Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 Ran by laptop (administrator) on TRIC on 07-07-2015 22:36:52 Running from F:\programy\na viry Loaded Profiles: laptop (Available Profiles: laptop) Platform: Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 6 (Default browser path: "D:\Program Files\Opera\Opera.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () D:\WINDOWS\system32\WLTRYSVC.EXE (Broadcom Corporation) D:\WINDOWS\system32\BCMWLTRY.EXE (HP) D:\WINDOWS\system32\HPZipm12.exe (Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe (CHENGDU YIWO Tech Development Co., Ltd) E:\programy\EaseUS Partition Master 10.2\bin\EpmNews.exe (Microsoft Corporation) D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) D:\WINDOWS\system32\wscript.exe (Opera Software) D:\Program Files\Opera\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QuickTime Task] => D:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [EaseUS EPM tray] => E:\programy\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd) HKLM\...\Run: [asodakaossd] => D:\WINDOWS\system32\cmd.exe /c start D:\Documents" "and" "Settings\laptop\Dane" "aplikacji\aiasfacoiaksf.vbs exit HKLM\...\RunOnce: [] => [X] HKU\S-1-5-21-1993962763-573735546-839522115-1003\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd) HKU\S-1-5-21-1993962763-573735546-839522115-1003\...\Run: [ALLUpdate] => D:\Program Files\ALLPlayer\ALLUpdate.exe [3510704 2014-07-23] (ALLPlayer Group Ltd.) HKU\S-1-5-21-1993962763-573735546-839522115-1003\...\Run: [MSMSGS] => D:\Program Files\Messenger\msmsgs.exe [1667584 2004-08-04] (Microsoft Corporation) HKU\S-1-5-21-1993962763-573735546-839522115-1003\...\Run: [asodakaossd] => D:\WINDOWS\system32\cmd.exe /c start D:\Documents" "and" "Settings\laptop\Dane" "aplikacji\aiasfacoiaksf.vbs exit Startup: D:\Documents and Settings\laptop\Menu Start\Programy\Autostart\asodakaossd.lnk [2015-07-01] ShortcutTarget: asodakaossd.lnk -> D:\WINDOWS\system32\cmd.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1993962763-573735546-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1993962763-573735546-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-1993962763-573735546-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1993962763-573735546-839522115-1003 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> D:\Documents and Settings\laptop\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2009-12-21] (GG Network S.A.) DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll [2007-07-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 193.151.48.130 193.151.48.132 Tcpip\..\Interfaces\{9D7CC5F5-9C15-4CD1-9513-434214775B7A}: [DhcpNameServer] 193.151.48.130 193.151.48.132 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll [2012-03-31] () FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-29] (Google Inc.) FF Plugin HKU\S-1-5-21-1993962763-573735546-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-21] (Unity Technologies ApS) FF HKLM\...\Firefox\Extensions: [avg@toolbar] - D:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search\FireFoxExt\17.3.0.49 FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-05] Chrome: ======= CHR Profile: D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27] CHR Extension: (Google Drive) - D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27] CHR Extension: (YouTube) - D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27] CHR Extension: (Google Search) - D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27] CHR Extension: (Google Wallet) - D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27] CHR Extension: (Gmail) - D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 PEVSystemStart; D:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed] R2 