Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014 Ran by berger (administrator) on XP-75CF98363E2C on 27-12-2014 16:25:41 Running from C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit Loaded Profile: berger (Available profiles: berger) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\Program Files\CoreTemp32\Core Temp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-343818398-1757981266-839522115-1003\...\MountPoints2: {296bd530-119c-11e3-9b55-1c6f65fcb841} - H:\AutoRun.exe HKU\S-1-5-21-343818398-1757981266-839522115-1003\...\MountPoints2: {4118dc19-f3bc-11e1-96c9-1c6f65fcb841} - I:\AutoRun.exe HKU\S-1-5-21-343818398-1757981266-839522115-1003\...\MountPoints2: {5ada7dcf-c9d4-11e1-95e4-4d6564696130} - I:\Install_Nokia_Ovi_Suite.exe HKU\S-1-5-21-343818398-1757981266-839522115-1003\...\MountPoints2: {b15be3e6-f37e-11e1-96c6-1c6f65fcb841} - I:\AutoRun.exe HKU\S-1-5-21-343818398-1757981266-839522115-1003\...\MountPoints2: {be155ac8-f41d-11e1-96ca-1c6f65fcb841} - I:\AutoRun.exe HKU\S-1-5-21-343818398-1757981266-839522115-1003\...\MountPoints2: {e932a2f2-f36e-11e1-96c5-4d6564696130} - I:\AutoRun.exe HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-343818398-1757981266-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKU\S-1-5-21-343818398-1757981266-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-343818398-1757981266-839522115-1003 -> {1E69A14C-02A0-4B0D-BF70-1C1E66677AD4} URL = http://www.google.com/search?hl=pl&q={searchTerms} DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1394986474062 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031 FF DefaultSearchEngine: Google Default FF Homepage: https://www.google.com/ FF Keyword.URL: hxxp://www.google.com.my/search?q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @IObit.com/np_Asc_Plugin -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\searchplugins\google-default.xml FF Extension: Flashblock - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-27] FF Extension: Flashblock - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(2) [2014-12-25] FF Extension: Flashblock - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(3) [2014-12-26] FF Extension: DownloadHelper - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-26] FF Extension: anonymoX - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\client@anonymox.net.xpi [2014-12-10] FF Extension: Saved Password Editor - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-02-03] FF Extension: Google Translator for Firefox - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\translator@zoli.bod.xpi [2014-01-05] FF Extension: Adblock Plus - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-27] FF Extension: DownThemAll! - C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Mozilla\Firefox\Profiles\7f8o4de8.default-1386175172031\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-06-15] FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-26] Chrome: ======= CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] () S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-27] (Oracle Corporation) S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] () S3 appliand; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.) R3 appliandMP; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.) S3 etdrv; C:\WINDOWS\etdrv.sys [17488 2014-07-26] (Windows (R) 2000 DDK provider) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [119656 2011-07-08] (NVIDIA Corporation) R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software) R3 ALSysIO; \??\C:\DOCUME~1\BERGER~2.XP-\USTAWI~1\Temp\ALSysIO.sys [X] S3 cpuz135; \??\C:\DOCUME~1\BERGER~2.XP-\USTAWI~1\Temp\cpuz135\cpuz135_x32.sys [X] S3 cpuz136; \??\C:\DOCUME~1\BERGER~2.XP-\USTAWI~1\Temp\cpuz136\cpuz136_x32.sys [X] S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X] U5 GVTDrv; C:\WINDOWS\system32\Drivers\GVTDrv.sys [24944 2014-07-26] () S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2008-05-02] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 16:26 - 2014-12-27 16:26 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\frst 2014-12-27 16:25 - 2014-12-27 16:25 - 00017995 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\FRST.txt 2014-12-27 16:24 - 2014-12-27 16:25 - 00000000 ____D () C:\FRST 2014-12-27 16:24 - 2014-12-27 16:24 - 00852505 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\SecurityCheck.exe 2014-12-27 16:23 - 2014-12-27 16:23 - 01114624 _____ (Farbar) C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\FRST.exe 2014-12-27 16:23 - 2014-12-27 16:23 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\OTL.exe 2014-12-27 16:23 - 2014-12-27 16:23 - 00380416 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\6wxqtxju.exe 2014-12-27 14:02 - 2014-12-27 14:02 - 00000460 __RSH () C:\Documents and Settings\All Users.WINDOWS\ntuser.pol 2014-12-27 13:48 - 2014-12-27 13:48 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Menu Start\Programy\WinRAR 2014-12-27 13:48 - 2014-12-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\WinRAR 2014-12-27 13:48 - 2014-12-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\WinRAR 2014-12-27 13:47 - 2014-12-27 13:47 - 00006060 _____ () C:\WINDOWS\wmp11.log 2014-12-27 13:36 - 2014-12-27 13:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Windows Genuine Advantage 2014-12-27 13:36 - 2014-12-27 13:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Windows Genuine Advantage 2014-12-27 13:33 - 2014-12-27 13:41 - 00001160 _____ () C:\WINDOWS\wmsetup.log 2014-12-27 13:33 - 2014-12-27 13:33 - 00005606 _____ () C:\WINDOWS\KB2834904-v2.log 2014-12-27 13:33 - 2014-12-27 13:33 - 00005358 _____ () C:\WINDOWS\WMFDist11.log 2014-12-27 00:26 - 2014-12-27 00:25 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-12-27 00:26 - 2014-12-27 00:25 