Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:15-10-2015 01 Uruchomiony przez Dorota (administrator) DOROTA-PC (16-10-2015 11:47:05) Uruchomiony z C:\Users\Dorota\Desktop Załadowane profile: Dorota (Dostępne profile: Dorota) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Język: Polski (Polska) Internet Explorer Wersja 7 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_19_0_0_207.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba) HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor) HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation) HKLM\...\Run: [V0260Cfg.exe] => V0260Cfg.exe /d:2 HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [6134544 2015-09-27] (AVAST Software) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\Run: [RGSC] => E:\gta IV\Rockstar Games Social Club\RGSCLauncher.exe /silent HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {03441e90-6f13-11e0-ac33-001e335e31f2} - H:\LaunchU3.exe -a HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {0713a53f-9577-11de-9c40-001f3caf0437} - q1alx.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {342511b1-12cf-11de-90af-00037a8fb155} - D:\Setup.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {47fc3753-0ea3-11e0-9531-001e335e31f2} - G:\nmusbcfg.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {5bc9ae85-44be-11e4-b7c9-001e335e31f2} - G:\AutoRun.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {6955fd44-5d9e-11e1-b31f-00037a8fb155} - G:\AutoRun.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {6955fd47-5d9e-11e1-b31f-00037a8fb155} - G:\AutoRun.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {a6e148ea-018d-11de-a812-001f3caf0437} - 8xcrbho6.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {b3b7daf0-3fd3-11df-bceb-806e6f6e6963} - G:\AutoRun.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {cc81662d-408b-11df-8159-001f3caf0437} - G:\AutoRun.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {ccd8d1ef-1fbf-11df-b3a4-001f3caf0437} - G:\AutoRun.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\MountPoints2: {ccd8d21f-1fbf-11df-b3a4-001e335e31f2} - G:\AutoRun.exe HKU\S-1-5-21-633031557-538863372-3603873707-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-10] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => Brak pliku ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-09-27] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2011-09-07] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) BootExecute: autocheck autochk * lsdelete CHR HKU\S-1-5-21-633031557-538863372-3603873707-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4EAFB29B-C192-4FB7-ACE6-297F8EA5417E}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{7CDC3E96-1919-427E-8B48-57D7968255CC}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1396031118&from=cor&uid=TOSHIBAXMK1652GSX_683QF4UOSXX683QF4UOS HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1396031118&from=cor&uid=TOSHIBAXMK1652GSX_683QF4UOSXX683QF4UOS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1396031118&from=cor&uid=TOSHIBAXMK1652GSX_683QF4UOSXX683QF4UOS HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1396031118&from=cor&uid=TOSHIBAXMK1652GSX_683QF4UOSXX683QF4UOS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-633031557-538863372-3603873707-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKU\S-1-5-21-633031557-538863372-3603873707-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1396031118&from=cor&uid=TOSHIBAXMK1652GSX_683QF4UOSXX683QF4UOS HKU\S-1-5-21-633031557-538863372-3603873707-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1396031118&from=cor&uid=TOSHIBAXMK1652GSX_683QF4UOSXX683QF4UOS&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1396031118&from=cor&uid=TOSHIBAXMK1652GSX_683QF4UOSXX683QF4UOS&q={searchTerms} SearchScopes: HKLM -> {FBA9A0C9-CAD4-4D60-B28A-BF2F205C4B63} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; SearchScopes: HKU\S-1-5-21-633031557-538863372-3603873707-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1396031118&from=cor&uid=TOSHIBAXMK1652GSX_683QF4UOSXX683QF4UOS&q={searchTerms} SearchScopes: HKU\S-1-5-21-633031557-538863372-3603873707-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100481&babsrc=SP_ss&mntrId=34797bdd00000000000000037a8fb155 SearchScopes: HKU\S-1-5-21-633031557-538863372-3603873707-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=8E&apn_dtid=YYYYYYM3PL&apn_uid=1272FEA7-CC11-4638-BCCF-EE21D08F1F56&apn_sauid=D70C108C-FAC0-4F16-A126-C83A9DFA198A SearchScopes: HKU\S-1-5-21-633031557-538863372-3603873707-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1396031118&from=cor&uid=TOSHIBAXMK1652GSX_683QF4UOSXX683QF4UOS&q={searchTerms} SearchScopes: HKU\S-1-5-21-633031557-538863372-3603873707-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} URL = hxxp://www.daemon-search.com/search?q={searchTerms} BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-09-27] (AVAST Software) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) BHO: Brak nazwy -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> => Brak