Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 14-05-2017 Uruchomiony przez Marzanna (administrator) LENOVO (19-05-2017 14:12:18) Uruchomiony z G:\Moje dokumenty\Downloads Załadowane profile: Marzanna & Administrator (Dostępne profile: Marzanna & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 6 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe (Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE () C:\Program Files\PLAY ONLINE\UIExec.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\AVG Web TuneUp\vprot.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe (Atheros) C:\WINDOWS\system32\acs.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe () C:\WINDOWS\system32\TpKmpSvc.exe () C:\Program Files\PLAY ONLINE\AssistantServices.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe () C:\Program Files\BrowseSmart\updateBrowseSmart.exe () C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\30.7.0\ToolbarUpdater.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) C:\WINDOWS\Temp\AvgSetup\6a371d36-7281-47cf-8f3d-d15771c028de\install\avgsetupx.exe (Microsoft Corporation) C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [UIExec] => C:\Program Files\PLAY ONLINE\UIExec.exe [138584 2011-05-31] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1045720 2015-09-14] (Adobe Systems Incorporated) HKLM\...\Run: [Lexmark 1200 Series] => C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [57344 2006-07-13] (Lexmark International, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5299984 2016-07-28] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [1663048 2016-09-08] () HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-07] (UPEK Inc.) HKU\S-1-5-21-1390067357-2049760794-1417001333-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd) HKU\S-1-5-21-1390067357-2049760794-1417001333-1003\...\MountPoints2: {724e2e68-870e-11e1-a63e-001f3c285486} - F:\Setup.EXE HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll [2012-06-05] (GG Network S.A.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SystemExplorerDisabled [2011-10-30] () BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{BE69EFF1-A387-4941-8EBF-E3BF3A7EA6AD}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1390067357-2049760794-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624 HKU\S-1-5-21-1390067357-2049760794-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1390067357-2049760794-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624 HKU\S-1-5-21-1390067357-2049760794-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-1390067357-2049760794-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) URLSearchHook: HKU\S-1-5-21-1390067357-2049760794-1417001333-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= UWAGA SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624 SearchScopes: HKLM -> {DC2BC9A2-2BB6-40B9-AA65-B6353E966DB5} URL = hxxp://startsear.ch/?aff=2&src=sp&cf=78962c4e-d8d8-11e1-a73a-001f3afff372&q={searchTerms} SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={BA20B2D1-5B1F-4D27-BEFB-F15AAFB2A653} SearchScopes: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624 SearchScopes: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 -> {2B8106A9-B7AD-464D-8CD8-50496B1F981C} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624 SearchScopes: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 -> {DC2BC9A2-2BB6-40B9-AA65-B6353E966DB5} URL = hxxp://startsear.ch/?aff=2&src=sp&cf=78962c4e-d8d8-11e1-a73a-001f3afff372&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={BA20B2D1-5B1F-4D27-BEFB-F15AAFB2A653} BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation) BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku Toolbar: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 -> Brak nazwy - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - Brak pliku Toolbar: HKU\S-1-5-21-1390067357-2049760794-1417001333-1003 -> Brak nazwy - {EEE6C35B-6118-11DC-9C72-001320C79847} - Brak pliku DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.5.0\ViProtocol.dll [2015-12-13] (AVG Secure Search) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=sc&from=newgdp&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1380363051 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default [2016-09-02] FF user.js: detected! => C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default\user.js [2014-08-05] FF NewTab: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default -> hxxp://www.delta-homes.com/newtab/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=nt&from=newgdp&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1380228060 FF DefaultSearchUrl: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default -> FF SearchEngineOrder.1: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default -> delta-homes FF Homepage: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default -> hxxps://mysearch.avg.com?pid=wtu&sg=&cid=%7B036bfa38-7b36-4496-96cd-6085f2dd0798%7D&mid=0c9aa0a8fc1247d293aad15771c028de-f3d22a5868bb9a956fab158482341e148106feca&ds=AVG&v=3.2.0.15&lang=pl&pr=fr&d=2014-08-30%2016%3A51%3A49&sap=hp FF Keyword.URL: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default -> FF NetworkProxy: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default -> type", 0 FF Extension: (AVG Web TuneUp) - C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default\Extensions\avg@wtu3.xpi [2016-09-08] FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01] FF Extension: (SweetPacks Toolbar for Firefox) - C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-01-06] [Brak podpisu cyfrowego] FF SearchPlugin: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default\searchplugins\avg-secure-search.xml [2016-09-08] FF SearchPlugin: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default\searchplugins\startsear.xml [2012-07-28] FF SearchPlugin: C:\Documents and Settings\Marzanna\Dane aplikacji\Mozilla\Firefox\Profiles\di59igxo.default\searchplugins\sweetim.xml [2012-09-23] FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-26] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-10-30] [Brak podpisu cyfrowego] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml [2013-09-26] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\qvo6.xml [2013-07-23] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-09-08] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-05-28] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\30.7.0\\npsitesafety.dll [Brak pliku] FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2011-12-07] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1390067357-2049760794-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-10] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011-10-27] (LiveVDO ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-06-28] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624 CHR StartupUrls: Default -> "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9160821AS_5MAB2KA0XXXX5MAB2KA0&ts=1374593624" CHR NewTab: Default -> Active:"chrome-extension://ifohbjbgfchkkfhphahclmkpgejiplfo/index.html" CHR Profile: C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default [2017-05-19] CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28] CHR Extension: (Dysk Google) - C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31] CHR Extension: (YouTube) - C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01] CHR Extension: (Google Search) - C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11] CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03] CHR Extension: (Lightning Newtab) - C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-10-15] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-19] CHR Extension: (Gmail) - C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-08-23] CHR HKLM\...