Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2014 01 Ran by rob (administrator) on XXX-O6WCYSLXS0F on 13-01-2014 00:19:15 Running from E:\potrzebne Microsoft Windows XP Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ATTENTION: If processes are not listed WMI should be repaired. ==================== Processes (Whitelisted) =================== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE NvQTwk,NvCplDaemon initialize HKLM\...\Run: [nwiz] - nwiz.exe /install HKLM\...\Run: [VirtualCloneDrive] - D:\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5078504 2013-03-21] (ESET) HKCU\...\Run: [FreeCall] - "E:\pliki\generatorek3setup\FreeCall\FreeCall.exe" -nosplash -minimized HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\rob\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [138096 2012-08-03] (Facebook Inc.) HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Documents and Settings\rob\Dane aplikacji\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.) HKCU\...\Run: [ALLUpdate] - "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" HKCU\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKCU\...\Run: [pwo5] - C:\Documents and Settings\rob\pwo5\svchost.exe MountPoints2: {5953e898-786e-11e2-affb-b0487a82cdaa} - H:\RunClubSanDisk.exe MountPoints2: {789a8981-81b0-11e1-9e5c-b0487a82cdaa} - H:\RunClubSanDisk.exe HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2001-08-02] (Microsoft Corporation) AppInit_DLLs: c:\progra~1\magnipic\sprote~1.dll [ ] () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk ShortcutTarget: Przyspieszenie uruchomienia programu AutoCAD.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {1845AF18-30C8-4C16-92A7-088A03A48ADA} URL = http://searchou.com/?q={searchTerms}&id=c0fe5921000000000000b0487a82cdaa&r=956 SearchScopes: HKCU - {DD14C8F7-62EB-4CC7-84EF-3A4C64E79A41} URL = http://websearch.ask.com/redirect?client=ie&tb=SLS&o=APN10610&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^ADI&apn_dtid=^YYYYYY^YY^PL&apn_uid=9f72270f-0720-4909-8b20-f1bc489e43a6&apn_sauid=C2D7E6F1-FBA9-477D-BE1A-C2B35B6B8A5E Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 82.160.1.1 ========================== Services (Whitelisted) ================= R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-21] (ESET) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2008-05-15] (Microsoft Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2008-05-15] (Microsoft Corporation) S3 SCardDrv; C:\Windows\System32\SCardSvr.exe [98304 2004-08-04] (Microsoft Corporation) S2 winmgmt; C:\DOCUME~1\ALLUSE~1\DANEAP~1\2nbwjt76jr.dss [x] ==================== Drivers (Whitelisted) ==================== R3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [328448 2004-04-28] (Aladdin Knowledge Systems) R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [99968 2004-05-11] (Aladdin Knowledge Systems) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2006-09-13] (Microsoft Corporation) S3 DIGIRPS; C:\Windows\System32\DRIVERS\digirlpt.sys [42560 2006-09-13] (Digi International, Inc.) R1 DumaNT; C:\Windows\System32\DRIVERS\dumant.sys [393784 2002-05-24] (NVIDIA Corporation) R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [161368 2013-01-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG) R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [105784 2013-01-10] (ESET) R1 eusk2par; C:\WINDOWS\system32\Drivers\eusk2par.sys [30656 2006-12-13] (Eutron) R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2007-03-10] (Microsoft Corporation) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.) R0 HFXP2; C:\Windows\System32\DRIVERS\HFXP2.SYS [17264 2007-01-23] (FSPro