Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014 Ran by Admin at 2014-12-19 07:22:40 Running from C:\Documents and Settings\Admin\Pulpit\trojany wypad Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Disabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 7.0 Professional Edition (HKLM\...\{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 7.00.543.3649 - ABBYY Software House) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Advanced PDF Password Recovery (HKU\S-1-5-21-796845957-2052111302-725345543-1003\...\Advanced PDF Password Recovery) (Version: 5.0 - ElcomSoft Co. Ltd.) Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation) Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) C-Media 3D Audio (HKLM\...\C-Media Audio) (Version: - ) COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.) DRUKI Gofin 2.2.19.0 (HKLM\...\{852B928B-042E-4555-B59B-3473734906FF}) (Version: 2.2.19.0 - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Dysk wspomnieniowy HP (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company) EasyCleaner (HKLM\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - ToniArts) e-pity 2011 (HKLM\...\{670A2206-F20A-490C-8C13-25EA88BF8E54}_is1) (Version: - e-file sp. z o.o.) EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Free eXPert PDF Reader (HKLM\...\{C2B5A2E5-51F8-4883-AF40-6A17902DAFEA}) (Version: 9.0.180.0 - Visagesoft) HP Photo and Imaging 2.1 - Scanjet 2400 Series (HKLM\...\{6F7ECD56-E224-4263-9B7E-158E5CECC43B}) (Version: 2.1.0000 - {&Tahoma8}Hewlett-Packard) HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation) Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel) K-Lite Codec Pack 8.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.1.0 - ) Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mobogenie3 (HKLM\...\Mobogenie3) (Version: 3.0.1.53153 - Mobogenie.com) <==== ATTENTION Mozilla Firefox 34.0.5 (x86 pl) (HKLM\...\Mozilla Firefox 34.0.5 (x86 pl)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MS Access Password Recovery V1.00 (HKLM\...\MS Access Password Recovery_is1) (Version: - Drek Software) MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation) Nokia Connectivity Cable Driver (HKLM\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia) Nokia PC Suite (Version: 7.1.180.46 - Nokia) Hidden NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - ) Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia) PC Connectivity Solution (HKLM\...\{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}) (Version: 11.5.22.0 - Nokia) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery) Płatnik 8.01.001A (HKLM\...\{05381030-963D-4779-BECA-0D7D49268EDB}) (Version: 8.01.001A - Asseco Poland SA) Program Pit 2009 - wersja 3.0.0.12 (HKLM\...\Program Pit 2009 - rozliczenie roczne podatku dochodowego_is1) (Version: - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Program Pit 2010 - wersja 4.0.0.17 (HKLM\...\Program Pit 2010 - rozliczenie roczne podatku dochodowego_is1) (Version: - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Program Pit 2011 - wersja 5.0.0.19 (HKLM\...\Roczne rozliczenie podatku dochodowego - PIT 2011_is1) (Version: - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Program Pit 2012 - wersja 6.0.25.33 (HKLM\...\Roczne rozliczenie podatku dochodowego - PIT 2012_is1) (Version: - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Program Pit 2013 - wersja 7.0.22.52 (HKLM\...\Roczne rozliczenie podatku dochodowego - PIT Gofin 2013_is1) (Version: - Wydawnictwo Podatkowe GOFIN sp. z o.o.) QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) SiS 900 PCI Fast Ethernet Adapter Driver (HKLM\...\SiSLan) (Version: - ) Skype™ 5.5 (HKLM\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.124 - Skype Technologies S.A.) Trojan Remover 6.9.1.2932 (HKLM\...\Trojan Remover_is1) (Version: 6.9.1.2932 - Simply Super Software) VisiooWriter 0.6.1 (HKLM\...\VisiooWriter) (Version: 0.6.1 - Fowlalgorn Software France) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Winamp (HKLM\...\Winamp) (Version: 5.623 - Nullsoft, Inc) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) WinRAR 4.01 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) Wise Registry Cleaner 5.9.4 (HKLM\...\Wise Registry Cleaner_is1) (Version: 5.9.4 - ZhiQing Soft, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-12-2014 15:00:30 Punkt kontrolny systemu 18-12-2014 16:59:34 Punkt kontrolny systemu ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2001-10-26 18:45 - 2001-10-26 18:45 - 00000742 ____A C:\WINNT\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINNT\Tasks\Adobe Flash Player Updater.job => C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINNT\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: C:\WINNT\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: C:\WINNT\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: C:\WINNT\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ==================== Loaded Modules (whitelisted) ============= 2012-01-14 12:59 - 2001-10-28 17:42 - 00116224 _____ () C:\WINNT\system32\pdfcmnnt.dll 2012-12-07 16:26 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Admin (S-1-5-21-796845957-2052111302-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin Administrator (S-1-5-21-796845957-2052111302-725345543-500 - Administrator - Enabled) Gość (S-1-5-21-796845957-2052111302-725345543-501 - Limited - Disabled) Pomocnik (S-1-5-21-796845957-2052111302-725345543-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-796845957-2052111302-725345543-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/18/2014 02:27:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd 5bfee0eb_stp.exe, wersja 26.0.1656.60, moduł powodujący błąd 5bfee0eb_stp.exe, wersja 26.0.1656.60, adres błędu 0x000838aa. Przetwarzanie zdarzenia określonego nośnika dla [5bfee0eb_stp.exe!ws!] Error: (12/18/2014 02:24:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd StrongholdAntiMalwareService.exe, wersja 0.