Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014 Ran by Młody (administrator) on HOME-839F6AF365 on 20-11-2014 08:40:35 Running from C:\Documents and Settings\Młody\Pulpit Loaded Profile: Młody (Available profiles: Młody) Platform: Microsoft Windows XP Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-10-09] (Analog Devices, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-16] (AVAST Software) HKLM\...\Run: [LXCTCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 (the data entry has 59 more characters). HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-21-2052111302-1935655697-682003330-1003\...\MountPoints2: G - G:\SETUP.EXE HKU\S-1-5-21-2052111302-1935655697-682003330-1003\...\MountPoints2: {41ecb9a3-7ae8-11e3-bdd4-0023545b61cf} - H:\start.exe HKU\S-1-5-21-2052111302-1935655697-682003330-1003\...\MountPoints2: {f4bf3696-1913-11e2-bb4a-0023545b61cf} - H:\LaunchU3.exe -a HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 Startup: C:\Documents and Settings\Młody\Menu Start\Programy\Autostart\program.lnk ShortcutTarget: program.lnk -> C:\Documents and Settings\All Users\Dane aplikacji\3E5836AE.cpp () Startup: C:\Documents and Settings\Młody\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2052111302-1935655697-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2052111302-1935655697-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Documents and Settings\Młody\Dane aplikacji\Mozilla\Firefox\Profiles\orxazox3.default FF NewTab: hxxp:// FF DefaultSearchUrl: hxxp:// FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp:// FF Keyword.URL: hxxp:// FF Plugin: -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin:,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin:,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: Update;version=3 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll No File FF Plugin: Update;version=9 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2052111302-1935655697-682003330-1003:,version=1.0 -> C:\Documents and Settings\Młody\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Documents and Settings\Młody\Dane aplikacji\Mozilla\Firefox\Profiles\orxazox3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05] FF HKLM\...\Firefox\Extensions: [] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-31] FF Extension: No Name - [Not Found] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-16] (AVAST Software) S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) S2 lxct_device; C:\WINDOWS\system32\lxctcoms.exe [528384 2006-07-13] ( ) S3 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 winmgmt; C:\DOCUME~1\ALLUSE~1\DANEAP~1\1DDC01E3.cpp [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-16] () S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-16] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-16] (AVAST Software) S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-16] () S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-16] (AVAST Software) S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422760 2014-11-16] (AVAST Software) S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-16] (AVAST Software) S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-16] () S1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-18] (Sensaura) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [248832 2006-07-26] (Marvell) S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-20 08:40 - 2014-11-20 08:40 - 00008463 _____ () C:\Documents and Settings\Młody\Pulpit\FRST.txt 2014-11-20 08:40 - 2014-11-20 08:40 - 00000000 ____D () C:\FRST 2014-11-20 08:39 - 2014-11-20 08:39 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Młody\Pulpit\OTL.exe 