Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 ([color=red]ATTENTION: ====> FRSTversion is 10 days old and could be outdated[/color]) Ran by ASD (administrator) on DANMED2 on 15-07-2015 15:36:04 Running from D:\Instalki różne Loaded Profiles: ASD (Available Profiles: ASD & Administrator) Platform: Microsoft Windows XP Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (Doctor Web, Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe () C:\Program Files\ASSECO\mMedica\mmService.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (Doctor Web, Ltd.) C:\PROGRA~1\DrWeb\spidernt.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Asseco Poland S.A. (TS)) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Doctor Web, Ltd.) C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.) C:\PROGRA~1\DrWeb\spiderui.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SpIDerAgent] => C:\Program Files\DrWeb\SpIDerAgent.exe [447728 2010-02-01] (Doctor Web, Ltd.) HKLM\...\Run: [SpIDerMail] => C:\Program Files\DrWeb\spiderml.exe [644336 2009-06-30] (Doctor Web, Ltd.) HKLM\...\Run: [SpIDerNT] => C:\Program Files\DrWeb\spiderui.exe [232352 2011-02-10] (Doctor Web, Ltd.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-329068152-117609710-1801674531-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Strona wyszukiwania = HKU\S-1-5-21-329068152-117609710-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Strona początkowa = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-329068152-117609710-1801674531-1004 -> DefaultScope {145794FF-3BCB-4680-87EB-3FF72F960003} URL ={searchTerms} SearchScopes: HKU\S-1-5-21-329068152-117609710-1801674531-1004 -> {145794FF-3BCB-4680-87EB-3FF72F960003} URL ={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} FireFox: ======== FF Plugin:,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed] R2 DrWebEngine; C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [869688 2009-09-29] (Doctor Web, Ltd.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 mmService; C:\Program Files\ASSECO\mMedica\mMService.exe [3841024 2011-12-10] () [File not signed] R2 postgresmm-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [110592 2012-01-03] (Asseco Poland S.A. (TS)) [File not signed] R2 SPIDERNT; C:\Program Files\DrWeb\spidernt.exe [231816 2011-02-10] (Doctor Web, Ltd.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) R2 yksvc; RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] () R0 DwProt; C:\WINDOWS\System32\drivers\dwprot.sys [131192 2010-11-22] (Doctor Web, Ltd.) R0 mrdd; C:\WINDOWS\System32\DRIVERS\mrdd.sys [18984 2008-11-12] (Marvell Semiconductor, Inc.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [152616 2009-02-09] (Marvell Semiconductor, Inc.) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation) R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura) R2 SPIDER; C:\Program Files\DrWeb\spider.sys [316240 2011-02-10] (Doctor Web, Ltd.) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [290432 2008-09-19] (Marvell) S3 catchme; \??\C:\DOCUME~1\ASD\USTAWI~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath U3 TlntSvr; No ImagePath U3 uwddapoc; \??\C:\DOCUME~1\ASD\USTAWI~1\Temp\uwddapoc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-15 15:35 - 2015-07-15 15:35 - 00000854 _____ C:\Documents and Settings\ASD\Pulpit\gmer15072015.txt 2015-07-14 18:11 - 2015-07-14 18:11 - 00128504 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-07-14 17:50 - 2015-07-14 17:50 - 00090112 _____ C:\WINDOWS\Minidump\Mini071415-01.dmp 2015-07-13 18:45 - 2015-07-13 18:45 - 00090112 _____ C:\WINDOWS\Minidump\Mini071315-01.dmp 2015-07-08 16:07 - 2015-07-15 15:36 - 00000000 ____D C:\FRST 2015-07-08 15:22 - 2015-07-08 15:22 - 00000000 ____D C:\Documents and Settings\ASD\Ustawienia lokalne\Dane aplikacji\Deployment 2015-07-08 15:15 - 2015-07-08 15:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini070815-01.dmp 2015-07-07 07:42 - 2015-07-07 07:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini070715-02.dmp 2015-07-07 07:12 - 2015-07-07 07:12 - 00090112 _____ C:\WINDOWS\Minidump\Mini070715-01.dmp 2015-07-06 07:54 - 2015-07-06 07:54 - 00090112 _____ C:\WINDOWS\Minidump\Mini070615-02.dmp 2015-07-06 07:40 - 2015-07-06 07:40 - 00090112 _____ C:\WINDOWS\Minidump\Mini070615-01.dmp 2015-07-02 15:54 - 2015-07-15 15:36 - 00000000 ____D C:\Documents and Settings\ASD\Ustawienia lokalne\temp 2015-07-02 15:54 - 2015-07-14 17:54 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\temp 2015-07-02 15:54 - 2015-07-02 15:54 - 00006270 _____ C:\ComboFix.txt 2015-07-02 15:54 - 2015-07-02 15:54 - 00000000 ____D C:\Documents and Settings\NetworkService\Ustawienia lokalne\temp 2015-07-02 15:54 - 2015-07-02 15:54 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\temp 2015-07-02 15:45 - 2015-07-02 15:45 - 00000000 _RSHD C:\cmdcons 2015-07-02 15:45 - 2010-04-09 14:08 - 00000211 _____ C:\Boot.bak 2015-07-02 15:45 - 2004-08-03 23:00 - 00262400 __RSH C:\cmldr 2015-07-02 15:44 - 2015-07-02 15:54 - 00000000 ____D C:\Qoobox 2015-07-02 15:44 - 2015-07-02 15:54 - 00000000 ____D C:\ComboFix 2015-07-02 15:44 