Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:13-04-2016 Uruchomiony przez MarekM (administrator) MAREK-M (15-04-2016 17:15:27) Uruchomiony z C:\Documents and Settings\MarekM\Pulpit\FRST Załadowane profile: MarekM (Dostępne profile: MarekM & Mama & Grzegorz & Agnieszka & Asia & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Ahead Software AG) D:\Program Files\Ahead\InCD\incdsrv.exe (brother Industries Ltd) C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE (ABBYY (BIT Software)) C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY) D:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (Autodesk, Inc.) D:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (Jetico Inc. Oy) D:\Program Files\Jetico\BestCrypt Volume Encryption\bcveserv.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (FSPro Labs) C:\WINDOWS\system32\fsproflt.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe (HP) C:\WINDOWS\system32\HPZipm12.exe (Ralink Technology, Corp.) D:\Program Files\Ralink\Common\RaRegistry.exe (SoftEther VPN Project at University of Tsukuba, Japan.) D:\Program Files\SoftEther VPN Client\vpnclient.exe (Softwareentwicklung Remus - ArchiCrypt) C:\WINDOWS\system32\STGRAMDiskHandler32.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (Zbshareware Lab) D:\Program Files\USB Disk Security\USBGuard.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Steganos Software GmbH) D:\Program Files\Steganos Privacy Suite 14\SteganosHotKeyService.exe () D:\Program Files\NetMeter\NetMeter.exe (Mixesoft Project) C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji\Mixesoft\AppNHost\appnhost.exe (Tonec Inc.) D:\Program Files\Internet Download Manager\IDMan.exe () C:\Program Files\Kalendarz XP\Kalendarz.exe (Ralink Technology, Corp.) D:\Program Files\Ralink\Common\RaUI.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (Tonec Inc.) D:\Program Files\Internet Download Manager\IEMonitor.exe (SRWare) C:\Program Files\SRWare Iron\chrome.exe (SRWare) C:\Program Files\SRWare Iron\chrome.exe (SRWare) C:\Program Files\SRWare Iron\chrome.exe (SRWare) C:\Program Files\SRWare Iron\chrome.exe (SRWare) C:\Program Files\SRWare Iron\chrome.exe (SRWare) C:\Program Files\SRWare Iron\chrome.exe (SRWare) C:\Program Files\SRWare Iron\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [] => [X] HKLM\...\Run: [USB Antivirus] => D:\Program Files\USB Disk Security\USBGuard.exe [819200 2009-12-14] (Zbshareware Lab) HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18670592 2009-07-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3117344 2012-03-07] (ESET) HKLM\...\Run: [Steganos HotKeys] => D:\Program Files\Steganos Privacy Suite 14\SteganosHotKeyService.exe [100864 2014-02-25] (Steganos Software GmbH) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\Run: [D:\Program Files\NetMeter\NetMeter.exe] => D:\Program Files\NetMeter\NetMeter.exe [331264 2007-08-11] () HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\Run: [appnhost] => C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project) HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\Run: [IDMan] => D:\Program Files\Internet Download Manager\IDMan.exe [3898960 2015-04-04] (Tonec Inc.) HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\MountPoints2: {36102cf8-51c8-11e2-b910-40618606fd9a} - K:\AutoRun.exe HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\MountPoints2: {9b2d9936-7b75-11e3-bbd7-40618606fd9a} - K:\AutoRun.exe HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\MountPoints2: {baee8cd7-18ee-11e0-9d29-40618606fd9a} - H:\NokiaPCIA_Autorun.exe HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\MountPoints2: {d319fc58-908b-11e1-b653-40618606fd9a} - N:\AutoRun.exe HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\MountPoints2: {d319fc5b-908b-11e1-b653-40618606fd9a} - J:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [tscuninstall] => %systemroot%\system32\tscupgrd.exe HKU\S-1-5-18\...\RunOnce: [Del1378656] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" <===== UWAGA HKU\S-1-5-18\...\RunOnce: [Del1085921] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" <===== UWAGA HKU\S-1-5-18\...\RunOnce: [Del1258375] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" <===== UWAGA HKU\S-1-5-18\...\RunOnce: [Del16357093] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" <===== UWAGA HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe -update pepperplugin IFEO\capture.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\coreldrw.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\corelpp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\csbprof.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\fontnav.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\isuspm.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\mediabuilder.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\rave.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\trace.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\trueimage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" Lsa: [Authentication Packages] msv1_0 relog_ap ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2012-02-07] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.) ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2012-02-07] (Autodesk, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk [2014-05-04] ShortcutTarget: Kalendarz XP.lnk -> C:\Program Files\Kalendarz XP\Kalendarz.exe () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk [2015-07-22] ShortcutTarget: Ralink Wireless Utility.lnk -> D:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk [2016-04-15] ShortcutTarget: Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{8F81DBC1-971C-4FA4-8F6A-77F29071899A}: [DhcpNameServer] 10.12.0.1 Tcpip\..