Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2015 Ran by user (administrator) on USER-1C7EE8E800 (25-07-2015 21:37:23) Running from C:\Documents and Settings\user\Moje dokumenty Loaded Profiles: user (Available Profiles: user) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Language: Polski Internet Explorer Version 8 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (XTab system) C:\Program Files\MiuiTab\ProtectService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe () C:\WINDOWS\system32\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (SearchProtect) C:\Program Files\MiuiTab\CmdShell.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe (XTab system) C:\Program Files\MiuiTab\HPNotify.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.140_0\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.) HKLM\...\Run: [Freecorder FLV Service] => "C:\Program Files\Freecorder\FLVSrvc.exe" /run HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-11-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-21] (AVAST Software) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2012-11-16] (ATI Technologies Inc.) HKU\S-1-5-21-790525478-1004336348-725345543-1004\...\Run: [RGSC] => C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-790525478-1004336348-725345543-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-790525478-1004336348-725345543-1004\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated) HKU\S-1-5-21-790525478-1004336348-725345543-1004\...\Run: [] => [X] HKU\S-1-5-21-790525478-1004336348-725345543-1004\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia) HKU\S-1-5-21-790525478-1004336348-725345543-1004\...\Run: [Google+ Auto Backup] => "C:\Program Files\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk [2010-05-27] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\user\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2011-07-02] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-21] (AVAST Software) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436998516&z=da31f3ad1e1c99407b2ea72g0zac1q0t8t6baz3tbq&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436998447&z=85971a690f0259c30a2c45bgaz1c1q6t9teb8zco6b&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436998516&z=da31f3ad1e1c99407b2ea72g0zac1q0t8t6baz3tbq&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436998447&z=85971a690f0259c30a2c45bgaz1c1q6t9teb8zco6b&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&q={searchTerms} HKU\S-1-5-21-790525478-1004336348-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436998516&z=da31f3ad1e1c99407b2ea72g0zac1q0t8t6baz3tbq&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82 HKU\S-1-5-21-790525478-1004336348-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436998447&z=85971a690f0259c30a2c45bgaz1c1q6t9teb8zco6b&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&q={searchTerms} HKU\S-1-5-21-790525478-1004336348-725345543-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436998447&z=85971a690f0259c30a2c45bgaz1c1q6t9teb8zco6b&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&q={searchTerms} HKU\S-1-5-21-790525478-1004336348-725345543-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436998516&z=da31f3ad1e1c99407b2ea72g0zac1q0t8t6baz3tbq&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82 HKU\S-1-5-21-790525478-1004336348-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://rts.dsrlte.com/?m=tab&affID=" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1436998516&z=da31f3ad1e1c99407b2ea72g0zac1q0t8t6baz3tbq&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1436998516&z=da31f3ad1e1c99407b2ea72g0zac1q0t8t6baz3tbq&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&ts=1436998532&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&ts=1436998532&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> {0B15F3C2-CC85-4DF6-A956-EFB13A043E4D} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&ts=1436998532&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&ts=1436998532&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&ts=1436998532&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> {AEA51AAF-C6FB-4354-88FC-B9BD9AC65ADE} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&ts=1436998532&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&ts=1436998532&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> {FE03A9C1-EE31-47AE-89C5-3EE3DF94C840} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=ST3500418AS_9VM5LM82XXXX9VM5LM82&ts=1436998532&type=default&q={searchTerms} BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-21] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle Corporation) Toolbar: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> No Name - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No File Toolbar: HKU\S-1-5-21-790525478-1004336348-725345543-1004 -> No Name - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 213.241.79.37 192.168.1.248 Tcpip\..