Oto nowe logi
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:09-12-2015
Uruchomiony przez Regul (administrator) REGUL (11-12-2015 20:31:32)
Uruchomiony z C:\Documents and Settings\Regul\Pulpit
Załadowane profile: Regul (Dostępne profile: Regul)
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski
Internet Explorer Wersja 8 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) D:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) D:\PROGRA~1\MICROS~1\rapimgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Documents and Settings\All Users\Dane aplikacji\PLAY ONLINE\OnlineUpdate\ouc.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Rejestr (filtrowane) ===========================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [NvCplDaemon] = & gt; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [HControlUser] = & gt; C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM\...\Run: [ATKMEDIA] = & gt; C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM\...\Run: [ATKHOTKEY] = & gt; C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174648 2009-03-20] (ASUS)
HKLM\...\Run: [iTunesHelper] = & gt; D:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-06] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [nltide_2] = & gt; regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [nltide_3] = & gt; rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-20\...\RunOnce: [nltide_2] = & gt; regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_3] = & gt; rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\Run: [H/PC Connection Agent] = & gt; D:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\Run: [DAEMON Tools Lite] = & gt; C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\MountPoints2: {70d68a64-4cdf-11e2-9499-0025d38283d1} - F:\autorun.exe
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\MountPoints2: {713beb02-2f69-11e4-99f8-0025d38283d1} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\MountPoints2: {92191901-5067-11e3-997a-0025d38283d1} - G:\LGAutoRun.exe
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\MountPoints2: {b5f6d9e0-3824-11e5-9b45-0025d38283d1} - G:\LGAutoRun.exe
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\...\MountPoints2: {e1adf679-0243-11e2-93de-0025d38283d1} - F:\setup_stronghold_crusader_extreme_hd_2.0.0.6.exe
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\Control Panel\Desktop\\SCRNSAVE.EXE - & gt; C:\WINDOWS\system32\logon.scr [1634304 2008-05-30] ()
HKU\S-1-5-18\...\RunOnce: [nltide_2] = & gt; regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [nltide_3] = & gt; rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE - & gt; C:\WINDOWS\system32\logon.scr [1634304 2008-05-30] ()
ShellIconOverlayIdentifiers: [DropboxExt1] - & gt; {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Documents and Settings\Regul\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] - & gt; {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Documents and Settings\Regul\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] - & gt; {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Documents and Settings\Regul\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] - & gt; {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = & gt; C:\Documents and Settings\Regul\Dane aplikacji\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: Kod HTML wykryty w pliku Hosts. Sprawdź sekcję Hosts w Addition.txt & lt; ==== UWAGA
Tcpip\..\Interfaces\{3CF0B6A2-8CA1-4280-A98E-1BD7D841C974}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{9712F58F-EAFC-46A7-8913-319CF9AD6284}: [NameServer] 85.0.0.0,192.168.0.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=180 & d=20140620
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-602162358-1085031214-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=180 & d=20140620
URLSearchHook: [S-1-5-21-602162358-1085031214-1801674531-1004] UWAGA = & gt; Brak domyślnego URLSearchHook
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: " www.google.com " & lt; ======= UWAGA
SearchScopes: HKLM - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-602162358-1085031214-1801674531-1004 - & gt; DefaultScope {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb & q={searchTerms}
SearchScopes: HKU\S-1-5-21-602162358-1085031214-1801674531-1004 - & gt; {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb & q={searchTerms}
BHO: Adobe PDF Link Helper - & gt; {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - & gt; C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - & gt; {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - & gt; C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-18] (Oracle Corporation)
BHO: Skype Browser Helper - & gt; {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - & gt; C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-18] (Oracle Corporation)
BHO: IplexToALLPlayer - & gt; {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - & gt; C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Regul\Dane aplikacji\Mozilla\Firefox\Profiles\9ggagn13.default-1449257682265
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @Apple.com/iTunes,version=1.0 - & gt; D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @idsoftware.com/QuakeLive - & gt; C:\Documents and Settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll [2012-02-14] (id Software Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - & gt; C:\WINDOWS\system32\npDeployJava1.dll [2012-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - & gt; C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - & gt; C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - & gt; C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - & gt; C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: Adobe Reader - & gt; C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-602162358-1085031214-1801674531-1004: @Skype Limited.com/Facebook Video Calling Plugin - & gt; C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-02] [Brak podpisu cyfrowego]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]
Chrome:
=======
CHR HomePage: Default - & gt; hxxp://www.gazeta.pl/0,0.html?p=180 & d=20140620
CHR StartupUrls: Default - & gt; " hxxp://www.gazeta.pl/0,0.html?p=180 & d=20140620 "
CHR Profile: C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-13]
==================== Usługi (filtrowane) ========================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [3082640 2012-09-19] (Emsisoft GmbH)
S4 ACS; C:\WINDOWS\system32\acs.exe [499796 2010-05-21] (Atheros) [Brak podpisu cyfrowego]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] () [Brak podpisu cyfrowego]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [47616 2008-05-30] (Microsoft Corporation) [Brak podpisu cyfrowego]
S4 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1682768 2014-05-13] (LogMeIn Inc.)
