Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 04 Ran by Robert (administrator) on ROBERT on 14-09-2013 18:19:54 Running from C:\Users\Robert\Desktop\Wirus Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE ==================== Registry (Whitelisted) ================== HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA) HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @ganymede/CARDS,version=1.0 - C:\Program Files\Ganymede\Plugins\CARDS\NPCARDS.dll (Ganymede Technologies) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: IE Tab - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} FF Extension: SQLiteManager - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\z3qa0gj6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Chrome: ======= CHR HKLM\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files\StartSearch plugin\startsplg.crx ========================== Services (Whitelisted) ================= S4 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH) R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2008-02-06] (TOSHIBA Corporation) S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) ==================== Drivers (Whitelisted) ==================== R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.) R1 FileDisk; C:\Windows\System32\Drivers\FileDisk.sys [19712 2009-10-21] (Bo Brantén) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-14] (Malwarebytes Corporation) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation ) R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider) R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-16] () R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics) R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-14 17:04 - 2013-09-14 17:04 - 00000145 _____ C:\Users\Robert\Desktop\rzg.m3u 2013-09-14 16:58 - 2013-09-14 16:58 - 00000266 __RSH C:\ProgramData\ntuser.pol 2013-09-14 16:46 - 2013-09-14 18:19 - 00000000 ____D C:\Users\Robert\Desktop\Wirus 2013-09-14 16:36 - 2013-09-14 16:36 - 00000000 ____D C:\FRST 2013-09-14 16:34 - 2013-09-14 16:34 - 00141086 _____ C:\ComboFix.txt 2013-09-14 16:04 - 2013-09-14 16:34 - 00000000 ____D C:\Qoobox 2013-09-14 16:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-14 16:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-14 16:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-14 16:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-14 16:00 - 2013-09-14 16:01 - 00000000 ____D C:\AdwCleaner 2013-09-14 15:57 - 2013-09-14 15:58 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-09-14 13:02 - 2013-09-14 13:02 - 00000000 __RSH C:\IO.SYS 2013-09-14 12:57 - 2013-09-14 16:27 - 00000000 ____D C:\Windows\erdnt 2013-09-02 19:23 - 2013-09-02 19:23 - 09741544 _____ (Piotr Kowaluk ) C:\Users\Robert\Downloads\br32v.exe 2013-09-01 16:50 - 2013-09-01 16:50 - 00000364 _____ C:\Users\Robert\Desktop\ff.txt 2013-08-18 20:26 - 2013-08-18 20:27 - 06953096 _____ (Microsoft Corporation) C:\Users\Robert\Downloads\Silverlight.exe 2013-08-18 19:27 - 2013-08-19 20:07 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-09-14 18:19 - 2013-09-14 16:46 - 00000000 ____D C:\Users\Robert\Desktop\Wirus 2013-09-14 18:16 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-14 18:16 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-14 18:16 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-14 18:15 - 2012-05-03 07:22 - 00415572 _____ C:\Windows\WindowsUpdate.log 2013-09-14 18:15 - 2006-11-02 15:01 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-14 18:07 - 2012-07-08 20:18 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-14 17:04 - 2013-09-14 17:04 - 00000145 _____ C:\Users\Robert\Desktop\rzg.m3u 2013-09-14 16:58 - 2013-09-14 16:58 - 00000266 __RSH C:\ProgramData\ntuser.pol 2013-09-14 16:58 - 2006-11-02 13:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2013-09-14 16:38 - 2008-01-21 08:24 - 01625718 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-14 16:38 - 2008-01-21 08:24 - 00718022 _____ C:\Windows\system32\perfh015.dat 2013-09-14 16:38 - 2008-01-21 08:24 - 00153974 _____ C:\Windows\system32\perfc015.dat 2013-09-14 16:36 - 2013-09-14 16:36 - 00000000 ____D C:\FRST 2013-09-14 16:34 - 2013-09-14 16:34 - 00141086 _____ C:\ComboFix.txt 2013-09-14 16:34 - 2013-09-14 16:04 - 00000000 ____D C:\Qoobox 2013-09-14 16:34 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2013-09-14 16:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-09-14 16:27 - 2013-09-14 12:57 - 00000000 ____D C:\Windows\erdnt 2013-09-14 16:21 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-09-14 16:19 - 2008-01-21 04:47 - 00098090 _____ C:\Windows\PFRO.log 2013-09-14 16:18 - 2006-11-02 12:22 - 55312384 _____ C:\Windows\system32\config\software.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 40108032 _____ C:\Windows\system32\config\COMPON~3.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 23068672 _____ C:\Windows\system32\config\system.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 00524288 _____ C:\Windows\system32\config\default.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security.bak 2013-09-14 16:18 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam.bak 2013-09-14 16:01 - 2013-09-14 16:00 - 00000000 ____D C:\AdwCleaner 2013-09-14 15:58 - 2013-09-14 15:57 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-09-14 13:02 - 2013-09-14 13:02 - 00000000 __RSH C:\IO.SYS 2013-09-14 12:57 - 2009-01-15 12:48 - 00000000 ____D C:\Users\Robert 2013-09-14 11:36 - 2006-11-02 14:47 - 00079872 _____ C:\Windows\system32\umstartup.etl 2013-09-14 11:13 - 2006-11-02 14:52 - 00138560 _____ C:\Windows\setupact.log 2013-09-13 18:32 - 2009-01-20 18:23 - 00000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent 2013-09-10 23:26 - 2012-04-28 19:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-10 23:26 - 2011-05-19 17:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-10 05:12 - 2013-01-15 06:35 - 00000000 ____D C:\Windows\Minidump 2013-09-10 05:12 - 2009-01-15 11:29 - 00142197 _____ C:\Windows\Minidump\Mini091013-01.dmp 2013-09-02 19:28 - 2013-07-06 20:36 - 00000000 ____D C:\ARCHIWUM 2013-09-02 19:24 - 2013-07-06 20:36 - 00000000 ____D C:\BR 2013-09-02 19:23 - 2013-09-02 19:23 - 09741544 _____ (Piotr Kowaluk ) C:\Users\Robert\Downloads\br32v.exe 2013-09-01 16:50 - 2013-09-01 16:50 - 00000364 _____ C:\Users\Robert\Desktop\ff.txt 2013-08-21 07:47 - 2009-01-15 11:29 - 00142005 _____ C:\Windows\Minidump\Mini082113-01.dmp 2013-08-20 18:23 - 2012-06-15 19:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-20 18:23 - 2010-04-16 18:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-19 20:07 - 2013-08-18 19:27 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-18 20:27 - 2013-08-18 20:26 - 06953096 _____ (Microsoft Corporation) C:\Users\Robert\Downloads\Silverlight.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-14 18:15 ==================== End Of Log ============================