Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01 Ran by AdamX (administrator) on DUET-4A4C025544 on 24-01-2015 12:39:32 Running from C:\FRST Loaded Profiles: AdamX (Available profiles: AdamX & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Nero AG) C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (Atheros) C:\WINDOWS\system32\acs.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Matrox Graphics Inc.) C:\WINDOWS\system32\mgabg.exe (Nero AG) C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe (HP) C:\WINDOWS\system32\HPZipm12.exe (Matrox Graphics Inc.) C:\WINDOWS\system32\PDesk\pdesk.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (TP-LINK TECHNOLOGIES CO., LTD.) C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe (Nero AG) C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero AG) C:\Program Files\Nero\Tools\InCD\InCD.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Matrox Powerdesk] => C:\WINDOWS\system32\PDesk\PDesk.exe [684032 2004-09-14] (Matrox Graphics Inc.) HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe [479412 2008-03-26] (TP-LINK TECHNOLOGIES CO., LTD.) HKLM\...\Run: [NBHGui] => C:\Program Files\Nero\Tools\InCD\NBHGui.exe [1600816 2009-10-16] (Nero AG) HKLM\...\Run: [InCD] => C:\Program Files\Nero\Tools\InCD\InCD.exe [1060136 2009-10-16] (Nero AG) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k ShellIconOverlayIdentifiers: [NBHShellExt] -> {8D2223A2-B3C6-4e32-B096-CDD11F628C60} => C:\Program Files\Nero\Tools\InCD\NBHshx.dll (Nero AG) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1644491937-606747145-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.100.100 192.168.233.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default FF Homepage: about:blank FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: Ant Video Downloader - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\anttoolbar@ant.com [2015-01-18] FF Extension: Easy Copy - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\easycopy@smokyink.com [2014-12-31] FF Extension: NetVideoHunter - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\netvideohunter@netvideohunter.com [2014-07-28] FF Extension: Remove It Permanently - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} [2011-09-03] FF Extension: DownloadHelper - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06] FF Extension: Session Manager - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012-03-05] FF Extension: FlashGot - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-08-24] FF Extension: NoScript - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-08-24] FF Extension: Flash Block - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-12-02] FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-04-24] FF Extension: RightToClick - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-04-06] FF Extension: Tab Mix Plus - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-08-28] FF Extension: DownThemAll! - C:\Documents and Settings\AdamX\Dane aplikacji\Mozilla\Firefox\Profiles\rtnhmkbx.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-20] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-06-12] StartMenuInternet: Opera - C:\Program Files\Opera\Opera.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation) R2 ACS; C:\WINDOWS\system32\acs.exe [364629 2007-02-12] (Atheros) [File not signed] R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO) R2 InCDSrv; C:\Program Files\Nero\Tools\InCD\InCDSrv.exe [1420592 2009-10-16] (Nero AG) R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-06-12] (Sun Microsystems, Inc.) R2 MGABGEXE; C:\WINDOWS\system32\mgabg.exe [81920 2002-01-16] (Matrox Graphics Inc.) R2 NeroRegInCDSrv; C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe [53560 2009-10-16] (Nero AG) S4 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-07-14] (Ralink Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [543712 2007-03-27] (Atheros Communications, Inc.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15576 2014-12-09] (COMODO) R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [619992 2014-12-09] (COMODO) R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [29912 2014-12-09] (COMODO) R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1332544 2005-05-12] (C-Media Inc) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed] R3 G400DH; C:\WINDOWS\System32\DRIVERS\g400dhm.sys [348800 2004-09-14] (Matrox Graphics Inc.) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-10-28] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-28] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-28] (HP) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22560 2013-08-19] (REALiX(tm)) R3 InCDFs; C:\WINDOWS\System32\DRIVERS\InCDFs.sys [130200 2009-10-16] (Nero AG) S3 InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [48280 2009-10-16] (Nero AG) R1 InCDRec; C:\WINDOWS\System32\DRIVERS\InCDRec.sys [19096 2009-10-16] (Nero AG) R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [105560 2014-12-09] (COMODO) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed] R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [476544 2009-07-17] (Ralink Technology, Corp.) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 speedfan; C:\WINDOWS\System32\speedfan.sys [25240 2011-03-18] (Almico Software) R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [81232 2013-02-18] (Windows (R) 2000 DDK provider) S1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [452816 2013-02-18] (Paragon) S1 Uim_Vim; C:\WINDOWS\System32\Drivers\Uim_Vim.sys [283600 2013-02-18] (Paragon) S3 V0400Afx; C:\WINDOWS\System32\DRIVERS\V0400Afx.sys [160256 2009-09-03] (Creative Technology Ltd.) [File not signed] S3 VF0400Vid; C:\WINDOWS\System32\DRIVERS\V0400Vid.sys [192096 2010-01-04] (Creative Technology Ltd.) [File not signed] R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [55840 2006-11-15] (Atheros Communications, Inc.) [File not signed] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 16:14 - 2015-01-23 16:14 - 00065536 _____ () C:\WINDOWS\Minidump\Mini012315-01.dmp 2015-01-23 16:05 - 2015-01-24 12:06 - 00006879 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-23 10:32 - 2015-01-23 20:09 - 00000000 ____D () C:\aaaa 2015-01-23 10:20 - 2015-01-24 12:39 - 00000000 ____D () C:\FRST 2015-01-14 03:58 - 2015-01-24 11:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-30 17:31 - 2014-12-31 15:12 - 00000591 _____ () C:\Documents and Settings\AdamX\Pulpit\DP33333333.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-24 12:40 - 2011-04-17 19:37 - 00000000 ____D () C:\Documents and Settings\AdamX\Ustawienia lokalne\Temp 2015-01-24 12:38 - 2014-05-09 10:56 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job 2015-01-24 12:35 - 2014-05-09 10:56 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job 2015-01-24 12:13 - 2011-04-17 19:34 - 00000000 __SHD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2015-01-24 12:07 - 2014-05-09 10:56 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job 2015-01-24 12:07 - 2014-05-09 10:28 - 00000486 _____ () C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job 2015-01-24 12:07 - 2012-10-28 22:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-01-24 12:07 - 2012-10-28 22:44 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-01-24 12:07 - 2011-04-17 19:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-24 12:07 - 2006-03-02 13:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl 2015-01-24 12:06 - 2012-03-09 16:43 - 00032114 _____ () C:\WINDOWS\SchedLgU.Txt 2015-01-24 12:06 - 2011-04-17 19:37 - 00000188 ___SH () C:\Documents and Settings\AdamX\ntuser.ini 2015-01-24 11:57 - 2011-04-17 19:37 - 00000000 __SHD () C:\Documents and Settings\AdamX\Ustawienia lokalne\Historia 2015-01-24 11:57 - 2011-04-17 19:34 - 00000000 __SHD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2015-01-24 11:51 - 2012-03-09 16:51 - 00000000 __SHD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2015-01-24 11:51 - 2011-04-17 21:09 - 00000000 ___SD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-01-24 11:51 - 2011-04-17 19:34 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2015-01-24 00:48 - 2011-05-07 07:58 - 00002608 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-01-23 16:14 - 2012-09-24 09:27 - 65683456 _____ () C:\WINDOWS\MEMORY.DMP 2015-01-23 16:02 - 2011-06-21 05:37 - 00000000 __SHD () C:\Documents and Settings\AdamX\UserData 2015-01-23 16:02 - 2011-04-17 19:37 - 00000000 ____D () C:\Documents and Settings\AdamX 2015-01-23 14:47 - 2014-05-09 10:56 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat 2015-01-23 10:32 - 2013-05-09 11:29 - 00000000 ____D () C:\Documents and Settings\AdamX\Dane aplikacji\Free Download Manager 2015-01-23 02:13 - 2014-06-15 19:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-01-23 01:39 - 2011-05-20 00:01 - 00000000 ____D () C:\Snapshoots 2015-01-23 01:00 - 2014-06-15 19:59 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-23 00:59 - 2014-06-15 19:59 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-23 00:59 - 2014-06-15 19:59 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2015-01-23 00:59 - 2013-05-15 14:49 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-23 00:58 - 2012-03-31 17:40 - 00021926 _____ () C:\!!!_32ADA-SXP02 aktualizacje.log 2015-01-22 20:58 - 2011-04-17 19:37 - 00000000 ____D () C:\Documents and Settings\AdamX\Pulpit 2015-01-21 11:41 - 2014-08-13 14:30 - 00028146 _____ () C:\Documents and Settings\AdamX\Pulpit\!!!!!!!!!!!!!!!.txt 2015-01-20 19:54 - 2014-01-14 16:06 - 00000000 ____D () C:\Documents and Settings\AdamX\Dane aplikacji\Tlen.pl 2015-01-14 04:42 - 2012-04-26 13:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-13 04:39 - 2014-10-10 12:22 - 00006682 _____ () C:\Documents and Settings\AdamX\Pulpit\WED.txt 2015-01-11 12:09 - 2011-09-17 14:47 - 00000187 _____ () C:\Documents and Settings\AdamX\Pulpit\FreeCell.txt 2015-01-10 16:38 - 2011-04-17 21:03 - 00000000 ____D () C:\WINDOWS\Help ==================== Files in the root of some directories ======= 2011-07-30 00:46 - 2014-03-19 15:41 - 0012288 _____ () C:\Documents and Settings\AdamX\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================