Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:09-12-2015 Uruchomiony przez slawek (administrator) SLAWEK-0B24F4E9 (09-12-2015 22:42:51) Uruchomiony z C:\Documents and Settings\slawek\Pulpit Załadowane profile: slawek (Dostępne profile: slawek) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-27] (Adobe Systems Incorporated) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== UWAGA HKU\S-1-5-21-790525478-484763869-839522115-1003\...\Run: [BrowserMe] => C:\Documents and Settings\slawek\Dane aplikacji\BrowserMe\ChromeUpdate.exe HKU\S-1-5-21-790525478-484763869-839522115-1003\...\Run: [a09b6bddd0] => C:\Documents and Settings\slawek\Dane aplikacji\a09b6bddd0\c09ec.exe HKU\S-1-5-21-790525478-484763869-839522115-1003\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-790525478-484763869-839522115-1003\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-790525478-484763869-839522115-1003\...\MountPoints2: {1d482967-ac51-11e3-b00b-806d6172696f} - I:\Setup.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 178.216.136.34 8.8.8.8 Tcpip\..\Interfaces\{85A06BA0-25C5-45E9-A1A0-6F8476F9A476}: [DhcpNameServer] 178.216.136.34 8.8.8.8 Internet Explorer: ================== HKU\S-1-5-21-790525478-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\slawek\Dane aplikacji\Mozilla\Firefox\Profiles\weeziy1a.default-1443375349485 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-27] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( ) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [37384 2014-10-14] (CHENGDU YIWO Tech Development Co., Ltd) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices) [Brak podpisu cyfrowego] S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () [Brak podpisu cyfrowego] R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [51976 2014-10-14] (CHENGDU YIWO Tech Development Co., Ltd) R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40712 2014-10-14] () R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14856 2014-10-14] (CHENGDU YIWO Tech Development Co., Ltd) R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [185736 2014-10-14] (CHENGDU YIWO Tech Development Co., Ltd) S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [Brak podpisu cyfrowego] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) S0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S4 IntelIde; Brak ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; Brak ImagePath U3 pwnyiaob; \??\C:\DOCUME~1\slawek\USTAWI~1\Temp\pwnyiaob.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-09 22:42 - 2015-12-09 22:43 - 00007234 _____ C:\Documents and Settings\slawek\Pulpit\FRST.txt 2015-12-09 22:40 - 2015-12-09 22:42 - 00000000 ____D C:\FRST 2015-12-09 22:28 - 2015-12-09 22:28 - 00380416 _____ C:\Documents and Settings\slawek\Pulpit\knms5j6v.exe 2015-12-09 22:24 - 2015-12-09 22:24 - 01720320 _____ (Farbar) C:\Documents and Settings\slawek\Pulpit\FRST.exe 2015-12-09 22:10 - 2015-12-09 22:10 - 00000189 _____ C:\Documents and Settings\slawek\Dane aplikacji\wpulog.txt 2015-12-09 22:00 - 2015-12-09 22:29 - 00000000 ____D C:\Documents and Settings\slawek\Ustawienia lokalne\Dane aplikacji\ycev 2015-12-09 22:00 - 2015-12-09 22:00 - 00009620 _____ C:\Documents and Settings\NetworkService\Ustawienia lokalne\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 00009620 _____ C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 00009620 _____ C:\Documents and Settings\NetworkService\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 00009620 _____ C:\Documents and Settings\NetworkService\Dane aplikacji\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 00009620 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 00009620 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 00009620 _____ C:\Documents and Settings\LocalService\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 00009620 _____ C:\Documents and Settings\LocalService\Dane