FRST.txt

FRST Logi do sprawdzenia (ESET nie daje rady)

Witam, Mam prośbę, żeby fachowym okiem spojrzeć na logi FRST. ESET online wykrywa jakieś dwa trojany, usuwa je ale przy kolejnym skanowaniu są ponownie.


Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:05-03-2016 01
Uruchomiony przez Jarek (administrator) JAREK-KOMPUTER (17-03-2016 20:22:14)
Uruchomiony z C:\Users\Jarek\Desktop
Załadowane profile: Jarek (Dostępne profile: Jarek)
Platform: Microsoft Windows 7 Ultimate (X86) Język: Polski (Polska)
Internet Explorer Wersja 8 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\stacsv.exe
() C:\CoreTemp 1.0 RC6 Portable\x86\Core Temp.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe
() C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
() C:\Program Files\Microtek\ScanWizard EZ\ScannerFinder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATINFE.EXE
(Avanquest Software ) C:\Program Files\CONEXANT\DLD\DLG.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [FLxHCIm] = & gt; C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe [51832 2015-09-11] (Windows (R) Win 7 DDK provider)
HKLM\...\Run: [systray] = & gt; C:\Program Files\Dell\Dell Mobile Broadband\systray.exe [331851 2009-03-19] ()
HKLM\...\Run: [SigmatelSysTrayApp] = & gt; C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [EZScannerFinder] = & gt; C:\Program Files\Microtek\ScanWizard EZ\ScannerFinder.exe [364544 2014-05-20] ()
HKLM\...\Run: [EEventManager] = & gt; C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2572823465-1193686637-1031369565-1000\...\Run: [DAEMON Tools Lite] = & gt; C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-2572823465-1193686637-1031369565-1000\...\Run: [EPLTarget\P0000000000000000] = & gt; C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATINFE.EXE [262208 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2572823465-1193686637-1031369565-1000\...\Run: [EPLTarget\P0000000000000001] = & gt; C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATINFE.EXE [262208 2013-12-16] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2016-02-04]
ShortcutTarget: Digital Line Detect.lnk - & gt; C:\Program Files\CONEXANT\DLD\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk [2016-02-19]
ShortcutTarget: Microtek Scanner Finder.lnk - & gt; C:\Program Files\Microtek\ScanWizard EZ\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2016-02-04]
ShortcutTarget: QuickSet.lnk - & gt; C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
Tcpip\..\Interfaces\{B39C4670-45D9-4407-83FB-34913CA6D38B}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fr.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & pver=6 & ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\S-1-5-21-2572823465-1193686637-1031369565-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fr.msn.com/
HKU\S-1-5-21-2572823465-1193686637-1031369565-1000\Software\Microsoft\Internet Explorer\Main,Default_search_url = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\S-1-5-21-2572823465-1193686637-1031369565-1000\Software\Microsoft\Internet Explorer\Main,Default_page_url = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & pver=6 & ar=msnhome
SearchScopes: HKU\.DEFAULT - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - & gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: E-Web Print - & gt; {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - & gt; C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Easy Photo Print - & gt; {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - & gt; C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)

