat 2014-08-15 16:46 - 2013-11-16 20:53 - 00352070 _____ () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2014-08-15 16:46 - 2011-09-27 22:35 - 00000188 ___SH () C:\Documents and Settings\Marii\ntuser.ini 2014-08-15 16:46 - 2011-09-27 22:35 - 00000000 ____D () C:\Documents and Settings\Marii 2014-08-14 20:00 - 2013-06-10 12:57 - 00224702 _____ () C:\Documents and Settings\Marii\Moje dokumenty\zakładki opera.adr 2014-08-14 20:00 - 2011-09-27 22:35 - 00000000 ___RD () C:\Documents and Settings\Marii\Moje dokumenty 2014-08-14 17:47 - 2008-04-15 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-13 16:50 - 2011-09-28 09:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2014-08-04 20:51 - 2011-09-28 10:01 - 00000000 ____D () C:\Documents and Settings\Marii\Dane aplikacji\vlc 2014-08-02 21:29 - 2011-09-28 11:41 - 00000000 ____D () C:\Documents and Settings\Marii\Moje dokumenty\Pliki Ccleaner 2014-08-02 21:22 - 2011-09-27 22:24 - 00000000 ____D () C:\Program Files\Messenger 2014-08-02 21:09 - 2014-03-28 13:19 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-08-02 21:09 - 2014-03-28 13:19 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2014-08-02 21:05 - 2014-08-02 21:03 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-08-02 20:53 - 2014-05-03 21:23 - 00000789 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2014-08-02 20:53 - 2014-05-03 21:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-02 20:53 - 2014-05-03 21:23 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2014-08-02 20:53 - 2011-09-28 00:17 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-07-31 18:46 - 2011-09-29 22:40 - 00055296 _____ () C:\Documents and Settings\Marii\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-28 22:29 - 2011-09-28 09:26 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================