Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:31-10-2015 Uruchomiony przez s (administrator) SLAWO (02-11-2015 12:00:45) Uruchomiony z C:\Users\s\Downloads Załadowane profile: s (Dostępne profile: s) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Safe Mode (with Networking) Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor) HKLM\...\Run: [GUCI_AVS] => C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [323584 2007-12-10] (PixArt Imaging Incorporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation) HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION) HKLM\...\Run: [PACTray] => C:\Windows\PixArt\PAP7501\PACTray.exe [319488 2008-11-14] (PixArt Imaging Incorporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.) HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2140789162-690675889-3413911276-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2140789162-690675889-3413911276-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2140789162-690675889-3413911276-1000\...\Run: [PCSpeedUp] => C:\Program Files\Przyspiesz Komputer\PCSpeedUp.lnk [2062 2011-08-29] () HKU\S-1-5-21-2140789162-690675889-3413911276-1000\...\Run: [WindowsWelcomeCenter] => ; rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2140789162-690675889-3413911276-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2140789162-690675889-3413911276-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-2140789162-690675889-3413911276-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2140789162-690675889-3413911276-1000\...\InprocServer32: [Default-pngfilt] <==== UWAGA ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-04-23] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-04-23] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{080126E1-B195-42CE-8DE9-24411136B78A}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-2140789162-690675889-3413911276-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2140789162-690675889-3413911276-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2140789162-690675889-3413911276-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140903 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2B808C2D-1239-43C4-AC9C-E069B69727D5} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} SearchScopes: HKU\S-1-5-21-2140789162-690675889-3413911276-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2140789162-690675889-3413911276-1000 -> {0B5B58FD-4CA4-49EE-ACF2-5080B101D65C} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2140789162-690675889-3413911276-1000 -> {374C5781-3FB2-4606-AB59-7FFDA8EF6B3A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=1A133D6D-D6D3-4535-A6E2-C31689459488&apn_sauid=28C5B756-A4D4-4F6A-BE37-F391EF6A6EA4 SearchScopes: HKU\S-1-5-21-2140789162-690675889-3413911276-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = SearchScopes: HKU\S-1-5-21-2140789162-690675889-3413911276-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation) BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll [2013-11-01] (ALLCinema Ltd.) Toolbar: HKU\S-1-5-21-2140789162-690675889-3413911276-1000 -> Brak nazwy - {32099AAC-C132-4136-9E9A-4E364A424E17} - Brak pliku DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Brak pliku FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-27] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-27] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2140789162-690675889-3413911276-1000: @tools.google.com/Google Update;version=3 -> C:\Users\s\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin HKU\S-1-5-21-2140789162-690675889-3413911276-1000: @tools.google.com/Google Update;version=9 -> C:\Users\s\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin HKU\S-1-5-21-2140789162-690675889-3413911276-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\s\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => nie znaleziono Chrome: ======= CHR HomePage: Default -> www.wp.pl/?src01=dp220140903 CHR StartupUrls: Default -> "hxxp://www.wp.pl/?src01=dp220140903" CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27] CHR HKLM\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files\StartSearch plugin\startsplg.crx CHR