Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-05-2015 01 Ran by Administrator (administrator) on DOMPC on 14-05-2015 08:39:06 Running from E:\programy\FRST Loaded Profiles: Administrator (Available profiles: Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe () C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe () E:\programy\Unlocker\UnlockerAssistant.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe () C:\Program Files\Round World\updateRoundWorld.exe (UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243864 2015-01-30] (COMODO) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [UnlockerAssistant] => E:\programy\Unlocker\UnlockerAssistant.exe [17408 2015-03-02] () Winlogon\Notify\Antiwpa: C:\WINDOWS\system32\antiwpa.dll [2010-10-19] () Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25] (ATI Technologies Inc.) HKU\S-1-5-21-1801674531-1647877149-1606980848-500\...\Run: [DAEMON Tools Lite] => E:\programy\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1801674531-1647877149-1606980848-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.) HKU\S-1-5-21-1801674531-1647877149-1606980848-500\...\MountPoints2: {264bec66-b81c-11e4-86fa-001d0fb93e8c} - D:\Autorun.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk [2015-02-17] ShortcutTarget: TL-WN321G Wireless Utility.lnk -> C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1801674531-1647877149-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-19] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2012-07-12] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2012-07-12] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{87549FF5-9D20-4F9A-A9B2-E9DBED06F02D}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\64jz3xr5.default-1431584570131 FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation) ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] () [File not signed] R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2015-01-30] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2015-01-30] (COMODO) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-04-19] (Oracle Corporation) R2 RalinkRegistryWriter; C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe [69632 2009-01-05] () [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH) R2 Update Round World; C:\Program Files\Round World\updateRoundWorld.exe [657136 2015-05-14] () R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1795864 2014-12-10] (UltraVNC) S2 Util Round World; "C:\Program Files\Round World\bin\utilRoundWorld.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2015-02-17] (Cisco Systems, Inc.) [File not signed] R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15576 2015-01-30] (COMODO) R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [620120 2015-01-30] (COMODO) R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [754560 2003-10-17] (C-Media Inc) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2015-02-19] (Disc Soft Ltd) R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation) R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [465152 2008-10-21] (Ralink Technology, Corp.) [File not signed] R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [69168 2012-07-14] (Silicon Image, Inc.) S0 Si3114r5; C:\WINDOWS\system32\Drivers\Si3114r5.sys [211496 2012-07-14] (Silicon Image, Inc) R0 Si3124; C:\WINDOWS\system32\Drivers\Si3124.sys [69248 2012-07-14] (Silicon Image, Inc.) [File not signed] R0 Si3132; C:\WINDOWS\system32\Drivers\Si3132.sys [80424 2012-07-14] (Silicon Image, Inc) R0 Si3132r5; C:\WINDOWS\system32\Drivers\Si3132r5.sys [217128 2012-07-14] (Silicon Image, Inc) R0 Si3531; C:\WINDOWS\system32\Drivers\Si3531.sys [210736 2012-07-14] (Silicon Image, Inc) R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32256 2002-07-11] (SiS Corporation) R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [117248 2012-07-14] (VIA Technologies inc,.ltd) S4 IntelIde; No ImagePath U5 UnlockerDriver5; E:\programy\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-14 08:29 - 2015-05-14 08:29 - 00000000 ____D () C:\Program Files\Round World 2015-05-14 08:23 - 2015-05-14 08:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit\Stare dane programu Firefox 2015-05-03 19:27 - 2015-05-03 19:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty\Moje wideo 2015-04-28 19:40 - 2015-04-28 19:40 - 00000706 _____ () C:\Documents and Settings\All Users\Pulpit\TeamViewer 10.lnk 2015-04-28 19:40 - 2015-04-28 19:40 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 10 2015-04-22 17:12 - 2015-04-22 17:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-22 16:47 - 2015-04-22 16:47 - 00000000 ____D () C:\WINDOWS\pss 2015-04-20 16:34 - 2015-05-14 08:39 - 00000000 ____D () C:\FRST 2015-04-20 15:54 - 2015-04-20 15:54 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2015-04-19 19:03 - 2015-04-19 19:02 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2015-04-19 19:03 - 2015-04-19 19:02 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2015-04-19 19:02 - 2015-04-19 19:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2015-04-19 19:02 - 2015-04-19 19:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2015-04-19 19:02 - 2015-04-19 19:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-04-19 19:02 - 2015-04-19 19:02 - 00000000 ____D () C:\Program Files\Java 2015-04-19 19:02 - 2015-04-19 19:02 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Java 2015-04-19 18:31 - 2015-04-19 18:31 - 00000000 ____D () C:\WINDOWS\Sun 2015-04-19 18:29 - 2015-04-19 18:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Sun 2015-04-19 18:29 - 2015-04-19 18:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Oracle 2015-04-19 18:28 - 2015-04-19 18:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Sun 2015-04-19 18:27 - 2015-04-19 18:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Oracle 2015-04-19 18:26 - 2015-04-19 18:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Sun ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-14 08:39 - 2015-02-17 21:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2015-05-14 08:37 - 2015-02-17 22:23 - 00637157 _____ () C:\WINDOWS\setupapi.log 2015-05-14 08:36 - 2015-02-17 22:24 - 00984960 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-14 08:36 - 2008-04-15 13:00 - 00448004 _____ () C:\WINDOWS\system32\perfh015.dat 2015-05-14 08:36 - 2008-04-15 13:00 - 00074230 _____ () C:\WINDOWS\system32\perfc015.dat 2015-05-14 08:33 - 2015-02-19 14:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\Skype 2015-05-14 08:33 - 2015-02-17 22:36 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job 2015-05-14 08:33 - 2015-02-17 22:36 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job 2015-05-14 08:33 - 2015-02-17 22:36 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job 2015-05-14 08:33 - 2015-02-17 22:36 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job 2015-05-14 08:33 - 2015-02-17 21:39 - 01534090 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-14 08:32 - 2015-02-20 14:55 - 00000008 __RSH () C:\Documents and Settings\All Users\ntuser.pol 2015-05-14 08:31 - 2015-02-17 21:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-14 08:31 - 2015-02-17 21:46 - 00000000 __SHD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2015-05-14 08:29 - 2015-02-17 23:34 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2015-05-14 08:29 - 2015-02-17 22:36 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat 2015-05-14 08:29 - 2015-02-17 21:46 - 00032580 _____ () C:\WINDOWS\SchedLgU.Txt 2015-05-14 08:29 - 2015-02-17 21:46 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2015-05-14 08:28 - 2015-02-20 13:50 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-05-14 08:28 - 2015-02-17 22:23 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-05-14 08:28 - 2015-02-17 21:46 - 00000000 __SHD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2015-05-14 08:28 - 2015-02-17 21:46 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2015-05-14 08:28 - 2015-02-17 21:45 - 00000000 __SHD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2015-05-14 08:23 - 2015-02-17 21:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2015-05-14 08:20 - 2015-02-17 22:23 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-05-14 08:20 - 2015-02-17 22:23 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2015-05-14 08:20 - 2015-02-17 22:23 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-05-14 08:20 - 2015-02-17 22:23 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-05-14 08:02 - 2008-04-15 13:00 - 00000609 _____ () C:\WINDOWS\win.ini 2015-05-13 22:05 - 2015-02-22 19:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\vlc 2015-05-13 19:02 - 2008-04-15 13:00 - 00002300 _____ () C:\WINDOWS\system32\wpa.dbl 2015-05-03 19:27 - 2015-02-17 21:46 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty 2015-04-28 19:42 - 2015-02-24 19:36 - 00000000 ____D () C:\Program Files\TeamViewer 2015-04-26 22:01 - 2015-02-17 21:46 - 00000788 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk 2015-04-26 22:01 - 2015-02-17 21:46 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2015-04-26 22:01 - 2015-02-17 21:39 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM 2015-04-26 22:01 - 2015-02-17 21:36 - 00007583 _____ () C:\WINDOWS\wmsetup.log 2015-04-26 18:25 - 2015-02-28 20:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Dane aplikacji\AIMP3 2015-04-23 13:04 - 2015-02-17 22:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-21 14:26 - 2015-02-19 14:25 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype 2015-04-20 19:34 - 2015-02-19 14:26 - 00000000 ___RD () C:\Program Files\Skype 2015-04-20 17:04 - 2015-02-22 19:46 - 00001284 _____ () C:\Documents and Settings\Administrator\Pulpit\Continue SubEdit-Player installation.lnk 2015-04-20 16:53 - 2015-02-17 22:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-04-20 16:53 - 2015-02-17 22:26 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-04-20 16:35 - 2015-02-17 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty\Pobrane 2015-04-19 18:29 - 2015-02-17 21:46 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2015-04-19 18:28 - 2015-02-17 21:46 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji ==================== Files in the root of some directories ======= 2015-04-07 12:17 - 2015-04-11 18:00 - 0009216 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================