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-12-27 00:25 - 2014-12-27 00:25 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-12-27 00:25 - 2014-12-27 00:25 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-12-27 00:25 - 2014-12-27 00:25 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-12-27 00:25 - 2014-12-27 00:25 - 00000000 ____D () C:\Program Files\Java 2014-12-27 00:25 - 2014-12-27 00:25 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Java 2014-12-27 00:25 - 2014-12-27 00:25 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Java 2014-12-26 23:58 - 2014-12-26 23:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-26 16:29 - 2014-12-26 16:29 - 00042268 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\.recently-used.xbel 2014-12-23 17:58 - 2014-12-23 17:59 - 04732102 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\HUD_by_Tosyk.7z 2014-12-20 22:38 - 2014-12-20 22:47 - 65724106 _____ () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\d7dc233.flv 2014-12-18 23:02 - 2014-12-27 14:52 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\d 2014-12-13 14:31 - 2014-12-13 14:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ALLPlayer 2014-12-13 14:31 - 2014-12-13 14:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ALLPlayer ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 16:26 - 2012-04-18 16:09 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit 2014-12-27 16:25 - 2012-04-18 16:09 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Ustawienia lokalne\Temp 2014-12-27 16:19 - 2014-03-16 17:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-12-27 16:19 - 2014-03-16 17:56 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-27 16:19 - 2014-02-15 14:33 - 00000446 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK.job 2014-12-27 16:19 - 2012-04-18 16:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-27 16:16 - 2014-03-16 17:55 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-27 16:16 - 2012-04-18 16:09 - 00000188 ___SH () C:\Documents and Settings\berger.XP-75CF98363E2C\ntuser.ini 2014-12-27 16:16 - 2012-04-18 16:00 - 01327588 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-27 15:27 - 2012-08-03 21:03 - 00000460 __RSH () C:\Documents and Settings\berger.XP-75CF98363E2C\ntuser.pol 2014-12-27 15:27 - 2012-04-18 16:09 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C 2014-12-27 15:21 - 2012-04-18 17:52 - 01254156 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-27 15:21 - 2001-10-26 17:15 - 00555448 _____ () C:\WINDOWS\system32\perfh015.dat 2014-12-27 15:21 - 2001-10-26 17:15 - 00104478 _____ () C:\WINDOWS\system32\perfc015.dat 2014-12-27 15:20 - 2014-11-17 18:12 - 00000000 ____D () C:\AdwCleaner 2014-12-27 15:13 - 2011-11-07 15:04 - 00000000 ____D () C:\WINDOWS\Registration 2014-12-27 14:13 - 2014-03-16 18:14 - 00871358 _____ () C:\WINDOWS\setupapi.log 2014-12-27 14:02 - 2012-04-18 17:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS 2014-12-27 13:57 - 2011-11-07 16:14 - 00000000 ____D () C:\Program Files\WinRAR 2014-12-27 13:48 - 2012-04-18 17:51 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2014-12-27 13:48 - 2012-04-18 17:51 - 00000000 ___RD () C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy 2014-12-27 13:36 - 2012-04-18 17:50 - 00000000 __RHD () C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji 2014-12-27 13:36 - 2001-07-21 23:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-27 13:26 - 2014-03-20 23:51 - 00000000 ____D () C:\Program Files\SpeedFan 2014-12-27 13:08 - 2012-04-18 16:43 - 00000010 _____ () C:\WINDOWS\GSetup.ini 2014-12-27 13:03 - 2011-11-07 16:10 - 00000000 ____D () C:\Program Files\Foxit Software 2014-12-26 23:54 - 2014-03-16 15:11 - 00000000 ____D () C:\Program Files\Mozilla 2014-12-26 23:54 - 2012-04-18 19:04 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\gtk-2.0 2014-12-26 23:53 - 2012-04-18 17:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Pulpit 2014-12-26 20:45 - 2012-04-18 16:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000 2014-12-26 20:45 - 2012-04-18 16:08 - 00000000 __SHD () C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000 2014-12-26 16:57 - 2012-04-18 19:03 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\.gimp-2.6 2014-12-25 23:50 - 2014-11-01 17:26 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-24 23:03 - 2013-12-25 22:18 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\MPC-HC 2014-12-23 23:33 - 2012-04-18 20:19 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-12-23 17:36 - 2014-05-15 20:22 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\by 2014-12-23 17:27 - 2012-04-19 14:50 - 00380040 ___SH () C:\Documents and Settings\berger.XP-75CF98363E2C\Pulpit\Thumbs.db 2014-12-20 21:47 - 2012-04-18 18:20 - 00005707 _____ () C:\WINDOWS\zmodeler.INI 2014-12-20 21:34 - 2014-02-09 22:27 - 00000000 ____D () C:\Program Files\ZModeler 2014-12-13 15:08 - 2012-04-18 20:14 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\Real 2014-12-13 14:45 - 2014-04-27 22:54 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Dane aplikacji\NVIDIA 2014-12-13 14:45 - 2011-11-12 13:17 - 00000000 ____D () C:\Program Files\ALLPlayer 2014-12-13 13:59 - 2001-07-21 23:16 - 00000208 _____ () C:\WINDOWS\win.ini 2014-12-11 16:06 - 2014-07-11 21:15 - 00000000 ____D () C:\Documents and Settings\berger.XP-75CF98363E2C\Ustawienia lokalne\Dane aplikacji\Adobe 2014-12-11 16:06 - 2012-04-18 17:32 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-12-11 16:06 - 2012-04-18 17:32 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-12-05 22:33 - 2014-06-28 15:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-12-01 23:59 - 2012-04-18 16:08 - 00000188 ___SH () C:\Documents and Settings\LocalService.ZARZĄDZANIE NT.000\ntuser.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================