Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015 Ran by KaMiLa (administrator) on ABC-AF00BDF99BD on 01-03-2015 23:18:54 Running from C:\Documents and Settings\KaMiLa\Moje dokumenty\Pobrane Loaded Profiles: KaMiLa (Available profiles: KaMiLa) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) C:\WINDOWS\system32\skeys.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,SKEYS /I, Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1123561945-776561741-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.4 FireFox: ======== FF ProfilePath: C:\Documents and Settings\KaMiLa\Dane aplikacji\Mozilla\Firefox\Profiles\izn35o5e.default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation) R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed] R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 SerialKeys; C:\WINDOWS\system32\skeys.exe [26112 2008-04-15] (Microsoft Corporation) S3 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-15] (Microsoft Corporation) [File not signed] S3 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2012-12-14] (Meetinghouse Data Communications) [File not signed] R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed] R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [818496 2004-04-23] (C-Media Inc) R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2014-11-23] (Windows (R) 2000 DDK provider) S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-15] (Microsoft Corporation) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-15] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-15] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-15] (Microsoft Corporation) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation) R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.) S3 viafilter; C:\WINDOWS\System32\Drivers\viausb1.sys [9728 2001-09-19] (VIA Technologies, Inc.) [File not signed] R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2009-05-05] (VIA Technologies, Inc.) R3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2005-01-05] (VIA Technologies, Inc.) [File not signed] R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11264 2005-06-06] (VIA Technologies, Inc.) [File not signed] S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-01 23:17 - 2015-03-01 23:17 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2015-03-01 23:11 - 2015-03-01 23:11 - 00000000 ____D () C:\MATS 2015-03-01 23:05 - 2015-03-01 23:18 - 00001084 _____ () C:\WINDOWS\spupdsvc.log 2015-03-01 23:05 - 2015-03-01 23:16 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt 2015-03-01 23:05 - 2015-03-01 23:05 - 00030745 _____ () C:\WINDOWS\KB926139-v2.log 2015-03-01 23:05 - 2015-03-01 23:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$ 2015-03-01 23:05 - 2015-03-01 23:05 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell 2015-03-01 23:05 - 2015-03-01 23:05 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Windows PowerShell 1.0 2015-03-01 22:52 - 2015-03-01 22:52 - 00000134 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Microsoft Fix it.url 2015-02-28 15:46 - 2015-02-28 15:46 - 00176055 _____ () C:\Documents and Settings\KaMiLa\Pulpit\hwinfohtml.HTM 2015-02-28 15:34 - 2015-02-28 15:34 - 00130832 _____ () C:\Documents and Settings\KaMiLa\Pulpit\hwinforaport.LOG 2015-02-28 13:59 - 2015-02-28 13:59 - 00000469 _____ () C:\Documents and Settings\KaMiLa\Pulpit\gmer2skan.log 2015-02-28 03:58 - 2015-02-28 03:58 - 00000727 _____ () C:\Documents and Settings\KaMiLa\Pulpit\skan.log 2015-02-28 00:49 - 2015-02-28 00:49 - 00016112 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Addition.txt 2015-02-28 00:20 - 2015-02-28 00:41 - 00000219 _____ () C:\Documents and Settings\KaMiLa\Pulpit\opisy.txt 2015-02-27 04:56 - 2015-02-28 00:49 - 00015849 _____ () C:\Documents and Settings\KaMiLa\Pulpit\FRST.txt 2015-02-27 04:17 - 2015-03-01 22:58 - 00565934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-27 04:15 - 2015-03-01 22:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2015-02-27 03:35 - 2015-02-27 03:36 - 00004487 _____ () C:\Documents and Settings\KaMiLa\Pulpit\~ESETUninstaller.log 2015-02-27 03:30 - 2015-02-27 