Anonim / 3 lata, 2 miesiące temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2014
Ran by Dariusz (administrator) on DAREK on 01-12-2014 21:45:48
Running from C:\Documents and Settings\Dariusz\Moje dokumenty\Downloads
Loaded Profile: Dariusz (Available profiles: Dariusz)
Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) OS Language: Polski
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(FSPro Labs) C:\WINDOWS\system32\fsproflt2.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(FSPro Labs) C:\Program Files\Hide Folders 2012\hf.exe
() C:\Documents and Settings\All Users\Dane aplikacji\Trusted Publisher\SystemLight\SoftwareForce.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SoundMan.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Spotify Ltd) C:\Documents and Settings\Dariusz\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe
(SkypEmoticons) C:\Documents and Settings\Dariusz\Dane aplikacji\SkypEmoticons\SE.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Logitech, Inc.) C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16875008 2008-06-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2008-06-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2008-06-19] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-583907252-562591055-682003330-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-583907252-562591055-682003330-1004\...\Run: [Facebook Update] => C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [138096 2013-08-20] (Facebook Inc.)
HKU\S-1-5-21-583907252-562591055-682003330-1004\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-583907252-562591055-682003330-1004\...\Run: [Spotify Web Helper] => C:\Documents and Settings\Dariusz\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-15] (Spotify Ltd)
HKU\S-1-5-21-583907252-562591055-682003330-1004\...\Run: [se] => C:\Documents and Settings\Dariusz\Dane aplikacji\SkypEmoticons\SE.exe [5679008 2014-12-01] (SkypEmoticons)
HKU\S-1-5-21-583907252-562591055-682003330-1004\...\MountPoints2: H - H:\iLinker.exe
AppInit_DLLs: c:\progra~1\websea~1\sprote~1.dll => c:\progra~1\websea~1\sprote~1.dll File Not Found
AppInit_DLLs:  c:\progra~1\contin~1\sprote~1.dll => c:\progra~1\contin~1\sprote~1.dll File Not Found
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Dariusz\Menu Start\Programy\Autostart\GIGABYTE Gamer HUD.lnk
ShortcutTarget: GIGABYTE Gamer HUD.lnk -> C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe ()
Startup: C:\Documents and Settings\Dariusz\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exeC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-583907252-562591055-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL
HKU\S-1-5-21-583907252-562591055-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-583907252-562591055-682003330-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL
URLSearchHook: [S-1-5-21-583907252-562591055-682003330-1004] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-562591055-682003330-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-562591055-682003330-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={CE19F47C-306B-41E3-8EF1-E5164AA100A8}&mid=cc6012ca0bfb47d08646d1569675a1df-cb888f8f33799cc65323db2ddc83198dc3018d16&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 18:17:57&v=18.1.6.542&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: YoutubeAdBlocke -> {2486089e-48c6-4bee-80a2-abcd56dd5336} -> C:\Program Files\YoutubeAdBlocke\PUUk5TsrXAjgwJ.dll ()
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> E:\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-583907252-562591055-682003330-1004 -> &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-583907252-562591055-682003330-1004 -> &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dariusz\Dane aplikacji\Mozilla\Firefox\Profiles\5g8ypyvn.default
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://www.google.pl/
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-583907252-562591055-682003330-1004: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: YoutubeAdBlocke - C:\Documents and Settings\Dariusz\Dane aplikacji\Mozilla\Firefox\Profiles\5g8ypyvn.default\Extensions\cPlp@00veWy.net [2014-12-01]
FF Extension: Adblock Plus - C:\Documents and Settings\Dariusz\Dane aplikacji\Mozilla\Firefox\Profiles\5g8ypyvn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-14]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Dane aplikacji\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\Documents and Settings\All Users\Dane aplikacji\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-25]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default
CHR Extension: (AVG SafeGuard) - C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-05-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1417463406&from=wpc&uid=ST3500410AS_6VM005CLXXXX6VM005CL

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 24c54e38; c:\Program Files\DeltaFix\DeltaFix.dll [4160512 2014-12-01] () [File not signed]
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 fsproflt2; C:\WINDOWS\system32\fsproflt2.exe [49512 2012-07-12] (FSPro Labs)
R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [80392 2008-07-11] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-12-12] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-14] (DT Soft Ltd)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-05-01] (Logitech Inc.)