pliku Toolbar: HKU\S-1-5-21-633031557-538863372-3603873707-1000 -> Brak nazwy - {D4027C7F-154A-4066-A1AD-4243D8127440} - Brak pliku Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\mq1htqsr.default FF SearchEngineOrder.1: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-16] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2009-03-06] (BitTorrent, Inc.) FF Plugin: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files\Ganymede\Plugins\npganymedenet.dll [2011-08-30] ( ) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-633031557-538863372-3603873707-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Dorota\Program Files\DNA\plugins\npbtdna.dll [2010-02-22] (BitTorrent, Inc.) FF user.js: detected! => C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\mq1htqsr.default\user.js [2014-06-27] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2008-09-04] (BitTorrent, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-10-04] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2009-09-18] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-04-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-04-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-04-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-04-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-04-28] (Apple Inc.) FF SearchPlugin: C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\mq1htqsr.default\searchplugins\askcom.xml [2011-08-01] FF SearchPlugin: C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\mq1htqsr.default\searchplugins\filmwebpl---filmy.xml [2011-12-09] FF SearchPlugin: C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\mq1htqsr.default\searchplugins\wrzuta.xml [2009-02-08] FF SearchPlugin: C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\mq1htqsr.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2009-02-07] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml [2014-03-31] FF Extension: Quick Start - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\mq1htqsr.default\Extensions\quick_start@gmail.com [2014-05-31] FF Extension: WOT - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\mq1htqsr.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-15] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-21] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-27] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-20] FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\mq1htqsr.default\extensions\quick_start@gmail.com FF HKU\S-1-5-21-633031557-538863372-3603873707-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Dorota\Program Files\DNA FF Extension: DNA - C:\Users\Dorota\Program Files\DNA [2009-03-07] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-21] Chrome: ======= CHR Profile: C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Skype Click to Call) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-24] CHR Extension: (Google Wallet) - C:\Users\Dorota\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-06-02] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Dorota\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) UWAGA: => Nie wykonano weryfikacji podpisów cyfrowych plików. Usługa "Usługi kryptograficzne" nie jest uruchomiona. R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [146600 2015-09-27] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3219136 2015-09-27] (Avast Software) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) S4 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1378040 2011-04-26] (Lavasoft) R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-27] (AVAST Software) R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-27] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-09-27] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-27] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [789296 2015-09-27] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434184 2015-09-27] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [157888 2015-09-27] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-09-27] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-27] (AVAST Software) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2010-01-14] () S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15264 2010-11-06] () R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-09-08] (Lavasoft AB) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2010-01-14] () R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-09-27] (AVAST Software) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-03-17] () R1 tStLibG; C:\Windows\System32\drivers\tStLibG.sys [55232 2014-04-03] (StdLib) R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) S3 V0260VID; C:\Windows\System32\DRIVERS\V0260Vid.sys [178913 2006-11-04] (Creative Technology Ltd.) R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [220752 2015-09-27] (Avast Software) U3 abrgyhgc; C:\Windows\system32\Drivers\abrgyhgc.