HKLM\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files\StartSearch plugin\vshareplg.crx CHR HKU\S-1-5-21-2140789162-690675889-3413911276-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\s\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-15] CHR HKU\S-1-5-21-2140789162-690675889-3413911276-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome - C:\Users\s\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [Brak podpisu cyfrowego] S4 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [Brak podpisu cyfrowego] S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [43096 2012-02-11] (Microsoft Corporation) S2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1610168 2012-06-12] (Microsoft Corporation) S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [Brak podpisu cyfrowego] S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [Brak podpisu cyfrowego] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [Brak podpisu cyfrowego] S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [581120 2008-12-23] (PixArt Imaging Incorporation) S3 iscFlash; C:\Users\s\AppData\Local\Temp\iscBE9Etmp\iscflash.sys [11392 2007-12-12] (Insyde Software) [Brak podpisu cyfrowego] S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-27] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [268888 2012-02-11] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-14] (Duplex Secure Ltd.) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) [Brak podpisu cyfrowego] U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-11-02 12:00 - 2015-11-02 12:01 - 00016697 _____ C:\Users\s\Downloads\FRST.txt 2015-11-02 12:00 - 2015-11-02 12:00 - 00000000 ____D C:\FRST 2015-11-02 11:59 - 2015-11-02 11:59 - 01701888 _____ (Farbar) C:\Users\s\Downloads\FRST.exe 2015-11-02 11:57 - 2015-11-02 11:57 - 02198016 _____ (Farbar) C:\Users\s\Downloads\FRST64.exe 2015-11-02 10:48 - 2015-11-02 10:48 - 05061464 _____ (Intel) C:\Users\s\Downloads\Intel Driver Update Utility Installer.exe 2015-11-02 10:38 - 2009-07-08 16:34 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll 2015-11-01 19:01 - 2015-11-01 19:01 - 00000300 _____ C:\Windows\PFRO.log 2015-11-01 18:58 - 2015-11-02 10:49 - 00001511 _____ C:\Windows\WindowsUpdate.log 2015-11-01 18:56 - 2015-11-01 19:00 - 00000000 ____D C:\Users\s\Downloads\System_Repair_Engineer_www.INSTALKI.pl 2015-11-01 18:55 - 2015-11-01 18:55 - 00676536 _____ C:\Users\s\Downloads\System_Repair_Engineer_www.INSTALKI.pl.zip 2015-11-01 18:54 - 2015-11-01 18:54 - 00051232 _____ (gkweb) C:\Users\s\Downloads\Windows_Worms_Doors_Cleaner1.4.1[www.instalki.pl].exe 2015-11-01 18:42 - 2015-11-01 18:42 - 00000102 _____ C:\VundoFix.txt 2015-11-01 18:42 - 2015-11-01 18:42 - 00000000 ____D C:\VundoFix Backups 2015-11-01 18:41 - 2015-11-01 18:41 - 01529241 _____ C:\Users\s\Downloads\SDFix_www.INSTALKI.pl.exe 2015-11-01 18:41 - 2015-11-01 18:41 - 00380416 _____ C:\Users\s\Downloads\odzspnde.exe 2015-11-01 18:41 - 2015-11-01 18:41 - 00119808 _____ (Atribune.org) C:\Users\s\Downloads\VundoFix.exe 2015-11-01 18:41 - 2008-11-06 02:03 - 00000000 ____D C:\SDFix 2015-11-01 18:39 - 2015-11-01 18:39 - 00000000 ____D C:\Users\s\Downloads\backups 2015-11-01 18:38 - 2015-11-01 18:38 - 00004627 _____ C:\Users\s\Downloads\hijackthis.log 2015-11-01 18:37 - 2015-11-01 18:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\s\Downloads\HijackThis.exe 2015-11-01 18:01 - 2015-11-01 18:01 - 00380416 _____ C:\Users\s\Downloads\o3195mw1.exe 2015-11-01 12:25 - 2015-11-01 12:25 - 00000000 __SHD C:\Recovery 2015-11-01 12:25 - 2015-11-01 12:25 - 00000000 _____ C:\Recovery.txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-11-02 11:58 - 2009-02-11 21:34 - 00001356 _____ C:\Users\s\AppData\Local\d3d9caps.dat 2015-11-02 11:50 - 2008-01-21 07:24 - 01903648 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-02 11:50 - 2008-01-21 07:24 - 00814462 _____ C:\Windows\system32\perfh015.dat 2015-11-02 11:50 - 2008-01-21 07:24 - 00191500 _____ C:\Windows\system32\perfc015.dat 2015-11-02 11:43 - 2012-09-14 09:00 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd924ef33f7fde.job 2015-11-02 11:43 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-02 11:43 