2014-11-20 08:39 - 2014-11-20 08:39 - 00380416 _____ () C:\Documents and Settings\Młody\Pulpit\0swv3fui.exe 2014-11-20 08:38 - 2014-11-20 08:38 - 01108992 _____ (Farbar) C:\Documents and Settings\Młody\Pulpit\FRST.exe 2014-11-19 16:31 - 2014-11-19 16:32 - 00000000 ____D () C:\Documents and Settings\Młody\Moje dokumenty\Domowe 2014-11-19 16:29 - 2014-11-19 16:30 - 00000000 ____D () C:\Documents and Settings\Młody\Moje dokumenty\Asia 2014-11-19 13:15 - 2014-11-19 13:15 - 00000000 __SHD () C:\WINDOWS\CSC 2014-11-19 11:09 - 2014-11-19 11:09 - 00000165 ____H () C:\Documents and Settings\Młody\Pulpit\~$Labofarm.pptx 2014-11-19 10:50 - 2014-11-19 10:50 - 00249856 _____ () C:\Documents and Settings\All Users\Dane aplikacji\3E5836AE.cpp 2014-11-16 20:09 - 2014-11-16 20:09 - 00001731 _____ () C:\Documents and Settings\All Users\Pulpit\Avast Free Antivirus.lnk 2014-11-16 20:08 - 2014-11-16 20:08 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-11-16 20:08 - 2014-11-16 20:08 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-11-13 09:52 - 2014-11-13 09:52 - 00005120 ___SH () C:\Documents and Settings\Młody\Pulpit\Thumbs.db 2014-11-10 22:26 - 2014-11-10 22:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-10 19:46 - 2014-11-10 19:46 - 00000000 ____D () C:\Documents and Settings\MĹ‚ody\Dane aplikacji\IrfanView 2014-11-10 19:46 - 2014-11-10 19:46 - 00000000 ____D () C:\Documents and Settings\MĹ‚ody\Dane aplikacji 2014-11-10 19:46 - 2014-11-10 19:46 - 00000000 ____D () C:\Documents and Settings\MĹ‚ody 2014-11-08 15:51 - 2014-11-19 16:29 - 00000000 ____D () C:\Documents and Settings\Młody\Pulpit\Labofarm 2014-10-29 20:38 - 2014-11-19 13:18 - 00004990 _____ () C:\WINDOWS\setupapi.log 2014-10-29 10:47 - 2014-11-19 16:34 - 00000000 ____D () C:\Documents and Settings\Młody\Pulpit\Podział majątku 2014-10-29 09:27 - 2014-10-29 09:27 - 00000000 ____D () C:\Documents and Settings\Młody\Moje dokumenty\Artykuły 2014-10-29 09:24 - 2014-10-29 09:24 - 00000598 _____ () C:\Documents and Settings\Młody\Pulpit\Skrót do Moje dokumenty.lnk 2014-10-29 09:20 - 2014-10-29 09:25 - 00000000 ____D () C:\Documents and Settings\Młody\Moje dokumenty\Bushcraft 2014-10-23 08:45 - 2014-11-08 14:05 - 00000000 ____D () C:\Documents and Settings\Młody\Pulpit\Żywienie Dojelitowe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-20 08:40 - 2012-05-19 11:59 - 00000000 ____D () C:\Documents and Settings\Młody\Ustawienia lokalne\Temp 2014-11-20 08:40 - 2012-05-19 11:59 - 00000000 ____D () C:\Documents and Settings\Młody\Pulpit 2014-11-20 08:28 - 2012-07-06 19:40 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-11-20 08:28 - 2012-06-14 13:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-11-20 08:28 - 2012-06-14 13:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-11-20 08:28 - 2012-05-19 11:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-20 07:47 - 2012-05-19 11:59 - 00000188 ___SH () C:\Documents and Settings\Młody\ntuser.ini 2014-11-20 07:47 - 2012-05-19 11:59 - 00000000 ____D () C:\Documents and Settings\Młody 2014-11-20 07:47 - 2012-05-19 11:58 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt 2014-11-20 07:47 - 2012-05-19 11:55 - 01302816 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-19 16:59 - 2012-05-19 11:59 - 00000000 __RHD () C:\Documents and Settings\Młody\Dane aplikacji 2014-11-19 16:32 - 2014-10-20 10:25 - 00000000 ____D () C:\Documents and Settings\Młody\Pulpit\CV LM Labofarm 20.X.2014 2014-11-19 16:31 - 2012-05-19 11:59 - 00000000 ___RD () C:\Documents and Settings\Młody\Moje dokumenty 2014-11-19 16:25 - 2012-05-19 13:48 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-11-19 