Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 Ran by Małgorzta Żendzian (administrator) on GAB-EKG on 28-01-2015 14:12:35 Running from C:\ Loaded Profiles: Małgorzta Żendzian (Available profiles: Małgorzta Żendzian & Administrator) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski Internet Explorer Version 6 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM Group Policy restriction on software: C:\Program Files\Common Files\G DATA <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\G DATA <====== ATTENTION Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) URLSearchHook: HKU\S-1-5-21-2025429265-1715567821-1801674531-1005 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FireFox: ======== ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed] S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.) [File not signed] S3 ASNDIS5; C:\WINDOWS\ATK0100\ASNDIS5.SYS [16269 2004-05-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 AtcL002; C:\WINDOWS\System32\DRIVERS\atl02_xp.sys [27776 2006-08-14] (Attansic Technology corporation.) S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt32.sys [20096 2015-01-20] (G Data Software AG) R2 GDTdiInterceptor; C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [53248 2015-01-28] (G Data Software AG) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5632 2005-02-17] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 StkCMini; C:\WINDOWS\System32\Drivers\StkCMini.sys [1245056 2007-02-13] (Syntek) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 14:12 - 2015-01-28 14:12 - 00003738 _____ () C:\FRST.txt 2015-01-28 14:12 - 2015-01-28 14:10 - 00380416 _____ () C:\x4lpb6ys.exe 2015-01-28 14:12 - 2015-01-28 14:09 - 01121280 _____ (Farbar) C:\FRST.exe 2015-01-28 12:17 - 2015-01-28 12:17 - 00053248 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDTdiIcpt.sys 2015-01-28 12:17 - 2015-01-28 12:17 - 00002214 _____ () C:\WINDOWS\DPINST.LOG 2015-01-28 12:17 - 2015-01-28 12:17 - 00001632 _____ () C:\Documents and Settings\All Users\Pulpit\G DATA ANTIVIRUS.lnk 2015-01-28 12:17 - 2015-01-28 12:17 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\G DATA ANTIVIRUS 2015-01-28 12:15 - 2015-01-28 12:15 - 00000000 ____D () C:\Program Files\Common Files\G Data 2015-01-28 12:11 - 2015-01-28 12:11 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-28 12:10 - 2015-01-28 12:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-28 11:09 - 2015-01-28 11:12 - 00006790 _____ () C:\WINDOWS\FaxSetup.log 2015-01-28 11:09 - 2015-01-28 11:12 - 00005945 _____ () C:\WINDOWS\ocgen.log 2015-01-28 11:09 - 2015-01-28 11:12 - 00003932 _____ () C:\WINDOWS\tsoc.log 2015-01-28 11:09 - 2015-01-28 11:12 - 00002318 _____ () C:\WINDOWS\comsetup.log 2015-01-28 11:09 - 2015-01-28 11:12 - 00001917 _____ () C:\WINDOWS\imsins.log 2015-01-28 11:09 - 2015-01-28 11:12 - 00001604 _____ () C:\WINDOWS\ntdtcsetup.log 2015-01-28 11:09 - 2015-01-28 11:12 - 00000979 _____ () C:\WINDOWS\iis6.log 2015-01-28 11:09 - 2015-01-28 11:12 - 00000469 _____ () C:\WINDOWS\ocmsn.log 2015-01-28 11:09 - 2015-01-28 11:12 - 00000430 _____ () C:\WINDOWS\msgsocm.log 2015-01-28 11:09 - 2015-01-28 11:09 - 00001489 _____ () C:\WINDOWS\setupapi.log 2015-01-28 11:09 - 2015-01-28 11:09 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-28 11:09 - 2015-01-28 11:09 - 00000000 _____ () C:\WINDOWS\setupact.log 2015-01-28 11:07 - 2015-01-28 11:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp 2015-01-28 11:07 - 2015-01-28 11:07 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2015-01-28 11:05 - 2015-01-28 11:05 