03:30 - 00675528 _____ (ESET) C:\Documents and Settings\KaMiLa\Pulpit\ESETUninstaller.exe 2015-02-27 01:04 - 2015-03-01 23:18 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Moje dokumenty\Pobrane 2015-02-26 22:32 - 2015-02-27 04:59 - 00000394 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Search.txt 2015-02-26 22:28 - 2015-02-27 01:03 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\0 2015-02-26 22:24 - 2015-02-26 22:24 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\FRST-OlderVersion 2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Mozilla 2015-02-25 12:29 - 2015-02-25 12:20 - 00713416 _____ (Opera Software) C:\Documents and Settings\KaMiLa\Pulpit\Opera_NI_stable.exe 2015-02-25 12:28 - 2015-02-25 12:20 - 32900504 _____ (Opera Software) C:\Documents and Settings\KaMiLa\Pulpit\Opera_27.0.1689.69_Setup.exe 2015-02-25 12:27 - 2015-02-25 12:20 - 00880208 _____ (Google Inc.) C:\Documents and Settings\KaMiLa\Pulpit\ChromeSetup.exe 2015-02-23 21:51 - 2015-02-23 21:51 - 00001081 _____ () C:\MBAM2.txt 2015-02-23 17:49 - 2015-02-23 17:49 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\KaMiLa\Pulpit\rkill.com 2015-02-23 16:52 - 2015-02-23 16:53 - 00003324 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Rkill.txt 2015-02-23 16:35 - 2015-02-23 16:35 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Dane aplikacji\Mozilla 2015-02-23 15:12 - 2015-02-23 15:12 - 00010062 _____ () C:\Documents and Settings\KaMiLa\Pulpit\MBAMraport.txt 2015-02-23 04:37 - 2015-02-25 21:20 - 00000730 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2015-02-23 04:37 - 2015-02-25 21:20 - 00000724 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2015-02-23 02:44 - 2015-02-23 02:44 - 00000049 _____ () C:\Documents and Settings\KaMiLa\Pulpit\mbam.txt 2015-02-23 02:21 - 2015-02-26 18:37 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-23 02:21 - 2015-02-25 12:20 - 40601600 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Firefox Setup 35.0.1.exe 2015-02-23 02:20 - 2015-02-23 02:20 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2015-02-23 02:20 - 2015-02-23 02:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-02-23 02:20 - 2015-02-23 02:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2015-02-23 02:20 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-23 02:20 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-23 02:18 - 2015-02-23 02:21 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\antywiry 2015-02-23 02:16 - 2015-02-23 02:16 - 00000000 ____D () C:\Device 2015-02-23 01:37 - 2015-02-23 02:51 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt 2015-02-23 01:37 - 2015-02-23 02:16 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Doctor Web 2015-02-23 00:06 - 2015-02-23 00:06 - 00003050 _____ () C:\Documents and Settings\KaMiLa\Pulpit\esetonlinewynik.txt 2015-02-22 21:40 - 2015-02-22 21:40 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\hardwarediagnosis 2015-02-22 21:35 - 2015-02-28 00:49 - 00026711 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Shortcut.txt 2015-02-22 20:33 - 2015-02-26 22:24 - 01127424 _____ (Farbar) C:\Documents and Settings\KaMiLa\Pulpit\FRST.exe 2015-02-22 20:07 - 2015-03-01 23:18 - 00000000 ____D () C:\FRST 2015-02-22 19:02 - 2015-02-22 19:02 - 00001568 _____ () C:\Documents and Settings\KaMiLa\Pulpit\skangmera.log 2015-02-22 18:27 - 2015-02-22 18:11 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\disablingemulations 2015-02-22 18:27 - 2015-02-22 18:08 - 00380416 _____ () C:\Documents and Settings\KaMiLa\Pulpit\p2yhhowi.exe 2015-02-22 16:38 - 2015-02-22 16:38 - 00002440 _____ () C:\Documents and Settings\KaMiLa\Pulpit\wynikesetaonline.txt 2015-02-22 01:52 - 2015-02-22 01:52 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2015-02-21 19:20 - 2001-10-26 16:57 - 00012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys 2015-02-21 19:20 - 2001-10-26 16:57 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-01 23:19 - 2014-11-09 17:45 - 00000434 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{34A26859-A87C-425A-818C-1BA009C4AE56}.job 2015-03-01 23:19 - 2012-12-14 09:51 