aplikacji\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 00009620 _____ C:\Documents and Settings\All Users\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 00002787 _____ C:\Documents and Settings\NetworkService\Ustawienia lokalne\how_recover+lrk.txt 2015-12-09 22:00 - 2015-12-09 22:00 - 00002787 _____ C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\how_recover+lrk.txt 2015-12-09 22:00 - 2015-12-09 22:00 - 00002787 _____ C:\Documents and Settings\NetworkService\how_recover+lrk.txt 2015-12-09 22:00 - 2015-12-09 22:00 - 00002787 _____ C:\Documents and Settings\NetworkService\Dane aplikacji\how_recover+lrk.txt 2015-12-09 22:00 - 2015-12-09 22:00 - 00002787 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\how_recover+lrk.txt 2015-12-09 22:00 - 2015-12-09 22:00 - 00002787 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\how_recover+lrk.txt 2015-12-09 22:00 - 2015-12-09 22:00 - 00002787 _____ C:\Documents and Settings\LocalService\how_recover+lrk.txt 2015-12-09 22:00 - 2015-12-09 22:00 - 00002787 _____ C:\Documents and Settings\LocalService\Dane aplikacji\how_recover+lrk.txt 2015-12-09 22:00 - 2015-12-09 22:00 - 00002787 _____ C:\Documents and Settings\All Users\how_recover+lrk.txt 2015-12-09 21:59 - 2015-12-09 21:59 - 00000592 ____H C:\Documents and Settings\All Users\Dane aplikacji\@system3.att 2015-12-09 21:59 - 2015-12-09 21:59 - 00000254 _____ C:\Documents and Settings\slawek\Moje dokumenty\recover_file_dqhabsmpi.txt 2015-12-09 21:58 - 2015-12-09 21:58 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache 2015-12-07 18:39 - 2015-12-07 18:39 - 10847128 _____ (EasySync Solutions) C:\Documents and Settings\slawek\Pulpit\EasySync_CryptoMonitor_FreePro_Setup.exe 2015-12-07 18:21 - 2015-12-09 21:59 - 00001246 _____ C:\DelFix.txt.vvv 2015-12-06 21:16 - 2015-12-06 21:16 - 00028038 ____N C:\Documents and Settings\slawek\Pulpit\braun.TIF 2015-12-05 01:01 - 2015-12-05 01:01 - 00000000 ____D C:\Program Files\R-Studio 2015-12-05 01:01 - 2015-12-05 01:01 - 00000000 ____D C:\Documents and Settings\slawek\Moje dokumenty\R-TT 2015-12-05 01:01 - 2015-12-05 01:01 - 00000000 ____D C:\Documents and Settings\slawek\Menu Start\Programy\R-Studio 2015-12-05 01:01 - 2015-12-05 01:01 - 00000000 ____D C:\Documents and Settings\slawek\Dane aplikacji\R-TT 2015-12-05 00:53 - 2015-12-05 00:53 - 42002248 _____ (R-Tools Technology Inc.) C:\Documents and Settings\slawek\Pulpit\RStudio7.exe 2015-12-04 22:56 - 2015-12-04 22:56 - 00000000 _____ C:\WINDOWS\mru.dat 2015-12-04 22:10 - 2015-12-05 00:05 - 00000000 ____D C:\Documents and Settings\slawek\Pulpit\testdisk-7.1-WIP 2015-12-03 21:59 - 2015-12-09 22:14 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\EaseUS Data Recovery Wizard 2015-12-03 21:43 - 2015-12-03 21:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2015-12-03 21:43 - 2006-06-29 13:07 - 00014048 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg2.dll 2015-12-03 21:42 - 2015-12-03 21:42 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2015-12-03 21:42 - 2015-12-03 21:42 - 00000000 ____D C:\Program Files\MSBuild 2015-12-03 21:42 - 2008-07-06 13:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll 2015-12-03 21:42 - 2008-07-06 13:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll 2015-12-03 21:42 - 2008-07-06 13:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll 2015-12-03 21:42 - 2008-07-06 13:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll 2015-12-03 21:42 - 2008-07-06 13:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll 2015-12-03 21:42 - 2008-07-06 13:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll 2015-12-03 21:42 - 2008-07-06 11:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe 2015-12-03 21:28 - 2015-12-03 21:28 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-12-03 21:27 - 2015-12-03 21:27 - 00000000 __RHD C:\AHCache 2015-12-03 21:22 - 2015-12-03 21:22 - 00137737 _____ C:\Documents and Settings\slawek\Pulpit\ShadowExplorer-0.9-portable.zip 