R0 FSProFilter2; C:\WINDOWS\System32\Drivers\FSPFltd2.sys [51760 2011-06-03] (FSPro Labs)
R3 gdrv; C:\WINDOWS\gdrv.sys [16608 2014-12-01] (Windows (R) 2000 DDK provider)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-12-01] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 21:45 - 2014-12-01 21:45 - 00000000 ____D () C:\FRST
2014-12-01 21:20 - 2014-12-01 21:35 - 114775724 _____ () C:\Documents and Settings\Dariusz\Pulpit\videoplayback
2014-12-01 20:51 - 2014-12-01 20:53 - 00000000 ____D () C:\Documents and Settings\Dariusz\Dane aplikacji\SkypEmoticons
2014-12-01 20:51 - 2014-12-01 20:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\SkypEmoticons
2014-12-01 20:48 - 2014-12-01 21:39 - 00000644 ____H () C:\WINDOWS\Tasks\SoftwareForce-S-3467974890.job
2014-12-01 20:48 - 2014-12-01 20:48 - 00000000 ____D () C:\Program Files\DeltaFix
2014-12-01 20:48 - 2014-12-01 20:48 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Trusted Publisher
2014-12-01 20:46 - 2014-12-01 20:46 - 00000000 ____D () C:\Program Files\YoutubeAdBlocke
2014-12-01 20:45 - 2014-12-01 21:42 - 00000000 ____D () C:\Program Files\BuyNsave
2014-12-01 20:45 - 2014-12-01 20:45 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\7252590175912499807
2014-11-23 22:09 - 2014-11-23 22:12 - 00000000 ____D () C:\Documents and Settings\Dariusz\Pulpit\zdjęcia taty z telefonu
2014-11-22 16:37 - 2014-12-01 16:40 - 00002267 _____ () C:\Documents and Settings\All Users\Pulpit\Skype.lnk
2014-11-22 16:37 - 2014-11-22 16:37 - 00000000 ___RD () C:\Program Files\Skype
2014-11-22 16:37 - 2014-11-22 16:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-11-22 16:37 - 2014-11-22 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Skype
2014-11-19 22:09 - 2014-11-19 22:10 - 00000000 ____D () C:\Documents and Settings\Dariusz\Pulpit\Archiwum - Urząd Gminy
2014-11-17 20:33 - 2014-10-27 09:06 - 06821496 _____ (TomTom International B.V.) C:\Documents and Settings\Dariusz\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2014-11-11 16:47 - 2014-12-01 21:01 - 00000000 ____D () C:\Documents and Settings\Dariusz\Pulpit\GRACJA
2014-11-11 11:10 - 2014-12-01 21:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-09 13:07 - 2014-11-09 13:07 - 00005325 _____ () C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\recently-used.xbel
2014-11-03 21:24 - 2014-11-03 21:36 - 00000000 ____D () C:\Documents and Settings\Dariusz\Pulpit\Sikaflor

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 21:46 - 2012-10-13 20:19 - 00000000 ____D () C:\Documents and Settings\Dariusz\Ustawienia lokalne\Temp
2014-12-01 21:43 - 2012-10-13 20:15 - 02048982 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-01 21:42 - 2012-10-13 20:36 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-01 21:41 - 2014-07-29 15:59 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-12-01 21:40 - 2012-10-13 20:36 - 00000125 _____ () C:\service.log
2014-12-01 21:39 - 2014-03-28 07:44 - 00000226 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP  logowanie.job
2014-12-01 21:39 - 2012-10-13 20:53 - 00001032 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-01 21:39 - 2012-10-13 20:47 - 00198612 _____ () C:\WINDOWS\system32\nvapps.xml
2014-12-01 21:38 - 2012-10-13 22:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-01 21:38 - 2012-10-13 22:04 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-01 21:38 - 2012-10-13 20:35 - 00016608 _____ (Windows (R) 2000 DDK provider) C:\WINDOWS\gdrv.sys
2014-12-01 21:38 - 2012-10-13 20:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-01 21:36 - 2014-07-21 18:11 - 00000000 ____D () C:\Documents and Settings\Dariusz\Moje dokumenty\Pobrane
2014-12-01 21:36 - 2012-11-05 16:47 - 00000000 ____D () C:\Documents and Settings\Dariusz\Dane aplikacji\vlc
2014-12-01 21:36 - 2012-10-13 20:19 - 00000000 ____D () C:\Documents and Settings\Dariusz\Pulpit
2014-12-01 21:24 - 2012-10-29 17:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-01 21:24 - 2012-10-14 12:27 - 00000000 ____D () C:\Documents and Settings\Dariusz\Dane aplikacji\uTorrent
2014-12-01 21:24 - 2012-10-13 20:19 - 00000000 ____D () C:\Documents and Settings\Dariusz
2014-12-01 21:13 - 2012-10-13 20:19 - 00000000 ___RD () C:\Documents and Settings\Dariusz\Menu Start\Programy\Autostart
2014-12-01 21:13 - 2012-10-13 20:19 - 00000000 ___RD () C:\Documents and Settings\Dariusz\Menu Start\Programy
