Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013 Ran by Jagla (administrator) on 28-08-2013 14:26:44 Running from C:\Documents and Settings\Jagla\Pulpit\WIRUSY Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\sched.exe (Palit Microsystems, Inc.) C:\Program Files\VDOTool\TBPanel.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE () C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avguard.exe (Oracle Corporation) D:\Java\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avshadow.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Gainward] - C:\Program Files\VDOTool\TBPanel.exe [2165272 2007-11-01] (Palit Microsystems, Inc.) HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [8491008 2007-09-16] (NVIDIA Corporation) HKLM\...\Run: [nwiz] - nwiz.exe /install [x] HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [81920 2007-09-16] (NVIDIA Corporation) HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16380416 2007-07-05] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [524288 2008-08-08] () HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKLM\...\Run: [avgnt] - D:\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - D:\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] - D:\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.) HKLM\...\Run: [KiesTrayAgent] - D:\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.) HKLM\...\runonceex: [Flag] - 2 [x] HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG) HKCU\...\Run: [FlashGet 3] - D:\FlashGet 3\FlashGet3.exe [3083712 2012-01-09] (Trend Media Corporation Limited) HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [uTorrent] - D:\uTorrent\uTorrent.exe [802136 2013-05-24] (BitTorrent Inc.) HKCU\...\Run: [KiesPreload] - D:\Kies\Kies.exe [1561968 2013-05-23] (Samsung) HKCU\...\Run: [] - D:\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) HKCU\...\Run: [GarenaPlus] - D:\Garena\Garena Plus\GarenaMessenger.exe [9699120 2013-07-18] () MountPoints2: {53616ae5-6f7e-11e1-b944-001d7d5a3305} - H:\Startme.exe Startup: C:\Documents and Settings\Jagla\Menu Start\Programy\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation) BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Jagla\Dane aplikacji\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation) Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2210608 2006-10-26] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Documents and Settings\Jagla\Dane aplikacji\Mozilla\Firefox\Profiles\fw1szt2k.default FF Homepage: www.onet.pl FF NetworkProxy: "socks_remote_dns", true FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @t.garena.com/garenatalk - D:\Garena\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: FoxyProxy Basic - C:\Documents and Settings\Jagla\Dane aplikacji\Mozilla\Firefox\Profiles\fw1szt2k.default\Extensions\foxyproxy@eric.h.jung FF Extension: No Name - C:\Documents and Settings\Jagla\Dane aplikacji\Mozilla\Firefox\Profiles\fw1szt2k.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi FF Extension: No Name - C:\Documents and Settings\Jagla\Dane aplikacji\Mozilla\Firefox\Profiles\fw1szt2k.default\Extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi FF Extension: No Name - C:\Documents and Settings\Jagla\Dane aplikacji\Mozilla\Firefox\Profiles\fw1szt2k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; D:\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG) R2 AntiVirService; D:\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG) S2 Hamachi2Svc; D:\LogMeIn Hamachi\hamachi-2.exe [1440080 2013-06-28] (LogMeIn Inc.) S3 NBService; D:\Nero 7\Nero BackItUp\NBService.exe [792112 2007-04-13] (Nero AG) S2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2012-04-01] () S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] R2 JavaQuickStarterService; "D:\Java\bin\jqs.exe" -service -config "D:\Java\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [43520 2006-06-18] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH) S3 Cardex; C:\WINDOWS\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-03-15] (DT Soft Ltd) S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2012-03-07] (Windows (R) 2000 DDK provider) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation) R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation) R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation) R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [51744 2003-09-06] (Protection Technology) R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [62656 2003-09-06] (Protection Technology) R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2009-11-19] (MCCI Corporation) R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-09-06] (Protection Technology) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) R2 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider) R2 WF23880; C:\Windows\System32\drivers\wf88vcap.sys [208851 2004-10-18] (Copyright @2000-2006 Leadtek Research Inc.) R2 WF88XBAR; C:\Windows\System32\drivers\WF88XBAR.sys [10324 2004-10-18] (Copyright @2000-2006 Leadtek Research Inc.) S3 WFIOCTL; d:\WFTVFM\WFIOCTL.SYS [9446 2005-01-06] (Leadtek Research Inc.) R2 WFTUNE; C:\Windows\System32\drivers\WF88TUNE.sys [34789 2004-10-18] (Copyright @2000-2006 Leadtek Research Inc.) S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [x] S3 GGSAFERDriver; \??