Proszę o przejrzenie loga - problem z zegarem

**Posty:** 5 · przez **magdaHat** 07 Sie 2014, 09:48

Dzień dobry,
mam problem z zegarem - po każdym odpaleniu kompa cofa się do grudnia 2001 r. Wklejam log i bardzo dziękuję za pomoc.

PS Dwa antywirusy są tymczasowo - AVG na stale, drugi trial awaryjnie - skanowałam nim i znalazł trojana.

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:23:27, on 2014-08-07 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) FIREFOX: 31.0 (x86 pl) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe C:\Apache\bin\httpd.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe G:\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Apache\bin\httpd.exe G:\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe C:\MySQL\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe G:\Malwarebytes Anti-Malware\mbam.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\opera.exe C:\Program Files\Opera\HijackThis_2.0.4.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/?src01=dp4 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/?src01=dp4 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file) O2 - BHO: (no name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: (no name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Documents and Settings\Magda\Dane aplikacji\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=5d31055051d547d6b6a1d1467bb35095-06ce4fc639803a2e3563922518183d8e94088cb9 /CMPID=0214c O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: start.lnk = C:\Documents and Settings\Magda\e91f6n7m\80506.vbs O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{12151EFF-2405-4211-8387-04E95D21B50E}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{44844FF8-8F46-44E0-838D-4EB1EB50D926}: NameServer = 8.8.8.8,8.8.4.4 O20 - AppInit_DLLs: c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apache2 - Apache Software Foundation - C:\Apache\bin\httpd.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - G:\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - G:\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MySQL - Unknown owner - C:\MySQL\bin\mysqld-nt (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 9418 bytes

**Posty:** 4765 · przez **ordynat** 07 Sie 2014, 10:10

Nie sądzę, by "wirus" miał cokolwiek wspólnego z zegarem.

Hajacka nie używa się już od 2006 roku - zbyt przestarzałe narzędzie, nie potrafiące wykryć bardziej nowoczesnych narzędzi.

Wydaje mi się, że masz infekcję/śmieci, więc proponuję:

1) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

2) Potem zrób logi z OTL http://forum.programosy.pl/frst-otl-zoek-vt139692.html

Logi wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów)
.

**Posty:** 5 · przez **magdaHat** 07 Sie 2014, 11:34

Bardzo dziękuję za odpowiedź.

Ściągnęłam Adw-cleaner, ale po "uruchom ponownie" - po szukaniu i usunięciu - komp się zawiesza kiedy pojawia się pulpit.
Log jest widoczny, jednak mysz i klawiatura nie działają... Nie mogę nic włączyć/wyłączyć czy zapisać.

Wyłączony z sieci i ponownie włączony odpala się z F1 ("CMOS checksum error - Default loaded"), tak odpala od 3 dni.
Zegar dalej cofnięty, teraz o różne daty 2001 r (wcześniej był 01.12.2001 i różne godziny).

Póki co usunęłam drugi antywirus, został AVG.
Popracuję nad nim wieczorem, bo teraz - niestety jest mi potrzebny do pracy :lipa:

nawet kiepsko pracujący....

Jeszcze raz bardzo dziękuję za pomoc - będę walczyła :!:

**Posty:** 681 · przez **XMan 1** 07 Sie 2014, 19:01

Przepraszam że odpowiadam w tym dziale, chcę tylko pomóc jednocześnie w innych problemach :wink:

Wykonuj to co pisze @ordynat.

Odnośnie zegara/czasu to kup nową/odpowiednią baterię do płyty głównej:

Kupisz u zegarmistrza, w serwisie, Allegro lub innych...
Koszt kilka zł.

Wcześniej sprawdź:

Klik na zegar --> Zmień ustawienia daty i godziny
--> ustaw prawidłową strefę czasową oraz resztę.

kliknij aby powiększyć:

Podałem z Windows 7, na Windows XP jest podobnie.

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Zastanawiałaś się nad instalacją Windows XP Service Pack 3
oraz aktualizacją systemu ?
Najnowsze aplikacje, sterowniki itp. wymagają SP3, do tego masz jeszcze bardzo stary Internet Explorer v6.00 SP2 (6.00.2900.2180)
z którego część programów korzysta...

Start --> Panel sterowania --> Opcje internetowe --> zakładka Zabezpieczenia
--> Internet, Lokalny intranet, Zaufane witryny, Witryny z ograniczeniami
- ustaw/kliknij wszystko na Poziom domyślny - Zastosuj - OK.

**Posty:** 5 · przez **magdaHat** 08 Sie 2014, 14:20

Dziękuję za podpowiedzi!

Baterię kupię i wymienię (może nie ja - jeszcze coś zepsuję), ale kogoś poproszę.
Wiem, że mam stary komputer, ale taki jeszcze pozostanie. Brak zasobów :cry:

Na pewno jest zaśmiecony jak diabli... I coś z tym trzeba zrobić. Nie znam się na komputerach (jak to podstarzała blondynka) - dlatego jestem wdzięczna za wszystkie porady od Panów/Pań profesjonalistów.
Jeszcze raz bardzo dziękuję.

Dodano Dzisiaj, 14:31:
I jeszcze...
Nie bardzo wiem, jak działa strona wklejto.pl
Coś tam wkleiłam, ale nie wiem - jak, gdy ktoś się zlituje, mam odebrać wiadomość.

Jeszcze raz wkleję logi tu.