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty\Moje wideo 2015-01-28 11:05 - 2015-01-28 11:05 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy 2015-01-28 11:05 - 2015-01-28 11:05 - 00000000 ___RD () C:\Documents and Settings\Administrator\Moje dokumenty\Moja muzyka 2015-01-28 11:05 - 2015-01-28 11:05 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Narzędzia administracyjne 2015-01-28 11:01 - 2015-01-28 11:06 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2015-01-28 11:01 - 2015-01-28 11:05 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy 2015-01-28 11:01 - 2015-01-28 11:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2015-01-28 11:01 - 2015-01-28 11:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Moje dokumenty 2015-01-28 11:01 - 2015-01-28 11:05 - 00000000 ____D () C:\Documents and Settings\Administrator 2015-01-28 11:01 - 2014-12-18 11:55 - 00015376 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-01-28 11:01 - 2014-12-18 11:55 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2015-01-28 11:01 - 2012-06-26 12:31 - 00000000 __RHD () C:\Documents and Settings\Administrator\Dane aplikacji 2015-01-28 11:01 - 2012-06-26 12:31 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart 2015-01-28 11:01 - 2012-06-26 12:31 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start 2015-01-28 11:01 - 2012-06-26 12:31 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2015-01-28 11:01 - 2012-06-26 12:31 - 00000000 ___HD () C:\Documents and Settings\Administrator\Ustawienia lokalne 2015-01-28 11:01 - 2012-06-26 12:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Ulubione 2015-01-28 11:01 - 2012-06-26 12:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Pulpit 2015-01-28 11:01 - 2012-06-26 10:42 - 00001599 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk 2015-01-28 11:01 - 2012-06-26 10:42 - 00000792 _____ () C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk 2015-01-28 11:01 - 2012-06-26 10:42 - 00000000 ___RD () C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria 2015-01-28 11:01 - 2012-06-26 10:37 - 00000000 ___HD () C:\Documents and Settings\Administrator\Szablony 2015-01-28 10:17 - 2015-01-28 10:17 - 00000404 _____ () C:\Documents and Settings\Małgorzta Żendzian\Moje dokumenty\cc_20150128_101752.reg 2015-01-28 10:13 - 2015-01-28 10:13 - 00001512 _____ () C:\Documents and Settings\Małgorzta Żendzian\Moje dokumenty\cc_20150128_101318.reg 2015-01-23 14:57 - 2015-01-23 14:58 - 00386960 _____ () C:\Documents and Settings\Małgorzta Żendzian\Moje dokumenty\cc_20150123_145757.reg 2015-01-20 16:54 - 2015-01-28 14:12 - 00000000 ____D () C:\FRST 2015-01-20 16:43 - 2015-01-28 14:12 - 00000000 ____D () C:\Documents and Settings\Małgorzta Żendzian\Ustawienia lokalne\temp 2015-01-20 16:26 - 2015-01-20 16:26 - 00000000 ___RD () C:\Documents and Settings\Małgorzta Żendzian\Moje dokumenty\Moje wideo 2015-01-20 16:26 - 2015-01-20 16:26 - 00000000 ___RD () C:\Documents and Settings\Małgorzta Żendzian\Menu Start\Programy\Narzędzia administracyjne 2015-01-20 16:05 - 2015-01-20 16:05 - 00020096 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDKBFlt32.sys 2015-01-20 16:05 - 2015-01-20 16:05 - 00000779 _____ () C:\Documents and Settings\Małgorzta Żendzian\Dane aplikacji\gdscan.log 2015-01-20 15:23 - 2015-01-28 12:15 - 00000000 ____D () C:\Program Files\G DATA 2015-01-20 15:22 - 2015-01-28 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\G Data 2015-01-20 15:19 - 2014-11-14 12:54 - 365807152 _____ (G Data Software AG) C:\Documents and Settings\Małgorzta Żendzian\Pulpit\setup_av.