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Temp 2015-03-01 23:19 - 2012-12-14 09:43 - 01958937 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-01 23:18 - 2012-12-24 20:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-03-01 23:18 - 2012-12-24 20:54 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-03-01 23:17 - 2012-12-14 09:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-01 23:16 - 2012-12-14 09:51 - 00000188 ___SH () C:\Documents and Settings\KaMiLa\ntuser.ini 2015-03-01 23:16 - 2012-12-14 09:50 - 00032586 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-01 23:12 - 2012-12-14 09:51 - 00000000 __RHD () C:\Documents and Settings\KaMiLa\Dane aplikacji 2015-03-01 23:05 - 2012-12-18 18:29 - 00083799 _____ () C:\WINDOWS\FaxSetup.log 2015-03-01 23:05 - 2012-12-18 18:29 - 00065485 _____ () C:\WINDOWS\ocgen.log 2015-03-01 23:05 - 2012-12-18 18:29 - 00039815 _____ () C:\WINDOWS\tsoc.log 2015-03-01 23:05 - 2012-12-18 18:29 - 00026910 _____ () C:\WINDOWS\comsetup.log 2015-03-01 23:05 - 2012-12-18 18:29 - 00018550 _____ () C:\WINDOWS\ntdtcsetup.log 2015-03-01 23:05 - 2012-12-18 18:29 - 00015142 _____ () C:\WINDOWS\iis6.log 2015-03-01 23:05 - 2012-12-18 18:29 - 00007094 _____ () C:\WINDOWS\ocmsn.log 2015-03-01 23:05 - 2012-12-18 18:29 - 00006817 _____ () C:\WINDOWS\msgsocm.log 2015-03-01 23:05 - 2012-12-18 18:29 - 00001355 _____ () C:\WINDOWS\imsins.log 2015-03-01 23:05 - 2012-12-15 13:52 - 00607037 _____ () C:\WINDOWS\setupapi.log 2015-03-01 23:05 - 2012-12-14 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2015-03-01 22:58 - 2008-04-15 13:00 - 00453654 _____ () C:\WINDOWS\system32\perfh015.dat 2015-03-01 22:58 - 2008-04-15 13:00 - 00075798 _____ () C:\WINDOWS\system32\perfc015.dat 2015-03-01 22:52 - 2012-12-14 09:51 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit 2015-03-01 22:25 - 2008-04-15 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-27 04:45 - 2012-12-14 09:51 - 00000000 __SHD () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Historia 2015-02-27 04:43 - 2012-12-14 10:32 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-02-27 04:43 - 2012-12-14 09:51 - 00000000 ___HD () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Dane aplikacji 2015-02-27 04:43 - 2012-12-14 09:50 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2015-02-27 04:43 - 2012-12-14 09:50 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2015-02-27 04:43 - 2012-12-14 09:48 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2015-02-27 04:15 - 2012-12-14 10:24 - 00000000 ____D () C:\WINDOWS\system32\mui 2015-02-27 01:04 - 2012-12-14 09:51 - 00000000 ___RD () C:\Documents and Settings\KaMiLa\Moje dokumenty 2015-02-27 00:17 - 2012-12-14 09:51 - 00000000 ___RD () C:\Documents and Settings\KaMiLa\Menu Start\Programy 2015-02-26 22:41 - 2012-12-14 10:32 - 00001917 _____ () C:\WINDOWS\imsins.BAK 2015-02-26 18:58 - 2012-12-14 10:30 - 00000211 ___SH () C:\boot.ini 2015-02-26 18:58 - 2008-04-15 13:00 - 00000518 _____ () C:\WINDOWS\win.ini 2015-02-26 18:58 - 2008-04-15 13:00 - 00000227 _____ () C:\WINDOWS\system.ini 2015-02-25 21:20 - 2013-02-10 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-02-23 16:35 - 2012-12-14 12:41 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Dane aplikacji\Mozilla 2015-02-23 04:37 - 2012-12-14 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-02-23 03:37 - 2012-12-14 10:02 - 00000000 ___HD () C:\WINDOWS\$hf_mig$ 2015-02-23 02:20 - 2012-12-14 10:31 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-02-23 01:37 - 2012-12-14 09:51 - 00000000 ____D () C:\Documents and Settings\KaMiLa 2015-02-23 00:36 - 2014-10-24 21:11 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-02-22 21:24 - 2012-12-14 12:00 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Dane aplikacji\AIMP3 2015-02-22 17:51 - 2012-12-14 09:42 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-21 19:20 - 2012-12-15 13:52 - 00024918 _____ () C:\WINDOWS\setupact.log ==================== Files in the root of some directories ======= 2012-12-30 11:01 - 2014-11-23 21:59 - 0008192 _____ () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================