Labs) R1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2013-02-10] (Logix4u) S4 IdeBusDr; C:\Windows\System32\DRIVERS\IdeBusDr.sys [13366 2001-08-14] (Intel Corporation) S4 IdeChnDr; C:\Windows\System32\DRIVERS\IdeChnDr.sys [86330 2001-08-14] (Intel Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2007-03-10] (Microsoft Corporation) R1 oreans32; C:\WINDOWS\system32\drivers\oreans32.sys [33824 2013-02-24] () R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2006-09-13] (Realtek Semiconductor Corporation) S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () R3 usblowerfilter; C:\Windows\System32\Drivers\usblowerfilter.sys [16000 2013-02-10] (Windows (R) Win 7 DDK provider) R3 vusbbus; C:\Windows\System32\DRIVERS\vusbbus.sys [11520 2010-03-03] (Chingachguk & Denger2k) R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey.sys [72704 2008-05-15] (WIBU-SYSTEMS AG) S3 XXLHASP; c:\windows\system32\drivers\XXLHASP.sys [821248 2012-12-29] () S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [x] S3 Cardex; \??\C:\WINDOWS\TBPANEL.SYS [x] S4 hpt3xx; No ImagePath S2 SentinelFilter; \??\E:\lantek\Expert\SENTINELFILTER.SYS [x] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== NETSVC: qznkwm -> No Registry Path. NETSVC: eapzftjdz -> No Registry Path. ==================== One Month Created Files and Folders ======== 2014-01-13 00:16 - 2014-01-13 00:16 - 00000000 ____D C:\FRST 2014-01-13 00:13 - 2014-01-13 00:13 - 00039748 _____ C:\Documents and Settings\rob\Pulpit\Extras.Txt 2014-01-05 09:15 - 2014-01-05 09:15 - 00000993 _____ C:\WINDOWS\KB2792100-IE8.log 2014-01-05 09:12 - 2014-01-05 09:24 - 00000655 _____ C:\WINDOWS\KB822603.log 2013-12-27 16:33 - 2013-12-27 16:33 - 00000000 ____D C:\Documents and Settings\rob\Pulpit\Nowy folder (3) 2013-12-21 22:17 - 2013-12-21 22:17 - 00000000 ____D C:\Documents and Settings\rob\Ustawienia lokalne\TempSW Katalog dla kopii zapasowych 2013-12-21 20:24 - 2013-12-21 20:24 - 00000995 _____ C:\Documents and Settings\All Users\Menu Start\Program Updates.lnk 2013-12-21 20:24 - 2013-12-21 20:24 - 00000000 ____D C:\Program Files\Common Files\Corel 2013-12-21 20:24 - 2013-12-21 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\CorelDRAW Graphics Suite 12 2013-12-19 19:06 - 2013-12-19 19:06 - 00045501 _____ C:\Documents and Settings\rob\Pulpit\Dzwon1.bak ==================== One Month Modified Files and Folders ======= 2014-01-13 00:16 - 2014-01-13 00:16 - 00000000 ____D C:\FRST 2014-01-13 00:13 - 2014-01-13 00:13 - 00039748 _____ C:\Documents and Settings\rob\Pulpit\Extras.Txt 2014-01-13 00:13 - 2011-10-28 21:39 - 00000000 ____D C:\Documents and Settings\rob\Pulpit 2014-01-13 00:10 - 2013-11-17 06:31 - 00055498 _____ C:\Documents and Settings\rob\Pulpit\OTL.Txt 2014-01-12 22:36 - 2011-12-13 16:25 - 00001144 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-113007714-854245398-1003UA.job 2014-01-12 22:35 - 2011-10-29 09:13 - 00426022 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-12 22:30 - 2013-04-20 00:02 - 00000514 ____H C:\WINDOWS\Tasks\MagniPicUpdaterTask{A44BF961-C0D9-4F13-9A93-C426890A5EC8}.job 2014-01-12 22:30 - 2011-10-29 09:02 - 01025734 _____ C:\WINDOWS\setupapi.log 2014-01-12 22:29 - 2011-10-28 22:21 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-12 22:29 - 2011-10-28 22:21 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-12 22:29 - 2011-10-28 21:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-12 18:20 - 2011-10-28 21:39 - 00000188 ___SH C:\Documents and Settings\rob\ntuser.ini 2014-01-12 18:20 - 2011-10-28 21:35 - 00032520 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-12 12:34 - 2011-10-29 09:09 - 00391416 _____ C:\WINDOWS\wmsetup.log 2014-01-10 