\Interfaces\{56A33ABA-E170-40AE-8CAA-289810A630A0}: [DhcpNameServer] 8.8.4.4 213.241.79.37 192.168.1.248 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-18] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( ) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-26] Chrome: ======= CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-21] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-21] Opera: ======= OPR Extension: (adblockforopera) - C:\Documents and Settings\user\Dane aplikacji\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2014-10-19] OPR Extension: (Youtube To MP3) - C:\Documents and Settings\user\Dane aplikacji\Opera Software\Opera Stable\Extensions\iabbccejglemdcneghjfnknohcojmhdh [2015-07-15] OPR Extension: (Adblock Plus) - C:\Documents and Settings\user\Dane aplikacji\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-06-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-08-13] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-21] (AVAST Software) S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system) R2 MSSQL$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation) S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed] R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2013-01-18] () S2 SENS; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) S4 SQLAgent$INSERTGT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-07-21] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-07-21] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-07-21] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-07-21] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-07-21] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-07-21] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-07-21] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-07-21] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-07-21] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2013-10-14] (Disc Soft Ltd) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation) S4 RsFx0150; C:\WINDOWS\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation) R0 sfdrv01a; C:\WINDOWS\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce)) R0 sfsync04; C:\WINDOWS\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce)) R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [329384 2015-07-16] (Duplex Secure Ltd.) S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2010-07-28] (MCCI) S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2010-07-28] (MCCI Corporation) S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2010-07-28] (MCCI Corporation) S3 ss_bserd; C:\WINDOWS\System32\DRIVERS\ss_bserd.sys [100224 2010-07-28] (MCCI Corporation) R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] U3 aknkz47l; C:\WINDOWS\system32\Drivers\aknkz47l.sys [0 ] (NVIDIA Corporation) <==== ATTENTION (zero byte File/Folder) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-25 21:37 - 2015-07-25 21:38 - 00019619 _____ C:\Documents and Settings\user\Moje dokumenty\FRST.txt 2015-07-25 21:36 - 2015-07-25 21:37 - 00000000 ____D C:\FRST 2015-07-25 21:28 - 2015-07-25 21:28 - 01650688 _____ (Farbar) C:\Documents and Settings\user\Moje dokumenty\FRST.exe 2015-07-25 21:28 - 2015-07-25 21:28 - 00380416 _____ C:\Documents and Settings\user\Moje dokumenty\y1c9nl40.exe 2015-07-25 21:21 - 2015-07-25 21:21 - 24345872 _____ (Malwarebytes Corporation ) C:\Documents and Settings\user\Moje dokumenty\mbam-setup-2.1.8.1057.exe 2015-07-25 21:21 - 2015-07-25 21:21 - 02248704 _____ C:\Documents and Settings\user\Moje dokumenty\AdwCleaner.exe 2015-07-22 21:58 - 2015-07-22 21:58 - 01384064 _____ (Skype Technologies S.A.) C:\Documents and Settings\user\Moje dokumenty\SkypeSetup.exe 2015-07-21 15:19 - 2015-07-23 17:11 - 00017576 _____ C:\Documents and Settings\user\Pulpit\zlecenia.xlsx 2015-07-21 11:20 - 2015-07-21 