Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04 Ran by Dom (administrator) on MAX on 17-04-2015 12:48:31 Running from C:\Documents and Settings\Dom\Moje dokumenty\Downloads\naprawa Loaded Profiles: Dom (Available profiles: Dom) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Atheros) C:\WINDOWS\system32\acs.exe () C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbService.exe (Nero AG) D:\programy\nero\Nero 8\Nero BackItUp\NBService.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe () C:\WINDOWS\system32\PnkBstrA.exe () C:\WINDOWS\system32\PnkBstrB.exe () C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\tray.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16380416 2007-07-05] (Realtek Semiconductor Corp.) HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [171520 2008-04-15] (Microsoft Corporation) HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-21-1547161642-1004336348-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.) HKU\S-1-5-21-1547161642-1004336348-682003330-1003\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\S-1-5-21-1547161642-1004336348-682003330-1003 -> DefaultScope {563F15F8-B00F-4504-BC29-5D437AE54313} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1547161642-1004336348-682003330-1003 -> {563F15F8-B00F-4504-BC29-5D437AE54313} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1305660637771 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{B5B9E223-1E74-4463-B861-8C6E9E401CF1}: [NameServer] 194.204.159.1,194.204.152.34 FireFox: ======== Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-17] CHR Extension: (Docs) - C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17] CHR Extension: (Google Drive) - C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-17] CHR Extension: (YouTube) - C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-17] CHR Extension: (Google Search) - C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-17] CHR Extension: (Google Wallet) - C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24] CHR Extension: (Gmail) - C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17] StartMenuInternet: chrome.exe - C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACS; C:\WINDOWS\system32\acs.exe [364629 2007-02-12] (Atheros) [File not signed] R2 Huawei E3372; C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe [240720 2014-03-07] () R2 Nero BackItUp Scheduler 3; D:\programy\nero\Nero 8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2014-02-13] () R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [214520 2015-02-01] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-06-18] (Advanced Micro Devices) S3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [543712 2007-03-27] (Atheros Communications, Inc.) [File not signed] R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [271360 2012-05-03] () [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2011-05-19] (Windows (R) 2000 DDK provider) R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [18048 2012-05-03] () [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-15] (Microsoft Corporation) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [55840 2006-11-15] (Atheros Communications, Inc.) [File not signed] S3 Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS [X] S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 12:24 - 2015-04-17 12:24 - 00004495 _____ () C:\Documents and Settings\Dom\Pulpit\~ESETUninstaller.log 2015-04-17 09:49 - 2015-04-17 09:49 - 00675528 _____ (ESET) C:\Documents and Settings\Dom\Pulpit\ESETUninstaller.exe 2015-04-15 16:05 - 2015-04-15 16:05 - 00000174 _____ () C:\Documents and Settings\Dom\Pulpit\Zaproszenie.txt 2015-04-04 18:27 - 2015-04-04 18:27 - 00000799 _____ () C:\Documents and Settings\Dom\Pulpit\Skrót do Core Temp.lnk 2015-03-23 14:06 - 2015-03-23 14:07 - 00002497 _____ () C:\WINDOWS\ie8Uninst.log 2015-03-22 14:10 - 2015-03-22 14:10 - 00000000 ____D () C:\Program Files\CPUID 2015-03-22 14:10 - 2015-03-22 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\CPUID ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 12:48 - 2015-02-22 01:06 - 00000000 ____D () C:\FRST 2015-04-17 12:48 - 2011-05-17 20:30 - 00000000 ____D () C:\Documents and Settings\Dom\Ustawienia lokalne\Temp 2015-04-17 12:47 - 2011-05-17 20:30 - 00000000 __SHD () C:\Documents and Settings\Dom\Ustawienia lokalne\Historia 2015-04-17 12:47 - 2011-05-17 19:25 - 01492116 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-17 12:46 - 2014-08-21 22:07 - 00000392 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1408651642.job 2015-04-17 12:46 - 2011-05-17 21:20 - 00000157 _____ () C:\WINDOWS\wiadebug.log 2015-04-17 12:46 - 2011-05-17 21:20 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-04-17 12:46 - 2011-05-17 20:51 - 00000104 _____ () C:\WINDOWS\system32\nvapps.xml 2015-04-17 12:46 - 2011-05-17 20:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-17 12:46 - 2011-05-17 20:29 - 00000000 __SHD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2015-04-17 