Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014 Ran by amx (administrator) on X-628658B1E9874 on 19-11-2014 01:49:42 Running from C:\Documents and Settings\amx.X-628658B1E9874\Pulpit Loaded Profile: amx (Available profiles: amx & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-12-11] (ATI Technologies, Inc.) HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16261632 2006-07-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [766041 2006-04-28] (Synaptics, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-22] (AVAST Software) HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-09] (Google Inc.) HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\Run: [XegdUhfug] => regsvr32.exe "C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\XegdUhfug\XegdUhfug.dat" HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\MountPoints2: {04de7022-364a-11e0-bbfc-000df033da81} - G:\ HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\MountPoints2: {44edf4ea-1f9a-11e2-8081-000df033da81} - G:\LaunchU3.exe -a HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\MountPoints2: {52b5ea73-037e-11e0-bb9f-000df033da81} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL start.exe HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\MountPoints2: {6d85c8ae-603a-11e0-bc6c-000df033da81} - G:\setup.exe HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\MountPoints2: {975932d6-43b5-11e3-82cb-000df033da81} - RunClubSanDisk.exe HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\MountPoints2: {ecc82316-8830-11e3-834c-000df033da81} - G:\Startme.exe HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\MountPoints2: {fca721f8-93b0-11e2-8176-000df033da81} - G:\sources\sperr32.exe x64 HKU\S-1-5-21-1547161642-117609710-725345543-1003\...\Winlogon: [Shell] C:\WINDOWS\EXPLORER.EXE [1033728 2004-08-03] (Microsoft Corporation) <==== ATTENTION Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\hp psc 1000 series.lnk ShortcutTarget: hp psc 1000 series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\hpoddt01.exe.lnk ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\hp psc 1000 series.lnk ShortcutTarget: hp psc 1000 series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\hpoddt01.exe.lnk ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1547161642-117609710-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1547161642-117609710-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-1547161642-117609710-725345543-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1547161642-117609710-725345543-1003 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1547161642-117609710-725345543-1003 -> &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKU\S-1-5-21-1547161642-117609710-725345543-1003 -> &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKU\S-1-5-21-1547161642-117609710-725345543-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Mozilla\Firefox\Profiles\jjdepqmh.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Mozilla\Firefox\Profiles\jjdepqmh.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Extension: Epuap Sign Plugin - C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Mozilla\Firefox\Profiles\jjdepqmh.default\Extensions\SignPlugin@epuap.com [2011-09-23] FF Extension: Flash Video Downloader - Youtube Downloader - C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Mozilla\Firefox\Profiles\jjdepqmh.default\Extensions\artur.dubovoy@gmail.com.xpi [2012-05-24] FF Extension: Stylish - C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Mozilla\Firefox\Profiles\jjdepqmh.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2011-09-09] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-03-03] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-22] Chrome: ======= CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-22] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-22] (AVAST Software) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-11-28] (Oracle Corporation) S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S4 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [153808 2010-06-08] (Avanquest Software) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2010-08-02] (Meetinghouse Data Communications) [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-22] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-10-22] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-10-22] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-22] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-10-22] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422760 2014-10-22] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-10-22] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-10-22] () R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [281760 