Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:07-11-2015 Uruchomiony przez Betty (administrator) BETTY-XP (09-11-2015 14:06:23) Uruchomiony z C:\Documents and Settings\Betty\Ustawienia lokalne\Temporary Internet Files\Content.IE5\BST0L5CC Załadowane profile: Betty (Dostępne profile: Betty) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe (NVIDIA Corporation) C:\WINDOWS\System32\sstray.exe () C:\Program Files\Winamp\winampa.exe (VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Google Inc.) C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Google Inc.) C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Sun Microsystems, Inc.) C:\Program Files\OpenOfficePL2.2\program\soffice.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Documents and Settings\Betty\Ustawienia lokalne\Temporary Internet Files\Content.IE5\D41FCPZK\e1t1t79o[1].exe (Farbar) C:\Documents and Settings\Betty\Ustawienia lokalne\Temporary Internet Files\Content.IE5\BST0L5CC\FRST[1].exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [nForce Tray Options] => sstray.exe /r HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [33792 2003-12-13] () HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33624064 2009-06-01] (VIA Technologies, Inc.) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [663552 2007-03-23] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2007-01-26] (Brother Industries, Ltd.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKU\S-1-5-21-1801674531-823518204-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.) HKU\S-1-5-21-1801674531-823518204-725345543-1003\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe" HKU\S-1-5-21-1801674531-823518204-725345543-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-26] (Google Inc.) HKU\S-1-5-21-1801674531-823518204-725345543-1003\...\Run: [Asrsetup] => H:\ASRSetup.exe HKU\S-1-5-21-1801674531-823518204-725345543-1003\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG) HKU\S-1-5-21-1801674531-823518204-725345543-1003\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [1379840 2011-08-16] () HKU\S-1-5-21-1801674531-823518204-725345543-1003\...\MountPoints2: {6fdb48b4-bfcb-11df-bb79-00304f1f9839} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe HKU\S-1-5-21-1801674531-823518204-725345543-1003\...\MountPoints2: {d6cd6d62-c940-11df-bb91-00304f1f9839} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe Startup: C:\Documents and Settings\Betty\Menu Start\Programy\Autostart\OpenOfficePL 2.2.lnk [2010-08-15] ShortcutTarget: OpenOfficePL 2.2.lnk -> C:\Program Files\OpenOfficePL2.2\program\quickstart.exe () BootExecute: autocheck autochk * sh4native Sh4Removal ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 213.227.75.1 194.204.159.1 194.204.152.34 Tcpip\..\Interfaces\{322D2EA9-25BA-4071-8B5B-168FD20152E5}: [DhcpNameServer] 213.227.75.1 194.204.159.1 194.204.152.34 Tcpip\..\Interfaces\{8C33EEBD-2D7A-4E30-8924-C7CA2BA9FA43}: [DhcpNameServer] 213.227.75.1 194.204.159.1 194.204.152.34 Tcpip\..\Interfaces\{9D1E04DB-4E41-4172-8B38-9E1E6240D04D}: [DhcpNameServer] 213.227.75.1 194.204.159.1 194.204.152.34 Tcpip\..\Interfaces\{DF258CC7-FD8E-4A1C-BBFB-3E43A138C1B7}: [DhcpNameServer] 213.227.75.1 194.204.159.1 194.204.152.34 Internet Explorer: ================== HKU\S-1-5-21-1801674531-823518204-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.onet.pl/ HKU\S-1-5-21-1801674531-823518204-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1801674531-823518204-725345543-1003\Software\Microsoft\Internet Explorer\Main,Strona wyszukiwania = hxxp://www.msn.com/access/allinone.asp HKU\S-1-5-21-1801674531-823518204-725345543-1003\Software\Microsoft\Internet Explorer\Main,Strona początkowa = hxxp://www.microsoft.com/msoffice/ SearchScopes: HKU\S-1-5-21-1801674531-823518204-725345543-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_plPL394 SearchScopes: HKU\S-1-5-21-1801674531-823518204-725345543-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_plPL394 BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems Incorporated) BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.) Toolbar: HKU\S-1-5-21-1801674531-823518204-725345543-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281768380533 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FireFox: ======== FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-06] () FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-06] () FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-06] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1801674531-823518204-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1801674531-823518204-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-16] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-06] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-06] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-06] [Brak podpisu cyfrowego] Chrome: ======= CHR Profile: C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-07] CHR Extension: (Kaspersky Protection) - C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-11-07] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho StartMenuInternet: chrome.exe - C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe StartMenuInternet: Google Chrome - C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe Opera: ======= OPR StartupUrls: "hxxp://www.onet.pl/" ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [194000 2015-06-29] (Kaspersky Lab ZAO) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [197864 2015-06-29] (Kaspersky Lab UK Ltd) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [153784 2015-06-29] (Kaspersky Lab ZAO) R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [54640 2015-06-29] (Kaspersky Lab ZAO) R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [125656 2015-06-29] (Kaspersky Lab ZAO) R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [43184 2015-06-29] (Kaspersky Lab ZAO) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [684712 2015-11-06] (Kaspersky Lab ZAO) R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO) R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [35696 2015-06-29] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [35184 2015-06-29] (Kaspersky Lab ZAO) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [23920 2015-06-29] (Kaspersky Lab ZAO) R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO) R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [54328 2015-06-29] (Kaspersky Lab ZAO) R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [157240 2015-11-06] (Kaspersky Lab ZAO) R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.) S3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [13056 2002-12-05] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54400 2008-03-25] (NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2008-08-18] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-03-25] (NVIDIA Corporation) S3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [241664 2002-12-05] (NVIDIA Corporation) S0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [13568 2002-09-06] (NVIDIA Corporation) R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2003-04-16] (PowerQuest Corporation) [Brak podpisu cyfrowego] R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [Brak podpisu cyfrowego] S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1358720 2009-05-08] (VIA Technologies, Inc.) S3 AsrCDDrv; \??\C:\WINDOWS\system32\Drivers\AsrCDDrv.sys [X] S4 IntelIde; Brak ImagePath U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 kwdyqpow; \??\C:\DOCUME~1\Betty\USTAWI~1\Temp\kwdyqpow.