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.6055, adres błędu 0x0005e362. Przetwarzanie zdarzenia określonego nośnika dla [StrongholdAntiMalwareService.exe!ws!] Error: (12/18/2014 02:20:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd stinger32.exe, wersja 12.1.0.1260, moduł powodujący błąd stinger32.exe, wersja 12.1.0.1260, adres błędu 0x00003e54. Przetwarzanie zdarzenia określonego nośnika dla [stinger32.exe!ws!] Error: (12/17/2014 01:18:09 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error: (12/17/2014 00:46:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd opera_ni_stable.exe, wersja 26.0.1656.32, moduł powodujący błąd opera_ni_stable.exe, wersja 26.0.1656.32, adres błędu 0x000835da. Przetwarzanie zdarzenia określonego nośnika dla [opera_ni_stable.exe!ws!] Error: (12/17/2014 00:29:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd cvs_webssearches.exe, wersja 6.3.7601.1372, moduł powodujący błąd jieya.dll, wersja 0.0.0.0, adres błędu 0x00001940. Przetwarzanie zdarzenia określonego nośnika dla [cvs_webssearches.exe!ws!] Error: (12/11/2014 09:36:10 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (11/10/2014 07:45:37 AM) (Source: MsiInstaller) (EventID: 11711) (User: ZARZĄDZANIE NT) Description: Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.Podczas zapisywania informacji o instalacji na dysk, wystąpił błąd. Upewnij się, czy jest wystarczająca ilość miejsca na dysku i kliknij przycisk Ponów próbę lub przycisk Anuluj, aby zakończyć instalację. Error: (11/09/2014 06:14:36 AM) (Source: MsiInstaller) (EventID: 11711) (User: BLEBLE) Description: Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.Podczas zapisywania informacji o instalacji na dysk, wystąpił błąd. Upewnij się, czy jest wystarczająca ilość miejsca na dysku i kliknij przycisk Ponów próbę lub przycisk Anuluj, aby zakończyć instalację. Error: (11/09/2014 00:51:32 AM) (Source: MsiInstaller) (EventID: 11711) (User: BLEBLE) Description: Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1711.Podczas zapisywania informacji o instalacji na dysk, wystąpił błąd. Upewnij się, czy jest wystarczająca ilość miejsca na dysku i kliknij przycisk Ponów próbę lub przycisk Anuluj, aby zakończyć instalację. System errors: ============= Error: (12/18/2014 02:25:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Stronghold Anti Malware Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (12/18/2014 07:37:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: gagp30kx Error: (12/18/2014 07:37:25 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (12/17/2014 08:08:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: gagp30kx Error: (12/17/2014 08:07:47 PM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (12/17/2014 01:14:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa MobogenieService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (12/16/2014 04:28:36 PM) (Source: DCOM) (EventID: 10000) (User: BLEBLE) Description: Nie można uruchomić serwera DCOM: {4CD40054-9865-47B2-A16C-1BD17DA4AAD9}. Błąd: „%%5” wystąpił podczas uruchamiania tego polecenia: "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding Error: (12/16/2014 04:28:27 PM) (Source: DCOM) (EventID: 10000) (User: BLEBLE) Description: Nie można uruchomić serwera DCOM: {4CD40054-9865-47B2-A16C-1BD17DA4AAD9}. Błąd: „%%5” wystąpił podczas uruchamiania tego polecenia: "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding Error: (12/16/2014 04:28:22 PM) (Source: DCOM) (EventID: 10000) (User: BLEBLE) Description: Nie można uruchomić serwera DCOM: {4CD40054-9865-47B2-A16C-1BD17DA4AAD9}. Błąd: „%%5” wystąpił podczas uruchamiania tego polecenia: "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding Error: (12/11/2014 01:29:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Spybot-S&D 2 Security Center Service z powodu następującego błędu: %%1053 Microsoft Office Sessions: ========================= Error: (08/15/2013 07:04:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 18, Application Name: Picture Manager, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/19/2013 08:06:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1216 seconds with 720 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: AMD Athlon(tm) XP 2400+ Percentage of memory in use: 26% Total physical RAM: 2303.48 MB Available physical RAM: 1697.87 MB Total Pagefile: 2852.52 MB Available Pagefile: 2306.53 MB Total Virtual: 2047.88 MB Available Virtual: 1936.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:9.77 GB) (Free:1.15 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:27.53 GB) (Free:4.69 GB) NTFS Drive e: (CD) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 37.3 GB) (Disk ID: BC76264F) Partition 1: (Active) - (Size=9.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=27.5 GB) - (Type=OF Extended) ==================== End Of Log ============================