2014-12-01 21:01 - 2012-10-13 20:53 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-01 20:51 - 2012-10-13 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy
2014-12-01 20:51 - 2012-10-13 20:19 - 00000000 __RHD () C:\Documents and Settings\Dariusz\Dane aplikacji
2014-12-01 20:50 - 2013-11-20 21:01 - 00000926 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
2014-12-01 20:50 - 2013-11-20 21:01 - 00000920 _____ () C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
2014-12-01 20:50 - 2012-12-03 20:40 - 00000930 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-01 20:50 - 2012-10-13 20:57 - 00002009 _____ () C:\Documents and Settings\Dariusz\Pulpit\Google Chrome.lnk
2014-12-01 20:50 - 2012-10-13 20:19 - 00000999 _____ () C:\Documents and Settings\Dariusz\Menu Start\Programy\Internet Explorer.lnk
2014-12-01 20:48 - 2012-10-13 21:59 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-12-01 20:10 - 2013-01-14 21:27 - 00001010 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-562591055-682003330-1004UA.job
2014-12-01 20:10 - 2013-01-14 21:27 - 00000988 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-562591055-682003330-1004Core.job
2014-12-01 19:32 - 2012-10-13 20:45 - 00036352 _____ () C:\Documents and Settings\Dariusz\Moje dokumenty\Moje faktury.xls
2014-12-01 19:32 - 2012-10-13 20:19 - 00000000 ___RD () C:\Documents and Settings\Dariusz\Moje dokumenty
2014-12-01 17:37 - 2012-10-16 15:09 - 00000000 ____D () C:\Documents and Settings\Dariusz\Dane aplikacji\Skype
2014-12-01 17:10 - 2012-10-13 20:18 - 00032272 ____N () C:\WINDOWS\SchedLgU.Txt
2014-12-01 08:33 - 2012-10-14 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\MFAData
2014-11-30 22:26 - 2012-10-13 20:19 - 00000292 ___SH () C:\Documents and Settings\Dariusz\ntuser.ini
2014-11-30 14:44 - 2014-10-11 12:14 - 00000000 ____D () C:\Documents and Settings\Dariusz\Pulpit\ćwiczenia
2014-11-30 11:43 - 2008-04-15 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-29 21:19 - 2012-10-13 22:01 - 01227306 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-29 21:19 - 2008-04-15 13:00 - 00545096 _____ () C:\WINDOWS\system32\perfh015.dat
2014-11-29 21:19 - 2008-04-15 13:00 - 00099750 _____ () C:\WINDOWS\system32\perfc015.dat
2014-11-29 20:08 - 2013-03-13 20:29 - 00000000 ___RD () C:\Documents and Settings\Dariusz\Moje dokumenty\Moje obrazy
2014-11-26 19:51 - 2012-12-03 20:40 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 19:51 - 2012-12-03 20:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-23 08:46 - 2012-11-17 16:30 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-22 16:37 - 2012-10-16 15:09 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Skype
2014-11-22 16:37 - 2012-10-13 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-11-22 16:05 - 2013-06-10 10:12 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs
2014-11-17 20:26 - 2013-03-06 21:50 - 00000000 ____D () C:\Documents and Settings\Dariusz\Moje dokumenty\Panex
2014-11-15 18:41 - 2014-07-26 13:00 - 00000000 ____D () C:\Documents and Settings\Dariusz\Dane aplikacji\Spotify
2014-11-15 14:25 - 2014-07-26 13:06 - 00000000 ____D () C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\Spotify
2014-11-13 07:01 - 2012-10-13 20:19 - 00000000 ___HD () C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji
2014-11-12 22:15 - 2013-07-14 11:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 22:10 - 2012-10-17 22:00 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 16:01 - 2013-11-20 21:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-09 13:10 - 2014-08-01 17:32 - 00000000 ____D () C:\Documents and Settings\Dariusz\.gimp-2.8
2014-11-09 13:07 - 2014-08-01 17:34 - 00000000 ____D () C:\Documents and Settings\Dariusz\Ustawienia lokalne\Dane aplikacji\gtk-2.0
2014-11-09 13:06 - 2014-09-01 16:39 - 00000000 ____D () C:\Documents and Settings\Dariusz\Pulpit\Nowy folder
2014-11-09 12:39 - 2014-09-01 19:13 - 00000000 ____D () C:\Documents and Settings\Dariusz\Pulpit\import
2014-11-08 15:00 - 2014-03-28 07:44 - 00000220 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP  co miesiąc.job

Some content of TEMP:
====================
C:\Documents and Settings\Dariusz\Ustawienia lokalne\Temp\OnlineBackup.exe
C:\Documents and Settings\Dariusz\Ustawienia lokalne\Temp\sSetup-se.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================