Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:09-12-2015 Uruchomiony przez Mariush (administrator) MARIUSZ-5152694 (12-12-2015 12:54:11) Uruchomiony z C:\Documents and Settings\Mariush\Pulpit\frst Załadowane profile: Mariush & UpdatusUser (Dostępne profile: Mariush & UpdatusUser) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe () C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_1215tb\AVG-Secure-Search-Update_1215tb.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe () C:\Program Files\AVG Web TuneUp\vprot.exe (iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe (tsvr.com) C:\Documents and Settings\Mariush\Dane aplikacji\TSv\TSvr.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19522592 2010-03-26] (Realtek Semiconductor Corp.) HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-10-16] () HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2811792 2015-12-10] () HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software) HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft) HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Dane aplikacji\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-01-19] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-682003330-1383384898-2147005927-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-682003330-1383384898-2147005927-1003\...\Run: [Google+ Auto Backup] => "C:\Program Files\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart HKU\S-1-5-21-682003330-1383384898-2147005927-1003\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe HKU\S-1-5-21-682003330-1383384898-2147005927-1003\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom) HKU\S-1-5-21-682003330-1383384898-2147005927-1003\...\MountPoints2: {743580c7-4398-11e3-9884-000e2e77112c} - G:\Autorun.exe HKU\S-1-5-21-682003330-1383384898-2147005927-1003\...\MountPoints2: {e311c945-004e-11e4-9ad8-000e2e77112c} - H:\Startme.exe HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [116648 2014-02-09] (Google Inc.) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk [2015-01-25] ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) Startup: C:\Documents and Settings\Mariush\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk [2015-10-16] ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D965FF3C-87F1-4DF4-8B11-9CFF5F722CF8}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449655768&z=18f85ed3605dda7207a7a67g0z7zfteq2w9wdmez9w&from=ient07021&uid=WDCXWD5000AAKX-001CA0_WD-WCAYU858803488034 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449655768&z=18f85ed3605dda7207a7a67g0z7zfteq2w9wdmez9w&from=ient07021&uid=WDCXWD5000AAKX-001CA0_WD-WCAYU858803488034 HKU\S-1-5-21-682003330-1383384898-2147005927-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449655768&z=18f85ed3605dda7207a7a67g0z7zfteq2w9wdmez9w&from=ient07021&uid=WDCXWD5000AAKX-001CA0_WD-WCAYU858803488034 HKU\S-1-5-21-682003330-1383384898-2147005927-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449655768&z=18f85ed3605dda7207a7a67g0z7zfteq2w9wdmez9w&from=ient07021&uid=WDCXWD5000AAKX-001CA0_WD-WCAYU858803488034 HKU\S-1-5-21-682003330-1383384898-2147005927-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-682003330-1383384898-2147005927-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie URLSearchHook: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 - (Brak nazwy) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Brak pliku URLSearchHook: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll Brak pliku URLSearchHook: [S-1-5-21-682003330-1383384898-2147005927-1005] UWAGA => Brak domyślnego URLSearchHook SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449655768&z=18f85ed3605dda7207a7a67g0z7zfteq2w9wdmez9w&from=ient07021&uid=WDCXWD5000AAKX-001CA0_WD-WCAYU858803488034&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449655768&z=18f85ed3605dda7207a7a67g0z7zfteq2w9wdmez9w&from=ient07021&uid=WDCXWD5000AAKX-001CA0_WD-WCAYU858803488034&q={searchTerms} SearchScopes: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={872B062B-ADB7-479E-9B36-1517E404A96B}&mid=4e30178cc9a747d2860ad1476893f8df-b266acc2a63888a00f59d8d888f9a94a1617c1ea&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2014-11-07 19:11:37&v=4.2.3.128&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 -> {21BEB72E-6D29-447a-8A4C-AC817E76B870} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} SearchScopes: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 -> {2EEB919F-7FC1-4257-AAD7-B27A2934AF4A} URL = hxxp://szukaj.gazeta.pl/portalSearch.do?s.si(navigation).navigationEnabled=true&s.sm.query={searchTerms} SearchScopes: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 -> {3355E80F-021B-4b1a-888F-D811ACD32D26} URL = hxxp://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 -> {40641A2F-8BA0-4019-8FE8-0A5A5131F18C} URL = hxxp://www.search.ask.com/web?tpid=BTRSP-C&o=APN11818&pf=V7&p2=^BVK^YYYYYY^YY^PL&gct=sb&itbv=12.23.0.200&apn_uid=EB8FD4C2-D88D-473C-9329-398C11AFCE6B&apn_ptnrs=^BVK&apn_dtid=^YYYYYY^YY^PL&apn_dbr=ie_8.0.6001.18702&doi=2015-02-07&trgb=IE&q={searchTerms}&psv=&pt=crx SearchScopes: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={872B062B-ADB7-479E-9B36-1517E404A96B}&mid=4e30178cc9a747d2860ad1476893f8df-b266acc2a63888a00f59d8d888f9a94a1617c1ea&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2014-11-07 19:11:37&v=4.2.3.128&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-682003330-1383384898-2147005927-1003 -> {C095F89C-54E6-46AE-B847-BE7461EBED61} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-07] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.3.128\AVG Web TuneUp.dll [2015-12-10] (AVG) BHO: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\Documents and Settings\All Users\Dane aplikacji\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-01-19] (Wondershare) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-07] (Oracle Corporation) DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1381561022640 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-09] (AVG Secure Search) Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - Brak pliku FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mariush\Dane aplikacji\Mozilla\Firefox\Profiles\xznkcaq9.default-1446748911562 FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&ts=1449655768&z=18f85ed3605dda7207a7a67g0z7zfteq2w9wdmez9w&from=ient07021&uid=WDCXWD5000AAKX-001CA0_WD-WCAYU858803488034 FF SelectedSearchEngine: yoursites123 FF Homepage: hxxp://www.tarnow.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-07] () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [Brak pliku] FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-07] (Oracle Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-09] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-09] (Google Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\qvo6.xml [2013-10-16] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-12-10] FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Documents and Settings\Mariush\Dane aplikacji\Mozilla\Firefox\Profiles\4iym9x7j.default\extensions\defsearchp@gmail.com => nie znaleziono FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Documents and Settings\Mariush\Dane aplikacji\Mozilla\Firefox\Profiles\4iym9x7j.default\extensions\deskCutv2@gmail.com => nie znaleziono FF HKLM\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Documents and Settings\Mariush\Dane aplikacji\Mozilla\Firefox\Profiles\xznkcaq9.default-1446748911562\extensions\sidebarff@gmail.com => nie znaleziono FF HKLM\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Documents and Settings\Mariush\Dane aplikacji\Mozilla\Firefox\Profiles\xznkcaq9.default-1446748911562\extensions\default_newtabff@gmail.com => nie znaleziono FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Documents and Settings\Mariush\Dane aplikacji\Mozilla\Firefox\Profiles\xznkcaq9.default-1446748911562\extensions\yahooprotected@gmail.com => nie znaleziono StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449655768&z=18f85ed3605dda7207a7a67g0z7zfteq2w9wdmez9w&from=ient07021&uid=WDCXWD5000AAKX-001CA0_WD-WCAYU858803488034 Chrome: ======= CHR Profile: C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Save Best) - C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-04-07] CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\femflkbndkkpgnmmnkmoccflpnhhffcn [2014-04-07] CHR Extension: (safeweb) - C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ngflddpmganfonpmclgjoaceaapbdjeh [2014-04-07] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 IhPul; C:\Documents and