Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2013 02 Ran by berger (administrator) on XP-75CF98363E2C on 04-12-2013 18:07:43 Running from D:\Moje dokumenty\Profil1\vlc-0.8.6c Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\Program Files\Core Temp\Core Temp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup MountPoints2: {296bd530-119c-11e3-9b55-1c6f65fcb841} - H:\AutoRun.exe MountPoints2: {4118dc19-f3bc-11e1-96c9-1c6f65fcb841} - I:\AutoRun.exe MountPoints2: {b15be3e6-f37e-11e1-96c6-1c6f65fcb841} - I:\AutoRun.exe MountPoints2: {be155ac8-f41d-11e1-96ca-1c6f65fcb841} - I:\AutoRun.exe MountPoints2: {e932a2f2-f36e-11e1-96c5-4d6564696130} - I:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8489984 2008-04-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031 FF Homepage: https://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flashblock - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF Extension: DownloadHelper - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ ========================== Services (Whitelisted) ================= S4 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S3 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 AODDriver; C:\Program Files\Gigabyte\ET6\i386\AODDriver.sys [36864 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] () S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.) R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.) S3 etdrv; C:\WINDOWS\etdrv.sys [17488 2013-08-19] (Windows (R) 2000 DDK provider) S3 gdrv; C:\WINDOWS\gdrv.sys [17488 2013-11-19] (Windows (R) 2000 DDK provider) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () S3 GVTDrv; C:\WINDOWS\system32\Drivers\GVTDrv.sys [24944 2013-11-19] () R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [119656 2011-07-08] (NVIDIA Corporation) R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software) R3 ALSysIO; \??\C:\DOCUME~1\BERGER~2.XP-\USTAWI~1\Temp\ALSysIO.sys [x] S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-04 16:13 - 2013-12-04 17:38 - 00000000 ____D C:\FRST 2013-12-03 18:11 - 2013-12-03 18:11 - 00024620 _____ C:\Documents and Settings\berger.XP-75CF98363E2C\.recently-used.xbel 2013-12-03 14:29 - 2013-12-03 14:30 - 201985410 _____ C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\68f869885c244006c82d6daf0d972939.mp4 2013-12-01 15:25 - 2013-12-01 16:28 - 335483789 _____ C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\ed7a4828d30d3ec2f7969b5be07c3b0a.flv 2013-11-26 13:49 - 2013-12-04 17:22 - 00000000 ____D C:\AdwCleaner 2013-11-19 13:45 - 2013-11-19 13:45 - 00000004 _____ C:\WINDOWS\system32\GVTunner.ref 2013-11-04 01:23 - 2013-11-04 01:23 - 00000000 ____D C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\HD Tune Pro ==================== One Month Modified Files and Folders ======= 2013-12-04 18:05 - 2011-11-07 16:59 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-04 18:04 - 2013-06-12 12:52 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-04 18:04 - 2013-01-26 12:36 - 00000280 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-343818398-1757981266-839522115-1003.job 2013-12-04 18:04 - 2012-08-10 22:23 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1757981266-839522115-1003.job 2013-12-04 18:04 - 2012-04-18 17:55 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-12-04 18:04 - 2012-04-18 17:55 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-12-04 18:04 - 2012-04-18 16:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-04 18:03 - 2012-04-18 17:52 - 01254156 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-04 18:03 - 2012-04-18 16:09 - 00000188 ___SH C:\Documents and Settings\berger.XP-75CF98363E2C\ntuser.ini 2013-12-04 18:03 - 2012-04-18 16:08 - 00032224 _____ C:\WINDOWS\SchedLgU.Txt 2013-12-04 18:03 - 2012-04-18 16:00 - 00453323 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-04 18:03 - 2001-10-26 17:15 - 00555448 _____ C:\WINDOWS\system32\perfh015.dat 2013-12-04 18:03 - 2001-10-26 17:15 - 00104478 _____ C:\WINDOWS\system32\perfc015.dat 2013-12-04 17:57 - 2013-06-12 12:52 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-04 17:51 - 2012-04-19 23:14 - 00000000 ____D