Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:09-01-2015 Uruchomiony przez M&M (administrator) SOJA (10-01-2016 16:37:28) Uruchomiony z C:\Documents and Settings\M&M\Moje dokumenty\Downloads Załadowane profile: M&M (Dostępne profile: M&M) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Gainward Co.) C:\Program Files\EXPERTool\TBPANEL.exe (Cyfrowy Polsat S.A.) C:\Program Files\ipla\ipla.exe (CyberLink) C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink) C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (AzureWave.com) C:\Program Files\ASRock WiFi-802.11g\RtWLan.exe (ASRock Inc.) C:\Program Files\ASRock\WiFi-802.11n\WiFi-80211n.exe (TFuns LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\gWdMg\WdMan.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Farbar) C:\Documents and Settings\M&M\Moje dokumenty\Downloads\FRST (2).exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16858112 2007-11-22] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-02] (AVAST Software) HKU\S-1-5-21-220523388-1078081533-1801674531-1004\...\Run: [GAINWARD] => C:\Program Files\EXPERTool\TBPanel.exe [2181672 2009-03-17] (Gainward Co.) HKU\S-1-5-21-220523388-1078081533-1801674531-1004\...\Run: [Avast-Browser-Cleanup] => C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1503712 2016-01-02] (AVAST Software) HKU\S-1-5-21-220523388-1078081533-1801674531-1004\...\Run: [Odkurzacz] => C:\Program Files\Odkurzacz\odkurzacz.exe [917504 2015-09-27] (FranmoSoftware) HKU\S-1-5-21-220523388-1078081533-1801674531-1004\...\Run: [IPLA!] => C:\Program Files\ipla\ipla.exe [21406496 2015-12-03] (Cyfrowy Polsat S.A.) HKU\S-1-5-21-220523388-1078081533-1801674531-1004\...\MountPoints2: {67f41dc1-5d98-11e2-b7a2-806d6172696f} - F:\setup.exe HKU\S-1-5-21-220523388-1078081533-1801674531-1004\...\MountPoints2: {fcd28cc6-5da0-11e2-b22a-001966ba29c0} - L:\setup.exe AUTORUN=1 HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe -update pepperplugin IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-01-02] (AVAST Software) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ASRock WiFi-802.11g.lnk [2013-01-13] ShortcutTarget: ASRock WiFi-802.11g.lnk -> C:\Program Files\ASRock WiFi-802.11g\RtWLan.exe (AzureWave.com) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ASRock WiFi-802.11n Utility.lnk [2013-01-13] ShortcutTarget: ASRock WiFi-802.11n Utility.lnk -> C:\Program Files\ASRock\WiFi-802.11n\WiFi-80211n.exe (ASRock Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2013-08-28] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (Brak pliku) CHR HKU\S-1-5-21-220523388-1078081533-1801674531-1004\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{87A12345-2A8D-47F5-A253-A6C942EC808F}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450790469&z=d12e6dfa428304db98ac799g0zdw4e2mdt7e7z6m5e&from=wpm07173&uid=SAMSUNGXHD161GJ_S14DJ9BS402234 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1450790469&z=d12e6dfa428304db98ac799g0zdw4e2mdt7e7z6m5e&from=wpm07173&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450790469&z=d12e6dfa428304db98ac799g0zdw4e2mdt7e7z6m5e&from=wpm07173&uid=SAMSUNGXHD161GJ_S14DJ9BS402234 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1450790469&z=d12e6dfa428304db98ac799g0zdw4e2mdt7e7z6m5e&from=wpm07173&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&q={searchTerms} HKU\S-1-5-21-220523388-1078081533-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450790469&z=d12e6dfa428304db98ac799g0zdw4e2mdt7e7z6m5e&from=wpm07173&uid=SAMSUNGXHD161GJ_S14DJ9BS402234 HKU\S-1-5-21-220523388-1078081533-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-220523388-1078081533-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-220523388-1078081533-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450790469&z=d12e6dfa428304db98ac799g0zdw4e2mdt7e7z6m5e&from=wpm07173&uid=SAMSUNGXHD161GJ_S14DJ9BS402234 URLSearchHook: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 - (Brak nazwy) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Brak pliku HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= UWAGA SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1447062136&z=2deb8c7335a8075f9f8896agbz0z1m3e9q4o9g3c6q&from=cornl&uid=samsungxhd161gj_s14dj9bs402234&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1447062136&z=2deb8c7335a8075f9f8896agbz0z1m3e9q4o9g3c6q&from=cornl&uid=samsungxhd161gj_s14dj9bs402234&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=429&systemid=406&v=a10781-182&apn_uid=7908605327824425&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&ts=1436267115&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&ts=1436267115&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1450790469&z=d12e6dfa428304db98ac799g0zdw4e2mdt7e7z6m5e&from=wpm07173&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> {79884C17-5485-4527-AB26-A677A2501F59} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&ts=1436267115&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> {7D1B8AA4-03E4-4C7B-A6FF-477761662DD2} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&ts=1436267115&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> {8867D21E-2EBB-4139-9724-FD9E44B1FD3D} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&ts=1436267115&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&ts=1436267115&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&ts=1436267115&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: Brak nazwy -> {3d86a75b-cb6b-4764-885d-ca6336f04ba2} -> Brak pliku BHO: Brak nazwy -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Brak pliku BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) Toolbar: HKLM - Brak nazwy - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - Brak pliku Toolbar: HKU\S-1-5-21-220523388-1078081533-1801674531-1004 -> Brak nazwy - {5350432D-5350-006A-76A7-7A786E7484D7} - Brak pliku DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_80-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0080-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_80-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_80-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} file:///F:/korepetycje/player/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\M&M\Dane aplikacji\Mozilla\Firefox\Profiles\bp5lkvi4.default FF NewTab: www.google.com FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=175 FF Keyword.URL: hxxps://www.google.com/search FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-07] () FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-07] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\M&M\Dane aplikacji\Mozilla\Firefox\Profiles\bp5lkvi4.default\searchplugins\aol-search.xml [2013-01-17] FF SearchPlugin: C:\Documents and Settings\M&M\Dane aplikacji\Mozilla\Firefox\Profiles\bp5lkvi4.default\searchplugins\privitize.xml [2013-06-30] FF SearchPlugin: C:\Documents and Settings\M&M\Dane aplikacji\Mozilla\Firefox\Profiles\bp5lkvi4.default\searchplugins\wyszukiwarka-aol.xml [2013-01-17] FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-26] [Brak podpisu cyfrowego] FF Extension: hosts - C:\Documents and Settings\M&M\Dane aplikacji\Mozilla\Firefox\Profiles\bp5lkvi4.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com [2014-01-22] [Brak podpisu cyfrowego] FF Extension: Torntv - C:\Documents and Settings\M&M\Dane aplikacji\Mozilla\Firefox\Profiles\bp5lkvi4.default\Extensions\torntv@torntv.com.xpi [2013-01-28] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-26] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-10] Chrome: ======= CHR HomePage: Default -> hxxp://www.gazeta.allplayer.org/ CHR StartupUrls: Default -> "hxxp://google.pl/","hxxp://www.facebook.com/","hxxps://www.youtube.com/?hl=pl&gl=PL" CHR DefaultSearchURL: Default -> hxxp://yoursites123.com/web?type=ds&ts=1450790469&z=d12e6dfa428304db98ac799g0zdw4e2mdt7e7z6m5e&from=wpm07173&uid=SAMSUNGXHD161GJ_S14DJ9BS402234&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursites123 CHR Profile: C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-11] CHR Extension: (Dysk