Witam wszystkich. Proszę o pomoc w namierzeniu sprawców bałaganu. Dodaję logi z FRST.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by Semper (administrator) on SEMPER-PC (06-10-2015 15:29:40)
Running from C:\Users\Semper\Downloads
Loaded Profiles: Semper (Available Profiles: Semper)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\upeksvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] = & gt; C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Camera Assistant Software] = & gt; C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-04-10] (Chicony)
HKLM\...\Run: [PSQLLauncher] = & gt; C:\Program Files\Protector Suite QL\launcher.exe [49168 2006-12-03] (UPEK Inc.)
HKLM\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [NvSvc] = & gt; RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] = & gt; RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] = & gt; RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Samsung PanelMgr] = & gt; C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-10-14] ()
HKLM\...\Run: [WHITNEY_S2P] = & gt; C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe [274432 2009-10-14] ()
HKLM\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2006-12-03] (UPEK Inc.)
HKU\S-1-5-21-3249610471-2040494073-3445530326-1000\...\Run: [Sony PC Companion] = & gt; C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-07-24] (Sony)
Lsa: [Notification Packages] scecli psqlpwd
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-06] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [UEAFOverlay] - & gt; {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} = & gt; C:\Program Files\Protector Suite QL\farchns.dll [2006-12-03] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] - & gt; {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} = & gt; C:\Program Files\Protector Suite QL\farchns.dll [2006-12-03] (UPEK Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2011-07-14]
ShortcutTarget: Adobe Reader Speed Launch.lnk - & gt; C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [2011-07-14]
ShortcutTarget: Adobe Reader Synchronizer.lnk - & gt; C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2011-07-14]
ShortcutTarget: Bluetooth Manager.lnk - & gt; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MVR.Lnk [2013-01-17]
ShortcutTarget: MVR.Lnk - & gt; C:\Program Files\My Vapor Record11\MVR.exe ()
Startup: C:\Users\Semper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-07-19]
ShortcutTarget: OpenOffice.org 3.3.lnk - & gt; C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{9D45CCCA-F647-4CE9-ABF3-FCE725FDCEC2}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A50FEAD7-03F2-40F0-B52E-6350A311238B}: [DhcpNameServer] 95.160.170.92 88.156.222.92 82.139.8.40
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction & lt; ======= ATTENTION
HKU\S-1-5-21-3249610471-2040494073-3445530326-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction & lt; ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=msnhome
HKU\S-1-5-21-3249610471-2040494073-3445530326-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\S-1-5-21-3249610471-2040494073-3445530326-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/
SearchScopes: HKU\S-1-5-21-3249610471-2040494073-3445530326-1000 - & gt; DefaultScope {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = hxxp://klit.startnow.com/s/?q={searchTerms} & src=defsearch & provider= & provider_name=yahoo & provider_code= & partner_id=693 & product_id=741 & affiliate_id= & channel= & toolbar_id=200 & toolbar_version=2.4.0 & install_country=PL & install_date=20120211 & user_guid=7AE9792D48B5499CB0E14C199080883C & machine_id=357260c9c6097c9fb0c5da224b845df1 & browser=IE & os=win & os_version=6.0-x86-SP1 & iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-3249610471-2040494073-3445530326-1000 - & gt; {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = hxxp://klit.startnow.com/s/?q={searchTerms} & src=defsearch & provider= & provider_name=yahoo & provider_code= & partner_id=693 & product_id=741 & affiliate_id= & channel= & toolbar_id=200 & toolbar_version=2.4.0 & install_country=PL & install_date=20120211 & user_guid=7AE9792D48B5499CB0E14C199080883C & machine_id=357260c9c6097c9fb0c5da224b845df1 & browser=IE & os=win & os_version=6.0-x86-SP1 & iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-3249610471-2040494073-3445530326-1000 - & gt; {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/mb59/?search={searchTerms} & loc=search_box & u=92541461020544762
BHO: Adobe PDF Reader Link Helper - & gt; {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - & gt; C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre6\bin\ssv.dll [2011-07-14] (Sun Microsystems, Inc.)
BHO: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-06] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-14] (Sun Microsystems, Inc.)
BHO: IEPluginBHO Class - & gt; {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - & gt; C:\Users\Semper\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-08-31] (GG Network S.A.)