21:29 - 2011-10-30 10:01 - 00103936 _____ C:\Documents and Settings\rob\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-09 17:46 - 2001-07-21 23:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-05 19:36 - 2011-12-13 16:25 - 00001122 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-113007714-854245398-1003Core.job 2014-01-05 09:24 - 2014-01-05 09:12 - 00000655 _____ C:\WINDOWS\KB822603.log 2014-01-05 09:15 - 2014-01-05 09:15 - 00000993 _____ C:\WINDOWS\KB2792100-IE8.log 2014-01-05 09:03 - 2011-10-30 15:13 - 00000188 ___SH C:\Documents and Settings\weronika\ntuser.ini 2014-01-04 14:33 - 2013-07-02 18:24 - 00000000 ____D C:\Documents and Settings\weronika\Pulpit\scooby smok 2014-01-04 14:33 - 2011-11-25 17:10 - 00000000 ____D C:\Documents and Settings\weronika\Pulpit\mp33 2014-01-04 14:33 - 2011-10-30 15:13 - 00000000 ____D C:\Documents and Settings\weronika\Pulpit 2014-01-04 14:32 - 2011-11-09 15:44 - 00079872 _____ C:\Documents and Settings\weronika\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-04 14:29 - 2013-07-02 19:14 - 00000000 ____D C:\Documents and Settings\weronika\Pulpit\buble 2014-01-04 14:28 - 2013-01-12 13:08 - 00000000 ____D C:\Documents and Settings\weronika\Pulpit\teledysk 2014-01-04 14:27 - 2013-09-23 13:38 - 00000000 ____D C:\Documents and Settings\weronika\Pulpit\piosenki 2014-01-04 14:25 - 2013-03-03 11:45 - 00000000 ____D C:\Documents and Settings\weronika\Pulpit\progr 2014-01-01 00:31 - 2011-10-28 21:39 - 00000000 ___RD C:\Documents and Settings\rob\Ulubione 2013-12-30 13:31 - 2012-12-30 02:15 - 00001617 _____ C:\WINDOWS\byview.INI 2013-12-30 11:37 - 2011-10-28 21:39 - 00000000 ____D C:\Documents and Settings\rob 2013-12-27 16:33 - 2013-12-27 16:33 - 00000000 ____D C:\Documents and Settings\rob\Pulpit\Nowy folder (3) 2013-12-27 00:53 - 2011-12-27 11:47 - 00000888 _____ C:\WINDOWS\byhand.INI 2013-12-27 00:44 - 2013-11-30 12:59 - 00000000 ____D C:\Documents and Settings\rob\Pulpit\xzxz 2013-12-27 00:22 - 2013-11-06 09:13 - 00000000 ____D C:\Documents and Settings\rob\Pulpit\Nowy folder 2013-12-27 00:22 - 2013-10-23 11:53 - 00000000 ____D C:\Documents and Settings\rob\Pulpit\mj 2013-12-27 00:21 - 2013-04-20 22:11 - 00005144 _____ C:\WINDOWS\METALIX.INI 2013-12-22 18:47 - 2011-10-28 22:19 - 00346608 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-21 22:17 - 2013-12-21 22:17 - 00000000 ____D C:\Documents and Settings\rob\Ustawienia lokalne\TempSW Katalog dla kopii zapasowych 2013-12-21 22:17 - 2011-10-28 21:39 - 00000000 ___HD C:\Documents and Settings\rob\Ustawienia lokalne 2013-12-21 22:10 - 2013-12-12 18:45 - 00002045 _____ C:\Documents and Settings\All Users\Pulpit\SolidWorks 2006 SP0.0.lnk 2013-12-21 22:10 - 2011-10-28 23:16 - 00000000 ____D C:\Documents and Settings\rob\Dane aplikacji\SolidWorks 2013-12-21 20:28 - 2011-10-30 15:10 - 00106832 _____ C:\Documents and Settings\rob\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2013-12-21 20:24 - 2013-12-21 20:24 - 00000995 _____ C:\Documents and Settings\All Users\Menu Start\Program Updates.lnk 2013-12-21 20:24 - 2013-12-21 20:24 - 00000000 ____D C:\Program Files\Common Files\Corel 2013-12-21 20:24 - 2013-12-21 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\CorelDRAW Graphics Suite 12 2013-12-21 20:24 - 2011-10-28 22:19 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy 2013-12-21 20:24 - 2011-10-28 22:19 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start 2013-12-21 19:55 - 2011-12-11 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2013-12-21 19:55 - 2011-10-30 09:13 - 00000000 ____D C:\Documents and Settings\rob\Dane aplikacji\Adobe 2013-12-21 19:19 - 2012-04-10 23:07 