REKLAMA

FRST.txt

Windows XP - Automatyczna zmiana aktualnie aktywnego okna

Adwcleaner zrobiłem i usunąłem wszystko co wykrył już wcześniej, teraz jak robiłem nic nie znalazł. W załączniku logi.


Pobierz plik - link do postu

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01
Ran by Owner (administrator) on K2 on 17-12-2014 14:08:28
Running from C:\Documents and Settings\Owner\My Documents\Pobrane
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Angielski (Stany Zjednoczone)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\WINDOWS\system32\TaskSwitch.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] = & gt; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] = & gt; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] = & gt; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [SoundMAXPnP] = & gt; C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-06-22] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] = & gt; C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKLM\...\Policies\Explorer: [NoSharedDocuments] 1
HKLM\...\Policies\Explorer: [MaxRecentDocs] 18
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-19\...\RunOnce: [_nltide_3] = & gt; rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] = & gt; rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1482476501-1645522239-682003330-1003\...\Run: [DellSystemDetect] = & gt; C:\Documents and Settings\Owner\Local Settings\Apps\2.0\Z6D3M862.QKA\K93V2HLM.G82\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
HKU\S-1-5-18\...\RunOnce: [_nltide_3] = & gt; rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SecurityProviders: schannel.dll, credssp.dll, digest.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft .NET Framework v4 - Slow Windows XP Boot Fix.vbs ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk - & gt; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction & lt; ======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction & lt; ======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction & lt; ======= ATTENTION
HKU\S-1-5-21-1482476501-1645522239-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction & lt; ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1482476501-1645522239-682003330-1003 - & gt; {F83B7E7A-688A-47DA-A9E5-A40D9E15266B} URL = http://search.yahoo.com/search?p={searchTerms} & b={startPage?} & fr=ie8
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bedtn7q3.default
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - & gt; C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - & gt; C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - & gt; C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - & gt; C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bedtn7q3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-29]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-18]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-18]
CHR Extension: (Dysk Google) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-18]
CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-18]
CHR Extension: (Arkusze Google) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-18]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [181664 2014-05-29] (Oracle Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-10-06] (Cisco Systems, Inc.) [File not signed]
R3 BazisVirtualCDBus; C:\WINDOWS\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [237224 2012-02-02] (Intel Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-05-22] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-05-22] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-05-22] (Marvell Semiconductor Inc.)
R3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1182480 2012-09-24] (Realtek Semiconductor Corporation )
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2013-05-22] (Microsoft Corporation) [File not signed]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 14:08 - 2014-12-17 14:08 - 00000000 ____D () C:\FRST
2014-12-17 14:04 - 2014-12-17 14:04 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-12-16 14:06 - 2014-12-16 14:37 - 00013456 _____ () C:\Documents and Settings\Owner\Desktop\Nowy OpenDocument Dokument tekstowy.odt
2014-12-12 11:42 - 2014-12-12 11:42 - 00156786 _____ () C:\Documents and Settings\Owner\Desktop\Navarro.odt
2014-12-10 13:26 - 2014-12-10 13:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-01 17:48 - 2014-12-17 14:07 - 00000000 ____D () C:\AdwCleaner
2014-12-01 12:06 - 2014-12-01 12:06 - 00348026 _____ () C:\Documents and Settings\Owner\Desktop\wyciagi.zip
2014-11-28 12:31 - 2014-11-28 13:00 - 00012735 _____ () C:\Documents and Settings\Owner\Desktop\US przeksięg.odt
2014-11-28 12:31 - 2014-11-28 12:31 - 00000610 _____ () C:\Documents and Settings\Owner\Desktop\Nowy OpenDocument Arkusz kalkulacyjny.ods.lnk
2014-11-25 16:18 - 2014-12-14 12:23 - 00015496 _____ () C:\Documents and Settings\Owner\Desktop\WKLADKA ZIMA.odt
2014-11-21 19:09 - 2014-12-01 17:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Skan
2014-11-21 19:09 - 2014-11-21 19:09 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Minolta
2014-11-21 19:08 - 2014-12-01 17:52 - 00000000 ____D () C:\Program Files\KONICA MINOLTA
2014-11-20 17:49 - 2014-11-20 17:49 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\CDex
2014-11-20 17:49 - 2014-11-20 17:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CDex
2014-11-20 17:48 - 2014-11-20 17:49 - 00000000 ____D () C:\Program Files\CDex
2014-11-18 13:14 - 2014-12-10 11:19 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-11-18 13:14 - 2014-11-18 13:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-11-18 13:13 - 2014-12-17 13:39 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 13:13 - 2014-12-16 20:18 - 00001034 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 13:13 - 2014-11-18 13:14 - 00000000 ____D () C:\Program Files\Google
2014-11-18 13:13 - 2014-11-18 13:14 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 14:08 - 2014-06-24 20:23 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Pobrane
2014-12-17 14:08 - 2014-05-29 21:43 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-12-17 14:04 - 2014-05-29 21:38 - 01948201 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 13:43 - 2014-05-29 16:32 - 00603658 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-17 13:39 - 2014-05-29 21:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-17 13:39 - 2014-05-29 16:16 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-17 13:39 - 2014-05-29 15:10 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2014-12-17 13:39 - 2008-04-14 13:00 - 00002184 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-16 20:22 - 2014-05-29 21:43 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-12-16 20:22 - 2014-05-29 21:42 - 00032506 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-16 13:42 - 2014-05-29 16:30 - 00977636 _____ () C:\WINDOWS\setupapi.log
2014-12-10 22:25 - 2014-05-29 16:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 22:21 - 2013-05-14 13:45 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe
2014-12-10 22:11 - 2014-05-29 15:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-08 15:00 - 2014-05-29 16:16 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-12-03 17:15 - 2014-05-30 14:08 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FIRMY KRAKÓW
2014-12-01 18:31 - 2014-07-18 11:36 - 00024950 _____ () C:\Documents and Settings\Owner\Desktop\justynka.ods
2014-11-21 19:08 - 2014-05-29 15:14 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-11-20 17:49 - 2014-05-29 21:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-11-20 17:46 - 2014-05-29 21:36 - 00004008 _____ () C:\WINDOWS\wmsetup.log

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Owner\Local Settings\Temp\utt4.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe = & gt; File is digitally signed
C:\WINDOWS\system32\winlogon.exe = & gt; File is digitally signed
C:\WINDOWS\system32\svchost.exe = & gt; File is digitally signed
C:\WINDOWS\system32\services.exe = & gt; File is digitally signed
C:\WINDOWS\system32\User32.dll = & gt; File is digitally signed
C:\WINDOWS\system32\userinit.exe = & gt; File is digitally signed
C:\WINDOWS\system32\rpcss.dll = & gt; File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys = & gt; File is digitally signed

==================== End Of Log ============================