2011-06-02] () S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation) R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation) [File not signed] R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-10-30] (Disc Soft Ltd) S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-04-07] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-04-07] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-04-07] (HP) R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2011-06-02] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation) R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [385280 2006-09-07] (Ralink Technology Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 SecDrv; C:\WINDOWS\system32\drivers\SECDRV.SYS [12400 2010-09-19] (Macrovision Europe Ltd) [File not signed] S3 sonypvs1; C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation) [File not signed] R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-05-16] () [File not signed] S3 VNUSB; C:\WINDOWS\System32\DRIVERS\VNUSB.sys [38448 2003-12-15] (OLYMPUS OPTICAL CO.,LTD.) [File not signed] S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X] S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X] S3 BT; system32\DRIVERS\btnetdrv.sys [X] S3 BTHidEnum; system32\DRIVERS\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 cdrbsvsd; No ImagePath S4 IntelIde; No ImagePath S3 VComm; system32\DRIVERS\VComm.sys [X] S3 VcommMgr; System32\Drivers\VcommMgr.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 01:49 - 2014-11-19 01:50 - 00018953 _____ () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\FRST.txt 2014-11-19 01:47 - 2014-11-19 01:49 - 00000000 ____D () C:\FRST 2014-11-19 01:46 - 2014-11-19 01:47 - 01108992 _____ (Farbar) C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\FRST.exe 2014-11-16 01:16 - 2014-11-19 01:21 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0013287c01750.job 2014-11-15 23:16 - 2014-11-15 23:30 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\zdjęcia Szkoła balcerowicza i konferencja 2014-11-13 02:24 - 2014-11-13 02:24 - 00000087 _____ () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\Nowy Dokument tekstowy (2).txt 2014-11-07 02:40 - 2014-11-07 03:01 - 00000395 _____ () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\Nowy Dokument tekstowy.txt 2014-11-07 01:57 - 2014-11-10 22:18 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\zabieram 2 2014-11-05 19:31 - 2014-11-15 00:32 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Ciqapo 2014-11-05 19:31 - 2014-11-14 23:41 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Kiobf 2014-11-01 00:40 - 2014-11-01 00:40 - 00000000 _____ () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\administratorkuponekdorady atramentkulka.txt 2014-10-31 01:31 - 2014-10-31 01:31 - 00000472 __RSH () C:\Documents and Settings\All Users.WINDOWS\ntuser.pol 2014-10-31 00:27 - 2014-11-15 00:32 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\01e58235-010d-43b1-8340-277d43a75321 2014-10-31 00:27 - 2014-11-15 00:32 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\01e58235-010d-43b1-8340-277d43a75321 2014-10-30 01:46 - 2014-10-30 01:46 - 00000994 _____ () C:\WINDOWS\DirectX.log 2014-10-30 01:31 - 2014-11-11 22:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-30 01:21 - 2014-10-31 00:28 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\mystartsearch 2014-10-30 01:20 - 2014-10-30 01:20 - 00001613 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\DAEMON Tools Lite.lnk 2014-10-30 01:20 - 2014-10-30 01:20 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\DAEMON Tools Lite 2014-10-30 01:20 - 2014-10-30 01:20 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\DAEMON Tools Lite 2014-10-30 01:19 - 2014-10-30 01:19 - 00243128 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys 2014-10-30 01:19 - 2014-10-30 01:19 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2014-10-22 23:38 - 2014-10-22 23:38 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-10-22 23:38 - 2014-10-22 23:38 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\AVAST Software 2014-10-22 23:37 - 2014-11-19 00:37 - 00000310 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-10-22 23:37 - 2014-10-22 23:37 - 00001731 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Avast Free Antivirus.lnk 2014-10-22 23:37 - 2014-10-22 23:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\AVAST Software 2014-10-22 23:37 - 2014-10-22 23:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\AVAST Software 2014-10-22 23:37 - 2014-10-22 23:36 - 00422760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-10-22 23:37 - 2014-10-22 23:36 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-10-22 23:37 - 2014-10-22 23:36 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-10-22 23:37 - 2014-10-22 23:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-10-22 