2015-12-03 20:56 - 2015-12-04 23:42 - 00000000 ____D C:\Documents and Settings\slawek\Dane aplikacji\Wise Uninstaller 2015-12-03 20:56 - 2015-12-03 20:56 - 02017256 _____ C:\Documents and Settings\slawek\Pulpit\WPU.zip 2015-12-03 20:46 - 2015-12-04 00:33 - 00000445 _____ C:\Documents and Settings\slawek\Pulpit\Nowy Dokument tekstowy.txt 2015-12-03 20:27 - 2015-12-03 20:27 - 10358080 _____ (SurfRight B.V.) C:\Documents and Settings\slawek\Pulpit\HitmanPro.exe 2015-12-02 19:28 - 2015-12-02 19:28 - 03079072 _____ C:\Documents and Settings\slawek\Moje dokumenty\mted5.w0 2015-12-02 19:28 - 2015-12-02 19:28 - 00544688 _____ C:\Documents and Settings\slawek\Moje dokumenty\gh9wr3jb3.1v 2015-12-02 19:28 - 2015-12-02 19:28 - 00300588 _____ C:\Documents and Settings\slawek\Moje dokumenty\3o9l14uee5.2ev64 2015-12-02 19:28 - 2015-12-02 19:28 - 00054156 _____ C:\Documents and Settings\slawek\Moje dokumenty\wv3jujl.5kou9 2015-12-02 19:28 - 2015-12-02 19:28 - 00053596 _____ C:\Documents and Settings\slawek\Moje dokumenty\00pj570f32.8d6 2015-12-02 19:28 - 2015-12-02 19:28 - 00023884 _____ C:\Documents and Settings\slawek\Moje dokumenty\9txl16l6a8.946q 2015-11-22 15:36 - 2008-01-25 19:48 - 00038400 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoPt.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00038400 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoEl.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00037888 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoTr.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00037888 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoSl.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00037888 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoSk.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00037888 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoPl.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00037888 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoHu.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00037376 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoTh.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00037376 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoCs.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00037376 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoAr.dll 2015-11-22 15:36 - 2008-01-25 19:48 - 00036864 ____R (NVIDIA Corporation) C:\WINDOWS\system32\NvRCoHe.dll 2015-11-22 15:35 - 2015-11-22 15:35 - 00000000 ____D C:\Documents and Settings\slawek\Moje dokumenty\WinXP ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-09 22:43 - 2014-03-15 15:15 - 00000000 ____D C:\Documents and Settings\slawek\Ustawienia lokalne\Temp 2015-12-09 22:42 - 2014-03-15 15:51 - 00000000 ____D C:\WINDOWS 2015-12-09 22:42 - 2014-03-15 15:15 - 00000000 ____D C:\Documents and Settings\slawek\Pulpit 2015-12-09 22:37 - 2014-03-15 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\NVIDIA Corporation 2015-12-09 22:37 - 2014-03-15 15:56 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2015-12-09 22:37 - 2014-03-15 15:05 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Gry 2015-12-09 22:36 - 2014-11-08 21:58 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\EaseUS Partition Master 10.1 2015-12-09 22:36 - 2014-11-08 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\K-Lite Codec Pack 2015-12-09 22:36 - 2014-07-20 15:52 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight 2015-12-09 22:36 - 2014-07-20 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Nero 2015-12-09 22:35 - 2015-09-27 11:14 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Java 2015-12-09 22:35 - 2014-12-30 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Nokia 2015-12-09 22:35 - 2014-11-08 22:04 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\EaseUS Todo Backup Free 7.5 2015-12-09 22:34 - 2015-04-19 13:31 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2015-12-09 22:30 - 