Kod: Zaznacz wszystko: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:8-08-2014 Ran by Magda (administrator) on MAGDA on 08-08-2014 13:45:15 Running from C:\Documents and Settings\Magda\Pulpit Platform: Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (France Télécom R&D) C:\Program Files\neostrada tp\TaskBarIcon.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Apache Software Foundation) C:\Apache\bin\httpd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (France Telecom) C:\WINDOWS\system32\FTRTSVC.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE () C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbService.exe (Apache Software Foundation) C:\Apache\bin\httpd.exe () C:\MySQL\bin\mysqld-nt.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Opera Software) C:\Program Files\Opera\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Documents and Settings\Magda\Dane aplikacji\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=5d31055051d547d6b6a1d1467bb35095-06ce4fc639803a2e3563922518183d8e94088cb9 /CMPID=0214c HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\MountPoints2: {1d540d66-4db8-11de-916b-0010dcde5a21} - G:\gwmt83.bat HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\MountPoints2: {1d7998a3-1c29-11e2-97ac-000f3d57b966} - I:\MicroLauncher.exe HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\MountPoints2: {7d4a0827-bc6b-11e2-989f-000f3d57b966} - I:\MicroLauncher.exe HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\MountPoints2: {8f93b330-a218-11df-93b4-0010dcde5a21} - G:\AutoRun.exe HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\MountPoints2: {8f93b331-a218-11df-93b4-0010dcde5a21} - G:\AutoRun.exe HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\MountPoints2: {8f93b334-a218-11df-93b4-0010dcde5a21} - G:\AutoRun.exe HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\MountPoints2: {f66ebdc5-522f-11e1-96b4-000f3d57b966} - O:\LaunchU3.exe -a Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Acrobat Assistant.lnk ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Magda\Menu Start\Programy\Autostart\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\Magda\Menu Start\Programy\Autostart\start.lnk ShortcutTarget: start.lnk -> C:\Documents and Settings\Magda\e91f6n7m\80506.vbs () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/?src01=dp4 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/?src01=dp4 URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM - Backup.Old.DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} SearchScopes: HKCU - Backup.Old.DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll No File Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll () Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{12151EFF-2405-4211-8387-04E95D21B50E}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{44844FF8-8F46-44E0-838D-4EB1EB50D926}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\msn5xt69.default-1407025431687 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPBOARDS.dll (Ganymede Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPROULETTE.dll (Ganymede Technologies) FF Extension: Bitdefender QuickScan - C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\msn5xt69.default-1407025431687\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-08-06] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-09-07] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apache2; C:\Apache\bin\httpd.exe [20539 2007-01-09] (Apache Software Foundation) [File not signed] S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.) R2 FTRTSVC; C:\WINDOWS\System32\FTRTSVC.exe [40960 2004-08-23] (France Telecom) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.) S2 MBAMScheduler; \ [0 ] () [File not signed] S2 MBAMService; \ [0 ] () [File not signed] R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 MySQL; C:\MySQL\my.ini [9188 2008-06-14] () [File not signed] S3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [356920 2008-06-13] (PC Tools) S3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1079176 2008-10-09] (PC Tools) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35272 2014-01-10] (The OpenVPN Project) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.) S3 dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [223128 2007-05-03] (DT Soft Ltd.) S3 e4usbaw; C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [116992 2006-09-19] (Analog Devices Inc.) [File not signed] S3 hwusbfake; C:\WINDOWS\System32\DRIVERS\ewusbfake.sys [102656 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] S2 IKANLOADER2; C:\WINDOWS\System32\Drivers\e4ldr.sys [64000 2006-09-15] (Analog Deivces) [File not signed] S3 IKFileSec; C:\WINDOWS\system32\drivers\ikfilesec.sys [40840 2008-08-25] (PCTools Research Pty Ltd.) S3 IKSysFlt; C:\WINDOWS\System32\drivers\iksysflt.sys [66952 2008-08-25] (PCTools Research Pty Ltd.) S3 IKSysSec; C:\WINDOWS\System32\drivers\iksyssec.sys [81288 2008-08-25] (PCTools Research Pty Ltd.) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2002-01-01] (Malwarebytes Corporation) R3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [13056 2002-11-27] (NVIDIA Corporation) [File not signed] R3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [80896 2002-09-23] (NVIDIA Corporation) R3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [241152 2002-11-27] (NVIDIA Corporation) [File not signed] R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [13568 2002-09-06] (NVIDIA Corporation) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16128 2003-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 s217bus; C:\WINDOWS\System32\DRIVERS\s217bus.sys [83496 2007-11-02] (MCCI Corporation) S3 s217mdfl; C:\WINDOWS\System32\DRIVERS\s217mdfl.sys [15016 2007-11-02] (MCCI Corporation) S3 s217mdm; C:\WINDOWS\System32\DRIVERS\s217mdm.sys [109992 2007-11-02] (MCCI Corporation) S3 s217mgmt; C:\WINDOWS\System32\DRIVERS\s217mgmt.sys [103976 2007-11-02] (MCCI Corporation) S3 s217nd5; C:\WINDOWS\System32\DRIVERS\s217nd5.sys [24872 2007-11-02] (MCCI Corporation) S3 s217obex; C:\WINDOWS\System32\DRIVERS\s217obex.sys [100008 2007-11-02] (MCCI Corporation) S3 s217unic; C:\WINDOWS\System32\DRIVERS\s217unic.sys [105896 2007-11-02] (MCCI) S3 s716bus; C:\WINDOWS\System32\DRIVERS\s716bus.sys [83208 2007-04-04] (MCCI Corporation) S3 s716mdfl; C:\WINDOWS\System32\DRIVERS\s716mdfl.sys [15112 2007-04-04] (MCCI Corporation) S3 s716mdm; C:\WINDOWS\System32\DRIVERS\s716mdm.sys [108552 2007-04-04] (MCCI Corporation) S3 s716mgmt; C:\WINDOWS\System32\DRIVERS\s716mgmt.sys [100360 2007-04-04] (MCCI Corporation) S3 s716nd5; C:\WINDOWS\System32\DRIVERS\s716nd5.sys [23176 2007-04-04] (MCCI Corporation) S3 s716obex; C:\WINDOWS\System32\DRIVERS\s716obex.sys [98568 2007-04-04] (MCCI Corporation) S3 s716unic; C:\WINDOWS\System32\DRIVERS\s716unic.sys [98952 2007-04-04] (MCCI Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2001-07-22] () R3 TNET1130; C:\WINDOWS\System32\DRIVERS\GPlus.sys [283392 2004-05-28] () [File not signed] S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) S3 catchme; \??\C:\DOCUME~1\Magda\USTAWI~1\Temp\catchme.sys [X] S3 FLASHSYS; \??\C:\WINDOWS\system32\DRIVERS\FLASHSYS.sys [X] S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X] S4 hpt3xx; No ImagePath S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S4 IntelIde; No ImagePath S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\ [X] S3 NTACCESS; \??\E:\NTACCESS.sys [X] S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation) S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [X] S0 sptd; System32\Drivers\sptd.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S3 WEBNTACCESS; \??