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-02 11:43 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-02 10:39 - 2008-10-16 16:03 - 00000000 ____D C:\Users\s 2015-11-02 10:32 - 2012-05-04 19:11 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-02 10:21 - 2008-10-16 16:04 - 00114552 _____ C:\Users\s\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-01 19:02 - 2006-11-02 13:47 - 00408200 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-06-17 18:01 - 2014-06-17 18:01 - 6010880 _____ () C:\Program Files\GUT256C.tmp 2009-08-24 14:27 - 2002-03-02 17:30 - 0089078 _____ () C:\Program Files\install.bmp 2009-08-24 14:27 - 2009-08-24 14:27 - 0010073 _____ () C:\Program Files\install.ini 2009-08-25 17:37 - 2009-08-25 17:57 - 0000000 _____ () C:\Program Files\Log.log 2009-08-24 14:26 - 2003-05-12 09:25 - 0573440 _____ () C:\Program Files\PikLib60.dll 2009-08-24 14:26 - 2003-04-02 15:15 - 0047298 _____ () C:\Program Files\quiz.qst 2009-08-24 14:26 - 2003-05-12 09:26 - 0118784 _____ () C:\Program Files\rAfterOutput.dll 2003-05-12 09:28 - 2003-05-12 09:28 - 0049152 _____ (Aidem Media) C:\Program Files\ReksioMat.exe 2009-08-24 14:26 - 2002-03-05 23:58 - 0001022 _____ () C:\Program Files\ReksioMat.ini 2009-08-24 14:26 - 2003-05-12 09:25 - 0114688 _____ () C:\Program Files\rIntro.dll 2009-08-24 14:26 - 2003-05-12 09:26 - 0126976 _____ () C:\Program Files\rKolorowanka.dll 2009-08-24 14:26 - 2003-05-12 09:28 - 0204800 _____ () C:\Program Files\rLab3d.dll 2009-08-24 14:26 - 2003-05-12 09:28 - 0151552 _____ () C:\Program Files\rLabirynt.dll 2009-08-24 14:26 - 2001-12-14 15:43 - 2580766 _____ () C:\Program Files\RM1.WAV 2009-08-24 14:26 - 2002-01-03 22:53 - 5418994 _____ () C:\Program Files\RM2.WAV 2009-08-24 14:26 - 2002-01-04 00:34 - 2759596 _____ () C:\Program Files\RM3.WAV 2009-08-24 14:26 - 2002-01-25 13:21 - 2753790 _____ () C:\Program Files\RM4.WAV 2009-08-24 14:26 - 2001-12-07 22:40 - 4127426 _____ () C:\Program Files\RM5.wav 2009-08-24 14:26 - 2001-12-12 16:29 - 2207788 _____ () C:\Program Files\RM6.WAV 2009-08-24 14:26 - 2003-05-12 09:25 - 0114688 _____ () C:\Program Files\rMainMenu.dll 2009-08-24 14:26 - 2003-05-12 09:27 - 0167936 _____ () C:\Program Files\rMemo.dll 2009-08-24 14:26 - 2003-05-12 09:25 - 0126976 _____ () C:\Program Files\rMenuGame.dll 2009-08-24 14:26 - 2003-05-12 09:25 - 0114688 _____ () C:\Program Files\rMenuTraining.dll 2009-08-24 14:26 - 2003-05-12 09:26 - 0135168 _____ () C:\Program Files\rMiniQuiz.dll 2009-08-24 14:26 - 2003-05-12 09:28 - 0163840 _____ () C:\Program Files\rNauczyciel.dll 2009-08-24 14:26 - 2003-05-12 09:25 - 0114688 _____ () C:\Program Files\rOutro.dll 2009-08-24 14:26 - 2003-05-12 09:25 - 0118784 _____ () C:\Program Files\rPostcards.dll 2009-08-24 14:26 - 2003-05-12 09:26 - 0126976 _____ () C:\Program Files\rPuzzle.dll 2009-08-24 14:26 - 2003-05-12 09:26 - 0139264 _____ () C:\Program Files\rQuiz.dll 2009-08-24 14:26 - 2003-05-12 09:26 - 0122880 _____ () C:\Program Files\rSinglePostcard.dll 2009-08-24 14:26 - 2003-05-12 09:26 - 0122880 _____ () C:\Program Files\rStatistics.dll 2009-08-24 14:26 - 2003-05-12 09:28 - 0139264 _____ () C:\Program Files\rSwietliki.dll 2009-08-24 14:26 - 2003-05-12 09:26 - 0131072 _____ () C:\Program Files\rTabliczka.dll 2009-02-11 21:34 - 2015-11-02 11:58 - 0001356 _____ () C:\Users\s\AppData\Local\d3d9caps.dat 2008-10-16 21:33 - 2015-09-13 12:37 - 0243712 _____ () C:\Users\s\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-02-18 22:08 - 2010-02-18 22:08 - 0003592 _____ () C:\Users\s\AppData\Local\HH.SAV 2012-03-12 19:38 - 2012-03-12 19:38 - 0000600 _____ () C:\Users\s\AppData\Local\PUTTY.RND 2015-02-23 13:44 - 2015-02-23 13:44 - 0003203 _____ () C:\Users\s\AppData\Local\unins000.dat 2015-02-23 13:44 - 2015-02-23 13:44 - 0011761 _____ () C:\Users\s\AppData\Local\unins000.msg 2013-06-27 17:33 - 2013-06-27 17:33 - 0017408 _____ () C:\Users\s\AppData\Local\WebpageIcons.db 2011-05-05 15:23 - 2011-05-05 15:23 - 0000000 _____ () C:\Users\s\AppData\Local\{300D9B12-976C-46F6-BA2C-C773E02EFF77} 2008-11-12 20:40 - 2008-11-12 21:15 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-11-02 12:02 ==================== Koniec FRST.txt ============================