Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015 Ran by KaMiLa (administrator) on ABC-AF00BDF99BD on 22-02-2015 21:33:55 Running from C:\Documents and Settings\KaMiLa\Pulpit Loaded Profiles: KaMiLa (Available profiles: KaMiLa) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Safe Mode (minimal) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2029640 2009-05-14] (ESET) HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,,SKEYS /I Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-1123561945-776561741-1801674531-1004\...\MountPoints2: {212622c4-2e4a-11e4-b5ed-000b6a7fad6a} - F:\AutoRun.exe HKU\S-1-5-21-1123561945-776561741-1801674531-1004\...\MountPoints2: {65d465ae-2e43-11e4-b5eb-000b6a7fad6a} - F:\AutoRun.exe HKU\S-1-5-21-1123561945-776561741-1801674531-1004\...\MountPoints2: {95a0b49e-4ad7-11e4-b654-a1d35d116852} - F:\AutoRun.exe ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1123561945-776561741-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1123561945-776561741-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=80c1e2a600000000000000b08c069ac4" <======= ATTENTION SearchScopes: HKU\S-1-5-21-1123561945-776561741-1801674531-1004 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=80c1e2a600000000000000b08c069ac4 SearchScopes: HKU\S-1-5-21-1123561945-776561741-1801674531-1004 -> {F10D8717-BF7A-4144-9CA6-E4AE455F60B4} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=57C20B5C-425A-4691-B7EB-B63C4AB36C04&apn_sauid=D13AA595-CBAC-4E16-834E-B02F7B260CEB BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> No File Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) Toolbar: HKU\S-1-5-21-1123561945-776561741-1801674531-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF Plugin: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-12-14] FF HKU\S-1-5-21-1123561945-776561741-1801674531-1004\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension FF Extension: BrowserProtect - C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013-02-10] Chrome: ======= CHR Profile: C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo\YontooLayers.crx [2013-02-10] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation) S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed] S4 BrowserProtect; C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [0 2013-02-11] () <==== ATTENTION (zero size file/folder) R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-05-14] (ESET) S3 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [731840 2009-05-14] (ESET) S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-15] (Microsoft Corporation) [File not signed] S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-01-12] (Oracle Corporation) S2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] S2 SerialKeys; C:\WINDOWS\system32\skeys.exe [26112 2008-04-15] (Microsoft Corporation) S3 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-15] (Microsoft Corporation) [File not signed] S2 .EsetTrialReset; C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\esettrialreset.reg ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2012-12-14] (Meetinghouse Data Communications) [File not signed] S3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed] S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [818496 2004-04-23] (C-Media Inc) S2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [114472 2009-05-14] (ESET) S1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET) S1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94360 2009-05-14] (ESET) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2014-11-23] (Windows (R) 2000 DDK provider) S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-15] (Microsoft Corporation) S2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-15] (Microsoft Corporation) S2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-15] (Microsoft Corporation) S2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-15] (Microsoft Corporation) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation) S1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.) S3 viafilter; C:\WINDOWS\System32\Drivers\viausb1.sys [9728 2001-09-19] (VIA Technologies, Inc.) [File not signed] R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2009-05-05] (VIA Technologies, Inc.) R3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2005-01-05] (VIA Technologies, Inc.) [File not signed] R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11264 2005-06-06] (VIA Technologies, Inc.) [File not signed] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 HWiNFO32; \??