Settings\Mariush\Dane aplikacji\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [Brak podpisu cyfrowego] R2 vToolbarUpdater40.2.3; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe [1923984 2015-12-10] (AVG Secure Search) R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-10] () S2 280f2936; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~1\sw_boo~1\AssistantSvc.dll",service S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 acedrv11; C:\WINDOWS\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] () R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243120 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [193968 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG) S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36640 2009-12-22] () [Brak podpisu cyfrowego] S3 GVTDrv; C:\WINDOWS\system32\Drivers\GVTDrv.sys [24944 2013-10-10] () S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-06-16] (NVIDIA Corporation) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [428088 2013-10-10] () [Brak podpisu cyfrowego] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X] S4 IntelIde; Brak ImagePath S3 mcdbus; system32\DRIVERS\mcdbus.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; Brak ImagePath U3 agnbldn7; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-12 12:28 - 2015-12-12 12:54 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit\frst 2015-12-12 12:15 - 2015-12-12 12:54 - 00000000 ____D C:\FRST 2015-12-09 11:21 - 2015-12-09 11:21 - 00000000 ____D C:\Documents and Settings\Mariush\Dane aplikacji\AVG 2015-12-09 11:15 - 2015-12-09 11:15 - 00000651 _____ C:\Documents and Settings\All Users\Pulpit\AVG.lnk 2015-12-09 11:15 - 2015-12-09 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\AVG Zen 2015-12-09 11:14 - 2015-12-09 11:17 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Avg 2015-12-09 11:10 - 2015-12-09 11:10 - 00000000 ____D C:\Documents and Settings\Mariush\Dane aplikacji\TSv 2015-12-09 11:09 - 2015-12-09 11:09 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ZWdMZ 2015-12-07 14:31 - 2015-12-07 14:31 - 00271541 _____ C:\Documents and Settings\Mariush\Pulpit\Sałatka z filetem z kurczaka przepis - Gotujmy.pl.htm 2015-12-07 14:31 - 2015-12-07 14:31 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit\Sałatka z filetem z kurczaka przepis - Gotujmy.pl_pliki 2015-12-07 14:27 - 2015-12-07 14:27 - 00271984 _____ C:\Documents and Settings\Mariush\Pulpit\Czosnkowe roladki z pieczarkami i szynką przepis - Gotujmy.pl.htm 2015-12-07 14:27 - 2015-12-07 14:27 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit\Czosnkowe roladki z pieczarkami i szynką przepis - Gotujmy.pl_pliki 2015-12-05 16:52 - 2015-12-05 16:52 - 00001804 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2015-12-05 16:52 - 2015-12-05 16:52 - 00001734 _____ C:\Documents and Settings\All Users\Pulpit\Adobe Reader XI.lnk 2015-12-05 16:51 - 2015-12-05 16:51 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-12-03 15:12 - 2015-12-12 12:50 - 00000584 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_1215tb_rel.job 2015-12-03 15:12 - 2015-12-12 12:50 - 00000498 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_1215tb_DELETE.job 2015-12-03 15:12 - 2015-12-03 15:12 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_1215tb 2015-11-30 10:19 - 2015-11-30 10:19 - 00064389 _____ C:\Documents and Settings\Mariush\Pulpit\Łąka na talerzu Gabrieli Eliasz (Opole) - przepisy Ugotowani TVN.htm 2015-11-30 10:18 - 2015-11-30 13:49 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit\Łąka na talerzu Gabrieli Eliasz (Opole) - przepisy Ugotowani TVN_pliki 2015-11-30 10:15 - 2015-11-30 13:49 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit\Tarta z czekoladowym ganache i malinami przepis - Gotujmy.pl_pliki 2015-11-30 10:15 - 2015-11-30 10:15 - 00382371 _____ C:\Documents and Settings\Mariush\Pulpit\Tarta z czekoladowym ganache i malinami przepis - Gotujmy.pl.htm 2015-11-25 14:37 - 2015-11-25 14:37 - 00000192 _____ C:\Documents and Settings\Mariush\Moje dokumenty\Skrót do Stacja dysków CD.lnk 2015-11-22 11:22 - 2015-11-22 11:22 - 00000000 ____D C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\AvgSetupLog 2015-11-18 17:48 - 2015-11-30 13:49 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit\Beta-karoten