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\cnc prog 2013-12-21 19:18 - 2011-10-28 21:27 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Gry 2013-12-19 19:06 - 2013-12-19 19:06 - 00045501 _____ C:\Documents and Settings\rob\Pulpit\Dzwon1.bak 2013-12-17 19:34 - 2011-11-04 21:30 - 00000000 ____D C:\Program Files\Intel Desktop Board 2013-12-14 13:51 - 2011-10-28 22:19 - 00333983 _____ C:\WINDOWS\setupact.log Files to move or delete: ==================== C:\Documents and Settings\rob\dsi.dll C:\Documents and Settings\rob\dst.dll Some content of TEMP: ==================== C:\Documents and Settings\rob\Ustawienia lokalne\Temp\50comupd.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\AskSLib.dll C:\Documents and Settings\rob\Ustawienia lokalne\Temp\axdist.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\Deaxdist.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\dotnetfx35setup.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\drm_dialogs.dll C:\Documents and Settings\rob\Ustawienia lokalne\Temp\drm_dyndata_7410004.dll C:\Documents and Settings\rob\Ustawienia lokalne\Temp\hhupd.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\Jaaxdist.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\Jet40SP5_9xNT.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\Jet40SP5_Me.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\msetup.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\Nokia_PC_Suite_pol.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\SHSetup.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\swadmindirectorres.dll C:\Documents and Settings\rob\Ustawienia lokalne\Temp\swinstres.dll C:\Documents and Settings\rob\Ustawienia lokalne\Temp\Swmires.dll C:\Documents and Settings\rob\Ustawienia lokalne\Temp\swsetup.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\Twaxdist.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\uninst1.exe C:\Documents and Settings\rob\Ustawienia lokalne\Temp\utt5F.tmp.exe C:\Documents and Settings\weronika\Ustawienia lokalne\Temp\GenericUninstall.exe C:\Documents and Settings\weronika\Ustawienia lokalne\Temp\mgsqlite3.dll C:\Documents and Settings\weronika\Ustawienia lokalne\Temp\SimboApp.exe C:\Documents and Settings\weronika\Ustawienia lokalne\Temp\SIMEEIInstaller.exe C:\Documents and Settings\weronika\Ustawienia lokalne\Temp\SweetIESetup.exe C:\Documents and Settings\weronika\Ustawienia lokalne\Temp\uninstaller.exe C:\Documents and Settings\weronika\Ustawienia lokalne\Temp\WhiteLabelSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2007-03-10 02:31] - [2007-03-10 02:31] - 1033728 ____A (Microsoft Corporation) 05412646fa6ea684af560d9984ae4e88 C:\Windows\System32\winlogon.exe [2004-08-04 00:44] - [2004-08-04 00:44] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0 C:\Windows\System32\svchost.exe [2004-08-04 00:44] - [2004-08-04 00:44] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e C:\Windows\System32\services.exe [2004-08-04 00:44] - [2004-08-04 00:44] - 0108544 ____A (Microsoft Corporation) 3da8d964d2cc12ef8e8c342471a37917 C:\Windows\System32\User32.dll [2007-03-10 02:32] - [2007-03-10 02:32] - 0578560 ____A (Microsoft Corporation) 6a93565be9b8422eb7538c66ac732d76 C:\Windows\System32\userinit.exe [2004-08-04 00:44] - [2004-08-04 00:44] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396 C:\Windows\System32\rpcss.dll [2006-09-13 16:30] - [2006-09-13 16:30] - 0398848 ____A (Microsoft Corporation) 330bd351585b2f5826d1565bce35ec9b C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 00:36] - [2004-08-04 00:36] - 0052864 ____A (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36 ==================== End Of Log ============================