\Chrome\Extension: [ippenodjaoidmkkfdlmdhofiebnpjddb] - C:\Program Files\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click12.crx CHR HKLM\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files\StartSearch plugin\vshareplg.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 acs; C:\WINDOWS\system32\acs.exe [364628 2007-04-06] (Atheros) [Brak podpisu cyfrowego] R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4097280 2016-07-28] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [632632 2016-07-28] (AVG Technologies CZ, s.r.o.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation) R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2006-04-17] (Lexmark International, Inc.) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [966656 2010-10-19] (Intel(R) Corporation) [Brak podpisu cyfrowego] R2 Skype C2C Service; C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2006-06-29] () [Brak podpisu cyfrowego] R2 UI Assistant Service; C:\Program Files\PLAY ONLINE\AssistantServices.exe [260976 2011-05-31] () R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [67056 2007-03-03] (Ulead Systems, Inc.) R2 Update BrowseSmart; C:\Program Files\BrowseSmart\updateBrowseSmart.exe [323360 2014-08-14] () R2 Util BrowseSmart; C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe [323360 2014-08-14] () R2 vToolbarUpdater30.7.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\30.7.0\ToolbarUpdater.exe [1235016 2016-09-08] (AVG Secure Search) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2016-06-30] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [201472 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [201472 2016-07-19] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231168 2016-07-12] (AVG Technologies CZ, s.r.o.) R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2007-11-21] (Broadcom Corporation.) S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2007-11-27] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] () R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-15] (DT Soft Ltd) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [8704 2009-04-22] () [Brak podpisu cyfrowego] S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [3072 2009-04-22] () [Brak podpisu cyfrowego] R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation) R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAudN.sys [666112 2007-04-27] (Conexant Systems Inc.) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210688 2007-03-25] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2007-03-25] (Conexant Systems, Inc.) S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2011-03-26] (MBB Incorporated) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) [Brak podpisu cyfrowego] R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [113608 2013-01-27] (Power Software Ltd) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.) R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [3486208 2009-06-11] () R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-04-06] (Duplex Secure Ltd.) R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2010-03-26] () [Brak podpisu cyfrowego] R2 TVCC2000; C:\WINDOWS\system32\Drivers\TVCC2000.SYS [1600 2000-12-28] () [Brak podpisu cyfrowego] R1 tvtool; C:\Program Files\TVTool\tvtool.sys [5248 1996-04-03] () [Brak podpisu cyfrowego] S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30208 2011-01-15] (Elaborate Bytes AG) [Brak podpisu cyfrowego] R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57216 2007-05-14] (Atheros Communications, Inc.) S3 YMIDUSB; C:\WINDOWS\System32\Drivers\ymidusb.sys [14464 2005-07-25] (YAMAHA Corporation) [Brak podpisu cyfrowego] S3 YMIDUSBW; C:\WINDOWS\System32\drivers\ymidusbw.sys [36040 2011-11-01] (Yamaha Corporation) U3 at1p7axo; C:\WINDOWS\system32\Drivers\at1p7axo.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder) S3 btaudio; system32\drivers\btaudio.sys [X] S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X] S4 IntelIde; Brak ImagePath U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-19 14:08 - 2017-05-19 14:12 - 00000000 ___DC C:\FRST 2017-05-19 13:51 - 2017-05-19 13:51 - 00000000 ____D C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\CEF 2017-05-19 13:37 - 2017-05-19 13:45 - 00000000 ___DC C:\AdwCleaner 2017-05-19 13:19 - 2017-05-19 13:47 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-19 14:23 - 2011-10-26 23:29 - 00000000 ____D C:\Documents and Settings\Marzanna\Ustawienia lokalne\Temp 2017-05-19 14:21 - 2014-04-22 13:18 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2017-05-19 14:11 - 2013-02-19 00:55 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2017-05-19 13:51 - 2011-10-26 23:29 - 00000000 ___HD C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji 2017-05-19 13:11 - 2013-02-19 00:55 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-05-19 13:03 - 2011-10-27 00:39 - 01259314 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-19 13:03 - 2001-10-26 20:15 - 00567672 _____ C:\WINDOWS\system32\perfh015.dat 2017-05-19 13:03 - 2001-10-26 20:15 - 00110164 _____ C:\WINDOWS\system32\perfc015.dat 2017-05-19 12:52 - 2014-03-29 22:02 - 00000228 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2017-05-19 12:52 - 2011-10-26 23:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-19 12:52 - 2001-07-22 02:17 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl ==================== Pliki w katalogu głównym wybranych folderów ======= 2012-01-15 20:44 - 2015-05-15 22:01 - 0018944 ____C () C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-10-30 17:59 - 2011-10-30 17:59 - 0000133 ____C () C:\Documents and Settings\Marzanna\Ustawienia lokalne\Dane aplikacji\fusioncache.dat Niektóre pliki w TEMP: ==================== 2016-08-02 13:09 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Marzanna\Ustawienia lokalne\Temp\avguirn_081482272914.exe 2016-04-23 16:30 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Marzanna\Ustawienia lokalne\Temp\avguirn_081513492949.exe 2016-06-30 15:57 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Marzanna\Ustawienia lokalne\Temp\avguirn_081524019259.exe 2016-04-09 23:24 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Marzanna\Ustawienia lokalne\Temp\avguirn_0838727331.exe 2016-08-23 20:29 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Marzanna\Ustawienia lokalne\Temp\avguirn_08820181267.exe 2013-07-05 16:27 - 2017-05-19 12:54 - 0040960 _____ (Realtek) C:\Documents and Settings\Marzanna\Ustawienia lokalne\Temp\rtdrvmon.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================