Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2014 Ran by BOREK (administrator) on BOREK-1 on 15-12-2014 08:29:44 Running from C:\Documents and Settings\BOREK\Moje dokumenty\Pobrane Loaded Profile: BOREK (Available profiles: BOREK) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 7 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Atheros) C:\WINDOWS\system32\acs.exe (Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Documents and Settings\BOREK\Moje dokumenty\Pobrane\FRST(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2014-12-13] (AVAST Software) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKU\S-1-5-21-1229272821-1343024091-725345543-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ SearchScopes: HKU\S-1-5-21-1229272821-1343024091-725345543-1005 -> {27B011E5-1F0E-4B49-A545-170776A27CFE} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} Toolbar: HKU\S-1-5-21-1229272821-1343024091-725345543-1005 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\BOREK\Dane aplikacji\Mozilla\Firefox\Profiles\8y5blqxk.default-1418628424968 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1229272821-1343024091-725345543-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-24] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acs; C:\WINDOWS\system32\acs.exe [364628 2007-04-06] (Atheros) [File not signed] R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [430080 2006-11-22] (ATI Technologies Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-15] (AVAST Software) S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation) S3 alcan5wn; C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) S3 alcaudsl; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices) R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [546112 2007-04-05] (Atheros Communications, Inc.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-15] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-15] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-15] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-15] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-15] () R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2829824 2006-11-22] (ATI Technologies Inc.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-21] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-21] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-21] (HP) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 SDVC05; C:\WINDOWS\System32\Drivers\SDVC05.sys [18088 2003-07-22] (HaSoInTech) [File not signed] S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57216 2007-05-14] (Atheros Communications, Inc.) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 08:27 - 2014-12-15 08:27 - 00000000 ____D () C:\Documents and Settings\BOREK\Pulpit\Stare dane programu Firefox 2014-12-15 08:13 - 2014-12-15 08:13 - 00000000 ____D () C:\MATS 2014-12-15 08:10 - 2014-12-15 08:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Windows PowerShell 1.0 2014-12-15 08:09 - 2014-12-15 08:22 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-12-15 08:09 - 2014-12-15 08:10 - 00030614 _____ () C:\WINDOWS\KB926139-v2.log 2014-12-15 08:09 - 2014-12-15 08:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$ 2014-12-15 08:09 - 2014-12-15 08:09 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell 2014-12-12 11:05 - 2014-12-15 08:29 - 00000000 ____D () C:\FRST 2014-12-12 10:40 - 2014-12-12 10:46 - 00000000 ____D () C:\AdwCleaner 2014-12-12 10:33 - 2014-12-12 10:33 - 00015360 ___SH () C:\Documents and Settings\BOREK\Moje dokumenty\Thumbs.db 2014-12-10 09:26 - 2014-12-10 09:26 - 00000000 ____D () C:\Documents and Settings\BOREK\Pulpit\dom 2014-12-01 23:03 - 2014-12-15 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-16 13:34 - 2014-11-16 13:34 - 00000000 ____D () C:\WAR2 2014-11-16 10:43 - 2014-11-28 18:12 - 00000000 ____D () C:\Program Files\War2Combat 2014-11-16 10:43 - 2014-11-16 10:43 - 00001664 _____ () C:\Documents and Settings\BOREK\Pulpit\War2Combat.lnk 2014-11-16 10:43 - 2014-11-16 10:43 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Warcraft 2 Combat Edition 2014-11-15 09:44 - 2014-11-15 09:44 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-11-15 09:44 - 2014-11-15 09:44 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 08:30 - 2007-11-11 12:59 - 00000000 ____D () C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp 2014-12-15 08:29 - 2014-06-12 06:54 - 00000000 ____D () C:\Documents and Settings\BOREK\Moje dokumenty\Pobrane 2014-12-15 08:28 - 2012-07-09 17:34 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-12-15 08:27 - 2007-11-11 12:59 - 00000000 ____D () C:\Documents and Settings\BOREK\Pulpit 2014-12-15 08:25 - 2007-11-11 12:49 - 01466336 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-15 08:23 - 2014-03-21 18:51 - 00000222 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2014-12-15 