w czystej postaci Anny Jerki (Warszawa) - przepisy Ugotowani TVN_pliki 2015-11-16 14:13 - 2015-11-16 14:13 - 00362949 _____ C:\Documents and Settings\Mariush\Pulpit\artykuł.odt 2015-11-12 11:01 - 2015-11-30 13:49 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit\Śmietankowy Orient Express Joanny Dobrowolskiej (Warszawa) - przepisy Ugotowani TVN_pliki ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-12 12:54 - 2013-10-10 19:10 - 00000000 ____D C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp 2015-12-12 12:53 - 2013-10-10 20:51 - 00000000 ____D C:\WINDOWS 2015-12-12 12:52 - 2001-07-21 23:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-12-12 12:50 - 2014-03-27 16:46 - 00000226 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-12-12 12:50 - 2013-10-16 17:07 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-12 12:50 - 2013-10-10 19:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-12 12:49 - 2013-10-10 19:10 - 00000188 ___SH C:\Documents and Settings\Mariush\ntuser.ini 2015-12-12 12:49 - 2013-10-10 19:08 - 00032334 _____ C:\WINDOWS\SchedLgU.Txt 2015-12-12 12:47 - 2013-10-10 19:10 - 00000000 ___RD C:\Documents and Settings\Mariush\Menu Start\Programy\Autostart 2015-12-12 12:47 - 2013-10-10 19:10 - 00000000 ___RD C:\Documents and Settings\Mariush\Menu Start\Programy 2015-12-12 12:45 - 2013-11-02 10:57 - 00000000 ____D C:\Program Files\MagicISO 2015-12-12 12:29 - 2013-10-10 19:10 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit 2015-12-12 12:26 - 2013-10-14 18:49 - 00016498 _____ C:\WINDOWS\system32\nvAppTimestamps 2015-12-12 12:15 - 2014-06-11 09:39 - 00000000 ____D C:\Documents and Settings\Mariush\Moje dokumenty\Pobrane 2015-12-12 12:11 - 2013-10-16 17:07 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-12 10:43 - 2014-05-09 18:12 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2015-12-12 09:22 - 2014-02-09 20:00 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2015-12-11 20:58 - 2013-10-10 19:10 - 00000000 ____D C:\Documents and Settings\Mariush 2015-12-11 20:40 - 2013-10-10 21:17 - 00000478 _____ C:\WINDOWS\Tasks\At2.job 2015-12-11 20:05 - 2014-02-09 20:00 - 00001152 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2015-12-11 18:11 - 2013-10-10 20:55 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-12-11 18:11 - 2013-10-10 19:10 - 00000000 ___HD C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji 2015-12-11 16:34 - 2013-10-10 20:41 - 00000466 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C27DD9B5-427E-4383-A399-8E6BE1C8703B}.job 2015-12-10 20:00 - 2014-11-27 10:45 - 00000000 ____D C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\Avg 2015-12-10 18:58 - 2014-05-09 18:14 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\AVG 2015-12-10 18:57 - 2014-05-09 18:13 - 00000000 ___HD C:\$AVG 2015-12-10 14:00 - 2013-10-10 21:17 - 00000478 _____ C:\WINDOWS\Tasks\At4.job 2015-12-10 13:56 - 2015-06-10 07:45 - 00000000 ____D C:\Program Files\AVG Web TuneUp 2015-12-09 18:01 - 2014-05-09 18:13 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AVG2014 2015-12-09 18:01 - 2014-05-09 18:12 - 00000000 ____D C:\Program Files\AVG 2015-12-09 18:01 - 2013-10-10 19:10 - 00000000 __RHD C:\Documents and Settings\Mariush\Dane aplikacji 2015-12-09 11:21 - 2013-10-10 20:55 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-12-09 11:19 - 2013-10-10 20:51 - 00000000 ___HD C:\WINDOWS\inf 2015-12-09 11:15 - 2013-10-10 20:55 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2015-12-09 11:10 - 2013-11-18 14:21 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2015-12-09 11:09 - 2015-11-05 19:39 - 00001046 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2015-12-09 11:09 - 2015-11-05 19:39 - 00001040 _____ C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2015-12-09 11:09 - 2015-11-03 17:33 - 00001893 _____ C:\Documents and Settings\Mariush\Pulpit\Facebook.lnk 2015-12-09 11:09 - 2015-11-03 17:32 - 00000146 _____ C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-12-09 11:09 - 2015-11-03 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\cWMiniProc 2015-12-09 11:09 - 2013-10-10 19:10 - 00001065 _____ C:\Documents and Settings\Mariush\Menu Start\Programy\Internet Explorer.lnk 2015-12-09 07:01 - 2013-10-19 16:20 - 00000116 _____ C:\WINDOWS\NeroDigital.ini 2015-12-09 07:01 - 2013-10-12 09:23 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-09 07:01 - 2013-10-12 09:23 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-09 06:57 - 2013-10-19 16:20 - 00151552 _____ C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-12-08 10:10 - 2013-10-10 21:17 - 00000478 _____ C:\WINDOWS\Tasks\At1.job 2015-12-07 18:15 - 2014-08-27 15:40 - 00000000 ____D C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\Adobe 2015-12-07 18:15 - 2013-10-10 19:16 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-12-07 18:15 - 2013-10-10 19:16 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-12-07 16:57 - 2015-08-13 11:25 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit\Kokosze 2015-12-06 16:11 - 2015-01-23 15:12 - 00000428 _____ C:\Documents and Settings\Mariush\Moje dokumenty\spider.sav 2015-12-05 16:51 - 2013-10-19 17:51 - 00000000 ____D C:\Program Files\Adobe 2015-12-05 16:51 - 2013-10-19 17:51 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2015-12-03 09:31 - 2014-03-27 18:57 - 00000000 ____D C:\Program Files\WinRAR 2015-12-03 08:50 - 2014-03-27 18:57 - 00000000 ____D C:\Documents and Settings\Mariush\Menu Start\Programy\WinRAR 2015-12-03 08:50 - 2014-03-27 18:57 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR 2015-11-30 13:49 - 2013-11-12 21:33 - 00814592 ___SH C:\Documents and Settings\Mariush\Pulpit\Thumbs.db 2015-11-27 19:17 - 2013-10-14 16:42 - 00000000 ____D C:\Documents and Settings\Mariush\Dane aplikacji\BitTorrent 2015-11-27 14:36 - 2015-03-21 20:10 - 00000000 ____D C:\Documents and Settings\Mariush\Dane aplikacji\vlc 2015-11-25 14:37 - 2013-10-10 19:10 - 00000000 ___RD C:\Documents and Settings\Mariush\Moje dokumenty 2015-11-22 11:22 - 2013-10-10 19:11 - 00027888 _____ C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-11-20 08:05 - 2014-03-27 21:03 - 00031664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys 2015-11-19 10:42 - 2015-11-02 16:13 - 00000000 ____D C:\Documents and Settings\Mariush\Pulpit\WWF ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-04-21 08:53 - 2014-04-21 08:53 - 0002528 _____ () C:\Documents and Settings\Mariush\Dane aplikacji\$_hpcst$.hpc 2014-04-07 17:06 - 2014-04-07 17:06 - 0000776 _____ () C:\Documents and Settings\Mariush\Dane aplikacji\Explorer.EXE_log.txt 2014-04-07 17:06 - 2014-04-08 18:15 - 0000458 _____ () C:\Documents and Settings\Mariush\Dane aplikacji\LiveSupport.exe_log.txt 2014-04-07 17:06 - 2014-04-08 18:15 - 0000082 _____ () C:\Documents and Settings\Mariush\Dane aplikacji\regsvr32.exe_log.txt 2013-10-19 16:20 - 2015-12-09 06:57 - 0151552 _____ () C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-25 11:55 - 2015-01-25 11:55 - 0000132 _____ () C:\Documents and Settings\Mariush\Ustawienia lokalne\Dane aplikacji\fusioncache.dat Pliki do przeniesienia lub usunięcia: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Niektóre pliki w TEMP: ==================== C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\drm_dyndata_7380014.dll C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\ICSW1.14_1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I1.14.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\jre-7u67-windows-i586-iftw.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\jre-7u71-windows-i586-iftw.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\jre-8u51-windows-au.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\jre-8u60-windows-au.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\jre-8u66-windows-au.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\MovieStudioPro.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\oi_{A9B808E3-A048-48D2-A4F4-F0884F998421}.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\TsuC2CD47FF.dll C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\utt14.tmp.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\utt16.tmp.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\vlc-2.2.1-win32.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\_is1D.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\_is1E.exe C:\Documents and Settings\Mariush\Ustawienia lokalne\Temp\_is1F.exe C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\mpam-9424b08b.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================