Google) - C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-10] CHR Extension: (YouTube) - C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-10] CHR Extension: (Adblock Plus) - C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05] CHR Extension: (Google Search) - C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-10] CHR Extension: (Arkusze Google) - C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-10] CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-10] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-11] CHR Extension: (Gmail) - C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-10] CHR HKLM\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files\ALLPlayer\AllPlayer.crx CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - CHR HKU\S-1-5-21-220523388-1078081533-1801674531-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files\ALLPlayer\AllPlayer.crx Opera: ======= OPR Extension: (Adblock Plus) - C:\Documents and Settings\M&M\Dane aplikacji\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-11-29] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-02] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2016-01-10] (AVAST Software) R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-09-13] (CyberLink) R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-09-13] (CyberLink) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-07-07] (Oracle Corporation) R2 WdMan; C:\Documents and Settings\All Users\Dane aplikacji\gWdMg\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2013-01-13] (Meetinghouse Data Communications) [Brak podpisu cyfrowego] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2016-01-02] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2016-01-10] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2016-01-02] (AVAST Software) R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2016-01-10] (ALWIL Software) R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [257720 2016-01-10] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2016-01-02] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2016-01-02] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2016-01-02] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2016-01-02] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2016-01-02] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [58016 2016-01-02] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2016-01-02] (AVAST Software) R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S3 Cardex; C:\WINDOWS\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-17] (Disc Soft Ltd) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [53632 2007-09-20] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2007-09-20] (NVIDIA Corporation) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [324096 2013-12-22] (Duplex Secure Ltd.) R2 TBPanel; C:\WINDOWS\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider) S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31872 2008-04-14] (Microsoft Corporation) S3 zte_cdc_acm; C:\WINDOWS\System32\DRIVERS\zte_cdc_acm.sys [67968 2011-08-10] (ZTE) [Brak podpisu cyfrowego] S3 zte_cpo; C:\WINDOWS\System32\DRIVERS\zte_cpo.sys [9984 2011-08-10] (ZTE) [Brak podpisu cyfrowego] R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [76560 2013-09-13] (CyberLink Corp.) S4 IntelIde; Brak ImagePath S1 wafd_1_10_0_19; system32\drivers\wafd_1_10_0_19.sys [X] U1 WS2IFSL; Brak ImagePath S3 xbdcallk; Brak ImagePath U3 af4it7ir; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-10 16:29 - 2016-01-10 16:37 - 00000000 ____D C:\FRST 2016-01-10 14:22 - 2016-01-10 14:22 - 00001689 _____ C:\Documents and Settings\All Users\Pulpit\Avast Internet Security.lnk 2016-01-10 14:22 - 2016-01-10 14:22 - 00000756 _____ C:\Documents and Settings\All Users\Pulpit\Avast SafeZone Browser.lnk 2016-01-10 14:22 - 2016-01-10 14:22 - 00000756 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Avast SafeZone Browser.lnk 2016-01-10 14:22 - 2016-01-10 14:22 - 00000456 