08:23 - 2013-03-06 14:03 - 00001416 _____ () C:\WINDOWS\spupdsvc.log 2014-12-15 08:23 - 2007-11-11 13:40 - 00000157 _____ () C:\WINDOWS\wiadebug.log 2014-12-15 08:23 - 2007-11-11 13:40 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-12-15 08:23 - 2007-11-11 12:59 - 00000000 __SHD () C:\Documents and Settings\BOREK\Ustawienia lokalne\Historia 2014-12-15 08:23 - 2007-11-11 12:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-15 08:23 - 2007-11-11 12:58 - 00000000 __SHD () C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2014-12-15 08:23 - 2007-11-11 12:55 - 00000000 __SHD () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2014-12-15 08:22 - 2007-11-11 12:58 - 00032490 _____ () C:\WINDOWS\SchedLgU.Txt 2014-12-15 08:21 - 2007-11-11 12:51 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-12-15 08:16 - 2007-11-11 13:37 - 00000000 __SHD () C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2014-12-15 08:16 - 2007-11-11 12:59 - 00000000 ___HD () C:\Documents and Settings\BOREK\Ustawienia lokalne\Dane aplikacji 2014-12-15 08:16 - 2007-11-11 12:58 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2014-12-15 08:13 - 2007-11-11 12:59 - 00000000 __RHD () C:\Documents and Settings\BOREK\Dane aplikacji 2014-12-15 08:11 - 2007-11-11 12:47 - 00000000 ____D () C:\WINDOWS\system32\Restore 2014-12-15 08:10 - 2012-08-16 15:31 - 00523501 _____ () C:\WINDOWS\FaxSetup.log 2014-12-15 08:10 - 2012-08-16 15:31 - 00479108 _____ () C:\WINDOWS\setupapi.log 2014-12-15 08:10 - 2012-08-16 15:31 - 00251260 _____ () C:\WINDOWS\ocgen.log 2014-12-15 08:10 - 2012-08-16 15:31 - 00201201 _____ () C:\WINDOWS\tsoc.log 2014-12-15 08:10 - 2012-08-16 15:31 - 00174679 _____ () C:\WINDOWS\comsetup.log 2014-12-15 08:10 - 2012-08-16 15:31 - 00105828 _____ () C:\WINDOWS\ntdtcsetup.log 2014-12-15 08:10 - 2012-08-16 15:31 - 00083866 _____ () C:\WINDOWS\iis6.log 2014-12-15 08:10 - 2012-08-16 15:31 - 00032810 _____ () C:\WINDOWS\ocmsn.log 2014-12-15 08:10 - 2012-08-16 15:31 - 00026265 _____ () C:\WINDOWS\msgsocm.log 2014-12-15 08:10 - 2012-08-16 15:31 - 00001393 _____ () C:\WINDOWS\imsins.log 2014-12-15 08:10 - 2007-11-11 13:37 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2014-12-15 08:09 - 2013-03-06 13:43 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-15 07:58 - 2007-11-11 12:52 - 00000000 ____D () C:\Program Files\Java 2014-12-15 07:56 - 2009-02-04 12:07 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2014-12-15 07:56 - 2007-11-11 14:31 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-12-15 07:56 - 2007-11-11 14:31 - 00000000 ____D () C:\Program Files\Adobe 2014-12-13 07:49 - 2007-11-11 12:59 - 00000188 ___SH () C:\Documents and Settings\BOREK\ntuser.ini 2014-12-12 10:33 - 2007-11-11 12:59 - 00000000 ___RD () C:\Documents and Settings\BOREK\Ulubione 2014-12-12 10:33 - 2007-11-11 12:59 - 00000000 ___RD () C:\Documents and Settings\BOREK\Moje dokumenty 2014-12-11 21:23 - 2012-02-15 13:00 - 00036864 _____ () C:\Documents and Settings\BOREK\Pulpit\RACHUNKI ANIA.xls 2014-12-10 10:11 - 2012-06-02 11:50 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-12-10 10:11 - 2011-07-23 10:43 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-12-10 06:02 - 2013-07-20 08:18 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-10 05:58 - 2007-11-11 15:33 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-06 14:49 - 2004-08-04 13:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl 2014-12-05 10:02 - 2007-12-24 14:40 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini 2014-12-02 20:43 - 2012-10-02 09:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-02 15:49 - 2014-03-01 10:52 - 00004492 _____ () C:\WINDOWS\wmsetup.log 2014-12-01 14:14 - 2007-11-29 10:56 - 00000000 ____D () C:\Documents and Settings\BOREK\Gadu-Gadu 2014-11-25 16:27 - 2014-10-13 20:01 - 00000486 ____H () C:\Documents and Settings\BOREK\Pulpit\[Premiu.pl.Planes.2013.PLDUB.MD.480p.BRRip.XviD.AC3-J25.avi.ini 2014-11-25 16:27 - 2014-07-07 19:17 - 00000444 ____H () C:\Documents and Settings\BOREK\Pulpit\Safe.2012.PL.BRRip.XviD-BiDA.avi.ini 2014-11-22 09:53 - 2011-05-24 13:49 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-11-21 08:35 - 2008-04-03 08:33 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-11-16 12:08 - 2007-11-11 13:37 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2014-11-15 09:44 - 2014-04-25 12:05 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-11-15 09:44 - 2013-03-06 06:35 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-11-15 09:44 - 2013-03-06 06:35 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-11-15 09:44 - 2013-03-06 06:35 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-11-15 09:44 - 2007-11-11 13:27 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-11-15 09:44 - 2007-11-11 13:27 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================