Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 01 Ran by Janusz (administrator) on JANUSZ-PC on 12-01-2015 12:09:29 Running from C:\Users\Janusz\Downloads\12 sty 15 vista 1\od frst forum logi Loaded Profile: Janusz (Available profiles: Janusz) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polski (Polska) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Vimicro) C:\Windows\vmsnap3.exe () C:\Windows\Domino.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [VMSnap3] => C:\Windows\VMSnap3.exe [49152 2006-07-18] (Vimicro) HKLM\...\Run: [Domino] => C:\Windows\Domino.exe [49152 2006-07-04] () HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-10-11] (Realtek Semiconductor Corp.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-428840236-531340148-3836443965-1000\...\Run: [ChomikBox] => C:\Program Files\ChomikBox\chomikbox.exe [5979648 2012-11-15] ( ) HKU\S-1-5-21-428840236-531340148-3836443965-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-428840236-531340148-3836443965-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-428840236-531340148-3836443965-1000\...\Run: [Ozi] => C:\Users\Janusz\AppData\Roaming\OziboxSync\OziBoxSync.exe ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-428840236-531340148-3836443965-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-428840236-531340148-3836443965-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ HKU\S-1-5-21-428840236-531340148-3836443965-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.gry.jeja.pl/47,pryskajace-banki.html http://pasjans-online.pl/ SearchScopes: HKU\S-1-5-21-428840236-531340148-3836443965-1000 -> DefaultScope 2A156E3308864EDAB4FE51B856899563 URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-428840236-531340148-3836443965-1000 -> 2A156E3308864EDAB4FE51B856899563 URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-428840236-531340148-3836443965-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) Toolbar: HKU\S-1-5-21-428840236-531340148-3836443965-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 FireFox: ======== FF ProfilePath: C:\Users\Janusz\AppData\Roaming\Mozilla\Firefox\Profiles\bjg1ibys.od25lut14 FF SearchEngineOrder.3: Bing FF Homepage: about:home FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-428840236-531340148-3836443965-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Janusz\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-428840236-531340148-3836443965-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Janusz\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Janusz\AppData\Roaming\Mozilla\Firefox\Profiles\bjg1ibys.od25lut14\searchplugins\bingp.xml FF Extension: FEBE - C:\Users\Janusz\AppData\Roaming\Mozilla\Firefox\Profiles\dumjv91v.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-06-21] FF Extension: Saved Password Editor - C:\Users\Janusz\AppData\Roaming\Mozilla\Firefox\Profiles\dumjv91v.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2011-07-12] FF Extension: Flagfox - C:\Users\Janusz\AppData\Roaming\Mozilla\Firefox\Profiles\vzw05s1g.erodate2onplock\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-06-20] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Janusz\AppData\Roaming\Mozilla\Firefox\Profiles\vzw05s1g.erodate2onplock\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-25] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) ATTENTION: => Could not perform signature verification. Cryptographic Service is not running. R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET) S3 FDR; C:\Program Files\Microsoft Logo\Software Certification Toolkit\FDRAgent.exe [806792 2010-05-12] (Microsoft Corp.) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 E4LOADER; C:\Windows\System32\Drivers\e4ldr.sys [69656 2007-01-04] (Analog Deivces) S3 e4usbaw; C:\Windows\System32\DRIVERS\e4usbaw.sys [104344 2007-01-04] (Analog Devices Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2014-10-10] (ESET) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-02] (REALiX(tm)) R3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [31232 2010-11-23] (IC Plus Corp. ) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] () S3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2009-11-19] (MCCI Corporation) R0 SysTrace; C:\Windows\System32\Drivers\SysTrace.sys [92800 2011-09-19] (Microsoft Corp.) S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation) S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1472768 