FireFox:
========
FF ProfilePath: C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\ku4vtzrj.default
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin: Adobe Reader - & gt; C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Google Translator for Firefox - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\ku4vtzrj.default\extensions\translator@zoli.bod.xpi [2016-02-04]
FF Extension: YouTube(TM) Flash(R) Player - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\ku4vtzrj.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-02-04]
FF Extension: Flash Control - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\ku4vtzrj.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2016-02-14]
FF Extension: Adblock Plus - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\ku4vtzrj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-09] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2016-03-07] [Brak podpisu cyfrowego]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 nicconfigsvc; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [390424 2008-02-22] (Dell Inc.)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [Brak podpisu cyfrowego]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\STacSV.exe [102400 2008-02-15] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2016-02-04] (Disc Soft Ltd)
R3 eapihdrv; C:\Users\Jarek\AppData\Local\Temp\ehdrv.sys [135760 2016-03-17] (ESET)
R3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [209016 2015-09-11] (Fresco Logic)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [62072 2015-09-11] (Fresco Logic)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NWDellModem; C:\Windows\System32\DRIVERS\nwdelmdm.sys [92288 2016-02-03] (Novatel Wireless Inc.)
R3 NWDellPort; C:\Windows\System32\DRIVERS\nwdelser.sys [92288 2016-02-03] (Novatel Wireless Inc.)
R3 NWDellPort2; C:\Windows\System32\DRIVERS\nwdelser2.sys [92288 2016-02-03] (Novatel Wireless Inc.)
S3 TrdCap; C:\Windows\System32\DRIVERS\TrdCap.sys [1554472 2016-02-03] (Trident Microsystems, Inc.)
R3 ALSysIO; \??\C:\Users\Jarek\AppData\Local\Temp\ALSysIO.sys [X]
S2 ASPI32; Brak ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-03-17 20:22 - 2016-03-17 20:22 - 00010361 _____ C:\Users\Jarek\Desktop\FRST.txt
2016-03-17 20:22 - 2016-03-17 20:22 - 00000000 ____D C:\FRST
2016-03-17 20:21 - 2016-03-17 20:21 - 01725440 _____ (Farbar) C:\Users\Jarek\Desktop\FRST.exe
2016-03-17 20:16 - 2016-03-17 19:02 - 02870984 _____ (ESET) C:\Users\Jarek\Desktop\esetsmartinstaller_plk.exe
2016-03-17 19:41 - 2016-03-17 19:43 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-17 19:41 - 2016-03-17 19:41 - 00001024 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-17 19:41 - 2016-03-17 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-17 19:41 - 2016-03-17 19:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-17 19:41 - 2016-03-17 19:41 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-17 19:41 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-17 19:41 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-17 19:41 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-17 19:02 - 2016-03-17 19:02 - 00000000 ____D C:\Program Files\ESET
2016-03-17 18:44 - 2016-03-17 18:44 - 00031832 _____ (Phoenix Technologies) C:\Windows\system32\Drivers\DrvAgent32.sys
2016-03-17 18:44 - 2016-03-17 18:44 - 00000000 ____D C:\Users\Jarek\AppData\Local\eSupport.com
2016-03-17 18:44 - 2016-03-17 18:44 - 00000000 ____D C:\Program Files\eSupport.com
2016-03-17 18:19 - 2016-03-17 18:19 - 00000000 ____D C:\Users\Jarek\AppData\Roaming\CSR
2016-03-17 18:19 - 2016-03-17 18:19 - 00000000 ____D C:\Program Files\CSR
2016-03-17 17:17 - 2016-03-17 17:17 - 00000000 ____D C:\Windows\system32\appmgmt
2016-03-17 16:20 - 2016-03-17 16:20 - 00000000 ____D C:\Users\Jarek\Documents\Bluetooth
2016-03-17 16:00 - 2016-03-17 17:24 - 00000000 ____D C:\Users\Jarek\AppData\Local\bluesoleil
2016-03-17 15:58 - 2016-03-17 18:26 - 00000000 ____D C:\Program Files\PC Connectivity Solution
2016-03-17 15:58 - 2016-03-17 18:25 - 00000000 ____D C:\ProgramData\Installations
2016-03-17 15:58 - 2016-03-17 18:25 - 00000000 ____D C:\Program Files\Nokia
2016-03-17 15:58 - 2016-03-17 17:26 - 00000000 ____D C:\Program Files\IVT Corporation
2016-03-17 15:58 - 2008-08-26 10:26 - 00018816 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfd.sys
2016-03-17 15:58 - 2008-05-07 07:38 - 00090624 _____ (Nokia) C:\Windows\system32\nmwcdcls.dll
2016-03-17 14:53 - 2016-03-17 14:53 - 00000000 ____D C:\Users\Jarek\AppData\Local\ElevatedDiagnostics
2016-03-16 15:14 - 2016-03-17 18:26 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-03-12 11:17 - 2011-04-09 07:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-12 11:17 - 2011-04-09 07:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-12 11:17 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-03-09 14:44 - 2016-03-09 14:44 - 00031482 _____ C:\Users\Jarek\Documents\cc_20160309_144403.reg
2016-03-09 14:14 - 2016-03-09 14:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-08 21:14 - 2010-12-18 06:29 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-07 21:52 - 2016-03-07 21:52 - 00002077 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2016-03-07 21:52 - 2016-03-07 21:52 - 00000000 ____D C:\ProgramData\Sony Corporation
2016-03-07 21:38 - 2016-03-17 19:38 - 00000917 _____ C:\Windows\Tasks\EPSON XP-225 Series Update {1D54E94D-7209-490C-A5EE-3220EB6EA280}.job
2016-03-07 21:37 - 2016-03-07 21:37 - 00000000 ____D C:\Program Files\EpsonNet
2016-03-07 13:35 - 2016-03-07 17:45 - 00000000 ____D C:\Users\Jarek\AppData\Roaming\EPSON
2016-03-07 13:25 - 2016-03-07 21:52 - 00000000 ____D C:\ProgramData\UDL