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-10-18] (Oracle Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-04-15] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [53248 2008-05-30] (Microsoft Corporation) [Brak podpisu cyfrowego]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [20480 2008-05-30] (Microsoft Corporation) [Brak podpisu cyfrowego]
R2 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [168004 2009-04-15] (NVIDIA Corporation) [Brak podpisu cyfrowego]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [Brak podpisu cyfrowego]
S2 PLAY ONLINE. RunOuc; C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [246112 2014-04-17] ()
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2012-11-20] ()
S4 Skype C2C Service; C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1740600 2013-08-29] (TuneUp Software)
===================== Sterowniki (filtrowane) ==========================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [54072 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [17904 2011-05-19] (Emsi Software GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [37856 2012-04-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [11776 2010-05-05] (Emsi Software GmbH)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1503840 2009-02-13] (Atheros Communications, Inc.)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-23] (DT Soft Ltd)
S3 ggsemc; C:\WINDOWS\System32\DRIVERS\ggsemc.sys [8704 2006-03-01] (Sony Ericsson Mobile Communications) [Brak podpisu cyfrowego]
R3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [95616 2014-04-17] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [67584 2014-04-17] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27520 2014-04-17] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\WINDOWS\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5760 2007-08-24] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] ()
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2010-05-21] (Atheros Communications, Inc.) [Brak podpisu cyfrowego]
S3 cpuz130; \??\C:\DOCUME~1\Regul\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [245376 2014-04-17] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2014-04-17] (Huawei Technologies Co., Ltd.)
S4 IntelIde; Brak ImagePath
U1 WS2IFSL; Brak ImagePath
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc - utworzone pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2015-12-11 20:24 - 2015-12-11 20:26 - 00000000 ____D C:\AdwCleaner
2015-12-11 17:55 - 2015-12-11 17:55 - 00000000 ____D C:\Avenger
2015-12-11 16:12 - 2015-12-11 20:31 - 00019725 _____ C:\Documents and Settings\Regul\Pulpit\FRST.txt
2015-12-11 16:12 - 2015-12-11 20:31 - 00000000 ____D C:\FRST
2015-12-11 16:11 - 2015-12-11 16:15 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-11 16:10 - 2015-12-11 16:10 - 00000777 _____ C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
2015-12-11 16:10 - 2015-12-11 16:10 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-11 16:10 - 2015-12-11 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware
2015-12-11 16:10 - 2015-12-11 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2015-12-11 16:10 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-11 16:10 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-11 16:09 - 2015-12-11 16:09 - 01720320 _____ (Farbar) C:\Documents and Settings\Regul\Pulpit\FRST.exe
2015-12-11 16:07 - 2015-12-11 16:08 - 24345872 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Regul\Pulpit\mbam-setup-2.1.8.1057 (1).exe
2015-12-11 15:57 - 2015-12-11 15:57 - 00100256 _____ C:\Documents and Settings\Regul\Pulpit\OTL.Txt
2015-12-11 15:57 - 2015-12-11 15:57 - 00060042 _____ C:\Documents and Settings\Regul\Pulpit\Extras.Txt
2015-12-11 15:49 - 2015-12-11 15:49 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Regul\Pulpit\OTL (2).exe
2015-12-11 12:10 - 2015-12-11 12:10 - 00090112 _____ C:\WINDOWS\Minidump\Mini121115-01.dmp
2015-12-04 20:34 - 2015-12-04 20:34 - 00000000 ____D C:\Documents and Settings\Regul\Pulpit\Stare dane programu Firefox
2015-11-21 08:41 - 2015-11-21 08:41 - 00690329 ____N C:\Documents and Settings\Regul\Pulpit\zARZADZENIE REKTOR - CENNIK DOM STUDENTA 17.09.2014 Z-42-2014_17-09-2014_08-03-05.pdf