\C:\WINDOWS\system32\NTACCESS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 13:45 - 2014-08-08 13:46 - 00018978 _____ () C:\Documents and Settings\Magda\Pulpit\FRST.txt 2014-08-08 13:45 - 2014-08-08 13:45 - 00000000 ____D () C:\FRST 2014-08-08 13:44 - 2014-08-08 13:44 - 01084928 _____ (Farbar) C:\Documents and Settings\Magda\Pulpit\FRST.exe 2014-08-08 12:29 - 2014-08-08 12:29 - 00022840 _____ () C:\Documents and Settings\Magda\Pulpit\HitmanPro_20140808_1228.log 2014-08-08 12:11 - 2014-08-08 12:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro 2014-08-08 12:09 - 2014-08-08 12:09 - 00017207 _____ () C:\Documents and Settings\Magda\Pulpit\Report 2014-08-06 12.30.54.txt 2014-08-08 11:43 - 2014-08-08 11:43 - 00001226 _____ () C:\Documents and Settings\Magda\Pulpit\AdwCleaner[R2].txt 2014-08-07 10:19 - 2002-01-01 00:14 - 00000000 ____D () C:\AdwCleaner 2014-08-07 10:18 - 2014-08-07 10:18 - 01475072 _____ () C:\Documents and Settings\Magda\Pulpit\adwcleaner_3.303.exe 2014-08-07 09:23 - 2014-08-07 09:23 - 00009419 _____ () C:\Documents and Settings\Magda\Pulpit\hijackthis.log 2014-08-06 14:14 - 2014-08-06 14:14 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\malwarebytes 2014-08-06 13:01 - 2002-01-01 01:03 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-06 12:59 - 2014-08-06 12:59 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-08-06 12:30 - 2014-08-06 12:42 - 00017207 _____ () C:\Report 2014-08-06 12.30.54.txt 2014-08-06 12:26 - 2014-08-06 12:28 - 00057684 _____ () C:\Report 2014-08-06 12.26.17.txt 2014-08-06 12:23 - 2014-08-06 12:23 - 00000000 ____D () C:\Documents and Settings\Magda\Dane aplikacji\QuickScan 2014-08-06 12:21 - 2014-08-06 12:22 - 00000123 _____ () C:\Report 2014-08-06 12.21.27.txt 2014-08-03 02:23 - 2014-08-03 02:23 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\Stare dane programu Firefox 2014-07-30 00:59 - 2014-07-30 01:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-28 12:31 - 2014-07-28 12:31 - 00000000 ___HD () C:\Documents and Settings\All Users\Dane aplikacji\CanonIJEGV 2014-07-09 10:39 - 2014-07-09 10:39 - 19178160 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 13:46 - 2014-08-08 13:45 - 00018978 _____ () C:\Documents and Settings\Magda\Pulpit\FRST.txt 2014-08-08 13:46 - 2007-05-02 18:18 - 00000000 ____D () C:\Documents and Settings\Magda\Ustawienia lokalne\Temp 2014-08-08 13:45 - 2014-08-08 13:45 - 00000000 ____D () C:\FRST 2014-08-08 13:45 - 2007-05-02 18:18 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit 2014-08-08 13:44 - 2014-08-08 13:44 - 01084928 _____ (Farbar) C:\Documents and Settings\Magda\Pulpit\FRST.exe 2014-08-08 13:39 - 2013-08-13 06:51 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-08 13:06 - 2011-03-08 09:24 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-08 12:57 - 2011-03-08 09:24 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-08 12:29 - 2014-08-08 12:29 - 00022840 _____ () C:\Documents and Settings\Magda\Pulpit\HitmanPro_20140808_1228.log 2014-08-08 12:29 - 2014-08-08 12:11 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro 2014-08-08 12:11 - 2007-05-02 19:03 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-08-08 12:09 - 2014-08-08 12:09 - 00017207 _____ () C:\Documents and Settings\Magda\Pulpit\Report 2014-08-06 12.30.54.txt 2014-08-08 12:09 - 2007-05-10 01:47 - 03787776 ___SH () C:\Documents and Settings\Magda\Pulpit\Thumbs.db 2014-08-08 12:06 - 2008-06-14 10:16 - 00000000 ____D () C:\instalacje 2014-08-08 12:05 - 2007-05-02 19:04 - 00993330 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-08 12:05 - 2001-10-26 18:15 - 00451220 _____ () C:\WINDOWS\system32\perfh015.dat 2014-08-08 12:05 - 2001-10-26 18:15 - 00075486 _____ () C:\WINDOWS\system32\perfc015.dat 2014-08-08 11:45 - 2007-05-02 18:18 - 00000292 ___SH () C:\Documents and Settings\Magda\ntuser.ini 2014-08-08 11:45 - 2007-05-02 18:17 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-08 11:43 - 2014-08-08 11:43 - 00001226 _____ () C:\Documents and Settings\Magda\Pulpit\AdwCleaner[R2].txt 2014-08-07 10:22 - 2007-05-02 18:18 - 00000000 __RHD () C:\Documents and Settings\Magda\Dane aplikacji 2014-08-07 10:22 - 2007-05-02 18:18 - 00000000 ___RD () C:\Documents and Settings\Magda\Menu Start\Programy 2014-08-07 10:22 - 2007-05-02 18:18 - 00000000 ___HD () C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji 2014-08-07 10:18 - 2014-08-07 10:18 - 01475072 _____ () C:\Documents and Settings\Magda\Pulpit\adwcleaner_3.303.exe 2014-08-07 10:15 - 2007-08-26 10:01 - 00000000 ____D () C:\WINDOWS\Minidump 2014-08-07 10:15 - 2007-05-02 18:18 - 00000000 ____D () C:\Documents and Settings\Magda 2014-08-07 09:23 - 2014-08-07 09:23 - 00009419 _____ () C:\Documents and Settings\Magda\Pulpit\hijackthis.log 2014-08-07 09:23 - 2007-05-03 01:09 - 00000000 ____D () C:\Program Files\Opera 2014-08-06 14:14 - 2014-08-06 14:14 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\malwarebytes 2014-08-06 14:08 - 2007-05-02 19:59 - 00000000 ____D () C:\WINDOWS\Media 2014-08-06 13:54 - 2014-06-12 16:04 - 00000000 _RSHD () C:\Documents and Settings\Magda\e91f6n7m 2014-08-06 12:59 - 2014-08-06 12:59 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-08-06 12:42 - 2014-08-06 12:30 - 00017207 _____ () C:\Report 2014-08-06 12.30.54.txt 2014-08-06 12:28 - 2014-08-06 12:26 - 00057684 _____ () C:\Report 2014-08-06 12.26.17.txt 2014-08-06 12:23 - 2014-08-06 12:23 - 00000000 ____D () C:\Documents and Settings\Magda\Dane aplikacji\QuickScan 2014-08-06 12:22 - 2014-08-06 12:21 - 00000123 _____ () C:\Report 2014-08-06 12.21.27.txt 2014-08-03 02:23 - 2014-08-03 02:23 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\Stare dane programu Firefox 2014-07-31 10:51 - 2014-04-02 20:41 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\zywioly 2014-07-31 10:29 - 2014-06-15 15:02 - 00000760 _____ () C:\Documents and Settings\Magda\Pulpit\TP-LINK Modem Router Settings.txt 2014-07-31 08:58 - 2012-05-05 09:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-30 14:27 - 2013-11-27 13:42 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\nostalgia 2014-07-30 01:00 - 2014-07-30 00:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-28 12:31 - 2014-07-28 12:31 - 00000000 ___HD () C:\Documents and Settings\All Users\Dane aplikacji\CanonIJEGV 2014-07-18 23:10 - 2008-10-18 15:22 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-07-14 17:16 - 2009-12-21 18:04 - 00002539 _____ () C:\Documents and Settings\Magda\Pulpit\Microsoft Office Word 2003 (2).lnk 2014-07-11 15:57 - 2014-07-08 13:00 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\h2 2014-07-11 15:39 - 2007-05-02 18:38 - 00387720 ____C () C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-07-09 10:40 - 2012-11-03 14:20 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-07-09 10:40 - 2011-12-08 10:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-07-09 10:39 - 2014-07-09 10:39 - 19178160 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe Some content of TEMP: ==================== C:\Documents and Settings\Magda\Ustawienia lokalne\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ [i][size=85]Dodano Dzisiaj, 14:33:[/size][/i] I drugi: OTL logfile created on: 2014-08-08 13:53:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Magda\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,16% Memory free 3,85 Gb Paging File | 3,01 Gb Available in Paging File | 78,15% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 25,39 Gb Total Space | 8,22 Gb Free Space | 32,37% Space Free | Partition Type: NTFS Drive D: | 43,95 Gb Total Space | 24,08 Gb Free Space | 54,79% Space Free | Partition Type: NTFS Drive G: | 102,78 Gb Total Space | 82,68 Gb Free Space | 80,44% Space Free | Partition Type: NTFS Drive J: | 97,65 Gb Total Space | 67,52 Gb Free Space | 69,14% Space Free | Partition Type: NTFS Drive K: | 97,65 Gb Total Space | 0,16 Gb Free Space | 0,17% Space Free | Partition Type: NTFS Computer Name: MAGDA | User Name: Magda | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-08-08 13:49:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe PRC - [2014-06-17 16:18:02 | 005,179,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe PRC - [2014-06-17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe PRC - [2014-04-28 08:25:21 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012-03-12 11:05:33 | 000,232,288 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbService.exe PRC - [2008-04-17 19:13:44 | 005,750,784 | ---- | M] () -- C:\MySQL\bin\mysqld-nt.exe PRC - [2008-03-04 03:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007-01-09 23:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation) -- C:\Apache\bin\httpd.exe PRC - [2004-10-05 16:00:12 | 000,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\TaskBarIcon.exe PRC - [2004-08-23 13:49:56 | 000,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-05-24 22:18:36 | 000,221,276 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-07-09 10:40:00 | 017,029,808 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll MOD - [2014-04-28 08:25:41 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2014-04-28 08:25:40 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2014-04-28 08:25:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2014-04-28 08:25:40 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2014-04-28 08:25:40 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2014-04-28 08:25:40 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2014-04-28 08:25:40 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2014-04-28 08:25:40 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2014-04-28 08:25:39 