2016-03-07 13:22 - 2016-03-07 13:22 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-03-07 13:08 - 2016-03-17 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-03-07 13:08 - 2016-03-17 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-03-07 13:08 - 2016-03-08 13:14 - 00001300 _____ C:\Users\Public\Desktop\EPSON Manuals.lnk
2016-03-07 13:08 - 2016-03-07 21:54 - 00000000 ____D C:\Program Files\EPSON Software
2016-03-07 13:08 - 2016-03-07 21:53 - 00000000 ____D C:\Program Files\epson
2016-03-07 13:08 - 2016-03-07 21:36 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-03-07 13:08 - 2014-02-25 00:00 - 00342528 _____ (Seiko Epson Corporation) C:\Windows\system32\esw2ud.dll
2016-03-07 13:08 - 2012-05-17 00:00 - 00126128 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc.exe
2016-03-07 13:07 - 2013-12-05 20:05 - 00142848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TLMBNFE.DLL
2016-03-07 13:07 - 2011-03-14 19:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BNFE.DLL
2016-03-07 13:07 - 2007-04-09 17:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2016-03-07 13:06 - 2016-03-07 21:36 - 00000000 ____D C:\ProgramData\Epson
2016-02-28 10:55 - 2016-02-28 10:55 - 00001865 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-02-28 10:55 - 2016-02-28 10:55 - 00001809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-02-28 10:55 - 2016-02-28 10:55 - 00000000 ____D C:\Users\Jarek\AppData\Roaming\Canneverbe Limited
2016-02-28 10:55 - 2016-02-28 10:55 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2016-02-28 10:55 - 2016-02-28 10:55 - 00000000 ____D C:\Program Files\CDBurnerXP
2016-02-19 16:45 - 2016-02-19 16:45 - 00002017 _____ C:\Users\Public\Desktop\ScanWizard EZ.lnk
2016-02-19 16:45 - 2016-02-19 16:45 - 00001984 _____ C:\Users\Public\Desktop\EZ Images.lnk
2016-02-19 16:45 - 2016-02-19 16:45 - 00001948 _____ C:\Users\Public\Desktop\Microtek Scanner Configuration.lnk
2016-02-19 16:45 - 2016-02-19 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microtek ScanWizard EZ for Windows
2016-02-19 16:44 - 2016-02-19 16:44 - 00000000 ____D C:\Windows\PIXTRAN
2016-02-19 16:44 - 2016-02-19 16:44 - 00000000 ____D C:\Program Files\Microtek
2016-02-19 16:44 - 2016-02-19 16:44 - 00000000 ____D C:\Kpcms
2016-02-19 16:44 - 2011-04-15 16:33 - 00045056 _____ (Microtek International Inc.) C:\Windows\system32\MSMUSD13.dll
2016-02-19 16:44 - 2011-03-02 13:28 - 00073728 _____ (Microtek International Inc.) C:\Windows\system32\MSMUSD11.dll
2016-02-19 16:44 - 2005-08-03 19:51 - 00074000 _____ (Pixel Translations Incorporated) C:\Windows\system32\Pixlocn.dll
2016-02-19 16:44 - 2005-08-03 19:51 - 00053520 _____ (Pixel Translations Incorporated) C:\Windows\system32\Pixpermn.dll
2016-02-19 16:44 - 2003-07-17 16:12 - 00012499 _____ (Microtek International Inc.) C:\Windows\system32\MSMUSD7.DLL
2016-02-19 16:44 - 2003-06-11 12:03 - 00015396 _____ (Microtek International Inc.) C:\Windows\system32\MSMUSD5.DLL
2016-02-19 16:44 - 2002-06-21 13:59 - 00016384 _____ C:\Windows\system32\HuffmanW.dat
2016-02-19 16:44 - 2002-06-21 13:59 - 00016384 _____ C:\Windows\system32\HuffmanB.dat
2016-02-19 16:44 - 2002-06-21 13:59 - 00000512 _____ C:\Windows\system32\HuffmanG.dat
2016-02-19 16:44 - 2001-06-20 15:44 - 00013962 _____ ( Microtek International Inc.) C:\Windows\system32\MSMUSD6.DLL
2016-02-19 16:44 - 2000-11-20 16:21 - 00223504 _____ (Pixel Translations Incorporated) C:\Windows\system32\pixdflt.dll
2016-02-19 16:44 - 1998-09-14 08:41 - 00285216 _____ C:\Windows\system32\Drivers\ONSIO.SYS
2016-02-19 16:44 - 1998-08-01 12:00 - 00060928 _____ (OnSpec Electronic, Inc.) C:\Windows\system32\Drivers\SMPLSCSI.SYS
2016-02-19 16:44 - 1997-02-14 13:10 - 00007680 _____ C:\Windows\system32\Drivers\ONSREGED.SYS
2016-02-18 15:09 - 2016-03-17 17:35 - 00000000 ____D C:\AdwCleaner
2016-02-18 12:38 - 2016-03-09 15:08 - 02890937 _____ C:\UsbFix_Upload_Me_JAREK-KOMPUTER.zip
2016-02-18 12:34 - 2016-03-09 15:08 - 00008385 _____ C:\UsbFix.txt
2016-02-18 12:34 - 2016-03-09 15:08 - 00000000 ____D C:\UsbFix
2016-02-17 11:59 - 2016-02-17 11:59 - 00000000 ____D C:\Users\Jarek\AppData\Local\PDFCreator
2016-02-17 11:58 - 2016-02-17 11:59 - 00000000 ____D C:\Program Files\PDFCreator
2016-02-17 11:58 - 2016-02-17 11:58 - 00101256 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2016-02-17 11:58 - 2016-02-17 11:58 - 00000993 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-02-17 11:58 - 2016-02-17 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2016-02-17 11:48 - 2009-11-25 20:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2016-02-17 11:48 - 2009-11-25 20:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2016-02-17 11:48 - 2009-11-25 20:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2016-02-17 11:48 - 2009-11-25 20:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2016-02-17 11:48 - 2009-11-25 20:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2016-02-17 11:27 - 2016-02-17 11:27 - 00000000 ____D C:\Temp
2016-02-17 11:27 - 2016-02-17 11:27 - 00000000 ____D C:\PDFcreator
2016-02-17 11:23 - 2016-02-17 11:23 - 00000000 ____D C:\Users\Jarek\AppData\LocalLow\Temp
2016-02-17 10:55 - 2016-02-17 10:55 - 00707672 _____ C:\Users\Jarek\AppData\Local\unins000.exe
2016-02-17 10:55 - 2016-02-17 10:55 - 00011761 _____ C:\Users\Jarek\AppData\Local\unins000.msg
2016-02-17 10:55 - 2016-02-17 10:55 - 00003264 _____ C:\Users\Jarek\AppData\Local\unins000.dat
2016-02-16 10:03 - 2016-02-24 11:49 - 00000000 ____D C:\PIT Format 2015
2016-02-16 10:03 - 2016-02-16 10:03 - 00000690 _____ C:\Users\Public\Desktop\PIT Format 2015.lnk
2016-02-16 10:03 - 2016-02-16 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIT Format 2015

