Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2013 01 Ran by Hania (administrator) on HANIA on 11-12-2013 14:52:28 Running from F:\otl 2 Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32 HKU\Default User\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Strona wyszukiwania = http://www.msn.com/access/allinone.asp HKCU\Software\Microsoft\Internet Explorer\Main,Strona początkowa = http://www.microsoft.com/msoffice/ DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\..\Interfaces\{C058262D-1F4E-4DCD-A027-4672BE77E3CB}: [NameServer]194.204.159.1,157.25.5.3 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Hania\Dane aplikacji\Mozilla\Firefox\Profiles\zo7ig9sd.default FF Homepage: https://www.citibankonline.pl/PLGCB/JPS/portal/SignonLocaleSwitch.do?locale=pl_PL FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-11 14:51 - 2013-12-11 14:51 - 00000000 ____D C:\FRST 2013-12-11 14:15 - 2013-12-11 14:15 - 00003584 _____ C:\Documents and Settings\Hania\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-11 13:30 - 2013-12-11 13:30 - 09293192 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-12-11 12:08 - 2013-12-11 12:08 - 00000000 ____D C:\Program Files\ESET 2013-11-28 12:31 - 2013-12-10 09:34 - 00041472 _____ C:\Documents and Settings\Hania\Moje dokumenty\Sprz TETRA 11.2013.xls 2013-11-28 12:04 - 2013-12-05 11:07 - 00053760 _____ C:\Documents and Settings\Hania\Moje dokumenty\sprz P&H-11.2013.xls ==================== One Month Modified Files and Folders ======= 2013-12-11 14:51 - 2013-12-11 14:51 - 00000000 ____D C:\FRST 2013-12-11 14:50 - 2013-03-25 12:57 - 00000000 ____D C:\Instalki 2013-12-11 14:36 - 2013-03-22 10:58 - 01939155 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-11 14:34 - 2013-03-22 11:04 - 00000188 ___SH C:\Documents and Settings\Hania\ntuser.ini 2013-12-11 14:34 - 2013-03-22 11:03 - 00032508 _____ C:\WINDOWS\SchedLgU.Txt 2013-12-11 14:34 - 2013-03-22 11:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-11 14:29 - 2013-03-22 13:27 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-12-11 14:15 - 2013-12-11 14:15 - 00003584 _____ C:\Documents and Settings\Hania\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-11 14:15 - 2013-03-22 11:04 - 00000000 ___HD C:\Documents and Settings\Hania\Ustawienia lokalne\Dane aplikacji 2013-12-11 13:31 - 2013-03-22 13:27 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-12-11 13:30 - 2013-12-11 13:30 - 09293192 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-12-11 13:30 - 2013-03-22 13:27 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-12-11 12:08 - 2013-12-11 12:08 - 00000000 ____D C:\Program Files\ESET 2013-12-11 12:08 - 2013-03-22 11:49 - 00345192 _____ C:\WINDOWS\setupapi.log 2013-12-11 10:29 - 2001-07-21 23:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-12-10 14:23 - 2013-04-16 13:37 - 02034640 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2013-12-10 14:23 - 2013-03-22 11:03 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2013-12-10 10:27 - 2013-04-16 07:34 - 00000000 ____D C:\Documents and Settings\Hania\Moje dokumenty\Druki GOFIN 2013-12-10 10:16 - 2013-10-22 10:26 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-10 09:34 - 2013-11-28 12:31 - 00041472 _____ C:\Documents and Settings\Hania\Moje dokumenty\Sprz TETRA 11.2013.xls 2013-12-10 09:34 - 2013-03-22 11:04 - 00000000 ___RD C:\Documents and Settings\Hania\Moje dokumenty 2013-12-05 11:48 - 2013-03-26 10:14 - 00018432 _____ C:\Documents and Settings\Hania\Moje dokumenty\P&H dok.niezapłacone.xls 2013-12-05 11:07 - 2013-11-28 12:04 - 00053760 _____ C:\Documents and Settings\Hania\Moje dokumenty\sprz P&H-11.2013.xls 2013-12-03 10:41 - 2013-03-22 13:32 - 00000000 ____D C:\Documents and Settings\Hania\Moje dokumenty\Pobieranie 2013-11-19 11:15 - 2013-03-26 10:14 - 00016896 _____ C:\Documents and Settings\Hania\Moje dokumenty\rozl.f-ry EURO.xls 2013-11-12 11:52 - 2013-03-26 10:14 - 00023552 _____ C:\Documents and Settings\Hania\Moje dokumenty\TETRA dok.niezapłacone.xls 2013-11-12 09:46 - 2013-04-16 12:04 - 01397857 _____ C:\Documents and Settings\Hania\Pulpit\VAT 7 TETRA.gofin 2013-11-12 09:45 - 2013-04-16 07:44 - 01397836 _____ C:\Documents and Settings\Hania\Pulpit\VAT-7.gofin ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-01-24 10:59] - [2008-04-14 19:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2004-08-04 00:44] - [2008-04-14 19:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2004-08-04 00:44] - [2008-04-14 19:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2004-08-04 00:44] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2008-01-24 10:57] - [2008-04-14 19:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2004-08-04 00:44] - [2008-04-14 19:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 00:36] - [2008-04-14 18:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================