Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01 Ran by admin (administrator) on USER on 08-12-2014 08:29:40 Running from C:\Documents and Settings\admin\Moje dokumenty\Pobrane Loaded Profile: admin (Available profiles: admin & ja1) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe (Lexmark International, Inc.) C:\WINDOWS\system32\LexBceS.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe () C:\Program Files\Kalendarz XP\Kalendarz.exe (K2T.eu, Kaworu) C:\Program Files\K2T\WTW\wtw.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-425070134-1683481979-3785275989-1006\...\Run: [RAMKontroler] => C:\Program Files\XimSoft\RAM Kontroler\RamKontroler.exe IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\groove.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\infopath.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\msaccess.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\mspscan.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\mspub.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\mspview.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\offdiag.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\ois.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\outlook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\vscontentinstaller.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\vslauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\Your Image File Name Here without a path: [Debugger] Startup: C:\Documents and Settings\admin\Menu Start\Programy\Autostart\WTW.lnk ShortcutTarget: WTW.lnk -> C:\Program Files\K2T\WTW\wtw.exe (K2T.eu, Kaworu) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk ShortcutTarget: Kalendarz XP.lnk -> C:\Program Files\Kalendarz XP\Kalendarz.exe () BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\97ul8p60.default-1418023506328 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.) S4 Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [155648 2006-08-11] (Dell Inc.) [File not signed] R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [285184 2001-01-23] (Lexmark International, Inc.) [File not signed] S4 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724344 2012-12-17] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [192280 2014-07-24] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.) R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2009-11-19] (Padus, Inc.) [File not signed] R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [436792 2011-03-27] () [File not signed] R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software) S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2009-11-19] (EnTech Taiwan) [File not signed] S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31872 2008-04-14] (Microsoft Corporation) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 08:25 - 2014-12-08 08:25 - 00000000 ____D () C:\Documents and Settings\admin\Pulpit\Stare dane programu Firefox 2014-12-07 22:11 - 2014-12-08 07:47 - 00025465 _____ () C:\Documents and Settings\admin\Pulpit\GMER.txt 2014-12-07 21:38 - 2014-12-08 08:29 - 00000000 ____D () C:\FRST 2014-12-07 21:12 - 2014-12-07 21:12 - 00634368 _____ () C:\Documents and Settings\admin\Pulpit\Wycinek.shs 2014-12-07 19:32 - 2014-12-07 19:32 - 00000000 ____D () C:\Documents and Settings\admin\Dane aplikacji\WebTest 2014-11-23 18:25 - 2014-11-23 18:25 - 00000000 ____D () C:\Documents and Settings\admin\Dane aplikacji\Thunderbird 2014-11-21 08:03 - 2014-12-08 08:17 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-11-21 08:03 - 2014-11-21 08:03 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log 2014-11-21 07:23 - 2014-11-21 07:23 - 00070416 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-11-20 23:58 - 2014-12-06 12:50 - 00000360 _____ () C:\WINDOWS\setupact.log 2014-11-20 23:58 - 2014-11-20 23:58 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-11-20 23:57 - 2014-11-20 23:57 - 00273376 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-15 16:30 - 2014-11-15 16:30 - 00000783 _____ () C:\Documents and Settings\admin\Pulpit\TuneUp Utilities 2013.lnk 2014-11-15 16:30 - 2014-11-15 16:30 - 00000773 _____ () C:\Documents and Settings\admin\Pulpit\TuneUp Konserwacja 1 kliknięciem.lnk 2014-11-15 16:30 - 2014-11-15 16:30 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013 2014-11-15 