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-03-17 19:52 - 2016-02-04 01:42 - 01549696 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-17 19:52 - 2009-07-14 09:07 - 00697912 _____ C:\Windows\system32\perfh015.dat
2016-03-17 19:52 - 2009-07-14 09:07 - 00134990 _____ C:\Windows\system32\perfc015.dat
2016-03-17 19:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-03-17 19:37 - 2016-02-04 14:08 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-17 18:33 - 2009-07-14 05:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-17 18:33 - 2009-07-14 05:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-17 18:26 - 2016-02-04 01:32 - 00000000 ____D C:\Users\Jarek
2016-03-17 18:26 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-17 18:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\servicing
2016-03-17 18:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\security
2016-03-17 18:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2016-03-17 18:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2016-03-17 15:17 - 2009-07-14 05:33 - 00292808 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-16 18:34 - 2016-02-04 01:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-13 15:04 - 2016-02-04 11:47 - 00219696 _____ C:\AutoMapaSetupLog.txt
2016-03-12 11:38 - 2016-02-04 14:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-12 11:38 - 2016-02-04 14:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-10 12:36 - 2009-07-14 05:53 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-09 21:30 - 2016-02-04 15:24 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 21:28 - 2016-02-04 15:24 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 20:50 - 2016-02-04 11:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 14:30 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-08 09:51 - 2016-02-04 01:45 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-02-19 16:48 - 2016-02-04 01:32 - 00000000 ____D C:\Users\Jarek\AppData\Local\VirtualStore
2016-02-19 16:44 - 2016-02-04 01:45 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-02-17 11:33 - 2016-02-04 12:08 - 00000000 ____D C:\Users\Jarek\AppData\Temp

==================== Pliki w katalogu głównym wybranych folderów =======

2015-12-16 20:26 - 2016-02-04 11:48 - 0051448 _____ () C:\Program Files\AutoMapa EU.md5
2016-02-17 10:55 - 2016-02-17 10:55 - 0003264 _____ () C:\Users\Jarek\AppData\Local\unins000.dat
2016-02-17 10:55 - 2016-02-17 10:55 - 0707672 _____ () C:\Users\Jarek\AppData\Local\unins000.exe
2016-02-17 10:55 - 2016-02-17 10:55 - 0011761 _____ () C:\Users\Jarek\AppData\Local\unins000.msg

==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo


LastRegBack: 2016-03-17 16:45

==================== Koniec FRST.txt ============================


Pobierz plik - link do postu