2007-05-15] (Vimicro Corporation) S4 IpInIp; system32\DRIVERS\ipinip.sys [X] S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 10:10 - 2015-01-12 10:11 - 11586975 _____ () C:\Users\Janusz\Downloads\Firefox 33.0.2 (x86 pl) - 2015-01-12.pcv 2015-01-12 09:48 - 2015-01-12 09:50 - 00000000 ____D () C:\Users\Janusz\Downloads\12sty15 vista 2 2015-01-12 09:28 - 2015-01-12 09:28 - 00000000 ____D () C:\ProgramData\WindowsSearch 2015-01-12 07:34 - 2015-01-12 07:34 - 00000000 ____D () C:\Users\Janusz\Downloads\PACZKA NA WIRY 23 MAJ 14 cz1 2015-01-12 07:28 - 2015-01-12 08:06 - 00000000 ____D () C:\Users\Janusz\Downloads\12 sty 15 vista 1 2015-01-07 17:47 - 2015-01-07 17:47 - 00155960 _____ () C:\Windows\Minidump\Mini010715-01.dmp 2015-01-04 11:34 - 2015-01-04 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-01-04 11:34 - 2015-01-04 11:34 - 00000000 ____D () C:\ProgramData\ESET 2015-01-02 14:50 - 2015-01-02 15:58 - 00000000 ____D () C:\Users\Janusz\AppData\Roaming\OziboxSync 2015-01-02 14:50 - 2015-01-02 14:50 - 00000000 ____D () C:\Users\Janusz\AppData\Local\PackageAware 2015-01-02 11:34 - 2014-11-04 14:37 - 11059923 _____ () C:\Users\Janusz\Downloads\PACZKA NA WIRY 23 MAJ 14 cz1.7z 2015-01-02 09:32 - 2015-01-02 09:32 - 00023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS 2015-01-02 09:31 - 2015-01-02 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32 2015-01-02 09:21 - 2015-01-12 07:31 - 00000000 ____D () C:\Users\Janusz\Downloads\bluescreenview ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 12:09 - 2013-12-27 10:54 - 00000000 ____D () C:\FRST 2015-01-12 12:05 - 2012-01-30 10:39 - 00000000 ____D () C:\Users\Janusz\AppData\Local\ChomikBox 2015-01-12 12:05 - 2010-06-29 13:53 - 00000000 ____D () C:\Users\Janusz\AppData\Roaming\Skype 2015-01-12 11:57 - 2009-04-13 09:02 - 01609052 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-12 11:57 - 2009-04-13 09:01 - 00712332 _____ () C:\Windows\system32\perfh015.dat 2015-01-12 11:57 - 2009-04-13 09:01 - 00150308 _____ () C:\Windows\system32\perfc015.dat 2015-01-12 11:51 - 2010-12-03 19:13 - 00000000 ____D () C:\Users\Janusz\.gstreamer-0.10 2015-01-12 11:51 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-12 11:51 - 2006-11-02 13:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-12 11:51 - 2006-11-02 13:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-12 11:50 - 2006-11-02 14:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-12 09:57 - 2013-07-18 10:03 - 00000000 ____D () C:\Users\Janusz\Downloads\OK 2015-01-12 09:01 - 2012-11-05 16:54 - 00000000 ____D () C:\Users\Janusz\AppData\Roaming\AIMP 2015-01-12 08:36 - 2010-06-29 08:31 - 00025088 _____ () C:\Users\Janusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-12 08:06 - 2010-06-29 07:52 - 00000000 ____D () C:\Users\Janusz 2015-01-12 07:17 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing 2015-01-07 17:47 - 2010-06-30 07:02 - 00000000 ____D () C:\Windows\Minidump 2015-01-07 17:47 - 2010-06-30 07:01 - 328601256 _____ () C:\Windows\MEMORY.DMP 2015-01-07 15:12 - 2009-04-11 13:37 - 01248238 _____ () C:\Windows\WindowsUpdate.log 2015-01-04 11:35 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2015-01-04 11:34 - 2010-06-29 09:01 - 00000000 ____D () C:\Program Files\ESET 2015-01-02 15:50 - 2014-11-04 10:45 - 00000000 ___HD () C:\Program Files\16 11 2012 2015-01-02 13:48 - 2014-10-07 06:35 - 00000000 ___RD () C:\Program Files\Skype 2015-01-02 13:48 - 2010-06-29 13:53 - 00000000 ____D () C:\ProgramData\Skype 2015-01-02 12:24 - 2014-01-04 15:03 - 00000000 ____D () C:\AdwCleaner 2015-01-02 09:31 - 2012-11-16 21:03 - 00000000 ____D () C:\Program Files\HWiNFO32 2015-01-02 07:49 - 2012-11-18 15:13 - 00000000 ____D () C:\Users\Janusz\AppData\Roaming\GG 2015-01-01 13:19 - 2006-11-02 13:52 - 00113116 _____ () C:\Windows\setupact.log 2014-12-27 12:26 - 2010-06-29 12:27 - 00000000 ____D () C:\Users\Janusz\AppData\Roaming\Kamerzysta 2014-12-19 14:13 - 2014-06-17 22:11 - 00000000 ____D () C:\Users\Janusz\AppData\Local\Adobe 2014-12-19 14:12 - 2013-09-24 11:37 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-19 14:12 - 2013-09-24 11:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\Users\Public\Copy-1.41.0248.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2015-01-12 11:59 ==================== End Of Log ============================