11:20 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-07-21 11:20 - 2015-07-21 11:20 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys 2015-07-21 11:20 - 2015-07-21 11:20 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-07-20 16:48 - 2015-07-20 16:48 - 00687584 _____ (Opera Software) C:\Documents and Settings\user\Moje dokumenty\Opera_NI_stable.exe 2015-07-20 00:26 - 2015-07-25 20:40 - 00000992 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-07-19 23:30 - 2015-07-21 15:18 - 00018981 _____ C:\Documents and Settings\user\Moje dokumenty\zlecenia.xlsx 2015-07-19 17:32 - 2015-07-19 17:32 - 00094208 _____ C:\WINDOWS\Minidump\Mini071915-01.dmp 2015-07-19 16:57 - 2015-07-19 16:57 - 00000165 ____H C:\Documents and Settings\user\Moje dokumenty\~$RRMMDD_Zlecaj-cy_LinkBuilder.xlsx 2015-07-18 12:41 - 2015-07-20 23:05 - 00022269 _____ C:\Documents and Settings\user\Moje dokumenty\RRMMDD_Zlecaj-cy_LinkBuilder.xlsx 2015-07-16 01:12 - 2015-07-16 01:12 - 00000000 ____D C:\Documents and Settings\user\Moje dokumenty\Alcohol 120% 2015-07-16 01:09 - 2015-07-17 02:01 - 00000000 ____D C:\Documents and Settings\user\Moje dokumenty\plyta 2015-07-16 01:03 - 2015-07-16 01:15 - 00000124 _____ C:\Documents and Settings\user\Moje dokumenty\ax_files.xml 2015-07-16 00:15 - 2015-07-16 00:15 - 00000000 ____D C:\Program Files\MiuiTab 2015-07-16 00:15 - 2015-07-16 00:15 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\IHProtectUpDate 2015-07-16 00:13 - 2015-07-16 00:13 - 00841232 _____ (Application Web ) C:\Documents and Settings\user\Moje dokumenty\Alcohol-120(12712)-dp.exe 2015-07-13 18:42 - 2015-07-13 18:43 - 00000000 ____D C:\Documents and Settings\user\Moje dokumenty\Tede - VANILLAHAJS (2015) 2015-07-12 20:17 - 2015-07-12 22:59 - 190827996 _____ C:\Documents and Settings\user\Moje dokumenty\Tede - VANILLAHAJS (2015).rar 2015-07-12 20:17 - 2015-07-12 20:23 - 00000000 _____ C:\Documents and Settings\user\Moje dokumenty\d 2015-07-12 20:00 - 2015-07-12 20:07 - 00000000 ____D C:\Documents and Settings\user\Pulpit\muza 2015-07-07 00:40 - 2015-07-07 00:39 - 00102400 _____ C:\WINDOWS\Minidump\Mini070715-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-25 21:38 - 2010-05-12 04:29 - 00000000 ____D C:\Documents and Settings\user\Ustawienia lokalne\Temp 2015-07-25 21:37 - 2010-05-12 04:29 - 00000000 ___RD C:\Documents and Settings\user\Moje dokumenty 2015-07-25 21:28 - 2010-05-12 04:19 - 02034757 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-25 21:23 - 2013-01-30 19:27 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-25 21:16 - 2010-05-12 06:13 - 00552780 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-07-25 21:16 - 2004-08-04 14:00 - 00000336 _____ C:\WINDOWS\system32\perfh015.dat 2015-07-25 21:16 - 2004-08-04 14:00 - 00000118 _____ C:\WINDOWS\system32\perfc015.dat 2015-07-25 21:14 - 2010-05-20 20:58 - 00000000 ____D C:\Documents and Settings\user\Dane aplikacji\Skype 2015-07-25 21:14 - 2010-05-20 20:58 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Skype 2015-07-25 21:14 - 2010-05-12 06:13 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-07-25 21:14 - 2010-05-12 06:13 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy 2015-07-25 21:13 - 2014-06-03 11:34 - 00000438 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1373054265.job 2015-07-25 21:13 - 2011-07-03 21:20 - 00000000 ____D C:\Program Files\Opera 2015-07-25 21:13 - 2010-05-12 04:17 - 00362294 _____ C:\WINDOWS\wmsetup.log 2015-07-25 21:12 - 2014-12-26 19:45 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-07-25 21:12 - 2010-05-12 06:15 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-07-25 21:12 - 2010-05-12 06:15 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-07-25 21:12 - 2010-05-12 04:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-25 12:23 - 2010-05-12 04:25 - 00032404 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-25 02:46 - 2010-11-19 17:17 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2015-07-25 02:46 - 2010-05-12 04:29 - 00000188 ___SH C:\Documents and Settings\user\ntuser.ini 2015-07-23 23:02 - 2010-05-12 04:29 - 00000000 ____D C:\Documents and Settings\user\Pulpit 2015-07-23 14:24 - 2015-06-05 18:32 - 00000000 ____D C:\Documents and Settings\user\Pulpit\std 2015-07-23 14:21 - 2014-09-23 19:52 - 00000000 ____D C:\Documents and Settings\user\Pulpit\tata CV 2015-07-23 14:18 - 2010-05-12 06:13 