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-11-09 14:05 - 2015-11-09 14:05 - 00000000 ____D C:\FRST 2015-11-09 13:57 - 2015-11-09 13:57 - 00021151 _____ C:\Documents and Settings\Betty\Pulpit\gmer.txt 2015-11-09 13:54 - 2015-11-09 13:54 - 00021151 _____ C:\Documents and Settings\Betty\Pulpit\gmer.log 2015-11-09 10:51 - 2015-11-09 13:42 - 00000211 _____ C:\Documents and Settings\Betty\Pulpit\Fixitpc.pl.url 2015-11-07 14:08 - 2015-11-07 14:08 - 00001996 _____ C:\Documents and Settings\Betty\Pulpit\Skrót do SpyHunter4.lnk 2015-11-07 13:47 - 2015-11-07 13:49 - 00061384 _____ C:\spyhunter.fix 2015-11-07 13:47 - 2015-11-07 13:05 - 00022400 ____R C:\WINDOWS\system32\sh4native.exe 2015-11-07 13:04 - 2015-11-07 13:04 - 00020040 _____ C:\Documents and Settings\Betty\Moje dokumenty\[kat.cr]spyhunter.4.20.9.4533.portable.appzdam.torrent 2015-11-07 12:54 - 2015-11-07 12:54 - 00002545 _____ C:\Documents and Settings\Betty\Pulpit\µTorrent.lnk 2015-11-07 12:54 - 2015-11-07 12:54 - 00002545 _____ C:\Documents and Settings\Betty\Menu Start\µTorrent.lnk 2015-11-07 12:53 - 2015-11-07 12:54 - 00000000 ____D C:\Documents and Settings\Betty\Dane aplikacji\uTorrent 2015-11-07 12:53 - 2015-11-07 12:53 - 01889304 _____ (BitTorrent Inc.) C:\Documents and Settings\Betty\Moje dokumenty\uTorrent.exe 2015-11-07 12:40 - 2015-11-07 12:40 - 01612360 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Betty\Moje dokumenty\rakhnidecryptor.exe 2015-11-07 12:35 - 2015-11-07 12:35 - 02260797 _____ C:\Documents and Settings\Betty\Moje dokumenty\Installer (Right Click and select extract)!.zip 2015-11-07 11:18 - 2015-11-07 11:18 - 00000000 ____D C:\AdwCleaner 2015-11-06 23:07 - 2015-11-09 13:38 - 00094210 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2015-11-06 23:07 - 2015-11-07 20:01 - 00094210 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1801674531-823518204-725345543-1003-0.dat 2015-11-06 23:01 - 2015-11-09 11:13 - 00001024 ____H C:\WINDOWS\system32\config\elam.LOG 2015-11-06 23:01 - 2015-11-06 23:01 - 00262144 _____ C:\WINDOWS\system32\config\elam 2015-11-06 20:59 - 2015-11-09 13:38 - 00065536 _____ C:\WINDOWS\system32\config\Kaspersk.evt 2015-11-06 20:57 - 2015-11-06 20:57 - 00001857 _____ C:\Documents and Settings\Betty\Pulpit\Bezpieczne pieniądze.lnk 2015-11-06 20:56 - 2015-11-06 20:56 - 00001703 _____ C:\Documents and Settings\All Users\Pulpit\Kaspersky Total Security.lnk 2015-11-06 20:56 - 2015-11-06 20:56 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Total Security 2015-11-06 20:54 - 2015-11-06 20:54 - 00000000 ____D C:\Program Files\Kaspersky Lab 2015-11-06 20:54 - 2015-11-06 20:54 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2015-11-06 20:53 - 2015-11-06 21:09 - 00684712 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys 2015-11-06 20:53 - 2015-06-29 21:15 - 00125656 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys 2015-11-06 20:53 - 2015-06-29 21:15 - 00043184 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys 2015-11-06 20:51 - 2015-11-06 20:51 - 00000000 ____D C:\Program Files\Microsoft.NET 2015-11-05 14:56 - 2015-05-29 08:43 - 00303744 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys 2015-11-05 14:45 - 2015-11-05 14:45 - 00000036 _____ C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache 2015-11-05 12:38 - 2015-11-05 12:38 - 00401934 _____ C:\Documents and Settings\Betty\Dane aplikacji\recovery.bmp 2015-11-04 12:45 - 2015-11-04 12:45 - 00000000 __SHD C:\FOUND.035 2015-10-22 10:44 - 2015-10-22 10:44 - 00000285 _____ C:\Documents and Settings\Betty\Pulpit\Muhteşem Yüzyıl 96. Bölüm - YouTube.url 2015-10-19 18:03 - 2015-10-19 18:03 - 00000150 _____ C:\Documents and Settings\Betty\Pulpit\WAREZ.url 2015-10-17 19:29 - 2015-11-09 13:14 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-10-17 19:29 - 2015-11-07 17:24 - 00000992 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-10-17 19:29 - 2015-10-17 21:14 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-11-09 13:42 - 2014-08-25 11:21 - 00000444 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1408958472.job 2015-11-09 13:40 - 2010-08-14 08:25 - 00000259 _____ C:\WINDOWS\wiadebug.log 2015-11-09 13:40 - 2002-09-28 22:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-11-09 13:39 - 2015-05-16 21:17 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-11-09 13:39 - 2014-03-28 16:05 - 00000222 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2015-11-09 13:39 - 2011-03-12 19:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-09 