2014-03-15 15:51 - 00000000 ____D C:\WINDOWS\system 2015-12-09 22:30 - 2014-03-15 15:15 - 00000188 ___SH C:\Documents and Settings\slawek\ntuser.ini 2015-12-09 22:30 - 2014-03-15 15:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-09 22:29 - 2014-03-15 15:37 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office 2015-12-09 22:16 - 2014-03-15 15:03 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria 2015-12-09 22:15 - 2014-03-15 15:56 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start 2015-12-09 22:14 - 2015-04-19 13:31 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-09 22:14 - 2014-05-17 18:22 - 00441830 ____C C:\WINDOWS\ntbtlog.txt 2015-12-09 22:13 - 2014-03-15 15:56 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2015-12-09 22:13 - 2014-03-15 15:55 - 00000000 ___HD C:\Documents and Settings\Default User 2015-12-09 22:10 - 2014-03-15 15:15 - 00000000 __RHD C:\Documents and Settings\slawek\Dane aplikacji 2015-12-09 22:09 - 2014-03-15 15:56 - 00000000 ___SD C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2015-12-09 22:09 - 2014-03-15 15:56 - 00000000 ___RD C:\Documents and Settings\Default User\Menu Start\Programy\Autostart 2015-12-09 22:09 - 2014-03-15 15:56 - 00000000 ___RD C:\Documents and Settings\Default User\Menu Start\Programy 2015-12-09 22:09 - 2014-03-15 15:56 - 00000000 ___RD C:\Documents and Settings\Default User\Menu Start 2015-12-09 22:09 - 2014-03-15 15:56 - 00000000 ___HD C:\Documents and Settings\Default User\Ustawienia lokalne\Dane aplikacji 2015-12-09 22:09 - 2014-03-15 15:56 - 00000000 ____D C:\Documents and Settings\Default User\Moje dokumenty 2015-12-09 22:09 - 2014-03-15 15:55 - 00000000 __RHD C:\Documents and Settings\Default User\Dane aplikacji 2015-12-09 22:09 - 2014-03-15 15:07 - 00000000 ___RD C:\Documents and Settings\Default User\Menu Start\Programy\Akcesoria 2015-12-09 22:08 - 2014-03-15 15:56 - 00000000 __RHD C:\Documents and Settings\Default User\Ustawienia lokalne 2015-12-09 22:08 - 2014-03-15 15:56 - 00000000 ____D C:\Documents and Settings\Default User\Ustawienia lokalne\Temp 2015-12-09 22:00 - 2014-03-15 15:56 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty 2015-12-09 22:00 - 2014-03-15 15:55 - 00000000 ____D C:\Documents and Settings\All Users 2015-12-09 22:00 - 2014-03-15 15:15 - 00000000 ___HD C:\Documents and Settings\slawek\Ustawienia lokalne\Dane aplikacji 2015-12-09 21:59 - 2014-03-15 15:55 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-12-09 21:59 - 2014-03-15 15:15 - 00000000 ___RD C:\Documents and Settings\slawek\Moje dokumenty 2015-12-09 21:59 - 2004-08-03 23:44 - 00131072 ___SH (DVDVideoSoft Ltd.) C:\Documents and Settings\All Users\msurcvwor.exe 2015-12-09 21:58 - 2014-03-15 15:12 - 00000000 __SHD C:\Documents and Settings\NetworkService 2015-12-09 18:27 - 2001-07-21 23:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-12-08 23:49 - 2014-03-15 15:13 - 00032456 _____ C:\WINDOWS\SchedLgU.Txt 2015-12-08 23:42 - 2014-03-15 15:52 - 00000000 ____D C:\Documents and Settings\slawek\Pulpit\ie7 & wmp11 2015-12-08 23:35 - 2015-07-08 18:33 - 00000000 ____D C:\Documents and Settings\slawek\Pulpit\foty 2015-12-08 23:35 - 2014-12-14 19:35 - 00000000 ____D C:\Documents and Settings\slawek\Pulpit\pulpit 2015-12-08 18:46 - 2014-06-14 21:52 - 00000056 _____ C:\WINDOWS\Kulki.ini 2015-12-07 18:33 - 2014-03-15 15:26 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-12-07 18:33 - 2014-03-15 15:26 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-12-06 17:01 - 2014-03-15 15:15 - 00000000 ___RD C:\Documents and Settings\slawek\Menu Start\Programy 2015-12-06 01:10 - 2014-03-15 15:12 - 00000000 __SHD C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2015-12-05 00:27 - 2014-03-15 15:15 - 00000000 __SHD C:\Documents and Settings\slawek\Ustawienia lokalne\Historia 2015-12-05 00:22 - 2015-02-18 19:46 - 00000000 ____D C:\Documents and Settings\slawek\Dane aplikacji\Skype 2015-12-05 00:22 - 2014-05-11 