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start 2015-07-23 14:18 - 2010-05-12 06:12 - 00807091 _____ C:\WINDOWS\setupapi.log 2015-07-23 14:08 - 2010-05-12 04:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-07-23 14:06 - 2013-05-01 21:16 - 00000000 ____D C:\Program Files\Google 2015-07-23 14:06 - 2010-05-12 04:29 - 00000000 __RHD C:\Documents and Settings\user\Dane aplikacji 2015-07-23 14:06 - 2010-05-12 04:29 - 00000000 ___RD C:\Documents and Settings\user\Menu Start 2015-07-22 12:15 - 2004-08-04 14:00 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl 2015-07-21 11:21 - 2012-07-17 23:11 - 00155955 _____ C:\WINDOWS\Wdf01009Inst.log 2015-07-21 11:20 - 2014-12-26 19:45 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-07-21 11:20 - 2014-12-26 19:45 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-07-21 11:20 - 2014-12-26 19:45 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-07-21 11:20 - 2014-12-26 19:45 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-07-21 11:20 - 2014-12-26 19:45 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2015-07-21 11:20 - 2014-12-26 19:45 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2015-07-21 11:20 - 2014-12-26 19:45 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-07-21 11:20 - 2014-12-26 19:45 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-07-20 00:26 - 2013-01-30 19:27 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-07-20 00:26 - 2013-01-30 19:27 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-07-20 00:26 - 2010-05-12 20:35 - 00000000 ____D C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Adobe 2015-07-19 17:32 - 2010-06-05 15:55 - 00000000 ____D C:\WINDOWS\Minidump 2015-07-16 01:35 - 2014-12-27 13:43 - 00000000 ____D C:\Documents and Settings\user\Dane aplikacji\omiga-plus 2015-07-16 01:35 - 2014-07-11 14:29 - 00001492 _____ C:\Documents and Settings\user\Pulpit\Opera.lnk 2015-07-16 01:35 - 2011-09-22 22:15 - 00001498 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk 2015-07-16 01:01 - 2010-05-12 05:16 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Nero 2015-07-16 00:16 - 2010-10-02 15:51 - 00329384 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys 2015-07-16 00:15 - 2010-05-12 06:12 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-07-06 01:11 - 2010-09-04 15:59 - 00000000 ____D C:\Documents and Settings\user\Pulpit\DCIM 2015-07-06 01:02 - 2010-06-20 12:47 - 00053760 _____ C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Files in the root of some directories ======= 2012-06-22 18:24 - 2012-06-27 15:09 - 0139152 _____ () C:\Documents and Settings\user\Dane aplikacji\PnkBstrK.sys 2010-06-20 12:47 - 2015-07-06 01:02 - 0053760 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-10-28 19:20 - 2011-10-28 19:20 - 0000129 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2011-11-03 18:04 - 2011-11-03 18:04 - 0017408 _____ () C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db Some files in TEMP: ==================== C:\Documents and Settings\user\Ustawienia lokalne\Temp\AxSFADownloader.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\downloader_for_Opera_30.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\drm_dialogs.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\drm_dyndata_7410004.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\DTLite4491-0356.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u65-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u67-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-7u71-windows-i586-iftw.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\jre-8u31-windows-au.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\NEventMessages.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\NOSEventMessages.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\res.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\sfamcc00001.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\sfamcc00002.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\sfextra.dll C:\Documents and Settings\user\Ustawienia lokalne\Temp\SkypeSetup.exe C:\Documents and Settings\user\Ustawienia lokalne\Temp\utt93C.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe [2004-08-04 14:00] - [2010-06-11 16:56] - 0510464 ____A (Microsoft Corporation) 0x36366563666533383861643162643238316464333339316237353636373063662000200000 C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================