13:39 - 2010-08-26 15:44 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-09 13:38 - 2011-09-12 07:36 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-11-09 13:38 - 2010-08-14 08:46 - 01192049 _____ C:\WINDOWS\WindowsUpdate.log 2015-11-09 13:38 - 2010-08-14 08:37 - 00000188 ___SH C:\Documents and Settings\Betty\ntuser.ini 2015-11-09 13:38 - 2010-08-14 08:36 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt 2015-11-09 13:27 - 2010-08-26 15:44 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-09 13:22 - 2015-07-16 14:49 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-823518204-725345543-1003Core1d0bfc5dd3b1566.job 2015-11-09 13:18 - 2015-02-07 12:57 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-823518204-725345543-1003Core1d042cd40521256.job 2015-11-09 13:02 - 2014-11-15 16:48 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-823518204-725345543-1003Core1d000eb8ea25624.job 2015-11-09 08:15 - 2014-06-24 16:25 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-823518204-725345543-1003Core1cf8fb8307ddf86.job 2015-11-08 15:00 - 2014-03-28 16:05 - 00000216 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2015-11-08 14:54 - 2015-05-19 13:13 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-823518204-725345543-1003Core1d09224e188d1a4.job 2015-11-07 19:58 - 2015-07-07 19:57 - 00000684 _____ C:\Documents and Settings\Betty\Pulpit\Telewizja przez internet, Telewizja na żywo - WEEB.TV - tvp22hd tvp1hd179 tvpinfo.url 2015-11-07 17:24 - 2015-09-16 17:19 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-823518204-725345543-1003Core1d0f093b0cee80.job 2015-11-07 17:24 - 2015-08-29 13:17 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-823518204-725345543-1003Core1d0e24c47c36908.job 2015-11-07 16:53 - 2014-10-23 08:10 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-823518204-725345543-1003Core1cfee8894450ce.job 2015-11-07 13:20 - 2010-08-14 08:24 - 01187082 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-07 13:20 - 2002-09-28 22:00 - 00532870 _____ C:\WINDOWS\system32\perfh015.dat 2015-11-07 13:20 - 2002-09-28 22:00 - 00094174 _____ C:\WINDOWS\system32\perfc015.dat 2015-11-07 12:54 - 2010-08-14 23:35 - 00192403 _____ C:\WINDOWS\medctroc.Log 2015-11-07 12:54 - 2010-08-14 08:24 - 02762196 _____ C:\WINDOWS\FaxSetup.log 2015-11-07 12:54 - 2010-08-14 08:24 - 01337500 _____ C:\WINDOWS\ocgen.log 2015-11-07 12:54 - 2010-08-14 08:24 - 01271535 _____ C:\WINDOWS\tsoc.log 2015-11-07 12:54 - 2010-08-14 08:24 - 01019167 _____ C:\WINDOWS\iis6.log 2015-11-07 12:54 - 2010-08-14 08:24 - 00869974 _____ C:\WINDOWS\msmqinst.log 2015-11-07 12:54 - 2010-08-14 08:24 - 00692642 _____ C:\WINDOWS\comsetup.log 2015-11-07 12:54 - 2010-08-14 08:24 - 00484577 _____ C:\WINDOWS\netfxocm.log 2015-11-07 12:54 - 2010-08-14 08:24 - 00419064 _____ C:\WINDOWS\ntdtcsetup.log 2015-11-07 12:54 - 2010-08-14 08:24 - 00143752 _____ C:\WINDOWS\tabletoc.log 2015-11-07 12:54 - 2010-08-14 08:24 - 00138486 _____ C:\WINDOWS\msgsocm.log 2015-11-07 12:54 - 2010-08-14 08:24 - 00128231 _____ C:\WINDOWS\ocmsn.log 2015-11-07 12:54 - 2010-08-14 08:24 - 00001917 _____ C:\WINDOWS\imsins.log 2015-11-07 12:28 - 2010-08-15 16:55 - 00001125 _____ C:\WINDOWS\winamp.ini 2015-11-07 12:26 - 2013-03-02 14:38 - 00024064 _____ C:\WINDOWS\offitems.log 2015-11-07 12:03 - 2010-08-14 08:37 - 00001512 _____ C:\Documents and Settings\Betty\Menu Start\Programy\Pomoc zdalna.lnk 2015-11-07 12:00 - 2010-08-14 08:32 - 00001476 _____ C:\Documents and Settings\All Users\Menu Start\Określ dostęp do programów i ich ustawienia domyślne.lnk 2015-11-07 12:00 - 2010-08-14 08:32 - 00001420 _____ C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk 2015-11-07 11:58 - 2010-08-14 08:32 - 00001512 _____ C:\Documents and Settings\Default User\Menu Start\Programy\Pomoc zdalna.lnk 2015-11-07 11:36 - 2011-08-10 09:00 - 00261113 _____ C:\WINDOWS\setupapi.log 2015-11-07 09:27 - 2010-08-26 11:31 - 00000265 _____ C:\Documents and Settings\Betty\Pulpit\Rozkład jazdy.url 2015-11-06 21:09 - 2015-06-29 21:15 - 00157240 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys 2015-11-06 19:24 - 2015-06-17 19:49 - 00000305 _____ C:\Documents and Settings\Betty\Pulpit\PUP Zabrze.url 2015-11-06 19:22 - 2015-06-17 19:45 - 00000311 _____ C:\Documents and Settings\Betty\Pulpit\PUP Gliwice.url 2015-11-06 12:23 - 2012-08-31 23:52 - 00000241 _____ C:\Documents and Settings\Betty\Pulpit\Logowanie do e-fotoalbum.url 2015-11-05 12:31 - 2011-08-16 09:14 - 00050063 _____ C:\Documents and Settings\Betty\Moje dokumenty\umowa_kupna_sprzedazy_samochodu.pdf.