2015-11-21 08:36 - 2015-11-21 08:36 - 00023759 ____N C:\Documents and Settings\Regul\Pulpit\Rozklad zajec I rok TiR I stopnia zaoczny, sem.1, sesja 14….pdf
2015-11-21 08:35 - 2015-11-21 08:35 - 00022614 ____N C:\Documents and Settings\Regul\Pulpit\Rozklad zajec dla I TiR II stopnia.pdf
2015-11-21 08:29 - 2015-11-21 08:29 - 01255609 ____N C:\Documents and Settings\Regul\Pulpit\TiR I st. niestacjonarne I ROK, cykl 2015-18 .pdf
2015-11-21 08:21 - 2015-11-21 08:21 - 00041240 _____ C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2015-12-11 20:31 - 2012-09-13 17:46 - 00000000 ____D C:\Documents and Settings\Regul\Ustawienia lokalne\Temp
2015-12-11 20:28 - 2015-02-05 16:48 - 00000454 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1423151303.job
2015-12-11 20:28 - 2014-04-01 18:35 - 00000222 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
2015-12-11 20:28 - 2013-02-13 10:52 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 20:28 - 2012-11-07 19:21 - 00000429 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-12-11 20:27 - 2012-09-13 17:46 - 00000188 ___SH C:\Documents and Settings\Regul\ntuser.ini
2015-12-11 20:27 - 2012-09-13 17:43 - 00032344 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-11 20:27 - 2012-09-13 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-11 20:27 - 2009-04-15 20:42 - 00229139 _____ C:\WINDOWS\system32\NvApps.xml
2015-12-11 20:26 - 2012-09-13 19:26 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji
2015-12-11 20:17 - 2012-09-23 19:31 - 00000000 ____D C:\WINDOWS\pss
2015-12-11 20:17 - 2012-09-13 17:46 - 00000000 ___RD C:\Documents and Settings\Regul\Menu Start\Programy
2015-12-11 20:16 - 2012-09-17 19:21 - 00000000 ____D C:\Documents and Settings\Regul\Moje dokumenty\Pobieranie
2015-12-11 18:43 - 2012-09-17 19:22 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-11 18:42 - 2013-02-13 10:52 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 18:01 - 2012-09-13 17:46 - 00000000 ___HD C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji
2015-12-11 18:00 - 2012-09-13 19:27 - 01294702 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-11 18:00 - 2012-09-13 17:46 - 00000000 __RHD C:\Documents and Settings\Regul\Dane aplikacji
2015-12-11 18:00 - 2001-10-26 18:15 - 00569730 _____ C:\WINDOWS\system32\perfh015.dat
2015-12-11 18:00 - 2001-10-26 18:15 - 00111914 _____ C:\WINDOWS\system32\perfc015.dat
2015-12-11 17:56 - 2015-02-08 02:56 - 00000266 __RSH C:\Documents and Settings\All Users\ntuser.pol
2015-12-11 17:56 - 2014-01-27 23:48 - 00001002 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-602162358-1085031214-1801674531-1004UA.job
2015-12-11 17:56 - 2012-09-13 19:26 - 00000000 ____D C:\Documents and Settings\All Users
2015-12-11 17:55 - 2012-11-27 16:55 - 00000000 ____D C:\WINDOWS\SHELLNEW
2015-12-11 17:55 - 2012-09-27 07:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974392$
2015-12-11 17:55 - 2012-09-13 19:20 - 00000000 ____D C:\WINDOWS
2015-12-11 17:55 - 2012-09-13 17:46 - 00000000 ___RD C:\Documents and Settings\Regul\Moje dokumenty
2015-12-11 16:46 - 2012-09-13 19:27 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy
2015-12-11 16:46 - 2012-09-13 17:46 - 00000000 ___RD C:\Documents and Settings\Regul\Menu Start\Programy\Autostart
2015-12-11 16:46 - 2012-09-13 17:46 - 00000000 ___HD C:\Documents and Settings\Regul\Szablony
2015-12-11 16:46 - 2012-09-13 17:46 - 00000000 ____D C:\Documents and Settings\Regul\Pulpit
2015-12-11 16:31 - 2015-04-26 20:23 - 00000000 ____D C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
2015-12-11 16:10 - 2012-09-13 19:27 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit
2015-12-11 16:08 - 2001-07-22 00:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-11 16:06 - 2012-09-13 17:57 - 00000000 ____D C:\Documents and Settings\Regul\Moje dokumenty\Pobrane
2015-12-11 16:05 - 2012-09-13 17:35 - 00000007 ___SH C:\AUTOEXEC.BAT
2015-12-11 12:58 - 2012-09-23 20:15 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-12-11 12:46 - 2013-02-13 10:53 - 00001819 _____ C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