wltrysvc; D:\WINDOWS\System32\bcmwltry.exe [1093632 2005-11-11] (Broadcom Corporation) [File not signed] S2 Update Mgr RollAround; "D:\Program Files\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; D:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2005-11-02] (Broadcom Corporation) S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation) R1 dtsoftbus01; D:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-06-13] (DT Soft Ltd) R3 EMSCR; D:\WINDOWS\System32\DRIVERS\EMS7SK.sys [61056 2006-06-16] (ENE Technology Inc.) S3 epmntdrv; D:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] () R3 ESDCR; D:\WINDOWS\System32\DRIVERS\ESD7SK.sys [40064 2006-06-16] (ENE Technology Inc.) R3 ESMCR; D:\WINDOWS\System32\DRIVERS\ESM7SK.sys [74752 2006-06-16] (ENE Technology Inc.) S3 EuGdiDrv; D:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] () S3 HPZid412; D:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP) S3 HPZipr12; D:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP) S3 HPZius12; D:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP) S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation) S3 Secdrv; D:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () S3 catchme; \??\D:\ComboFix\catchme.sys [X] S4 IntelIde; No ImagePath S4 s24trans; system32\DRIVERS\s24trans.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-07 15:24 - 2015-07-07 22:32 - 00000000 ____D D:\UsbFix 2015-07-07 15:24 - 2015-07-07 15:24 - 00001364 _____ D:\Documents and Settings\laptop\Pulpit\UsbFix.lnk 2015-07-06 13:53 - 2015-07-07 22:36 - 00000000 ____D D:\FRST 2015-07-05 17:24 - 2015-07-06 14:28 - 00000177 _____ D:\Documents and Settings\laptop\Pulpit\rolety.txt 2015-07-02 18:05 - 2015-07-02 18:05 - 00000097 _____ D:\Documents and Settings\laptop\Pulpit\dysk skroty.txt 2015-07-02 17:50 - 2015-07-07 22:37 - 00000278 _____ D:\Documents and Settings\laptop\Dane aplikacji\afweorgqweasf.exe 2015-07-02 17:44 - 2015-07-02 17:44 - 00000000 ____D D:\Documents and Settings\laptop\Pulpit\Nieużywane skróty pulpitu 2015-07-01 23:12 - 2015-07-02 10:41 - 00000278 _____ D:\Documents and Settings\laptop\Dane aplikacji\afweoopeasf.exe 2015-07-01 08:25 - 2014-04-27 05:10 - 00118656 _____ D:\Documents and Settings\laptop\Dane aplikacji\aiasfacoiaksf.vbs 2015-06-12 23:04 - 2015-06-12 23:04 - 00005835 _____ D:\Documents and Settings\laptop\Pulpit\zaswiadczenie_2015_0023_0811.pdf.XAdES ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-07 22:37 - 2014-07-20 19:19 - 00000000 ____D D:\Documents and Settings\laptop\Ustawienia lokalne\temp 2015-07-07 22:33 - 2012-03-31 20:04 - 00000000 ____D D:\Documents and Settings\laptop\Pulpit 2015-07-07 22:32 - 2012-03-31 20:04 - 00000000 ___HD D:\Documents and Settings\laptop\Ustawienia lokalne 2015-07-07 22:27 - 2014-11-08 21:10 - 00000000 ____D D:\AdwCleaner 2015-07-07 22:22 - 2014-08-23 20:17 - 00001032 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-07 22:22 - 2012-03-31 21:53 - 00000159 _____ D:\WINDOWS\wiadebug.log 2015-07-07 22:22 - 2012-03-31 21:53 - 00000050 _____ D:\WINDOWS\wiaservc.log 2015-07-07 22:22 - 2012-03-31 20:03 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT 2015-07-07 22:21 - 2012-03-31 20:04 - 00000188 ___SH D:\Documents and Settings\laptop\ntuser.ini 2015-07-07 22:21 - 2012-03-31 20:04 - 00000000 __RHD D:\Documents and Settings\laptop\Dane aplikacji 2015-07-07 22:21 - 2012-03-31 20:04 - 00000000 ___RD D:\Documents and Settings\laptop\Menu Start 2015-07-07 22:21 - 2012-03-31 20:03 - 00032546 _____ D:\WINDOWS\SchedLgU.Txt 2015-07-07 22:21 - 2012-03-31 19:59 - 01383210 _____ D:\WINDOWS\WindowsUpdate.log 2015-07-07 22:20 - 2012-03-31 21:48 - 00000000 ___HD D:\Documents and Settings\All Users\Dane aplikacji 2015-07-07 22:20 - 2012-03-31 20:04 - 