19:17 - 00000000 ____D C:\Documents and Settings\slawek\Dane aplikacji\PC Suite 2015-12-05 00:22 - 2014-05-11 19:17 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Nokia 2015-12-05 00:22 - 2014-05-11 19:16 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache 2015-12-05 00:22 - 2014-04-26 11:22 - 00000000 ____D C:\Documents and Settings\slawek\Dane aplikacji\Mozilla 2015-12-05 00:22 - 2014-03-15 15:56 - 00000000 ___HD C:\Documents and Settings\Default User\Szablony 2015-12-05 00:22 - 2014-03-15 15:26 - 00000000 ____D C:\Documents and Settings\slawek\Dane aplikacji\Adobe 2015-12-05 00:22 - 2014-03-15 15:13 - 00000000 __SHD C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2015-12-05 00:22 - 2014-03-15 15:13 - 00000000 __SHD C:\Documents and Settings\LocalService 2015-12-05 00:22 - 2014-03-15 15:13 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2015-12-05 00:22 - 2014-03-15 15:13 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne 2015-12-05 00:22 - 2014-03-15 15:13 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2015-12-04 23:43 - 2014-04-26 23:33 - 00002347 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk 2015-12-04 23:39 - 2015-09-27 11:14 - 00000000 ____D C:\Program Files\Java 2015-12-04 21:50 - 2014-03-15 15:51 - 00000000 ___HD C:\WINDOWS\inf 2015-12-04 18:54 - 2014-03-15 15:51 - 00000000 ____D C:\WINDOWS\pchealth 2015-12-03 22:52 - 2014-03-15 15:15 - 00000000 ___HD C:\Documents and Settings\slawek\Ustawienia lokalne 2015-12-03 22:19 - 2014-07-20 17:17 - 00000069 _____ C:\WINDOWS\NeroDigital.ini 2015-12-03 21:58 - 2014-11-08 21:58 - 00000000 ____D C:\Program Files\EaseUS 2015-12-03 21:48 - 2014-03-15 15:55 - 00215264 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-03 21:43 - 2014-03-15 16:04 - 00046832 ____C C:\Documents and Settings\slawek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2015-12-03 21:42 - 2014-03-15 15:56 - 01082590 ____C C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-03 21:42 - 2014-03-15 15:51 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2015-12-03 21:42 - 2014-03-15 15:51 - 00000000 ____D C:\WINDOWS\system32\spool 2015-12-03 21:42 - 2001-10-26 17:15 - 00490284 ____C C:\WINDOWS\system32\perfh015.dat 2015-12-03 21:42 - 2001-10-26 17:15 - 00083660 ____C C:\WINDOWS\system32\perfc015.dat 2015-12-02 21:15 - 2014-06-28 15:17 - 00000000 ____D C:\Documents and Settings\slawek\Moje dokumenty\Pobrane 2015-12-02 19:15 - 2014-05-14 16:41 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-02 19:05 - 2014-04-26 18:02 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-12-09 22:10 - 2015-12-09 22:10 - 0000189 _____ () C:\Documents and Settings\slawek\Dane aplikacji\wpulog.txt 2014-03-15 16:06 - 2014-11-08 19:16 - 0226304 ____C () C:\Documents and Settings\slawek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-12-09 22:00 - 2015-12-09 22:00 - 0009620 _____ () C:\Documents and Settings\All Users\how_recover+lrk.html 2015-12-09 22:00 - 2015-12-09 22:00 - 0002787 _____ () C:\Documents and Settings\All Users\how_recover+lrk.txt 2004-08-03 23:44 - 2008-04-14 21:51 - 0126978 ___SH () C:\Documents and Settings\All Users\msforjf.exe 2004-08-03 23:44 - 2008-04-14 21:51 - 0131072 ___SH () C:\Documents and Settings\All Users\msganuyk.exe 2004-08-03 23:44 - 2008-04-14 21:51 - 0094720 ___SH () C:\Documents and Settings\All Users\mshfed.exe 2004-08-03 23:44 - 2008-04-14 21:51 - 0094720 ___SH () C:\Documents and Settings\All Users\msoue.exe 2004-08-03 23:44 - 2015-12-09 21:59 - 0131072 ___SH (DVDVideoSoft Ltd.) C:\Documents and Settings\All Users\msurcvwor.exe Pliki do przeniesienia lub usunięcia: ==================== C:\Documents and Settings\All Users\msforjf.exe C:\Documents and Settings\All Users\msganuyk.exe C:\Documents and Settings\All Users\mshfed.exe C:\Documents and Settings\All Users\msoue.exe C:\Documents and Settings\All Users\msurcvwor.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================