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2015-07-02 15:44 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2015-07-02 15:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2015-07-02 15:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2015-07-02 15:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2015-07-02 15:44 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2015-07-02 15:44 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe 2015-07-02 15:44 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe 2015-07-02 15:44 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe 2015-07-02 15:43 - 2015-07-02 15:53 - 00000000 ____D C:\WINDOWS\erdnt 2015-07-02 15:43 - 2015-07-02 15:43 - 00000000 ___RD C:\Documents and Settings\ASD\Moje dokumenty\Moje wideo 2015-07-02 15:43 - 2015-07-02 15:43 - 00000000 ___RD C:\Documents and Settings\ASD\Menu Start\Programy\Narzędzia administracyjne 2015-07-02 15:29 - 2015-07-08 15:50 - 00000000 ____D C:\WINDOWS\pss 2015-07-02 08:07 - 2015-07-14 18:03 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat 2015-06-29 07:45 - 2015-06-29 07:45 - 00000706 _____ C:\Documents and Settings\All Users\Pulpit\TeamViewer 10.lnk 2015-06-29 07:45 - 2015-06-29 07:45 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 10 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-15 15:35 - 2010-04-09 14:16 - 00000000 ____D C:\Documents and Settings\ASD\Pulpit 2015-07-15 15:34 - 2014-03-25 08:13 - 00000218 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-07-15 15:33 - 2010-04-09 14:10 - 01733097 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-15 15:31 - 2010-04-09 16:01 - 00000157 _____ C:\WINDOWS\wiadebug.log 2015-07-15 15:31 - 2010-04-09 16:01 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-07-15 15:31 - 2010-04-09 14:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-14 23:19 - 2010-04-09 14:16 - 00000188 ___SH C:\Documents and Settings\ASD\ntuser.ini 2015-07-14 23:19 - 2010-04-09 14:15 - 00032360 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-14 23:08 - 2010-04-09 16:03 - 00000000 ____D C:\Program Files\DrWeb 2015-07-14 22:59 - 2010-04-09 16:26 - 00000340 _____ C:\WINDOWS\Tasks\Dr.Web Update.job 2015-07-14 19:17 - 2010-04-09 16:02 - 00000472 _____ C:\WINDOWS\WINCMD.INI 2015-07-14 18:52 - 2010-04-09 16:00 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-07-14 18:49 - 2010-04-09 16:58 - 00000000 __SHD C:\Documents and Settings\ASD\UserData 2015-07-14 18:21 - 2010-04-09 16:00 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-07-14 18:10 - 2013-08-02 16:13 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-07-14 18:04 - 2010-08-12 14:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981997$ 2015-07-14 17:50 - 2010-04-09 16:00 - 01039852 _____ C:\WINDOWS\setupapi.log 2015-07-14 17:50 - 2010-04-09 15:59 - 00188506 _____ C:\WINDOWS\setupact.log 2015-07-13 18:32 - 2010-04-09 15:57 - 00000327 __RSH C:\boot.ini 2015-07-13 18:32 - 2008-04-15 14:00 - 00000477 _____ C:\WINDOWS\win.ini 2015-07-13 18:32 - 2008-04-15 14:00 - 00000227 _____ C:\WINDOWS\system.ini 2015-07-13 18:30 - 2008-04-15 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2015-07-08 16:00 - 2010-04-09 14:16 - 00000000 __RHD C:\Documents and Settings\ASD\Dane aplikacji 2015-07-08 15:22 - 2010-04-09 14:16 - 00000000 ___HD C:\Documents and Settings\ASD\Ustawienia lokalne\Dane aplikacji 2015-07-08 15:17 - 2013-08-02 16:14 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\Adobe 2015-07-08 15:10 - 2015-05-06 15:04 - 00000000 ____D C:\Program Files\TeamViewer 2015-07-02 16:42 - 2014-08-06 15:00 - 00000062 _____ C:\Documents and Settings\ASD\Pulpit\dilo.txt.txt 2015-07-02 16:39 - 2015-03-03 15:55 - 00000181 _____ C:\Documents and Settings\ASD\Pulpit\dilo.url 2015-07-02 16:28 - 2010-04-09 14:16 - 00000000 ___RD C:\Documents and Settings\ASD\Moje dokumenty 2015-07-02 16:17 - 2012-01-11 16:13 - 00000000 ____D C:\Documents and Settings\ASD\Dane aplikacji\postgresql 2015-07-02 16:17 - 2010-04-09 15:53 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\mMedica 2015-07-02 16:14 - 2012-01-11 16:12 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\PostgreSQL 9.0 2015-07-02 16:08 - 2015-04-07 15:02 - 87691264 _____ (Microsoft Corporation) C:\Documents and Settings\ASD\Pulpit\mmFullInstall.exe 2015-07-02 15:54 - 2013-08-02 16:13 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne 2015-07-02 15:54 - 2010-04-09 14:16 - 00000000 ___HD C:\Documents and Settings\ASD\Ustawienia lokalne 2015-07-02 15:54 - 2010-04-09 14:15 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne 2015-07-02 15:54 - 2010-04-09 14:13 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne 2015-07-02 15:43 - 2010-04-09 16:00 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty 2015-07-02 15:43 - 2010-04-09 14:16 - 00000000 ___RD C:\Documents and Settings\ASD\Menu Start\Programy 2015-07-02 14:56 - 2010-04-09 16:37 - 00000000 ____D C:\!archiwa_mm 2015-06-30 12:43 - 2014-07-04 15:10 - 00000181 _____ C:\Documents and Settings\ASD\Pulpit\EWUŚ - zmiana hasła.url 2015-06-29 07:45 - 2010-04-09 16:00 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================