Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01 Ran by KaMiLa (administrator) on ABC-AF00BDF99BD on 27-02-2015 04:56:12 Running from C:\Documents and Settings\KaMiLa\Pulpit Loaded Profiles: KaMiLa (Available profiles: KaMiLa) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,SKEYS /I, Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1123561945-776561741-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.4 FireFox: ======== FF ProfilePath: C:\Documents and Settings\KaMiLa\Dane aplikacji\Mozilla\Firefox\Profiles\izn35o5e.default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation) S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed] S2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 SerialKeys; C:\WINDOWS\system32\skeys.exe [26112 2008-04-15] (Microsoft Corporation) S3 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-15] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2012-12-14] (Meetinghouse Data Communications) [File not signed] S3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed] S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [818496 2004-04-23] (C-Media Inc) R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2014-11-23] (Windows (R) 2000 DDK provider) S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-15] (Microsoft Corporation) S2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-15] (Microsoft Corporation) S2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-15] (Microsoft Corporation) S2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-15] (Microsoft Corporation) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation) R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.) S3 viafilter; C:\WINDOWS\System32\Drivers\viausb1.sys [9728 2001-09-19] (VIA Technologies, Inc.) [File not signed] R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2009-05-05] (VIA Technologies, Inc.) R3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2005-01-05] (VIA Technologies, Inc.) [File not signed] R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11264 2005-06-06] (VIA Technologies, Inc.) [File not signed] S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-27 04:56 - 2015-02-27 04:56 - 00004668 _____ () C:\Documents and Settings\KaMiLa\Pulpit\FRST.txt 2015-02-27 04:17 - 2015-02-27 04:29 - 00798098 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-27 04:15 - 2015-02-27 04:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2015-02-27 04:15 - 2015-02-27 04:15 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-02-27 03:35 - 2015-02-27 03:36 - 00004487 _____ () C:\Documents and Settings\KaMiLa\Pulpit\~ESETUninstaller.log 2015-02-27 03:30 - 2015-02-27 03:30 - 00675528 _____ (ESET) C:\Documents and Settings\KaMiLa\Pulpit\ESETUninstaller.exe 2015-02-27 01:04 - 2015-02-27 04:33 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Moje dokumenty\Pobrane 2015-02-26 22:32 - 2015-02-26 22:33 - 00000927 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Search.txt 2015-02-26 22:28 - 2015-02-27 01:03 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\0 2015-02-26 22:24 - 2015-02-26 22:24 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\FRST-OlderVersion 2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-02-25 21:20 - 2015-02-25 21:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Mozilla 2015-02-25 12:29 - 2015-02-25 12:20 - 00713416 _____ (Opera Software) C:\Documents and Settings\KaMiLa\Pulpit\Opera_NI_stable.exe 2015-02-25 12:28 - 2015-02-25 12:20 - 32900504 _____ (Opera Software) C:\Documents and Settings\KaMiLa\Pulpit\Opera_27.0.1689.69_Setup.exe 2015-02-25 12:27 - 2015-02-25 12:20 - 00880208 _____ (Google Inc.) C:\Documents and Settings\KaMiLa\Pulpit\ChromeSetup.exe 2015-02-23 21:51 - 2015-02-23 21:51 - 00001081 _____ () C:\MBAM2.txt 2015-02-23 17:49 - 2015-02-23 17:49 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\KaMiLa\Pulpit\rkill.com 2015-02-23 16:52 - 2015-02-23 16:53 - 00003324 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Rkill.txt 2015-02-23 16:35 - 2015-02-23 16:35 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Dane aplikacji\Mozilla 2015-02-23 15:12 - 2015-02-23 15:12 - 00010062 _____ () C:\Documents and Settings\KaMiLa\Pulpit\MBAMraport.txt 2015-02-23 04:37 - 2015-02-25 21:20 - 00000730 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2015-02-23 04:37 - 2015-02-25 21:20 - 00000724 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2015-02-23 02:44 - 2015-02-23 02:44 - 00000049 _____ () C:\Documents and Settings\KaMiLa\Pulpit\mbam.txt 2015-02-23 02:21 - 2015-02-26 18:37 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-23 02:21 - 2015-02-25 12:20 - 40601600 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Firefox Setup 35.0.1.exe 2015-02-23 02:20 - 2015-02-23 02:20 - 00000777 _____ () C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2015-02-23 02:20 - 2015-02-23 02:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-02-23 02:20 - 2015-02-23 02:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2015-02-23 02:20 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-23 02:20 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-23 02:18 - 2015-02-23 02:21 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\antywiry 2015-02-23 02:16 - 2015-02-23 02:16 - 00000000 ____D () C:\Device 2015-02-23 01:37 - 2015-02-23 02:51 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt 2015-02-23 01:37 - 2015-02-23 02:16 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Doctor Web 2015-02-23 00:06 - 2015-02-23 00:06 - 00003050 _____ () C:\Documents and Settings\KaMiLa\Pulpit\esetonlinewynik.txt 2015-02-22 21:40 - 2015-02-22 21:40 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\hardwarediagnosis 2015-02-22 21:35 - 2015-02-26 22:28 - 00028514 _____ () C:\Documents and Settings\KaMiLa\Pulpit\Shortcut.txt 2015-02-22 20:33 - 2015-02-26 22:24 - 01127424 _____ (Farbar) C:\Documents and Settings\KaMiLa\Pulpit\FRST.exe 2015-02-22 20:07 - 2015-02-27 04:56 - 00000000 ____D () C:\FRST 2015-02-22 19:02 - 2015-02-22 19:02 - 00001568 _____ () C:\Documents and Settings\KaMiLa\Pulpit\skangmera.log 2015-02-22 18:27 - 2015-02-22 18:11 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit\disablingemulations 2015-02-22 18:27 - 2015-02-22 18:08 - 00380416 _____ () C:\Documents and Settings\KaMiLa\Pulpit\p2yhhowi.exe 2015-02-22 16:38 - 2015-02-22 16:38 - 00002440 _____ () C:\Documents and Settings\KaMiLa\Pulpit\wynikesetaonline.txt 2015-02-22 01:52 - 2015-02-22 01:52 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2015-02-21 19:20 - 2001-10-26 16:57 - 00012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys 2015-02-21 19:20 - 2001-10-26 16:57 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-27 04:56 - 2012-12-14 09:51 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Temp 2015-02-27 04:56 - 2012-12-14 09:51 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Pulpit 2015-02-27 04:53 - 2012-12-24 20:54 - 00000216 _____ () C:\WINDOWS\wiadebug.log 2015-02-27 04:53 - 2012-12-24 20:54 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-02-27 04:53 - 2012-12-14 09:50 - 00032586 _____ () C:\WINDOWS\SchedLgU.Txt 2015-02-27 04:53 - 2012-12-14 09:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-27 04:53 - 2012-12-14 09:43 - 01845288 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-27 04:52 - 2012-12-14 09:51 - 00000188 ___SH () C:\Documents and Settings\KaMiLa\ntuser.ini 2015-02-27 04:49 - 2014-11-09 17:45 - 00000434 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{34A26859-A87C-425A-818C-1BA009C4AE56}.job 2015-02-27 04:45 - 2012-12-14 09:51 - 00000000 __SHD () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Historia 2015-02-27 04:43 - 2012-12-14 10:32 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-02-27 04:43 - 2012-12-14 09:51 - 00000000 ___HD () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Dane aplikacji 2015-02-27 04:43 - 2012-12-14 09:50 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2015-02-27 04:43 - 2012-12-14 09:50 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2015-02-27 04:43 - 2012-12-14 09:48 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2015-02-27 04:29 - 2008-04-15 13:00 - 00501154 _____ () C:\WINDOWS\system32\perfh015.dat 2015-02-27 04:29 - 2008-04-15 13:00 - 00087904 _____ () C:\WINDOWS\system32\perfc015.dat 2015-02-27 04:15 - 2012-12-14 10:24 - 00000000 ____D () C:\WINDOWS\system32\mui 2015-02-27 03:41 - 2008-04-15 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-27 03:39 - 2012-12-15 13:52 - 00577209 _____ () C:\WINDOWS\setupapi.log 2015-02-27 03:14 - 2012-12-14 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2015-02-27 01:04 - 2012-12-14 09:51 - 00000000 ___RD () C:\Documents and Settings\KaMiLa\Moje dokumenty 2015-02-27 00:17 - 2012-12-14 09:51 - 00000000 __RHD () C:\Documents and Settings\KaMiLa\Dane aplikacji 2015-02-27 00:17 - 2012-12-14 09:51 - 00000000 ___RD () C:\Documents and Settings\KaMiLa\Menu Start\Programy 2015-02-26 22:41 - 2012-12-18 18:29 - 00077617 _____ () C:\WINDOWS\FaxSetup.log 2015-02-26 22:41 - 2012-12-18 18:29 - 00062529 _____ () C:\WINDOWS\ocgen.log 2015-02-26 22:41 - 2012-12-18 18:29 - 00037448 _____ () C:\WINDOWS\tsoc.log 2015-02-26 22:41 - 2012-12-18 18:29 - 00024857 _____ () C:\WINDOWS\comsetup.log 2015-02-26 22:41 - 2012-12-18 18:29 - 00017303 _____ () C:\WINDOWS\ntdtcsetup.log 2015-02-26 22:41 - 2012-12-18 18:29 - 00014196 _____ () C:\WINDOWS\iis6.log 2015-02-26 22:41 - 2012-12-18 18:29 - 00006708 _____ () C:\WINDOWS\ocmsn.log 2015-02-26 22:41 - 2012-12-18 18:29 - 00006508 _____ () C:\WINDOWS\msgsocm.log 2015-02-26 22:41 - 2012-12-18 18:29 - 00001917 _____ () C:\WINDOWS\imsins.log 2015-02-26 18:58 - 2012-12-14 10:30 - 00000211 ___SH () C:\boot.ini 2015-02-26 18:58 - 2008-04-15 13:00 - 00000518 _____ () C:\WINDOWS\win.ini 2015-02-26 18:58 - 2008-04-15 13:00 - 00000227 _____ () C:\WINDOWS\system.ini 2015-02-25 21:20 - 2013-02-10 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-02-23 16:35 - 2012-12-14 12:41 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Dane aplikacji\Mozilla 2015-02-23 04:37 - 2012-12-14 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-02-23 03:37 - 2012-12-14 10:02 - 00000000 ___HD () C:\WINDOWS\$hf_mig$ 2015-02-23 02:20 - 2012-12-14 10:31 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-02-23 01:37 - 2012-12-14 09:51 - 00000000 ____D () C:\Documents and Settings\KaMiLa 2015-02-23 00:36 - 2014-10-24 21:11 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-02-22 21:24 - 2012-12-14 12:00 - 00000000 ____D () C:\Documents and Settings\KaMiLa\Dane aplikacji\AIMP3 2015-02-22 21:15 - 2012-12-14 10:32 - 00001917 _____ () C:\WINDOWS\imsins.BAK 2015-02-22 17:51 - 2012-12-14 09:42 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-21 19:20 - 2012-12-15 13:52 - 00024918 _____ () C:\WINDOWS\setupact.log ==================== Files in the root of some directories ======= 2012-12-30 11:01 - 2014-11-23 21:59 - 0008192 _____ () C:\Documents and Settings\KaMiLa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================