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-10-16 11:46 - 2015-10-16 11:46 - 00064746 _____ C:\Users\Dorota\Desktop\Shortcut.txt 2015-10-16 11:45 - 2015-10-16 11:46 - 00046060 _____ C:\Users\Dorota\Desktop\Addition.txt 2015-10-16 11:44 - 2015-10-16 11:47 - 00022116 _____ C:\Users\Dorota\Desktop\FRST.txt 2015-10-16 11:43 - 2015-10-16 11:47 - 00000000 ____D C:\FRST 2015-10-16 11:42 - 2015-10-16 11:42 - 00380416 _____ C:\Users\Dorota\Desktop\w6r67f6w.exe 2015-10-16 11:41 - 2015-10-16 11:41 - 01700352 _____ (Farbar) C:\Users\Dorota\Desktop\FRST.exe 2015-10-16 09:18 - 2015-10-16 09:19 - 00140598 _____ C:\Users\Dorota\Documents\cc_20151016_091849.reg 2015-10-15 18:35 - 2015-10-15 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Testy Liwona kategoria B 2015-10-15 18:31 - 2015-10-15 19:11 - 00000000 ____D C:\Program Files\Testy Liwona kategoria B 2015-09-27 17:06 - 2015-09-27 17:17 - 00000000 ____D C:\snapshots 2015-09-27 15:17 - 2015-09-27 15:16 - 00157888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2015-09-27 15:17 - 2009-07-14 19:45 - 00445008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2015-09-27 15:17 - 2009-07-14 19:45 - 00038480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2015-09-27 15:17 - 2009-07-14 19:45 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf 2015-09-27 15:16 - 2015-09-27 15:16 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-09-27 15:16 - 2015-09-27 15:16 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-09-27 15:16 - 2015-09-27 15:15 - 00107984 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-10-16 11:34 - 2013-03-16 20:27 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-16 11:20 - 2008-12-29 19:01 - 01613318 _____ C:\Windows\WindowsUpdate.log 2015-10-16 11:19 - 2013-03-16 20:26 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-10-16 11:19 - 2011-08-12 22:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-10-16 11:16 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-16 11:16 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-16 11:16 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-16 10:19 - 2014-03-28 20:26 - 00000000 ____D C:\Users\Dorota\AppData\Roaming\SupTab 2015-10-16 09:59 - 2014-04-11 18:03 - 00000000 ____D C:\Program Files\SupTab 2015-10-16 09:50 - 2009-03-17 10:43 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-10-16 09:43 - 2010-11-07 11:35 - 00347112 _____ C:\aaw7boot.log 2015-10-16 09:42 - 2006-11-02 15:01 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-10-15 19:17 - 2008-12-30 22:59 - 00000000 ____D C:\Users\Dorota\AppData\Roaming\Skype 2015-10-15 18:55 - 2013-09-05 17:20 - 00000000 ____D C:\Users\Dorota\AppData\Local\Deployment 2015-09-27 17:06 - 2015-06-03 21:41 - 00000000 ____D C:\Windows\system32\vbox 2015-09-27 15:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2015-09-27 15:18 - 2008-01-21 08:23 - 00000000 ____D C:\Windows\system32\Drivers\pl-PL 2015-09-27 15:16 - 2014-08-07 18:27 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-09-27 15:16 - 2013-03-18 18:11 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-09-27 15:16 - 2013-03-18 18:11 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-09-27 15:16 - 2009-01-03 16:52 - 00434184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-09-27 15:16 - 2009-01-03 16:52 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2015-09-27 15:16 - 2009-01-03 16:52 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2015-09-27 15:16 - 2009-01-03 16:51 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-09-27 15:15 - 2011-06-27 09:07 - 00789296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys ==================== Pliki w katalogu głównym wybranych folderów ======= 2009-02-25 11:29 - 2009-02-25 11:29 - 0024206 _____ () C:\Users\Dorota\AppData\Roaming\UserTile.png 2009-01-01 13:12 - 2013-01-13 10:07 - 0000680 _____ () C:\Users\Dorota\AppData\Local\d3d9caps.dat 2008-12-30 19:12 - 2014-01-03 14:35 - 0087040 _____ () C:\Users\Dorota\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-04-29 21:03 - 2012-04-29 21:05 - 0003868 _____ () C:\Users\Dorota\AppData\Local\unins000.dat 2012-04-29 21:05 - 2012-04-29 21:04 - 0707504 _____ () C:\Users\Dorota\AppData\Local\unins000.exe 2012-04-29 21:03 - 2012-04-29 21:05 - 0011761 _____ () C:\Users\Dorota\AppData\Local\unins000.msg 2009-01-03 19:04 - 2009-01-03 19:04 - 0000056 ____H () C:\ProgramData\ezsidmv.dat ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => MD5 jest poprawne C:\Windows\system32\winlogon.exe => MD5 jest poprawne C:\Windows\system32\wininit.exe => MD5 jest poprawne C:\Windows\system32\svchost.exe => MD5 jest poprawne C:\Windows\system32\services.exe => MD5 jest poprawne C:\Windows\system32\User32.dll => MD5 jest poprawne C:\Windows\system32\userinit.exe => MD5 jest poprawne C:\Windows\system32\rpcss.dll => MD5 jest poprawne C:\Windows\system32\dnsapi.dll [2010-05-01 13:26] - [2009-04-10 23:28] - 0168448 ____A (Microsoft Corporation) F7683EC1225435144F28B611546BA5F2 C:\Windows\system32\Drivers\volsnap.sys => MD5 jest poprawne LastRegBack: 2015-10-16 10:04 ==================== Koniec FRST.txt ============================