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 12:21 - 2012-06-26 10:40 - 01447668 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-28 12:20 - 2014-03-07 07:52 - 00000248 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-01-28 12:20 - 2012-06-26 12:34 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-01-28 12:20 - 2012-06-26 12:34 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-01-28 12:19 - 2012-06-26 10:44 - 00032546 _____ () C:\WINDOWS\SchedLgU.Txt 2015-01-28 12:17 - 2012-06-26 12:31 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy 2015-01-28 12:17 - 2012-06-26 12:31 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit 2015-01-28 12:14 - 2012-06-26 12:23 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-01-28 12:11 - 2012-06-26 10:39 - 00000000 ____D () C:\WINDOWS\system32\Restore 2015-01-28 12:09 - 2012-06-26 10:47 - 00000188 ___SH () C:\Documents and Settings\Małgorzta Żendzian\ntuser.ini 2015-01-28 12:00 - 2012-06-26 10:47 - 00000000 ___HD () C:\Documents and Settings\Małgorzta Żendzian\Ustawienia lokalne\Dane aplikacji 2015-01-28 11:26 - 2012-10-04 14:41 - 00000000 ____D () C:\Documents and Settings\Małgorzta Żendzian\Ustawienia lokalne\Dane aplikacji\Temp 2015-01-28 11:26 - 2012-06-26 10:47 - 00000000 __RHD () C:\Documents and Settings\Małgorzta Żendzian\Dane aplikacji 2015-01-28 11:24 - 2012-06-26 12:31 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2015-01-28 11:07 - 2012-06-26 10:44 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Ustawienia lokalne 2015-01-28 11:07 - 2012-06-26 10:44 - 00000000 ___HD () C:\Documents and Settings\LocalService\Ustawienia lokalne 2015-01-28 10:59 - 2012-06-26 10:47 - 00000000 ____D () C:\Documents and Settings\Małgorzta Żendzian 2015-01-28 10:29 - 2012-09-04 06:49 - 00000000 ____D () C:\Program Files\Adobe 2015-01-28 10:17 - 2012-06-26 10:47 - 00000000 ___RD () C:\Documents and Settings\Małgorzta Żendzian\Moje dokumenty 2015-01-28 10:09 - 2008-04-15 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-01-23 14:38 - 2012-06-26 12:31 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2015-01-23 14:09 - 2012-06-26 12:12 - 00000000 ____D () C:\Documents and Settings\Małgorzta Żendzian\Moje dokumenty\Pobieranie 2015-01-20 16:43 - 2012-06-26 10:47 - 00000000 ___HD () C:\Documents and Settings\Małgorzta Żendzian\Ustawienia lokalne 2015-01-20 16:40 - 2008-04-15 13:00 - 00000227 _____ () C:\WINDOWS\system.ini 2015-01-20 16:32 - 2012-06-26 12:30 - 00000327 __RSH () C:\boot.ini 2015-01-20 16:26 - 2012-06-26 12:31 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty 2015-01-20 16:26 - 2012-06-26 10:47 - 00000000 ___RD () C:\Documents and Settings\Małgorzta Żendzian\Menu Start\Programy 2015-01-20 16:06 - 2014-11-14 15:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\JetFlash220x 2015-01-20 15:56 - 2014-05-20 14:14 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2015-01-20 15:56 - 2012-06-26 12:23 - 00000000 ____D () C:\WINDOWS\system32\mui 2015-01-20 15:40 - 2014-11-18 16:08 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Package Cache 2015-01-20 15:19 - 2012-06-26 10:47 - 00000000 ____D () C:\Documents and Settings\Małgorzta Żendzian\Pulpit 2015-01-08 17:39 - 2014-03-07 07:52 - 00000242 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job ==================== Files in the root of some directories ======= 2015-01-20 16:05 - 2015-01-20 16:05 - 0000779 _____ () C:\Documents and Settings\Małgorzta Żendzian\Dane aplikacji\gdscan.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================