00000000 ___HD D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji 2015-07-07 22:13 - 2012-03-31 20:04 - 00000000 ___SD D:\Documents and Settings\laptop\Ustawienia lokalne\Historia 2015-07-07 22:13 - 2012-03-31 20:03 - 00000000 ___SD D:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2015-07-07 22:12 - 2014-07-20 19:19 - 00000000 ____D D:\Documents and Settings\LocalService\Ustawienia lokalne\temp 2015-07-07 22:12 - 2012-03-31 21:49 - 00000000 ___SD D:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-07-07 22:12 - 2012-03-31 20:02 - 00000000 ___HD D:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2015-07-07 21:56 - 2014-08-23 20:17 - 00001036 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-07 21:01 - 2014-08-27 19:54 - 00001819 _____ D:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2015-07-07 15:12 - 2012-05-04 18:01 - 00696832 __SHC D:\Documents and Settings\laptop\Pulpit\Thumbs.db 2015-07-07 11:52 - 2012-03-31 21:48 - 00179090 _____ D:\WINDOWS\setupapi.log 2015-07-06 13:47 - 2001-07-22 00:17 - 00002206 _____ D:\WINDOWS\system32\wpa.dbl 2015-07-02 17:44 - 2012-03-31 21:49 - 00000000 ____D D:\Documents and Settings\All Users\Pulpit 2015-07-01 16:13 - 2012-03-31 20:42 - 00022528 _____ D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-01 08:25 - 2012-03-31 20:04 - 00000000 ___RD D:\Documents and Settings\laptop\Menu Start\Programy\Autostart 2015-06-27 16:00 - 2014-12-26 22:03 - 00000000 ____D D:\Documents and Settings\laptop\Dane aplikacji\vlc 2015-06-10 12:41 - 2012-03-31 19:56 - 00031199 ____C D:\WINDOWS\wmsetup.log 2015-06-10 10:46 - 2012-03-31 21:49 - 01087636 _____ D:\WINDOWS\system32\PerfStringBackup.INI 2015-06-10 10:46 - 2001-10-26 18:15 - 00490866 _____ D:\WINDOWS\system32\perfh015.dat 2015-06-10 10:46 - 2001-10-26 18:15 - 00084078 _____ D:\WINDOWS\system32\perfc015.dat 2015-06-09 10:39 - 2012-03-31 21:27 - 00000000 ____D D:\Program Files\Opera 2015-06-07 00:31 - 2012-03-31 20:04 - 00000000 ____D D:\Documents and Settings\laptop ==================== Files in the root of some directories ======= 2012-04-19 09:01 - 2012-04-19 09:01 - 141504021 ____C () D:\Program Files\openofficeorg1.cab 2012-04-19 08:53 - 2012-04-19 08:53 - 3121152 ____C () D:\Program Files\openofficeorg34.msi 2012-04-19 08:53 - 2012-04-19 08:53 - 0000290 ____C () D:\Program Files\setup.ini 2015-07-01 23:12 - 2015-07-02 10:41 - 0000278 _____ () D:\Documents and Settings\laptop\Dane aplikacji\afweoopeasf.exe 2015-07-02 17:50 - 2015-07-07 22:37 - 0000278 _____ () D:\Documents and Settings\laptop\Dane aplikacji\afweorgqweasf.exe 2015-07-01 08:25 - 2014-04-27 05:10 - 0118656 _____ () D:\Documents and Settings\laptop\Dane aplikacji\aiasfacoiaksf.vbs 2012-04-08 12:03 - 2014-11-09 14:29 - 0000350 ____C () D:\Documents and Settings\laptop\Dane aplikacji\trueburner.ini 2012-03-31 20:42 - 2015-07-01 16:13 - 0022528 _____ () D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-31 22:13 - 2012-03-31 22:13 - 0017408 ____C () D:\Documents and Settings\laptop\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db Some files in TEMP: ==================== D:\Documents and Settings\laptop\Ustawienia lokalne\temp\Quarantine.exe D:\Documents and Settings\laptop\Ustawienia lokalne\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) D:\WINDOWS\explorer.exe => File is digitally signed D:\WINDOWS\system32\winlogon.exe => File is digitally signed D:\WINDOWS\system32\svchost.exe => File is digitally signed D:\WINDOWS\system32\services.exe => File is digitally signed D:\WINDOWS\system32\User32.dll => File is digitally signed D:\WINDOWS\system32\userinit.exe => File is digitally signed D:\WINDOWS\system32\rpcss.dll => File is digitally signed D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================