13:28 - 2012-05-19 11:59 - 00001599 _____ () C:\Documents and Settings\Młody\Menu Start\Programy\Pomoc zdalna.lnk 2014-11-19 13:23 - 2012-05-19 11:55 - 00001607 _____ () C:\Documents and Settings\All Users\Menu Start\Określ dostęp do programów i ich ustawienia domyślne.lnk 2014-11-19 11:04 - 2012-09-11 21:27 - 00000000 ____D () C:\Program Files\Lx_cats 2014-11-19 10:50 - 2012-05-19 13:47 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-11-19 10:50 - 2012-05-19 11:59 - 00000000 ___RD () C:\Documents and Settings\Młody\Menu Start\Programy\Autostart 2014-11-16 20:33 - 2012-06-09 16:44 - 00176640 _____ () C:\Documents and Settings\Młody\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-16 20:25 - 2012-10-18 12:33 - 00000000 ____D () C:\Documents and Settings\Młody\Dane aplikacji\U3 2014-11-16 20:09 - 2012-05-19 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-11-16 20:08 - 2014-05-05 06:10 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-11-16 20:08 - 2013-03-01 09:51 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-11-16 20:08 - 2013-03-01 09:51 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-11-16 20:08 - 2013-03-01 09:51 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-11-16 20:08 - 2012-05-31 19:19 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-11-16 20:08 - 2012-05-31 19:19 - 00422760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-11-16 20:08 - 2012-05-31 19:19 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-11-16 20:08 - 2012-05-31 19:19 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys 2014-11-16 20:02 - 2001-07-21 23:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-11-14 08:52 - 2012-05-19 11:52 - 00000000 ____D () C:\Program Files\Messenger 2014-11-13 09:24 - 2014-09-17 18:26 - 00000000 ___RD () C:\Documents and Settings\Młody\Moje dokumenty\Dropbox 2014-11-13 09:24 - 2014-07-08 16:45 - 00000000 ____D () C:\Documents and Settings\Młody\Dane aplikacji\Dropbox 2014-11-12 19:40 - 2012-08-20 15:31 - 00000000 ____D () C:\Documents and Settings\Młody\Moje dokumenty\Rozwód 2014-11-12 09:25 - 2014-02-06 10:55 - 00000000 ____D () C:\Documents and Settings\Młody\Moje dokumenty\Nutrico 2014-11-12 09:07 - 2012-12-19 13:51 - 00000000 ____D () C:\Documents and Settings\Młody\Moje dokumenty\CV LM 2014-11-11 00:18 - 2002-08-04 17:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-08 16:23 - 2014-09-13 11:38 - 00000000 ____D () C:\Documents and Settings\Młody\Pulpit\Tablica 2014-11-08 16:05 - 2012-05-31 18:54 - 00000000 ____D () C:\WINDOWS\SHELLNEW 2014-11-05 11:31 - 2012-05-19 11:59 - 00000000 ___RD () C:\Documents and Settings\Młody\Moje dokumenty\Moje obrazy 2014-11-02 14:21 - 2012-05-19 11:52 - 00012860 ____C () C:\WINDOWS\wmsetup.log 2014-10-31 20:12 - 2013-05-31 19:53 - 00000000 ____D () C:\Documents and Settings\Młody\Dane aplikacji\.minecraft 2014-10-30 09:15 - 2012-08-20 15:32 - 00000000 ____D () C:\Documents and Settings\Młody\Moje dokumenty\Radostowa 2014-10-29 09:32 - 2014-07-03 20:11 - 00000000 ____D () C:\Documents and Settings\Młody\Moje dokumenty\Świadectwa pracy 2014-10-26 11:57 - 2012-05-19 13:48 - 00773572 ____C () C:\WINDOWS\system32\PerfStringBackup.INI 2014-10-26 11:57 - 2001-10-26 17:15 - 00359512 ____C () C:\WINDOWS\system32\perfh015.dat 2014-10-26 11:57 - 2001-10-26 17:15 - 00051084 ____C () C:\WINDOWS\system32\perfc015.dat Some content of TEMP: ==================== C:\Documents and Settings\Młody\Ustawienia lokalne\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvetwkz.dll C:\Documents and Settings\Młody\Ustawienia lokalne\Temp\LcHO.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================