16:30 - 2014-11-15 16:30 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\TuneUp Utilities 2013 2014-11-15 16:30 - 2012-12-17 14:27 - 00032184 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe 2014-11-10 22:25 - 2014-12-08 08:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 08:30 - 2009-03-16 15:36 - 00000000 ____D () C:\Documents and Settings\admin\Ustawienia lokalne\Temp 2014-12-08 08:29 - 2014-06-21 06:54 - 00000000 ____D () C:\Documents and Settings\admin\Moje dokumenty\Pobrane 2014-12-08 08:29 - 2009-03-16 15:36 - 00000000 ____D () C:\Documents and Settings\admin\Pulpit 2014-12-08 08:26 - 2009-11-19 07:04 - 00000000 ____D () C:\Program Files\Kalendarz XP 2014-12-08 08:20 - 2008-12-05 12:01 - 01919390 ____C () C:\WINDOWS\WindowsUpdate.log 2014-12-08 08:18 - 2012-06-22 15:50 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-08 08:17 - 2009-03-16 15:36 - 00000000 __SHD () C:\Documents and Settings\admin\Ustawienia lokalne\Historia 2014-12-08 08:17 - 2008-12-05 12:55 - 00000159 ____C () C:\WINDOWS\wiadebug.log 2014-12-08 08:17 - 2008-12-05 12:05 - 00000000 __SHD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2014-12-08 08:16 - 2014-03-12 14:56 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-12-08 08:16 - 2012-06-22 15:50 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-08 08:15 - 2008-12-05 12:05 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT 2014-12-08 08:12 - 2012-07-03 10:44 - 00393216 _____ () C:\WINDOWS\system32\config\TuneUp.evt 2014-12-08 08:12 - 2009-11-18 15:21 - 00000000 __SHD () C:\Documents and Settings\ja1\Ustawienia lokalne\Historia 2014-12-08 08:12 - 2009-11-18 15:21 - 00000000 ____D () C:\Documents and Settings\ja1\Ustawienia lokalne\Temp 2014-12-08 08:12 - 2009-03-16 15:36 - 00000188 __SHC () C:\Documents and Settings\admin\ntuser.ini 2014-12-08 08:12 - 2008-12-05 12:52 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2014-12-08 08:12 - 2008-12-05 12:05 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-08 08:12 - 2008-12-05 12:05 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2014-12-08 08:11 - 2009-11-18 15:21 - 00000000 __RHD () C:\Documents and Settings\ja1\Dane aplikacji 2014-12-08 08:11 - 2008-12-05 12:52 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-12-08 08:10 - 2009-03-16 15:36 - 00000000 __RHD () C:\Documents and Settings\admin\Dane aplikacji 2014-12-08 08:09 - 2009-03-16 15:36 - 00000000 ___RD () C:\Documents and Settings\admin\Menu Start\Programy 2014-12-08 07:48 - 2009-03-16 15:36 - 00000000 ____D () C:\Documents and Settings\admin 2014-12-08 07:13 - 2012-04-03 05:13 - 00000930 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-08 06:45 - 2011-11-19 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2014-12-07 21:13 - 2014-01-12 15:49 - 00002527 _____ () C:\Documents and Settings\All Users\Pulpit\ACDSee 6.0.lnk 2014-12-07 18:57 - 2014-05-31 17:04 - 00000000 ____D () C:\kopie zapasowe EasyUploader 2014-12-06 09:37 - 2004-08-04 13:00 - 00012598 ____C () C:\WINDOWS\system32\wpa.dbl 2014-12-05 07:41 - 2009-03-16 15:36 - 00000000 ___HD () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji 2014-12-03 23:49 - 2010-03-26 17:34 - 00036352 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-03 08:26 - 2014-03-14 16:03 - 00000867 _____ () C:\Documents and Settings\admin\Pulpit\EasyUploader v3.lnk 2014-11-25 23:24 - 2011-02-20 11:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-11-25 22:13 - 2012-04-03 05:13 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-11-25 22:13 - 2011-05-18 05:50 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-11-25 11:09 - 2010-03-22 09:04 - 00000000 __SHD () C:\Documents and Settings\admin\PrivacIE 2014-11-15 16:30 - 2014-10-21 06:58 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software 2014-11-15 16:30 - 2008-12-05 12:52 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy 2014-11-12 04:28 - 2011-01-13 07:05 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2014-11-12 04:25 - 2013-08-14 08:51 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-11-12 04:20 - 2009-11-18 21:31 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-11-11 15:14 - 2012-04-25 12:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-08 15:00 - 2014-03-12 14:56 - 00000216 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================