12:45 - 2011-05-17 20:30 - 00000188 ___SH () C:\Documents and Settings\Dom\ntuser.ini 2015-04-17 12:45 - 2011-05-17 20:29 - 00032596 _____ () C:\WINDOWS\SchedLgU.Txt 2015-04-17 12:41 - 2011-05-17 21:17 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-04-17 12:41 - 2011-05-17 20:29 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2015-04-17 12:41 - 2011-05-17 19:28 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2015-04-17 12:40 - 2012-09-02 14:33 - 00000000 ___RD () C:\Documents and Settings\Dom\Pulpit\Programy 2015-04-17 12:40 - 2012-09-02 14:32 - 00000000 ____D () C:\Documents and Settings\Dom\Pulpit\Gry 2015-04-17 12:40 - 2011-05-17 21:16 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-04-17 12:40 - 2011-05-17 20:30 - 00000000 __RHD () C:\Documents and Settings\Dom\Dane aplikacji 2015-04-17 12:40 - 2011-05-17 20:30 - 00000000 ___HD () C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji 2015-04-17 12:40 - 2011-05-17 20:30 - 00000000 ____D () C:\Documents and Settings\Dom\Pulpit 2015-04-17 12:36 - 2011-05-28 10:57 - 00000000 ____D () C:\Program Files\Opera 2015-04-17 12:36 - 2011-05-17 21:17 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-04-17 12:34 - 2011-05-17 21:18 - 00764054 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-17 12:34 - 2001-10-26 22:15 - 00355830 _____ () C:\WINDOWS\system32\perfh015.dat 2015-04-17 12:34 - 2001-10-26 22:15 - 00049712 _____ () C:\WINDOWS\system32\perfc015.dat 2015-04-17 12:31 - 2011-05-20 11:23 - 00000000 ____D () C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Adobe 2015-04-17 12:31 - 2011-05-20 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2015-04-17 12:31 - 2011-05-17 21:17 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-04-17 12:10 - 2011-10-17 20:20 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1004336348-682003330-1003UA.job 2015-04-17 10:06 - 2011-06-13 21:31 - 00000000 ____D () C:\Documents and Settings\Dom\Dane aplikacji\TS3Client 2015-04-16 20:10 - 2011-10-17 20:20 - 00001072 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1004336348-682003330-1003Core.job 2015-04-16 16:46 - 2011-05-17 21:25 - 00000458 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{2AE9BA8D-54A0-481A-8795-87D247F73DA3}.job 2015-04-07 17:30 - 2011-05-17 21:17 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start 2015-04-07 17:29 - 2012-12-12 17:00 - 00000000 ____D () C:\Program Files\Ubisoft 2015-04-07 17:18 - 2011-05-17 20:30 - 00000000 ___RD () C:\Documents and Settings\Dom\Moje dokumenty\Moje obrazy 2015-04-07 17:10 - 2011-05-17 20:30 - 00000000 ___RD () C:\Documents and Settings\Dom\Moje dokumenty 2015-04-07 17:05 - 2011-10-29 21:21 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini 2015-04-07 17:05 - 2011-05-17 21:44 - 00150528 _____ () C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-07 16:46 - 2011-05-18 17:43 - 00000000 ____D () C:\Documents and Settings\Dom\.gimp-2.6 2015-04-07 14:39 - 2014-02-24 19:43 - 00536012 _____ () C:\WINDOWS\setupapi.log 2015-04-06 11:23 - 2011-05-17 19:23 - 00093215 _____ () C:\WINDOWS\wmsetup.log 2015-04-05 22:13 - 2013-11-24 17:36 - 00002292 _____ () C:\Documents and Settings\Dom\Pulpit\Google Chrome.lnk 2015-04-04 20:18 - 2013-11-05 15:58 - 00000000 ____D () C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Akamai 2015-03-24 00:10 - 2011-05-17 21:14 - 00000223 ___SH () C:\boot.ini 2015-03-24 00:10 - 2001-07-22 04:16 - 00000890 _____ () C:\WINDOWS\win.ini 2015-03-24 00:10 - 2001-07-22 04:15 - 00000227 _____ () C:\WINDOWS\system.ini 2015-03-23 14:07 - 2011-05-17 21:18 - 01872291 _____ () C:\WINDOWS\iis6.log 2015-03-23 14:07 - 2011-05-17 21:18 - 00760640 _____ () C:\WINDOWS\tsoc.log 2015-03-23 14:07 - 2011-05-17 21:18 - 00568189 _____ () C:\WINDOWS\comsetup.log 2015-03-23 14:07 - 2011-05-17 21:18 - 00340257 _____ () C:\WINDOWS\ntdtcsetup.log 2015-03-23 14:07 - 2011-05-17 21:18 - 00102243 _____ () C:\WINDOWS\ocmsn.log 2015-03-23 14:07 - 2011-05-17 21:18 - 00085141 _____ () C:\WINDOWS\tabletoc.log 2015-03-23 14:07 - 2011-05-17 21:18 - 00001374 _____ () C:\WINDOWS\imsins.log 2015-03-23 14:06 - 2011-05-17 21:18 - 01629252 _____ () C:\WINDOWS\FaxSetup.log 2015-03-23 14:06 - 2011-05-17 21:18 - 00915599 _____ () C:\WINDOWS\ocgen.log 2015-03-23 14:06 - 2011-05-17 21:18 - 00526056 _____ () C:\WINDOWS\msmqinst.log 2015-03-23 14:06 - 2011-05-17 21:18 - 00287155 _____ () C:\WINDOWS\netfxocm.log 2015-03-23 14:06 - 2011-05-17 21:18 - 00113979 _____ () C:\WINDOWS\MedCtrOC.log 2015-03-23 14:06 - 2011-05-17 21:18 - 00082348 _____ () C:\WINDOWS\msgsocm.log 2015-03-22 14:07 - 2011-05-17 20:30 - 00000000 ___RD () C:\Documents and Settings\Dom\Menu Start\Programy ==================== Files in the root of some directories ======= 2014-02-12 13:31 - 2014-02-12 13:31 - 0138056 _____ () C:\Documents and Settings\Dom\Dane aplikacji\PnkBstrK.sys 2011-05-17 21:44 - 2015-04-07 17:05 - 0150528 _____ () C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================