Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014 Ran by Primus Girrafus at 2014-12-18 19:55:01 Running from C:\Documents and Settings\Primus Girrafus\Moje dokumenty\Pobrane Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Disabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-776561741-1935655697-839522115-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.) 1.1.3 (HKLM\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation) AP Tuner 3.08 (HKLM\...\AP Tuner 3.08) (Version: - ) Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP) COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.) ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) EasyCleaner (HKLM\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - ) eMule (HKLM\...\eMule) (Version: - ) EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Folder Size 1.2.0.0 (HKLM\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1) (Version: 1.2.0.0 - MindGems, Inc.) GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP) HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan) Komputerowy Słownik Niemiecko-Polski 0.8.2 (HKLM\...\Komputerowy Słownik Niemiecko-Polski_is1) (Version: - Maciej Pańków) MetaTrader FIX (HKLM\...\{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}) (Version: - MetaQuotes Software Corp.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK (HKLM\...\{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK (HKLM\...\{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 34.0 (x86 pl) (HKLM\...\Mozilla Firefox 34.0 (x86 pl)) (Version: 34.0 - Mozilla) MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP) PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden PIT Format 2013 (HKLM\...\PIT Format 2013_is1) (Version: - Biuro Informatyki Stosowanej FORMAT) Platform (Version: 1.13 - VIA Technologies, Inc.) Hidden QT Lite 2.8.0 (HKLM\...\qt7lite_is1) (Version: 2.8.0 - ) Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.) ScannerCopy (Version: 7.0.0.0 - Hewlett-Packard) Hidden ScanSoft PaperPort 11 (HKLM\...\{D7659F54-7502-4312-AA24-F103C92C26F5}) (Version: 11.1.0000 - Nuance Communications, Inc.) StarCalc 5.72 (HKLM\...\StarCalc) (Version: - ) Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden SubEdit-Player (HKLM\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora) SystemTL+ (HKLM\...\SystemTL+) (Version: - ) Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden TP-LINK 150Mbps Wireless N USB Adapter Driver (HKLM\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK) TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK) TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden Unload (Version: 7.0.0 - Hewlett-Packard) Hidden VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.13 - VIA Technologies, Inc.) ViewSonic Windows XP Signed Files (HKLM\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - ) VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden Winamp (HKLM\...\Winamp) (Version: 5.622 - Nullsoft, Inc) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Support Tools (HKLM\...\{8398B542-3CC4-44D9-83DF-696CCE70124B}) (Version: 5.1.2510.0 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.175805 - Microsoft Corporation) WinRAR 4.01 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) Wise Registry Cleaner 5.9.4 (HKLM\...\Wise Registry Cleaner_is1) (Version: 5.9.4 - ZhiQing Soft, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 11-12-2014 17:15:07 Removed Companion Suite Pro LL2. 11-12-2014 17:20:27 Removed Companion Suite Pro LL2 Drivers. 12-12-2014 21:37:34 Punkt kontrolny systemu 15-12-2014 21:16:41 Removed PC Connectivity Solution 16-12-2014 19:13:45 Removed Microsoft Silverlight 18-12-2014 18:25:57 Zainstalowano: TuneUp Utilities 2013 18-12-2014 19:13:16 Usunięto: TuneUp Utilities 2013 18-12-2014 19:14:35 Usunięto: TuneUp Utilities Language Pack (pl-PL) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2001-10-26 18:45 - 2014-09-20 12:58 - 00000027 ____A C:\WINNT\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINNT\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: C:\WINNT\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: C:\WINNT\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: C:\WINNT\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: C:\WINNT\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINNT\system32\xp_eos.exe Task: C:\WINNT\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINNT\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-01 10:49 - 2012-10-18 15:28 - 00846848 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe 2014-11-01 10:49 - 2012-10-18 15:28 - 01411072 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll 2014-11-01 10:48 - 2012-06-12 14:43 - 00193024 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll 2014-11-01 10:47 - 2012-06-12 14:44 - 00234496 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WJAth.dll 2014-11-01 10:47 - 2012-05-25 16:29 - 00024576 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\IAthWcAPI.dll 2014-11-01 10:47 - 2012-06-12 14:44 - 00077824 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe 2014-12-08 20:42 - 2014-12-08 20:43 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-12-13 19:35 - 2014-12-13 19:35 - 16843952 _____ () C:\WINNT\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\WINNT\grep.exe:$CmdTcID AlternateDataStreams: C:\WINNT\MBR.exe:$CmdTcID AlternateDataStreams: C:\WINNT\NIRCMD.exe:$CmdTcID AlternateDataStreams: C:\WINNT\PEV.exe:$CmdTcID AlternateDataStreams: C:\WINNT\sed.exe:$CmdTcID AlternateDataStreams: C:\WINNT\SWREG.exe:$CmdTcID AlternateDataStreams: C:\WINNT\SWSC.exe:$CmdTcID AlternateDataStreams: C:\WINNT\SWXCACLS.exe:$CmdTcID AlternateDataStreams: C:\WINNT\zip.exe:$CmdTcID AlternateDataStreams: C:\WINNT\system32\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 AlternateDataStreams: C:\Documents and Settings\Primus Girrafus\Pulpit\OTL.exe:$CmdTcID AlternateDataStreams: C:\Documents and Settings\Primus Girrafus\Pulpit\OTL.exe:$CmdZnID AlternateDataStreams: C:\Documents and Settings\Primus Girrafus\Downloads\Trojan Remover 6.8.8.2623 [1].exe:$CmdTcID AlternateDataStreams: C:\Documents and Settings\Primus Girrafus\Moje dokumenty\Czyszczenie dysku - zwalnianie miejsca w Windows XP - Wydajny Komputer.htm:$CmdZnID AlternateDataStreams: C:\Documents and Settings\Primus Girrafus\Moje dokumenty\Optymalizacja i przyspieszanie systemu Windows XP - Wydajny Komputer.htm:$CmdZnID AlternateDataStreams: C:\Documents and Settings\Primus Girrafus\Moje dokumenty\Triki i sztuczki - konfiguracja i ustawienia Windows XP - Wydajny Komputer.htm:$CmdZnID AlternateDataStreams: C:\Documents and Settings\Primus Girrafus\Moje dokumenty\tworzenie skryptów.pdf:$CmdZnID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-776561741-1935655697-839522115-500 - Administrator - Enabled) ASPNET (S-1-5-21-776561741-1935655697-839522115-1002 - Limited - Enabled) Gość (S-1-5-21-776561741-1935655697-839522115-501 - Limited - Enabled) Pomocnik (S-1-5-21-776561741-1935655697-839522115-1000 - Limited - Disabled) Primus Girrafus (S-1-5-21-776561741-1935655697-839522115-1001 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Primus Girrafus ==================== Faulty Device Manager Devices ============= Name: Karta VIA PCI 10/100Mb Fast Ethernet Description: Karta VIA PCI 10/100Mb Fast Ethernet Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: VIA Technologies, Inc. Service: FETNDIS Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/18/2014 07:00:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd roguekiller.exe, wersja 10.1.0.0, moduł powodujący błąd roguekiller.exe, wersja 10.1.0.0, adres błędu 0x001a38b0. Przetwarzanie zdarzenia określonego nośnika dla [roguekiller.exe!ws!] Error: (12/18/2014 06:36:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd roguekiller.exe, wersja 10.1.0.0, moduł powodujący błąd roguekiller.exe, wersja 10.1.0.0, adres błędu 0x001a38b0. Przetwarzanie zdarzenia określonego nośnika dla [roguekiller.exe!ws!] Error: (12/18/2014 05:50:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd stinger32.exe, wersja 12.1.0.1260, moduł powodujący błąd stinger32.exe, wersja 12.1.0.1260, adres błędu 0x00003e54. Przetwarzanie zdarzenia określonego nośnika dla [stinger32.exe!ws!] Error: (12/18/2014 05:28:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd roguekiller.exe, wersja 10.1.0.0, moduł powodujący błąd roguekiller.exe, wersja 10.1.0.0, adres błędu 0x001a38b0. Przetwarzanie zdarzenia określonego nośnika dla [roguekiller.exe!ws!] Error: (12/18/2014 05:24:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd roguekiller.exe, wersja 10.1.0.0, moduł powodujący błąd roguekiller.exe, wersja 10.1.0.0, adres błędu 0x001a38b0. Przetwarzanie zdarzenia określonego nośnika dla [roguekiller.exe!ws!] Error: (12/18/2014 03:38:32 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: , wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. System errors: ============= Error: (12/18/2014 06:38:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa TuneUp Theme Extension zależy od usługi Kompozycje, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/17/2014 09:48:15 PM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (12/17/2014 09:47:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: viaagp ViaIde Error: (12/17/2014 06:45:57 PM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (12/17/2014 06:45:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: viaagp ViaIde Error: (12/17/2014 05:42:54 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\IdePort0 Error: (12/17/2014 05:33:21 PM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (12/17/2014 05:33:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: viaagp ViaIde Microsoft Office Sessions: ========================= Error: (10/07/2014 06:04:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: AMD Athlon(tm) XP 2400+ Percentage of memory in use: 38% Total physical RAM: 2303.48 MB Available physical RAM: 1407.27 MB Total Pagefile: 2952.43 MB Available Pagefile: 2040.82 MB Total Virtual: 2047.88 MB Available Virtual: 1945.11 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:14.25 GB) (Free:4.76 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive e: (CD113A6) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 14.3 GB) (Disk ID: CCF5CCF5) Partition 1: (Active) - (Size=14.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================