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} hxxp://192.168.16.44/webrec.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
FireFox:
========
FF ProfilePath: C:\Users\Semper\AppData\Roaming\Mozilla\Firefox\Profiles\w9lj0ixu.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://allegro.pl/
FF Keyword.URL: hxxp://www.google.pl/search?hl=pl & q=
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/JavaPlugin - & gt; C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-14] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - & gt; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-3249610471-2040494073-3445530326-1000: @unity3d.com/UnityPlayer,version=1.0 - & gt; C:\Users\Semper\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF user.js: detected! = & gt; C:\Users\Semper\AppData\Roaming\Mozilla\Firefox\Profiles\w9lj0ixu.default\user.js [2015-09-23]
FF SearchPlugin: C:\Users\Semper\AppData\Roaming\Mozilla\Firefox\Profiles\w9lj0ixu.default\searchplugins\MyStart Search.xml [2011-09-06]
FF SearchPlugin: C:\Users\Semper\AppData\Roaming\Mozilla\Firefox\Profiles\w9lj0ixu.default\searchplugins\yahoo-zugo.xml [2012-02-11]
FF Extension: DownloadHelper - C:\Users\Semper\AppData\Roaming\Mozilla\Firefox\Profiles\w9lj0ixu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-07-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-06]
Chrome:
=======
CHR Profile: C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-19]
CHR Extension: (Przelewy24) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2013-09-04]
CHR Extension: (Dokumenty Google) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-19]
CHR Extension: (Dysk Google) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-08]
CHR Extension: (YouTube) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-08]
CHR Extension: (Adblock Plus) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-06]
CHR Extension: (Screenshot stron www - Webpage Screenshot) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-03-07]
CHR Extension: (Adblock dla serwisu Youtube™) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2013-12-06]
CHR Extension: (Google Search) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-08]
CHR Extension: (Avast SafePrice) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-12]
CHR Extension: (Arkusze Google) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Avast Online Security) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-08]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Semper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-08]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-06]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-06] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-06] (Avast Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [175632 2012-04-11] (Nitro PDF Software)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-06-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-27] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-06-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-06] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-10-12] (Samsung Electronics Co., Ltd.) [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2014-08-13] (Sony Mobile Communications)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-10-12] (Samsung Electronics) [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-06] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-06 15:29 - 2015-10-06 15:30 - 00019293 _____ C:\Users\Semper\Downloads\FRST.txt
2015-10-06 15:29 - 2015-10-06 15:29 - 00000000 ____D C:\FRST
2015-10-06 15:28 - 2015-10-06 15:28 - 01697792 _____ (Farbar) C:\Users\Semper\Downloads\FRST.exe
2015-10-03 10:39 - 2015-10-03 10:39 - 00056095 _____ C:\Users\Semper\Documents\kraswczyk.jpeg
2015-10-01 16:03 - 2015-10-01 16:03 - 00000342 _____ C:\Users\Semper\Downloads\request_pp_en_20151001_160149.xml
2015-10-01 11:23 - 2015-10-01 11:23 - 00000102 ____H C:\Users\Semper\Downloads\.~lock.oferta_handlowa_liquidy ostateczna (2).odt#
2015-10-01 11:22 - 2015-10-01 11:22 - 00079276 _____ C:\Users\Semper\Downloads\oferta_handlowa_liquidy ostateczna (2).odt
2015-09-29 14:36 - 2015-09-29 14:37 - 00021810 _____ C:\Users\Semper\Desktop\zamówienie PINK (4).ods
2015-09-29 14:08 - 2015-09-29 14:08 - 00011426 _____ C:\Users\Semper\Downloads\zamówienie PINK (4).xlsx
2015-09-29 14:07 - 2015-09-29 14:08 - 00011426 _____ C:\Users\Semper\Downloads\zamówienie PINK (3).xlsx
2015-09-25 10:49 - 2015-09-25 10:49 - 00014872 _____ C:\Users\Semper\Desktop\kod strona o mnie.txt
2015-09-23 10:47 - 2015-09-23 10:47 - 00021738 _____ C:\ComboFix.txt
2015-09-23 10:23 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-23 10:23 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-23 10:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-23 10:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-23 10:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-23 10:23 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-23 10:23 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-23 10:23 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-23 10:22 - 2015-09-23 10:47 - 00000000 ____D C:\Qoobox