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2014-04-28 08:25:39 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2014-04-28 08:25:39 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2014-04-28 08:25:39 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012-03-12 11:05:33 | 000,232,288 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbService.exe MOD - [2008-04-17 19:13:44 | 005,750,784 | ---- | M] () -- C:\MySQL\bin\mysqld-nt.exe MOD - [2007-09-20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2007-03-19 07:15:00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll MOD - [2006-05-22 13:29:28 | 001,802,240 | ---- | M] () -- c:\Program Files\neostrada tp\skin\Default\main\ResourceStyle.dll MOD - [2006-05-14 15:44:00 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll MOD - [2004-08-04 00:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2004-04-30 22:44:30 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\AcroTray.POL [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (MBAMService) SRV - File not found [Auto | Stopped] -- -- (MBAMScheduler) SRV - [2014-07-30 00:59:57 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-07-09 10:40:19 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-06-27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2014-06-17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2012-03-12 11:05:33 | 000,232,288 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service) SRV - [2008-10-09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2008-06-13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2008-04-17 19:13:44 | 005,750,784 | ---- | M] () [Auto | Running] -- C:\MySQL\bin\mysqld-nt.exe -- (MySQL) SRV - [2007-01-09 23:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Apache\bin\httpd.exe -- (Apache2) SRV - [2004-08-23 13:49:56 | 000,040,960 | ---- | M] (France Telecom) [Auto | Running] -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NTACCESS.SYS -- (WEBNTACCESS) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\FLASHSYS.sys -- (FLASHSYS) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Magda\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - [2014-08-08 12:29:31 | 000,000,000 | ---D | M] [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ -- (MBAMProtector) DRV - [2014-06-17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2014-06-17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2014-06-17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx) DRV - [2014-06-17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2014-06-17 16:17:56 | 000,190,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverlx.sys -- (AVGIDSDriverl) DRV - [2014-06-17 16:06:38 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx) DRV - [2014-06-17 16:06:24 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2014-06-17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2014-06-17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2014-01-10 10:00:00 | 000,035,272 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswTap.sys -- (aswTap) DRV - [2009-08-04 13:04:28 | 000,102,656 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2008-08-25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec) DRV - [2008-08-25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt) DRV - [2008-08-25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec) DRV - [2007-11-02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) DRV - [2007-11-02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) DRV - [2007-11-02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex) DRV - [2007-11-02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) DRV - [2007-11-02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007-11-02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) DRV - [2007-11-02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007-05-03 18:41:38 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi) DRV - [2007-04-04 12:43:38 | 000,098,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic) DRV - [2007-04-04 12:43:36 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex) DRV - [2007-04-04 12:43:36 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5) DRV - [2007-04-04 12:43:34 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm) DRV - [2007-04-04 12:43:34 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt) DRV - [2007-04-04 12:43:32 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl) DRV - [2007-04-04 12:43:20 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus) DRV - [2006-09-19 11:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2006-09-15 11:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) DRV - [2004-05-28 11:56:00 | 000,283,392 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GPlus.sys -- (TNET1130) DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2002-11-27 17:22:00 | 000,241,152 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) DRV - [2002-11-27 17:22:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) DRV - [2002-09-23 04:37:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET) DRV - [2002-09-06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp) DRV - [2002-01-01 01:03:37 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/?src01=dp4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/?src01=dp4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014-07-30 00:59:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-07-30 00:59:30 | 000,000,000 | ---D | M] [2009-04-18 20:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Extensions [2013-03-28 15:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\6q6hiuem.default\extensions [2014-08-06 12:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\msn5xt69.default-1407025431687\extensions [2014-08-06 12:21:14 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\msn5xt69.default-1407025431687\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-30 00:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014-07-30 01:00:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2009-08-27 18:37:54 | 000,927,232 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPBOARDS.dll [2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009-08-27 18:36:42 | 000,591,352 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPROULETTE.dll O1 HOSTS File: ([2008-02-14 22:10:29 | 000,224,686 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 http://www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 http://www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 http://www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 http://www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 http://www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 http://www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 http://www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 http://www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 http://www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 http://www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 7885 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll () O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D) O4 - HKCU..\Run: [AVG-Secure-Search-Update_0214c] C:\Documents and Settings\Magda\Dane aplikacji\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=5d31055051d547d6b6a1d1467bb35095-06ce4fc639803a2e3563922518183d8e94088cb9 /CMPID=0214c File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Magda\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Magda\Menu Start\Programy\Autostart\start.lnk = C:\Documents and Settings\Magda\e91f6n7m\80506.vbs () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12151EFF-2405-4211-8387-04E95D21B50E}: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12151EFF-2405-4211-8387-04E95D21B50E}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22B8214A-E8F0-4868-985E-468E2C160DF6}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44844FF8-8F46-44E0-838D-4EB1EB50D926}: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44844FF8-8F46-44E0-838D-4EB1EB50D926}: NameServer = 8.8.8.8,8.8.4.4 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-05-02 18:14:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2014-07-31 09:48:29 | 000,000,089 | ---- | M] () - K:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{1d540d66-4db8-11de-916b-0010dcde5a21}\Shell\AutoRun\command - "" = G:\gwmt83.bat O33 - MountPoints2\{1d540d66-4db8-11de-916b-0010dcde5a21}\Shell\explore\Command - "" = G:\gwmt83.bat O33 - MountPoints2\{1d540d66-4db8-11de-916b-0010dcde5a21}\Shell\open\Command - "" = G:\gwmt83.bat O33 - MountPoints2\{1d7998a3-1c29-11e2-97ac-000f3d57b966}\Shell - "" = AutoRun O33 - MountPoints2\{1d7998a3-1c29-11e2-97ac-000f3d57b966}\Shell\AutoRun\command - "" = I:\MicroLauncher.exe O33 - MountPoints2\{7d4a0827-bc6b-11e2-989f-000f3d57b966}\Shell - "" = AutoRun O33 - MountPoints2\{7d4a0827-bc6b-11e2-989f-000f3d57b966}\Shell\AutoRun\command - "" = I:\MicroLauncher.exe O33 - MountPoints2\{8f93b330-a218-11df-93b4-0010dcde5a21}\Shell - "" = AutoRun O33 - MountPoints2\{8f93b330-a218-11df-93b4-0010dcde5a21}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f93b331-a218-11df-93b4-0010dcde5a21}\Shell - "" = AutoRun O33 - MountPoints2\{8f93b331-a218-11df-93b4-0010dcde5a21}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f93b334-a218-11df-93b4-0010dcde5a21}\Shell - "" = AutoRun O33 - MountPoints2\{8f93b334-a218-11df-93b4-0010dcde5a21}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f66ebdc5-522f-11e1-96b4-000f3d57b966}\Shell - "" = AutoRun O33 - MountPoints2\{f66ebdc5-522f-11e1-96b4-000f3d57b966}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-08-08 13:49:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe [2014-08-08 13:45:04 | 000,000,000 | ---D | C] -- C:\FRST [2014-08-08 13:44:37 | 001,084,928 | ---- | C] (Farbar) -- C:\Documents and Settings\Magda\Pulpit\FRST.exe [2014-08-08 12:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro [2014-08-07 10:19:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-08-07 10:15:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Magda\Recent [2014-08-06 13:01:26 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-08-06 12:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2014-08-06 12:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Dane aplikacji\QuickScan [2014-08-03 02:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magda\Pulpit\Stare dane programu Firefox [2014-07-30 00:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014-07-28 12:31:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJEGV [2014-04-25 10:02:44 | 034,718,824 | ---- | C] (Opera Software ASA) -- C:\Program Files\Opera_20.0.1387.91_Setup.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 D:\Home\Magda\*.tmp files -> D:\Home\Magda\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-08-08 13:57:23 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014-08-08 13:49:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magda\Pulpit\OTL.exe [2014-08-08 13:44:37 | 001,084,928 | ---- | M] (Farbar) -- C:\Documents and Settings\Magda\Pulpit\FRST.exe [2014-08-08 13:39:28 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014-08-08 13:06:46 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014-08-08 12:05:20 | 000,451,220 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2014-08-08 12:05:20 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2014-08-08 12:05:20 | 000,075,486 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2014-08-08 12:05:20 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014-07-18 23:10:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2014-07-14 17:16:00 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Microsoft Office Word 2003 (2).lnk [2014-07-14 11:59:57 | 000,323,877 | ---- | M] () -- C:\Documents and Settings\Magda\Pulpit\Firma Przyjazna Nauce.pdf [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 D:\Home\Magda\*.tmp files -> D:\Home\Magda\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-07-14 11:59:57 | 000,323,877 | ---- | C] () -- C:\Documents and Settings\Magda\Pulpit\Firma Przyjazna Nauce.pdf [2013-11-13 14:13:24 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib [2013-11-12 12:41:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Magda\Dane aplikacji\effects.ini [2012-03-24 14:39:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Magda\Dane aplikacji\$_hpcst$.hpc [2008-03-31 20:48:03 | 000,003,326 | ---- | C] () -- C:\Documents and Settings\Magda\Dane aplikacji\FUIPRESETS.INI [2008-03-31 20:45:17 | 000,001,270 | ---- | C] () -- C:\Documents and Settings\Magda\Dane aplikacji\coreldrw.tpa [2008-03-22 23:10:04 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat [2007-08-26 10:02:19 | 000,006,104 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2007-08-17 19:27:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Magda\Dane aplikacji\coreljtf.ini [2007-05-03 02:05:51 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2007-05-02 18:39:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2004-08-04 00:44:10 | 001,483,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2004-08-04 00:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2004-08-04 00:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2014-02-18 14:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2008-02-20 20:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Avery [2011-12-06 10:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2012 [2014-02-21 08:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2014 [2014-04-25 09:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Avg_Update_0414b [2014-02-02 10:44:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2014-07-28 12:31:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJEGV [2011-04-05 23:52:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2010-02-21 08:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2014-03-18 14:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG [2009-02-16 08:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Hitman Pro [2009-05-28 07:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Hitman Pro 3 [2014-08-08 12:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro [2009-09-05 16:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2002-01-01 00:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2013-11-13 23:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ [2008-06-14 10:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MySQL [2012-10-04 16:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2008-01-08 07:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Prevx [2013-11-13 14:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SlySoft [2008-10-18 15:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2011-12-06 09:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-02-07 21:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2007-05-02 19:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ACD Systems [2007-05-02 19:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ACDInTouch [2011-04-06 00:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\AVG [2014-02-18 13:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\AVG2014 [2013-11-13 16:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Dropbox [2007-05-03 03:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Gadu-Gadu [2010-05-13 08:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Gadu-Gadu 10 [2009-09-12 15:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\GanymedeNet [2009-05-27 18:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\GetRightToGo [2014-03-23 12:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\GG [2010-10-20 06:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\ipla [2008-10-25 13:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Leadertech [2009-02-08 18:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\MfcEmbed [2008-06-16 06:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\MySQL [2010-03-23 16:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\OpenFM [2009-02-08 18:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\OpenOfficeT72 [2011-10-22 13:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Opera [2007-05-07 20:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Palettes [2009-01-18 20:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\pl-soft [2011-01-25 11:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Polpress [2014-08-06 12:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\QuickScan [2010-05-28 06:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Sony [2007-08-17 19:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Style analizy wstępnej [2011-10-19 14:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\TeamViewer [2009-10-02 16:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Thunderbird [2010-04-11 21:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\Tlen.pl [2014-02-18 13:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Magda\Dane aplikacji\TuneUp Software [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2A81F9CE @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0B4227B4 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D1B5B4F1 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report >