\C:\DOCUME~1\KaMiLa\USTAWI~1\Temp\HWiNFO32.SYS [X] S4 IntelIde; No ImagePath S3 RT80x86; system32\DRIVERS\RT2860.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-22 21:40 - 2015-02-22 21:40 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\hardwarediagnosis 2015-02-22 21:33 - 2015-02-22 21:34 - 00011481 _____ () C:\Documents and Settings\KaMiLa\Pulpit\FRST.txt 2015-02-22 20:33 - 2015-02-22 20:33 - 01126912 _____ (Farbar) C:\Documents and Settings\KaMiLa\Pulpit\FRST.exe 2015-02-22 20:07 - 2015-02-22 21:33 - 00000000 ____D () C:\FRST 2015-02-22 19:02 - 2015-02-22 19:02 - 00001568 _____ () C:\Documents and Settings\KaMiLa\Pulpit\skangmera.log 2015-02-22 18:27 - 2015-02-22 18:11 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\disablingemulations 2015-02-22 18:27 - 2015-02-22 18:08 - 00380416 _____ () C:\Documents and Settings\KaMiLa\Pulpit\p2yhhowi.exe 2015-02-22 16:38 - 2015-02-22 16:38 - 00002440 _____ () C:\Documents and Settings\KaMiLa\Pulpit\wynikesetaonline.txt 2015-02-22 15:35 - 2015-02-22 15:35 - 06103040 _____ () C:\Program Files\GUT2.tmp 2015-02-22 15:35 - 2015-02-22 15:35 - 00000000 ____D () C:\Program Files\GUM1.tmp 2015-02-22 01:52 - 2015-02-22 01:52 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2015-02-21 19:20 - 2001-10-26 16:57 - 00012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys 2015-02-21 19:20 - 2001-10-26 16:57 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-22 21:34 - 2012-12-14 09:51 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Temp 2015-02-22 21:33 - 2012-12-14 09:51 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit 2015-02-22 21:31 - 2012-12-14 09:51 - 00000188 ___SH () C:\Documents and Settings\KaMiLa\ntuser.ini 2015-02-22 21:30 - 2012-12-14 09:43 - 01627591 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-22 21:29 - 2014-11-09 17:45 - 00000434 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{34A26859-A87C-425A-818C-1BA009C4AE56}.job 2015-02-22 21:24 - 2012-12-14 12:00 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Dane aplikacji\AIMP3 2015-02-22 21:23 - 2008-04-15 13:00 - 00000227 _____ () C:\WINDOWS\system.ini 2015-02-22 21:18 - 2014-10-24 21:11 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-02-22 21:15 - 2012-12-18 18:29 - 00070827 _____ () C:\WINDOWS\FaxSetup.log 2015-02-22 21:15 - 2012-12-18 18:29 - 00056848 _____ () C:\WINDOWS\ocgen.log 2015-02-22 21:15 - 2012-12-18 18:29 - 00033516 _____ () C:\WINDOWS\tsoc.log 2015-02-22 21:15 - 2012-12-18 18:29 - 00022528 _____ () C:\WINDOWS\comsetup.log 2015-02-22 21:15 - 2012-12-18 18:29 - 00015691 _____ () C:\WINDOWS\ntdtcsetup.log 2015-02-22 21:15 - 2012-12-18 18:29 - 00013208 _____ () C:\WINDOWS\iis6.log 2015-02-22 21:15 - 2012-12-18 18:29 - 00006239 _____ () C:\WINDOWS\ocmsn.log 2015-02-22 21:15 - 2012-12-18 18:29 - 00006078 _____ () C:\WINDOWS\msgsocm.log 2015-02-22 21:15 - 2012-12-18 18:29 - 00001917 _____ () C:\WINDOWS\imsins.log 2015-02-22 21:15 - 2012-12-15 13:52 - 00531533 _____ () C:\WINDOWS\setupapi.log 2015-02-22 21:08 - 2012-12-14 11:40 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-22 20:46 - 2012-12-14 11:35 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-22 20:46 - 2012-12-14 09:50 - 00032586 _____ () C:\WINDOWS\SchedLgU.Txt 2015-02-22 20:43 - 2012-12-24 20:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-02-22 20:43 - 2012-12-24 20:54 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-02-22 20:43 - 2012-12-14 11:35 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-22 20:43 - 2012-12-14 09:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-22 17:51 - 2012-12-14 09:42 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-22 15:48 - 2012-12-14 12:45 - 00000000 ____D () C:\Program Files\ESET 2015-02-22 15:34 - 2008-04-15 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-22 02:14 - 2012-12-14 10:32 - 00001917 _____ () C:\WINDOWS\imsins.BAK 2015-02-21 19:20 - 2012-12-15 13:52 - 00024918 _____ () C:\WINDOWS\setupact.log ==================== Files in the root of some directories ======= 2015-02-22 15:35 - 2015-02-22 15:35 - 6103040 _____ () C:\Program Files\GUT2.tmp 2012-12-30 11:01 - 2014-11-23 21:59 - 0008192 _____ () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll [2008-04-15 13:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) b81b8dd052af396b3ef36e73b9d179c9 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================