2015-09-23 10:21 - 2015-09-23 10:46 - 00000000 ____D C:\Windows\erdnt
2015-09-23 10:20 - 2015-09-23 10:20 - 05635484 ____R (Swearware) C:\Users\Semper\Downloads\ComboFix.exe
2015-09-11 10:46 - 2015-09-11 13:23 - 00018209 _____ C:\Users\Semper\Desktop\allegro dodatek szablon.odt
2015-09-11 10:46 - 2015-09-11 13:23 - 00000117 ____H C:\Users\Semper\Desktop\.~lock.allegro dodatek szablon.odt#
2015-09-10 10:54 - 2015-09-10 10:54 - 00011426 _____ C:\Users\Semper\Downloads\zamówienie PINK (2) (1).xlsx
2015-09-10 09:51 - 2015-09-10 10:25 - 00011490 _____ C:\Users\Semper\Desktop\passowrds.ods
2015-09-09 10:47 - 2015-09-09 10:54 - 00017400 _____ C:\Users\Semper\Downloads\Formularz zamówien (3) (1).ods
2015-09-09 10:46 - 2015-09-09 10:46 - 00001479 _____ C:\Users\Semper\.recently-used.xbel
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-06 15:17 - 2012-06-06 16:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-06 15:12 - 2012-11-08 10:28 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 14:51 - 2006-11-02 14:47 - 00004528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 14:51 - 2006-11-02 14:47 - 00004528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-06 11:12 - 2012-11-08 10:28 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-06 09:36 - 2011-07-15 22:11 - 00000420 ____H C:\Windows\Tasks\User_Feed_Synchronization-{7386AB2D-9DB6-4883-8B53-31E8920A88B9}.job
2015-10-06 08:55 - 2006-11-02 14:52 - 01555799 _____ C:\Windows\WindowsUpdate.log
2015-10-06 08:51 - 2011-07-15 10:46 - 00041478 _____ C:\Users\Semper\AppData\Roaming\nvModes.001
2015-10-06 08:51 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 16:52 - 2006-11-02 15:01 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-03 11:19 - 2015-02-24 10:39 - 00000308 _____ C:\Users\Semper\Desktop\SOBOTY PRACUJĄCE.txt
2015-10-03 10:38 - 2013-04-17 14:32 - 00000000 ____D C:\Users\Semper\Downloads\ktm zdjęcia cyganami
2015-10-01 08:48 - 2012-04-26 21:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-30 07:43 - 2015-02-27 16:48 - 00019703 _____ C:\Users\Semper\Desktop\objazdówka 15-07-2015.odt
2015-09-23 10:47 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2015-09-23 10:47 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2015-09-23 10:42 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2015-09-23 10:41 - 2011-07-14 20:31 - 00077402 _____ C:\Windows\PFRO.log
2015-09-23 10:40 - 2006-11-02 12:22 - 41680896 _____ C:\Windows\system32\config\COMPON~1.bak
2015-09-23 10:40 - 2006-11-02 12:22 - 28835840 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-09-23 10:40 - 2006-11-02 12:22 - 19922944 _____ C:\Windows\system32\config\SYSTEM.bak
2015-09-23 10:40 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-09-23 10:40 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-09-23 10:40 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2015-09-23 10:38 - 2011-11-27 02:47 - 00000000 __SHD C:\Users\Semper\AppData\Local\4389052d
2015-09-22 11:17 - 2012-06-06 16:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 11:17 - 2011-07-14 21:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-16 08:55 - 2012-11-08 10:28 - 00000000 ____D C:\Users\Semper\AppData\Local\Google
2015-09-10 08:39 - 2013-08-16 08:48 - 00000000 ____D C:\Windows\system32\MRT
2015-09-09 10:46 - 2011-07-14 21:14 - 00000000 ____D C:\Users\Semper\.gimp-2.6
2015-09-09 10:46 - 2011-07-14 19:56 - 00000000 ____D C:\Users\Semper
==================== Files in the root of some directories =======
2011-07-15 10:46 - 2015-10-06 08:51 - 0041478 _____ () C:\Users\Semper\AppData\Roaming\nvModes.001
2011-07-15 09:10 - 2015-09-02 08:54 - 0041478 _____ () C:\Users\Semper\AppData\Roaming\nvModes.dat
2012-09-27 11:56 - 2012-09-27 11:56 - 0024206 _____ () C:\Users\Semper\AppData\Roaming\UserTile.png
2011-07-14 19:56 - 2011-07-14 20:07 - 0000680 _____ () C:\Users\Semper\AppData\Local\d3d9caps.dat
2011-09-20 12:22 - 2014-10-06 15:43 - 0035840 _____ () C:\Users\Semper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ZeroAccess:
C:\Users\Semper\AppData\Local\4389052d
C:\Users\Semper\AppData\Local\4389052d\@
C:\Users\Semper\AppData\Local\4389052d\loader.tlb
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\system32\winlogon.exe = & gt; File is digitally signed
C:\Windows\system32\wininit.exe = & gt; File is digitally signed
C:\Windows\system32\svchost.exe = & gt; File is digitally signed
C:\Windows\system32\services.exe = & gt; File is digitally signed
C:\Windows\system32\User32.dll = & gt; File is digitally signed
C:\Windows\system32\userinit.exe = & gt; File is digitally signed
C:\Windows\system32\rpcss.dll = & gt; File is digitally signed
C:\Windows\system32\dnsapi.dll = & gt; File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys = & gt; File is digitally signed
LastRegBack: 2015-10-06 08:57
==================== End of FRST.txt ============================