2015-12-11 12:10 - 2012-11-07 14:01 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-10 23:53 - 2014-01-27 23:48 - 00000980 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-602162358-1085031214-1801674531-1004Core.job
2015-12-10 19:58 - 2015-02-05 16:47 - 00000000 ____D C:\Program Files\Opera
2015-12-10 14:39 - 2015-07-18 19:13 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-12-08 15:00 - 2014-04-01 18:35 - 00000216 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job
2015-11-15 12:34 - 2012-10-08 11:12 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
==================== Pliki w katalogu głównym wybranych folderów =======
2012-10-21 17:03 - 2012-10-21 17:03 - 0002528 _____ () C:\Documents and Settings\Regul\Dane aplikacji\$_hpcst$.hpc
2012-11-20 22:32 - 2012-11-20 22:32 - 0139152 _____ () C:\Documents and Settings\Regul\Dane aplikacji\PnkBstrK.sys
2015-11-21 08:21 - 2015-11-21 08:21 - 0041240 _____ () C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
2013-01-29 23:20 - 2013-01-29 23:33 - 0000664 _____ () C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\d3d9caps.tmp
2012-09-13 17:57 - 2012-11-14 19:42 - 0003584 _____ () C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-13 17:48 - 2012-09-13 17:48 - 0000130 _____ () C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2015-04-26 20:23 - 2015-04-26 20:23 - 0000051 _____ () C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\Kosong.Bron.Tok.txt
2015-04-27 16:04 - 2015-04-27 16:04 - 0031213 _____ () C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\ListHost12.txt
2015-11-01 17:20 - 2015-11-01 17:20 - 0000939 _____ () C:\Documents and Settings\Regul\Ustawienia lokalne\Dane aplikacji\recently-used.xbel
Niektóre pliki w TEMP:
====================
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\AIRRuntimeInstaller.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\AutoRun.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\AutoRunGUI.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\CmdLineExt.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\CmdLineExtInstallerExe.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\CMInstaller.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\drm_dialogs.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\drm_dyndata_7350007.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\drm_dyndata_7370012.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxtmr0v.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\EAInstall.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\eauninstall.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\First15.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\impadd.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\mpegc.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\setup.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\sqlite3.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\The Sims 2 Nightlife_uninst.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\UNINSTALL.EXE
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\utt3.tmp.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\VP6Install.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\VP6VFW.dll
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\{121003BB-453F-4233-9B89-D4F1C67DD4AC}-44.0.2403.130_chrome_installer.exe
C:\Documents and Settings\Regul\Ustawienia lokalne\Temp\{F75E3063-1A00-4F94-9261-95AD7D85F27A}-44.0.2403.89_chrome_installer.exe
==================== Bamital & volsnap =================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
C:\WINDOWS\explorer.exe
[2008-05-30 15:17] - [2008-05-30 15:17] - 1662464 ____A (Microsoft Corporation) 4CA87DDCE9BB3F9222BBD9CCE9EB20EC
C:\WINDOWS\system32\winlogon.exe
[2008-05-30 14:27] - [2008-05-30 14:27] - 0549888 ____A (Microsoft Corporation) 335813EACD16E84F3047A3326F6E5473
C:\WINDOWS\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\User32.dll
[2008-05-17 13:07] - [2008-05-17 13:07] - 0643072 ____A (Microsoft Corporation) 9526A0E8C46C3DC0C3FAB0164D7546CC
C:\WINDOWS\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\WINDOWS\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo
==================== Koniec FRST.txt ============================