C:\Documents and Settings\berger.XP-75CF98363E2C\Ustawienia lokalne\Dane aplikacji\Adobe 2013-12-04 17:51 - 2012-04-18 17:32 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-12-04 17:51 - 2012-04-18 17:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-12-04 17:51 - 2012-04-18 16:09 - 00000000 ____D C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit 2013-12-04 17:38 - 2013-12-04 16:13 - 00000000 ____D C:\FRST 2013-12-04 17:38 - 2012-04-18 16:26 - 00000000 ___RD C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Autostart 2013-12-04 17:38 - 2011-11-07 22:49 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2013-12-04 17:28 - 2012-04-18 16:09 - 00000000 ____D C:\Documents and Settings\berger.XP-75CF98363E2C 2013-12-04 17:24 - 2001-07-21 23:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-12-04 17:22 - 2013-11-26 13:49 - 00000000 ____D C:\AdwCleaner 2013-12-04 17:22 - 2012-04-21 16:36 - 00000000 ____D C:\Program Files\SpeedFan 2013-12-04 17:22 - 2012-04-18 19:04 - 00000000 ____D C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\gtk-2.0 2013-12-04 17:22 - 2012-04-18 16:08 - 00000000 __SHD C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000 2013-12-04 17:22 - 2012-04-18 16:08 - 00000000 __SHD C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000 2013-12-04 17:22 - 2011-11-07 15:04 - 00000000 ____D C:\WINDOWS\Registration 2013-12-03 18:13 - 2012-04-18 19:03 - 00000000 ____D C:\Documents and Settings\berger.XP-75CF98363E2C\.gimp-2.6 2013-12-03 18:11 - 2013-12-03 18:11 - 00024620 _____ C:\Documents and Settings\berger.XP-75CF98363E2C\.recently-used.xbel 2013-12-03 14:30 - 2013-12-03 14:29 - 201985410 _____ C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\68f869885c244006c82d6daf0d972939.mp4 2013-12-01 20:02 - 2013-01-26 12:36 - 00000288 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-343818398-1757981266-839522115-1003.job 2013-12-01 16:28 - 2013-12-01 15:25 - 335483789 _____ C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\ed7a4828d30d3ec2f7969b5be07c3b0a.flv 2013-12-01 15:11 - 2012-08-10 22:23 - 00000288 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-1757981266-839522115-1003.job 2013-12-01 13:37 - 2012-04-18 19:43 - 00000168 _____ C:\Program Files\hwmonitorw.ini 2013-12-01 00:06 - 2013-06-19 11:16 - 00000000 ____D C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\prices 2013-11-30 21:33 - 2012-04-18 18:20 - 00005689 _____ C:\WINDOWS\zmodeler.INI 2013-11-30 21:09 - 2011-12-03 23:22 - 00000000 ____D C:\Program Files\ZModeler 2013-11-29 11:44 - 2012-04-18 19:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-11-28 23:33 - 2012-04-18 17:51 - 00000000 ___RD C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2013-11-28 22:58 - 2012-04-18 19:07 - 00000000 ____D C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\king 2013-11-21 21:18 - 2012-04-18 20:19 - 00000116 _____ C:\WINDOWS\NeroDigital.ini 2013-11-19 13:45 - 2013-11-19 13:45 - 00000004 _____ C:\WINDOWS\system32\GVTunner.ref 2013-11-19 13:45 - 2013-05-16 21:08 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\WINDOWS\gdrv.sys 2013-11-19 13:45 - 2012-04-18 17:05 - 00024944 _____ C:\WINDOWS\system32\Drivers\GVTDrv.sys 2013-11-08 17:47 - 2012-04-18 17:50 - 01246922 _____ C:\WINDOWS\setupapi.log 2013-11-04 01:23 - 2013-11-04 01:23 - 00000000 ____D C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\HD Tune Pro 2013-11-04 01:23 - 2012-04-18 16:09 - 00000000 __RHD C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 00:44] - [2008-04-14 21:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2004-08-04 00:44] - [2008-04-14 21:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2004-08-04 00:44] - [2008-04-14 21:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2004-08-04 00:44] - [2008-04-14 21:51] - 0109056 ____A (Microsoft Corporation) 3e3ae424e27c4cefe4cab368c7b570ea C:\Windows\System32\User32.dll [2004-08-04 00:44] - [2008-04-14 21:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2004-08-04 00:44] - [2008-04-14 21:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 00:36] - [2008-04-14 20:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================