**Posty:** 4765 · przez **ordynat** 08 Sie 2014, 17:02

Otwórz Notatnik i wklej w nim:

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Documents and Settings\Magda\Dane aplikacji\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=5d31055051d547d6b6a1d1467bb35095-06ce4fc639803a2e3563922518183d8e94088cb9 /CMPID=0214c
G:\gwmt83.bat
startup: C:\Documents and Settings\Magda\Menu Start\Programy\Autostart\start.lnk
ShortcutTarget: start.lnk -> C:\Documents and Settings\Magda\e91f6n7m\80506.vbs ()
C:\Documents and Settings\Magda\e91f6n7m
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - Backup.Old.DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
SearchScopes: HKCU - Backup.Old.DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll No File
catchme; \??\C:\DOCUME~1\Magda\USTAWI~1\Temp\catchme.sys [X]
S3 FLASHSYS; \??\C:\WINDOWS\system32\DRIVERS\FLASHSYS.sys [X]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S4 hpt3xx; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\ [X]
S3 NTACCESS; \??\E:\NTACCESS.sys [X]
S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X]
S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 WEBNTACCESS; \??\C:\WINDOWS\system32\NTACCESS.SYS [X]
C:\Report 2014-08-06 12.30.54.txt
C:\Report 2014-08-06 12.26.17.txt
C:\Report 2014-08-06 12.21.27.txt
Reg: reg delete HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2
Reboot:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.

Zrób nowy log z FRST.

.

**Posty:** 5 · przez **magdaHat** 08 Sie 2014, 17:16

Proszę, to FIXLOG:

Kod: Zaznacz wszystko: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:8-08-2014 Ran by Magda at 2014-08-08 17:08:53 Run:1 Running from C:\Documents and Settings\Magda\Pulpit Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Documents and Settings\Magda\Dane aplikacji\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=5d31055051d547d6b6a1d1467bb35095-06ce4fc639803a2e3563922518183d8e94088cb9 /CMPID=0214c G:\gwmt83.bat startup: C:\Documents and Settings\Magda\Menu Start\Programy\Autostart\start.lnk ShortcutTarget: start.lnk -> C:\Documents and Settings\Magda\e91f6n7m\80506.vbs () C:\Documents and Settings\Magda\e91f6n7m URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM - Backup.Old.DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} SearchScopes: HKCU - Backup.Old.DefaultScope {CCC7A320-B3CA-4199-B1A6-9F516DD69829} BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll No File catchme; \??\C:\DOCUME~1\Magda\USTAWI~1\Temp\catchme.sys [X] S3 FLASHSYS; \??\C:\WINDOWS\system32\DRIVERS\FLASHSYS.sys [X] S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X] S4 hpt3xx; No ImagePath S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S4 IntelIde; No ImagePath S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\ [X] S3 NTACCESS; \??\E:\NTACCESS.sys [X] S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X] S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S3 WEBNTACCESS; \??\C:\WINDOWS\system32\NTACCESS.SYS [X] C:\Report 2014-08-06 12.30.54.txt C:\Report 2014-08-06 12.26.17.txt C:\Report 2014-08-06 12.21.27.txt Reg: reg delete HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2 Reboot: ***************** HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= HKU\S-1-5-21-1060284298-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0214c => value deleted successfully. "G:\gwmt83.bat" => File/Directory not found. C:\Documents and Settings\Magda\Menu Start\Programy\Autostart\start.lnk => Moved successfully. C:\Documents and Settings\Magda\e91f6n7m\80506.vbs => Moved successfully. C:\Documents and Settings\Magda\e91f6n7m => Moved successfully. Default URLSearchHook was restored successfully . HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}" => Key deleted successfully. "HKCR\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}" => Key deleted successfully. catchme; \??\C:\DOCUME~1\Magda\USTAWI~1\Temp\catchme.sys [X] => Error: No automatic fix found for this entry. FLASHSYS => Service deleted successfully. GMSIPCI => Service deleted successfully. hpt3xx => Service deleted successfully. hwdatacard => Service deleted successfully. IntelIde => Service deleted successfully. MBAMProtector => Service deleted successfully. NTACCESS => Service deleted successfully. PCAMPR5 => Service deleted successfully. SetupNTGLM7X => Service deleted successfully. upperdev => Service deleted successfully. WEBNTACCESS => Service deleted successfully. C:\Report 2014-08-06 12.30.54.txt => Moved successfully. C:\Report 2014-08-06 12.26.17.txt => Moved successfully. C:\Report 2014-08-06 12.21.27.txt => Moved successfully. ========= reg delete HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2 ========= Permanently delete the registry key software\microsoft\windows\currentversion\explorer\mountpoints2 (Y/N)? Operacja ukończona pomyślnie ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ==== Naprawdę bardzo dziękuję za pomoc! [i][size=85]Dodano Dzisiaj, 17:19:[/size][/i] [b]A to nowy log z FRST:[/b] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:8-08-2014 Ran by Magda (administrator) on MAGDA on 08-08-2014 17:17:52 Running from C:\Documents and Settings\Magda\Pulpit Platform: Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polski Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (France Télécom R&D) C:\Program Files\neostrada tp\TaskBarIcon.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Apache Software Foundation) C:\Apache\bin\httpd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (Apache Software Foundation) C:\Apache\bin\httpd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (France Telecom) C:\WINDOWS\system32\FTRTSVC.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE () C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbService.exe () C:\MySQL\bin\mysqld-nt.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-1060284298-789336058-839522115-1003\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Acrobat Assistant.lnk ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Magda\Menu Start\Programy\Autostart\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: GGDriveOverlay1 -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay2 -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay3 -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) ShellIconOverlayIdentifiers: GGDriveOverlay4 -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/?src01=dp4 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/?src01=dp4 BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll () Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{12151EFF-2405-4211-8387-04E95D21B50E}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{44844FF8-8F46-44E0-838D-4EB1EB50D926}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\msn5xt69.default-1407025431687 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPBOARDS.dll (Ganymede Technologies) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPROULETTE.dll (Ganymede Technologies) FF Extension: Bitdefender QuickScan - C:\Documents and Settings\Magda\Dane aplikacji\Mozilla\Firefox\Profiles\msn5xt69.default-1407025431687\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-08-06] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-09-07] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apache2; C:\Apache\bin\httpd.exe [20539 2007-01-09] (Apache Software Foundation) [File not signed] R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.) R2 FTRTSVC; C:\WINDOWS\System32\FTRTSVC.exe [40960 2004-08-23] (France Telecom) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.) S2 MBAMScheduler; \ [0 ] () [File not signed] S2 MBAMService; \ [0 ] () [File not signed] R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 MySQL; C:\MySQL\my.ini [9188 2008-06-14] () [File not signed] S3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [356920 2008-06-13] (PC Tools) S3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1079176 2008-10-09] (PC Tools) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35272 2014-01-10] (The OpenVPN Project) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.) S3 dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [223128 2007-05-03] (DT Soft Ltd.) S3 e4usbaw; C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [116992 2006-09-19] (Analog Devices Inc.) [File not signed] S3 hwusbfake; C:\WINDOWS\System32\DRIVERS\ewusbfake.sys [102656 2009-08-04] (Huawei Technologies Co., Ltd.) [File not signed] S2 IKANLOADER2; C:\WINDOWS\System32\Drivers\e4ldr.sys [64000 2006-09-15] (Analog Deivces) [File not signed] S3 IKFileSec; C:\WINDOWS\system32\drivers\ikfilesec.sys [40840 2008-08-25] (PCTools Research Pty Ltd.) S3 IKSysFlt; C:\WINDOWS\System32\drivers\iksysflt.sys [66952 2008-08-25] (PCTools Research Pty Ltd.) S3 IKSysSec; C:\WINDOWS\System32\drivers\iksyssec.sys [81288 2008-08-25] (PCTools Research Pty Ltd.) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2002-01-01] (Malwarebytes Corporation) R3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [13056 2002-11-27] (NVIDIA Corporation) [File not signed] R3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [80896 2002-09-23] (NVIDIA Corporation) R3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [241152 2002-11-27] (NVIDIA Corporation) [File not signed] R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [13568 2002-09-06] (NVIDIA Corporation) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16128 2003-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 s217bus; C:\WINDOWS\System32\DRIVERS\s217bus.sys [83496 2007-11-02] (MCCI Corporation) S3 s217mdfl; C:\WINDOWS\System32\DRIVERS\s217mdfl.sys [15016 2007-11-02] (MCCI Corporation) S3 s217mdm; C:\WINDOWS\System32\DRIVERS\s217mdm.sys [109992 2007-11-02] (MCCI Corporation) S3 s217mgmt; C:\WINDOWS\System32\DRIVERS\s217mgmt.sys [103976 2007-11-02] (MCCI Corporation) S3 s217nd5; C:\WINDOWS\System32\DRIVERS\s217nd5.sys [24872 2007-11-02] (MCCI Corporation) S3 s217obex; C:\WINDOWS\System32\DRIVERS\s217obex.sys [100008 2007-11-02] (MCCI Corporation) S3 s217unic; C:\WINDOWS\System32\DRIVERS\s217unic.sys [105896 2007-11-02] (MCCI) S3 s716bus; C:\WINDOWS\System32\DRIVERS\s716bus.sys [83208 2007-04-04] (MCCI Corporation) S3 s716mdfl; C:\WINDOWS\System32\DRIVERS\s716mdfl.sys [15112 2007-04-04] (MCCI Corporation) S3 s716mdm; C:\WINDOWS\System32\DRIVERS\s716mdm.sys [108552 2007-04-04] (MCCI Corporation) S3 s716mgmt; C:\WINDOWS\System32\DRIVERS\s716mgmt.sys [100360 2007-04-04] (MCCI Corporation) S3 s716nd5; C:\WINDOWS\System32\DRIVERS\s716nd5.sys [23176 2007-04-04] (MCCI Corporation) S3 s716obex; C:\WINDOWS\System32\DRIVERS\s716obex.sys [98568 2007-04-04] (MCCI Corporation) S3 s716unic; C:\WINDOWS\System32\DRIVERS\s716unic.sys [98952 2007-04-04] (MCCI Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2001-07-22] () R3 TNET1130; C:\WINDOWS\System32\DRIVERS\GPlus.sys [283392 2004-05-28] () [File not signed] S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) S3 catchme; \??\C:\DOCUME~1\Magda\USTAWI~1\Temp\catchme.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation) S0 sptd; System32\Drivers\sptd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 17:08 - 2014-08-08 17:17 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\otl 2014-08-08 13:49 - 2014-08-08 13:49 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Magda\Pulpit\OTL.exe 2014-08-08 13:47 - 2014-08-08 13:48 - 00035068 _____ () C:\Documents and Settings\Magda\Pulpit\Addition.txt 2014-08-08 13:45 - 2014-08-08 17:18 - 00016501 _____ () C:\Documents and Settings\Magda\Pulpit\FRST.txt 2014-08-08 13:45 - 2014-08-08 17:17 - 00000000 ____D () C:\FRST 2014-08-08 13:44 - 2014-08-08 13:44 - 01084928 _____ (Farbar) C:\Documents and Settings\Magda\Pulpit\FRST.exe 2014-08-08 12:11 - 2014-08-08 12:29 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro 2014-08-07 10:19 - 2002-01-01 00:14 - 00000000 ____D () C:\AdwCleaner 2014-08-06 13:01 - 2002-01-01 01:03 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-06 12:59 - 2014-08-06 12:59 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-08-06 12:23 - 2014-08-06 12:23 - 00000000 ____D () C:\Documents and Settings\Magda\Dane aplikacji\QuickScan 2014-08-03 02:23 - 2014-08-03 02:23 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\Stare dane programu Firefox 2014-07-30 00:59 - 2014-07-30 01:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-28 12:31 - 2014-07-28 12:31 - 00000000 ___HD () C:\Documents and Settings\All Users\Dane aplikacji\CanonIJEGV 2014-07-09 10:39 - 2014-07-09 10:39 - 19178160 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 17:18 - 2014-08-08 13:45 - 00016501 _____ () C:\Documents and Settings\Magda\Pulpit\FRST.txt 2014-08-08 17:18 - 2007-05-02 18:18 - 00000000 ____D () C:\Documents and Settings\Magda\Ustawienia lokalne\Temp 2014-08-08 17:17 - 2014-08-08 17:08 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\otl 2014-08-08 17:17 - 2014-08-08 13:45 - 00000000 ____D () C:\FRST 2014-08-08 17:17 - 2007-05-02 18:18 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit 2014-08-08 17:12 - 2007-05-02 18:32 - 01067264 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-08 17:11 - 2011-04-05 23:49 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2014-08-08 17:11 - 2007-05-02 19:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-08-08 17:11 - 2007-05-02 19:05 - 00000000 _____ () C:\WINDOWS\wiaservc.log 2014-08-08 17:11 - 2007-05-02 19:04 - 00993330 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-08 17:11 - 2001-10-26 18:15 - 00451220 _____ () C:\WINDOWS\system32\perfh015.dat 2014-08-08 17:11 - 2001-10-26 18:15 - 00075486 _____ () C:\WINDOWS\system32\perfc015.dat 2014-08-08 17:10 - 2014-06-04 09:47 - 00000432 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics 2014-08-08 17:10 - 2011-03-08 09:24 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-08 17:10 - 2007-05-02 20:05 - 00070486 _____ () C:\WINDOWS\system32\nvwsapps.xml 2014-08-08 17:10 - 2007-05-02 19:17 - 00000000 ____D () C:\Program Files\neostrada tp 2014-08-08 17:10 - 2007-05-02 18:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-08 17:10 - 2001-07-22 00:17 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-08 17:09 - 2007-05-02 18:18 - 00000292 ___SH () C:\Documents and Settings\Magda\ntuser.ini 2014-08-08 17:09 - 2007-05-02 18:17 - 00032590 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-08 17:08 - 2007-05-02 18:18 - 00000000 ___RD () C:\Documents and Settings\Magda\Menu Start\Programy\Autostart 2014-08-08 17:08 - 2007-05-02 18:18 - 00000000 ____D () C:\Documents and Settings\Magda 2014-08-08 16:57 - 2011-03-08 09:24 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-08 16:39 - 2013-08-13 06:51 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-08 14:57 - 2007-05-02 18:18 - 00000000 ___HD () C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji 2014-08-08 13:49 - 2014-08-08 13:49 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Magda\Pulpit\OTL.exe 2014-08-08 13:48 - 2014-08-08 13:47 - 00035068 _____ () C:\Documents and Settings\Magda\Pulpit\Addition.txt 2014-08-08 13:44 - 2014-08-08 13:44 - 01084928 _____ (Farbar) C:\Documents and Settings\Magda\Pulpit\FRST.exe 2014-08-08 12:29 - 2014-08-08 12:11 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro 2014-08-08 12:11 - 2007-05-02 19:03 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji 2014-08-08 12:06 - 2008-06-14 10:16 - 00000000 ____D () C:\instalacje 2014-08-07 10:22 - 2007-05-02 18:18 - 00000000 __RHD () C:\Documents and Settings\Magda\Dane aplikacji 2014-08-07 10:22 - 2007-05-02 18:18 - 00000000 ___RD () C:\Documents and Settings\Magda\Menu Start\Programy 2014-08-07 10:15 - 2007-08-26 10:01 - 00000000 ____D () C:\WINDOWS\Minidump 2014-08-07 09:23 - 2007-05-03 01:09 - 00000000 ____D () C:\Program Files\Opera 2014-08-06 14:08 - 2007-05-02 19:59 - 00000000 ____D () C:\WINDOWS\Media 2014-08-06 12:59 - 2014-08-06 12:59 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2014-08-06 12:23 - 2014-08-06 12:23 - 00000000 ____D () C:\Documents and Settings\Magda\Dane aplikacji\QuickScan 2014-08-03 02:23 - 2014-08-03 02:23 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\Stare dane programu Firefox 2014-07-31 10:51 - 2014-04-02 20:41 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\zywioly 2014-07-31 10:29 - 2014-06-15 15:02 - 00000760 _____ () C:\Documents and Settings\Magda\Pulpit\TP-LINK Modem Router Settings.txt 2014-07-31 08:58 - 2012-05-05 09:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-30 14:27 - 2013-11-27 13:42 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\nostalgia 2014-07-30 01:00 - 2014-07-30 00:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-28 12:31 - 2014-07-28 12:31 - 00000000 ___HD () C:\Documents and Settings\All Users\Dane aplikacji\CanonIJEGV 2014-07-18 23:10 - 2008-10-18 15:22 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-07-14 17:16 - 2009-12-21 18:04 - 00002539 _____ () C:\Documents and Settings\Magda\Pulpit\Microsoft Office Word 2003 (2).lnk 2014-07-11 15:57 - 2014-07-08 13:00 - 00000000 ____D () C:\Documents and Settings\Magda\Pulpit\h2 2014-07-11 15:39 - 2007-05-02 18:38 - 00387720 ____C () C:\Documents and Settings\Magda\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2014-07-09 10:40 - 2012-11-03 14:20 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-07-09 10:40 - 2011-12-08 10:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-07-09 10:39 - 2014-07-09 10:39 - 19178160 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe Some content of TEMP: ==================== C:\Documents and Settings\Magda\Ustawienia lokalne\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================

**Posty:** 4765 · przez **ordynat** 08 Sie 2014, 17:29

OK, w nowym logu nie widzę już niczego podejrzanego.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST
.

**Posty:** 5 · przez **magdaHat** 08 Sie 2014, 18:31

Bardzo Panu dziękuję!
Jest Pan WIELKI!

Pozdrawiam serdecznie.
Magda

Kto jest na forum