\D:\Garena\Garena Plus\Room\safedrv.sys [x] S4 IntelIde; No ImagePath S3 IRENUM; system32\DRIVERS\irenum.sys [x] S3 npkcrypt; \??\D:\Lineage II\system\npkcrypt.sys [x] S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-28 14:26 - 2013-08-28 14:26 - 00000000 ____D C:\FRST 2013-08-28 13:11 - 2013-08-28 13:11 - 00014478 _____ C:\Documents and Settings\Jagla\Moje dokumenty\cc_20130828_131149.reg 2013-08-27 18:04 - 2013-08-28 14:25 - 00000000 ____D C:\Documents and Settings\Jagla\Pulpit\WIRUSY 2013-08-15 12:27 - 2013-08-15 12:27 - 00001482 _____ C:\Documents and Settings\Jagla\20130815122730.torrent.filelist 2013-08-15 12:27 - 2012-03-27 17:50 - 00028644 _____ C:\Documents and Settings\Jagla\20130815122730.torrent 2013-07-31 22:51 - 2013-07-31 22:52 - 00000470 _____ C:\Documents and Settings\Jagla\Pulpit\Counter-Strike 1.6.lnk ==================== One Month Modified Files and Folders ======= 2013-08-28 14:26 - 2013-08-28 14:26 - 00000000 ____D C:\FRST 2013-08-28 14:25 - 2013-08-27 18:04 - 00000000 ____D C:\Documents and Settings\Jagla\Pulpit\WIRUSY 2013-08-28 14:25 - 2012-03-07 19:30 - 00000000 ____D C:\Documents and Settings\Jagla\Pulpit 2013-08-28 14:22 - 2012-03-07 19:36 - 00000558 _____ C:\WINDOWS\DFC.INI 2013-08-28 13:48 - 2013-06-02 13:28 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-08-28 13:48 - 2012-03-07 19:30 - 00032464 _____ C:\WINDOWS\SchedLgU.Txt 2013-08-28 13:17 - 2012-03-07 19:25 - 00000000 ____D C:\WINDOWS\Registration 2013-08-28 13:12 - 2012-05-03 22:29 - 00000000 ____D C:\Documents and Settings\Jagla\Dane aplikacji\Media Player Classic 2013-08-28 13:11 - 2013-08-28 13:11 - 00014478 _____ C:\Documents and Settings\Jagla\Moje dokumenty\cc_20130828_131149.reg 2013-08-28 13:11 - 2012-05-03 15:50 - 00000000 ____D C:\Documents and Settings\Jagla\Dane aplikacji\uTorrent 2013-08-28 13:11 - 2012-04-10 10:16 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2013-08-28 13:11 - 2012-03-07 19:30 - 00000000 ___RD C:\Documents and Settings\Jagla\Moje dokumenty 2013-08-28 13:11 - 2012-03-07 19:30 - 00000000 ____D C:\Documents and Settings\Jagla 2013-08-28 12:30 - 2012-03-07 20:52 - 00012524 _____ C:\WINDOWS\system32\secustat.dat 2013-08-28 12:30 - 2012-03-07 19:56 - 00000000 ____D C:\Documents and Settings\Jagla\Dane aplikacji\BITS 2013-08-28 12:29 - 2012-05-03 16:19 - 00000000 ____D C:\Documents and Settings\Jagla\Dane aplikacji\GarenaPlus 2013-08-28 12:18 - 2012-03-07 19:27 - 00412005 ____N C:\WINDOWS\WindowsUpdate.log 2013-08-28 12:11 - 2012-03-07 19:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-08-27 14:00 - 2008-04-15 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-08-26 23:48 - 2013-06-02 13:24 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-08-25 23:11 - 2012-03-07 23:48 - 01260588 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-08-25 23:11 - 2008-04-15 14:00 - 00557290 _____ C:\WINDOWS\system32\perfh015.dat 2013-08-25 23:11 - 2008-04-15 14:00 - 00104944 _____ C:\WINDOWS\system32\perfc015.dat 2013-08-21 18:48 - 2013-06-02 13:28 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-08-21 18:48 - 2012-03-07 21:29 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-08-19 08:34 - 2012-04-26 19:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-15 12:27 - 2013-08-15 12:27 - 00001482 _____ C:\Documents and Settings\Jagla\20130815122730.torrent.filelist 2013-08-02 09:42 - 2012-03-07 19:34 - 00138893 _____ C:\WINDOWS\system32\nvapps.xml 2013-07-31 22:52 - 2013-07-31 22:51 - 00000470 _____ C:\Documents and Settings\Jagla\Pulpit\Counter-Strike 1.6.lnk Files to move or delete: ==================== C:\DOCUME~1\Jagla\USTAWI~1\Temp\{0851A022-55B7-48A6-AF86-1121C8A2D494}\setup.exe C:\DOCUME~1\Jagla\USTAWI~1\Temp\KiesTemporary\avrt.dll C:\DOCUME~1\Jagla\USTAWI~1\Temp\KiesTemporary\wlanapi.dll C:\DOCUME~1\Jagla\USTAWI~1\Temp\is1890775716\2752211_Setup.EXE ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea C:\Windows\System32\User32.dll [2008-04-15 14:00] - [2008-04-15 14:00] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2008-04-15 14:00] - [2008-04-15 14:00] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2008-04-15 14:00] - [2008-04-15 14:00] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================