23:36 - 2014-10-22 23:36 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-10-22 23:36 - 2014-10-22 23:36 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-10-22 23:36 - 2014-10-22 23:36 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-10-22 23:36 - 2014-10-22 23:36 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-10-22 23:36 - 2014-10-22 23:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-10-22 23:36 - 2014-10-22 23:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-10-22 23:33 - 2014-10-22 23:33 - 00000000 ____D () C:\Program Files\AVAST Software 2014-10-22 23:22 - 2014-10-22 23:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVAST Software 2014-10-22 23:22 - 2014-10-22 23:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVAST Software 2014-10-22 23:22 - 2014-10-22 23:22 - 00093640 _____ () C:\Documents and Settings\Administrator.X-628658B1E9874\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-10-22 23:21 - 2014-10-22 23:21 - 05004328 _____ (AVAST Software) C:\Documents and Settings\All Users.WINDOWS\Pulpit\avast_free_antivirus_setup_online.exe 2014-10-22 23:21 - 2014-10-22 23:21 - 00000000 ____D () C:\Documents and Settings\Administrator.X-628658B1E9874\Moje dokumenty\Pobrane 2014-10-21 23:33 - 2014-10-21 23:33 - 00000000 ____D () C:\Documents and Settings\Administrator.X-628658B1E9874\Ustawienia lokalne\Dane aplikacji\Mozilla 2014-10-21 23:33 - 2014-10-21 23:33 - 00000000 ____D () C:\Documents and Settings\Administrator.X-628658B1E9874\Dane aplikacji\Mozilla 2014-10-21 23:29 - 2014-10-22 23:26 - 00000188 ___SH () C:\Documents and Settings\Administrator.X-628658B1E9874\ntuser.ini 2014-10-21 23:29 - 2014-10-22 23:22 - 00000000 ____D () C:\Documents and Settings\Administrator.X-628658B1E9874\Ustawienia lokalne\temp 2014-10-21 23:29 - 2014-10-22 23:21 - 00000000 ____D () C:\Documents and Settings\Administrator.X-628658B1E9874\Moje dokumenty 2014-10-21 23:29 - 2014-10-21 23:33 - 00000000 __RHD () C:\Documents and Settings\Administrator.X-628658B1E9874\Dane aplikacji 2014-10-21 23:29 - 2014-10-21 23:33 - 00000000 ___HD () C:\Documents and Settings\Administrator.X-628658B1E9874\Ustawienia lokalne\Dane aplikacji 2014-10-21 23:29 - 2014-10-21 23:29 - 00000000 ____D () C:\Documents and Settings\Administrator.X-628658B1E9874 2014-10-21 23:29 - 2010-02-26 13:28 - 00000000 ___HD () C:\Documents and Settings\Administrator.X-628658B1E9874\Ustawienia lokalne 2014-10-21 23:29 - 2009-04-07 14:50 - 00000000 ___SD () C:\Documents and Settings\Administrator.X-628658B1E9874\Ustawienia lokalne\Historia 2014-10-21 23:29 - 2009-04-07 14:50 - 00000000 ___RD () C:\Documents and Settings\Administrator.X-628658B1E9874\Menu Start\Programy\Autostart 2014-10-21 23:29 - 2009-04-07 14:50 - 00000000 ___RD () C:\Documents and Settings\Administrator.X-628658B1E9874\Menu Start 2014-10-21 23:29 - 2009-04-07 14:50 - 00000000 ____D () C:\Documents and Settings\Administrator.X-628658B1E9874\Ulubione 2014-10-21 23:29 - 2009-04-07 14:50 - 00000000 ____D () C:\Documents and Settings\Administrator.X-628658B1E9874\Pulpit 2014-10-21 23:29 - 2009-04-07 10:34 - 00001599 _____ () C:\Documents and Settings\Administrator.X-628658B1E9874\Menu Start\Programy\Pomoc zdalna.lnk 2014-10-21 23:29 - 2009-04-07 10:34 - 00000792 _____ () C:\Documents and Settings\Administrator.X-628658B1E9874\Menu Start\Programy\Windows Media Player.lnk 2014-10-21 23:29 - 2009-04-07 10:34 - 00000000 ___RD () C:\Documents and Settings\Administrator.X-628658B1E9874\Menu Start\Programy\Akcesoria 2014-10-21 23:29 - 2009-04-07 10:34 - 00000000 ___RD () C:\Documents and Settings\Administrator.X-628658B1E9874\Menu Start\Programy 2014-10-21 23:29 - 2009-04-07 10:29 - 00000000 ___HD () C:\Documents and Settings\Administrator.X-628658B1E9874\Szablony 2014-10-21 22:47 - 2014-10-21 22:48 - 00020792 _____ () C:\Documents and Settings\amx.X-628658B1E9874\Moje dokumenty\cc_20141021_234757.reg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 01:50 - 2010-02-26 13:28 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Ustawienia lokalne\temp 2014-11-19 01:49 - 2009-04-07 10:41 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit 2014-11-19 01:29 - 2011-12-03 02:38 - 01922891 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-19 01:21 - 2013-10-09 20:28 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-19 01:20 - 2013-10-09 20:28 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-19 00:37 - 2009-04-07 10:39 - 00032252 _____ () C:\WINDOWS\SchedLgU.Txt 2014-11-18 21:29 - 2009-04-07 10:41 - 00000000 ___HD () C:\Documents and Settings\amx.X-628658B1E9874\Ustawienia lokalne\Dane aplikacji 2014-11-18 21:28 - 2009-05-13 10:01 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-11-18 21:28 - 2009-04-07 14:55 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-11-18 21:28 - 2009-04-07 10:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-18 21:28 - 2001-07-21 21:16 - 00000801 _____ () C:\WINDOWS\win.ini 2014-11-18 15:10 - 2009-04-07 10:41 - 00000188 ___SH () C:\Documents and Settings\amx.X-628658B1E9874\ntuser.ini 2014-11-18 15:07 - 2009-04-02 22:32 - 00001300 _____ () C:\hpfr3420.xml 2014-11-18 14:17 - 2010-02-26 23:49 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\stałe foldery 2014-11-18 00:29 - 2009-04-07 10:41 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874 2014-11-17 09:55 - 2009-04-07 14:51 - 00997954 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-11-17 09:55 - 2001-10-26 15:15 - 00454236 _____ () C:\WINDOWS\system32\perfh015.dat 2014-11-17 09:55 - 2001-10-26 15:15 - 00076298 _____ () C:\WINDOWS\system32\perfc015.dat 2014-11-15 23:16 - 2014-08-05 22:43 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\rada 2014-11-15 23:16 - 2013-04-05 22:22 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\kewins 2014-11-15 00:30 - 2009-04-07 14:50 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji 2014-11-14 23:40 - 2014-07-10 17:38 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-11-14 11:25 - 2013-12-21 01:14 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\dyplomy ja 2014-11-11 22:20 - 2012-05-03 10:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-11 22:20 - 2001-07-21 21:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-11-05 21:02 - 2009-04-07 16:45 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\Macromedia 2014-11-05 19:31 - 2009-04-07 10:41 - 00000000 __RHD () C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji 2014-11-03 18:16 - 2013-12-21 01:13 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Pulpit\dyplomy julia 2014-11-02 22:43 - 2009-04-17 00:46 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\dvdcss 2014-11-02 00:45 - 2013-03-23 12:58 - 00464441 _____ () C:\WINDOWS\setupapi.log 2014-11-02 00:44 - 2007-08-14 16:08 - 00000000 ____D () C:\WINDOWS\twain_32 2014-10-31 01:47 - 2010-02-26 13:11 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-10-31 01:31 - 2009-04-07 14:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS 2014-10-31 00:48 - 2009-04-07 14:50 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2014-10-31 00:48 - 2009-04-07 14:50 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2014-10-31 00:47 - 2008-05-09 10:07 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-10-31 00:27 - 2011-09-09 15:59 - 00000730 _____ () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Mozilla Firefox.lnk 2014-10-31 00:27 - 2011-09-09 15:59 - 00000730 _____ () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Mozilla Firefox.lnk 2014-10-31 00:27 - 2011-09-09 15:59 - 00000724 _____ () C:\Documents and Settings\All Users.WINDOWS\Pulpit\Mozilla Firefox.lnk 2014-10-31 00:27 - 2009-04-07 10:42 - 00000767 _____ () C:\Documents and Settings\amx.X-628658B1E9874\Menu Start\Programy\Internet Explorer.lnk 2014-10-30 01:42 - 2007-08-14 14:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-10-30 01:22 - 2009-04-17 12:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Lite 2014-10-30 01:22 - 2009-04-17 12:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Lite 2014-10-30 01:21 - 2009-04-15 23:44 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\DAEMON Tools Lite 2014-10-30 01:20 - 2009-04-07 14:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Pulpit 2014-10-30 00:52 - 2009-04-11 16:11 - 00210944 _____ () C:\Documents and Settings\amx.X-628658B1E9874\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-23 02:15 - 2009-11-21 02:02 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Ustawienia lokalne\Dane aplikacji\Temp 2014-10-22 01:36 - 2007-08-14 16:08 - 00000000 ____D () C:\WINDOWS\Connection Wizard 2014-10-22 01:35 - 2009-04-07 19:35 - 01966080 _____ () C:\WINDOWS\system32\config\Antivirus.Evt 2014-10-21 23:04 - 2013-07-05 00:59 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Dane aplikacji\DSite 2014-10-21 23:04 - 2009-04-08 10:11 - 00000000 ____D () C:\Documents and Settings\amx.X-628658B1E9874\Ustawienia lokalne\Dane aplikacji\Google 2014-10-21 22:47 - 2009-04-07 10:41 - 00000000 __RHD () C:\Documents and Settings\amx.X-628658B1E9874\Moje dokumenty 2014-10-21 00:23 - 2007-11-25 10:29 - 00000000 ___HD () C:\WINDOWS\$hf_mig$ 2014-10-20 10:38 - 2013-10-24 12:13 - 00001063 _____ () C:\WINDOWS\setupact.log Some content of TEMP: ==================== C:\Documents and Settings\amx.X-628658B1E9874\Ustawienia lokalne\temp\CmdLineExt02.dll C:\Documents and Settings\amx.X-628658B1E9874\Ustawienia lokalne\temp\SIntf16.dll C:\Documents and Settings\amx.X-628658B1E9874\Ustawienia lokalne\temp\SIntf32.dll C:\Documents and Settings\amx.X-628658B1E9874\Ustawienia lokalne\temp\SIntfNT.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================