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1452432100.job 2016-01-10 14:22 - 2016-01-10 14:22 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\AVAST Software 2016-01-10 14:14 - 2016-01-10 14:12 - 00257720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys 2016-01-10 14:14 - 2016-01-10 14:12 - 00026096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2016-01-10 14:13 - 2016-01-02 14:44 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-01-10 14:12 - 2016-01-10 14:12 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys 2016-01-07 19:19 - 2016-01-07 19:19 - 18506432 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2016-01-07 18:40 - 2016-01-10 16:19 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-01-03 11:50 - 2016-01-06 19:07 - 00422649 _____ C:\Documents and Settings\M&M\Pulpit\Mateusz Soja.pptx 2016-01-03 11:22 - 2016-01-03 11:55 - 00021504 ___SH C:\Documents and Settings\M&M\Pulpit\Thumbs.db 2016-01-02 14:46 - 2016-01-02 14:46 - 00000000 ____D C:\Documents and Settings\M&M\Dane aplikacji\AVAST Software 2016-01-02 14:44 - 2016-01-10 15:46 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2016-01-02 14:44 - 2016-01-02 14:44 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2016-01-02 14:44 - 2016-01-02 14:44 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2016-01-02 14:44 - 2016-01-02 14:44 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2016-01-02 14:44 - 2016-01-02 14:44 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys 2016-01-02 14:44 - 2016-01-02 14:44 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-01-02 14:44 - 2016-01-02 14:44 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2016-01-02 14:44 - 2016-01-02 14:44 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2016-01-02 14:44 - 2016-01-02 14:44 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-01-02 14:44 - 2016-01-02 14:44 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-01-02 14:44 - 2016-01-02 14:44 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-01-02 14:43 - 2016-01-10 14:12 - 00000000 ____D C:\Program Files\AVAST Software 2015-12-30 11:43 - 2015-12-30 11:43 - 00000000 ____D C:\Program Files\Elex-tech 2015-12-27 14:02 - 2015-12-27 14:02 - 00235520 _____ C:\Documents and Settings\M&M\Moje dokumenty\obrobka-plastyczna.dft 2015-12-22 14:23 - 2016-01-04 20:28 - 00000000 ____D C:\Documents and Settings\M&M\Dane aplikacji\WinZipper 2015-12-22 14:23 - 2015-12-22 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\WinZipper 2015-12-22 14:22 - 2015-12-22 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\gWdMg 2015-12-22 14:22 - 2015-12-22 14:22 - 00000146 _____ C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-12-21 21:57 - 2015-12-21 21:57 - 00000000 ____D C:\diagraad 2015-12-15 16:58 - 2015-12-15 16:59 - 13946345 _____ C:\Documents and Settings\M&M\Moje dokumenty\TPOiR_WYKŁAD.pdf 2015-12-15 16:43 - 2015-12-15 16:44 - 64196914 _____ C:\Documents and Settings\M&M\Moje dokumenty\Poradnik galwanotechnika.pdf 2015-12-15 16:37 - 2015-12-15 16:37 - 08379910 _____ C:\Documents and Settings\M&M\Pulpit\Zugil Strona.zip 2015-12-15 16:27 - 2015-12-15 16:27 - 07926999 _____ C:\Documents and Settings\M&M\Moje dokumenty\PROJEKT 1 2015_16.rar 2015-12-14 15:20 - 2016-01-03 11:22 - 00000000 ____D C:\Documents and Settings\M&M\Pulpit\steglinski stakle konstrukcyjen 2015-12-13 10:26 - 2015-12-13 10:26 - 00356160 _____ C:\Documents and Settings\M&M\Moje dokumenty\Wytłaczanie (1).pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-10 16:37 - 2013-01-13 16:16 - 00000000 ____D C:\Documents and Settings\M&M\Ustawienia lokalne\Temp 2016-01-10 16:29 - 2013-01-13 16:54 - 00000000 ____D C:\WINDOWS 2016-01-10 16:25 - 2013-01-13 16:16 - 00000000 ____D C:\Documents and Settings\M&M\Pulpit 2016-01-10 16:16 - 2014-09-21 10:49 - 00014332 _____ C:\WINDOWS\system32\nvAppTimestamps 2016-01-10 16:08 - 2014-12-08 08:23 - 00000000 ____D C:\Documents and Settings\M&M\Moje dokumenty\Pobrane 2016-01-10 16:08 - 2013-01-13 17:12 - 00000000 ____D C:\Program Files\Java 2016-01-10 15:59 - 2013-01-13 