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:30 - 2010-08-15 00:04 - 00000660 _____ C:\Documents and Settings\Betty\Moje dokumenty\bank.txt.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:30 - 2010-08-15 00:04 - 00000628 _____ C:\Documents and Settings\Betty\Moje dokumenty\walenty.txt.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:30 - 2010-08-15 00:04 - 00000548 _____ C:\Documents and Settings\Betty\Moje dokumenty\aforyzmy.txt.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:30 - 2010-08-14 08:43 - 04798128 ____H C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\IconCache.db.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:16 - 2015-04-05 14:33 - 00000116 _____ C:\Documents and Settings\Betty\Pulpit\lukier.txt.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:16 - 2015-02-27 23:41 - 00000308 _____ C:\Documents and Settings\Betty\Pulpit\Ariana.txt.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:16 - 2014-08-25 12:13 - 00000068 _____ C:\Documents and Settings\Betty\Pulpit\IPLA SPORT.txt.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:16 - 2014-05-07 23:59 - 00000228 _____ C:\Documents and Settings\Betty\Pulpit\nasz-album.txt.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:16 - 2014-01-28 16:24 - 00015940 _____ C:\Documents and Settings\Betty\Pulpit\likwidacjagrzejnika.pdf.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:16 - 2013-06-28 15:58 - 00000052 _____ C:\Documents and Settings\Betty\Pulpit\Konto walutowe.txt.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:16 - 2012-09-13 11:53 - 00000148 _____ C:\Documents and Settings\Betty\Pulpit\eurobank.txt.id-4096270429_helpme@freespeechmail.org 2015-11-05 12:16 - 2010-08-15 00:04 - 00054806 _____ C:\Documents and Settings\Betty\Pulpit\Rozklad_jazdy_M1_Zabrze.pdf.id-4096270429_helpme@freespeechmail.org 2015-11-02 19:00 - 2014-10-10 21:37 - 00000523 _____ C:\Documents and Settings\Betty\Pulpit\Poczta - Najlepsza Poczta, największe załączniki - WP.PL.url 2015-11-02 11:49 - 2010-08-15 00:04 - 00000215 _____ C:\Documents and Settings\Betty\Pulpit\Pekao24 - Bankowość elektroniczna.url 2015-11-01 13:00 - 2015-09-08 17:17 - 00000889 _____ C:\Documents and Settings\Betty\Pulpit\Polsat Sport HD - Program - ipla.tv.url 2015-10-26 13:45 - 2010-08-15 00:04 - 00000174 _____ C:\Documents and Settings\Betty\Pulpit\Wrzuta.pl.url 2015-10-25 07:43 - 2014-08-17 21:00 - 00014880 _____ C:\Documents and Settings\Betty\debug.log 2015-10-25 07:40 - 2010-08-14 08:23 - 00110992 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-10-17 21:14 - 2011-05-14 06:31 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-10-15 13:00 - 2010-08-14 23:43 - 141105520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Pliki w katalogu głównym wybranych folderów ======= 2010-08-15 16:41 - 2010-08-15 16:41 - 0000075 _____ () C:\Documents and Settings\Betty\Dane aplikacji\sversion.ini 2010-08-15 16:41 - 2010-08-15 16:47 - 0002048 _____ () C:\Documents and Settings\Betty\Dane aplikacji\user60.rdb 2011-08-19 16:08 - 2011-08-19 16:26 - 0000325 _____ () C:\Documents and Settings\Betty\Dane aplikacji\default.pls 2015-11-05 12:38 - 2015-11-05 12:38 - 0401934 _____ () C:\Documents and Settings\Betty\Dane aplikacji\recovery.bmp 2010-08-14 23:58 - 2013-01-23 12:00 - 0032256 _____ () C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-11-05 14:45 - 2015-11-05 14:45 - 0000036 _____ () C:\Documents and Settings\Betty\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================