16:16 - 00000000 __RHD C:\Documents and Settings\M&M\Dane aplikacji 2016-01-10 15:50 - 2013-01-13 17:03 - 01263880 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-01-10 15:50 - 2008-04-15 13:00 - 00558600 _____ C:\WINDOWS\system32\perfh015.dat 2016-01-10 15:50 - 2008-04-15 13:00 - 00106196 _____ C:\WINDOWS\system32\perfc015.dat 2016-01-10 15:46 - 2013-01-15 08:28 - 00000000 ____D C:\Documents and Settings\M&M\Dane aplikacji\ipla 2016-01-10 15:45 - 2013-01-13 16:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-01-10 15:06 - 2013-01-13 16:16 - 00000188 ___SH C:\Documents and Settings\M&M\ntuser.ini 2016-01-10 15:06 - 2013-01-13 16:15 - 00032546 _____ C:\WINDOWS\SchedLgU.Txt 2016-01-10 14:28 - 2013-01-13 16:16 - 00000000 ____D C:\Documents and Settings\M&M 2016-01-10 14:22 - 2013-12-15 19:21 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2016-01-10 14:22 - 2013-01-13 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy 2016-01-10 14:20 - 2013-01-13 16:54 - 00000000 ___HD C:\WINDOWS\inf 2016-01-10 14:13 - 2013-01-13 16:58 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2016-01-10 13:54 - 2013-01-13 16:16 - 00000000 ___RD C:\Documents and Settings\M&M\Moje dokumenty 2016-01-10 10:07 - 2008-04-15 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2016-01-09 14:45 - 2015-09-29 16:24 - 00000000 ____D C:\Documents and Settings\M&M\Moje dokumenty\FIFA 11 2016-01-07 19:19 - 2015-11-01 17:28 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-01-07 19:19 - 2015-11-01 17:28 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-01-05 21:07 - 2013-01-13 16:54 - 00000000 ____D C:\WINDOWS\Network Diagnostic 2016-01-05 19:17 - 2013-05-04 23:40 - 00000226 ____C C:\WINDOWS\AWS.ini 2016-01-03 16:04 - 2015-06-29 12:07 - 00000000 ____D C:\Documents and Settings\M&M\Pulpit\TPm 1-20 2016-01-03 11:22 - 2015-10-15 16:46 - 00000000 ____D C:\Documents and Settings\M&M\Pulpit\sprawko 2016-01-03 11:22 - 2015-09-30 17:45 - 00000000 ____D C:\Documents and Settings\M&M\Pulpit\do 2016-01-03 11:22 - 2015-04-26 10:19 - 00000000 ____D C:\Documents and Settings\M&M\Pulpit\do seweryna 2016-01-03 11:22 - 2013-10-13 16:06 - 00000000 ____D C:\Documents and Settings\M&M\Pulpit\auto 2015-12-30 17:53 - 2014-10-28 17:03 - 00000000 ____D C:\Documents and Settings\M&M\Dane aplikacji\MPC-HC 2015-12-30 16:40 - 2014-12-16 17:27 - 00000000 ____D C:\Program Files\Opera 2015-12-30 16:32 - 2014-07-10 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\EA Sports 2015-12-30 11:44 - 2015-09-29 18:49 - 00002109 _____ C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2015-12-30 11:44 - 2013-01-13 16:16 - 00001093 _____ C:\Documents and Settings\M&M\Menu Start\Programy\Internet Explorer.lnk 2015-12-27 16:44 - 2015-11-09 10:42 - 00000000 ____D C:\Program Files\RayDld 2015-12-24 12:42 - 2015-11-09 10:42 - 00000000 ____D C:\Documents and Settings\M&M\Dane aplikacji\mystartsearch 2015-12-22 14:22 - 2013-01-13 17:00 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-12-21 22:09 - 2015-04-18 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2015-12-16 13:18 - 2013-01-15 08:28 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ipla ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-01-19 08:44 - 2013-01-19 08:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll 2013-01-13 17:19 - 2013-09-09 12:07 - 0056320 _____ () C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-11 20:03 - 2014-12-11 20:03 - 0000036 _____ () C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache 2013-01-13 17:54 - 2013-11-10 10:53 - 0512870 _____ () C:\Documents and Settings\M&M\Ustawienia lokalne\Dane aplikacji\Optimizer.txt 2014-12-07 17:31 - 2014-12-07 17:31 - 0000016 _____ () C:\Documents and Settings\All Users\Dane aplikacji\mntemp 2015-12-22 14:22 - 2015-12-22 14:22 - 0000146 _____ () C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Pliki do przeniesienia lub usunięcia: ==================== C:\Documents and Settings\M&M\pmtl721.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================