\Interfaces\{DCB968E2-B180-4CBF-B32F-103A7FB300CB}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1719256000&ir= HKU\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1719256000&ir= HKU\S-1-5-21-725345543-117609710-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_15_44_orgnl¶m1=1¶m2=f%3D2%26b%3DIE%26cc%3Dpl%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0StCtAzyyBtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1M1Q1CtCzytN1L1G1B1V1N2Y1L1Qzu2SyBtDyC0DyB0FtBtDtGyBtA0DtBtG0FyEzztAtGtC0ByCyEtGyBzyyEtAyEtCzy0DyC0EyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyE0AyDtCyCyDtG0EtAyE0CtGyE0E0AtAtGzyzy0CtBtGtAyCtDyEzz0EtCzzzz0AtCtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEzy%26cr%3D584656388%26a%3Dhdr_s_15_44_orgnl%26os%3DWindows%2BXP" <======= UWAGA SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1719256000&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1719256000&ir= SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_44_orgnl¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0StCtAzyyBtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1M1Q1CtCzytN1L1G1B1V1N2Y1L1Qzu2SyBtDyC0DyB0FtBtDtGyBtA0DtBtG0FyEzztAtGtC0ByCyEtGyBzyyEtAyEtCzy0DyC0EyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyE0AyDtCyCyDtG0EtAyE0CtGyE0E0AtAtGzyzy0CtBtGtAyCtDyEzz0EtCzzzz0AtCtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEzy%26cr%3D584656388%26a%3Dhdr_s_15_44_orgnl%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_44_orgnl¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0StCtAzyyBtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1M1Q1CtCzytN1L1G1B1V1N2Y1L1Qzu2SyBtDyC0DyB0FtBtDtGyBtA0DtBtG0FyEzztAtGtC0ByCyEtGyBzyyEtAyEtCzy0DyC0EyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyE0AyDtCyCyDtG0EtAyE0CtGyE0E0AtAtGzyzy0CtBtGtAyCtDyEzz0EtCzzzz0AtCtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEzy%26cr%3D584656388%26a%3Dhdr_s_15_44_orgnl%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKU\.DEFAULT -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_44_orgnl¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0StCtAzyyBtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1M1Q1CtCzytN1L1G1B1V1N2Y1L1Qzu2SyBtDyC0DyB0FtBtDtGyBtA0DtBtG0FyEzztAtGtC0ByCyEtGyBzyyEtAyEtCzy0DyC0EyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyE0AyDtCyCyDtG0EtAyE0CtGyE0E0AtAtGzyzy0CtBtGtAyCtDyEzz0EtCzzzz0AtCtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEzy%26cr%3D584656388%26a%3Dhdr_s_15_44_orgnl%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> DefaultScope {CC555D01-0911-4134-8381-EEF93F56C625} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1719256000&ir= SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {00E75D5A-1EF6-0FCD-6096-04FD1E40251D} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=51FC00FF9D7A666D&affID=119357&tsp=5021 SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {3AF9BCD7-FCED-4A53-BA42-F9F9E8BD79F3} URL = hxxp://www.allegro.pl/search.php?sg=0&string={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {9BF778F9-21B6-4E99-9C3E-44915143B438} URL = hxxp://pl.wikipedia.org/w/index.php?title=Specjalna:Szukaj&search={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {C0346BBE-E7FF-4FFF-BB16-62AA4ADAE1A1} URL = hxxp://megaslownik.pl/slownik.php?phrase={searchTerms}&lang=de SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {CC555D01-0911-4134-8381-EEF93F56C625} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1719256000&ir= SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {E1955806-0136-42D0-98CB-428EECFA4C77} URL = hxxp://megaslownik.pl/slownik.php?phrase={searchTerms}&lang=en BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.) BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-09] (Sun Microsystems, Inc.) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-09] (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-08-09] (Sun Microsystems, Inc.) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated) Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - D:\Program Files\Steganos Privacy Suite 14\SPMIEToolbar.dll [2014-02-25] (Steganos Software GmbH) Toolbar: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> Brak nazwy - {00000000-5736-4205-0008-F7ED0776FB27} - Brak pliku Toolbar: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> Brak nazwy - {00000000-5736-4205-0008-781CD0E19F00} - Brak pliku DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2008-05-30] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Documents and Settings\MarekM\Dane aplikacji\Mozilla\Firefox\Profiles\osrlqhj4.default-1454451054359 FF NewTab: FF DefaultSearchEngine: so-v FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-10] () FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\WINDOWS\system32\npdeployJava1.dll [2012-08-09] (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-08-09] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN) FF user.js: detected! => C:\Documents and Settings\MarekM\Dane aplikacji\Mozilla\Firefox\Profiles\osrlqhj4.default-1454451054359\user.js [2016-04-10] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-08] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-08-09] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2012-08-20] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - D:\Program Files\Steganos Privacy Suite 14\spmplugin3 FF Extension: Steganos Password Manager - D:\Program Files\Steganos Privacy Suite 14\spmplugin3 [2015-11-14] [Brak podpisu cyfrowego] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-11-19] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\MarekM\Dane aplikacji\IDM\idmmzcc5 FF Extension: IDM CC - C:\Documents and Settings\MarekM\Dane aplikacji\IDM\idmmzcc5 [2016-04-15] [Brak podpisu cyfrowego] Chrome: ======= CHR Profile: C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-04-02] CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\DOCUME~1\MarekM\USTAWI~1\DANEAP~1\mysearchdial-speeddial.crx [2013-10-25] CHR HKU\S-1-5-21-725345543-117609710-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\DOCUME~1\MarekM\USTAWI~1\DANEAP~1\mysearchdial-speeddial.crx [2013-10-25] StartMenuInternet: chrome.exe - C:\Program Files\SRWare Iron\chrome.exe hxxp://www.so-v.com/?type=ll&uid=88fc2265-b9ba-40c3-a603-7aca43aed9bc Opera: ======= StartMenuInternet: (HKLM) Opera - E:\Marek\Downloads\Programs\OPERA 11.61\Opera.exe hxxp://www.so-v.com/?type=ll&uid=88fc2265-b9ba-40c3-a603-7aca43aed9bc ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ABBYY.Licensing.FineReader.Corporate.9.0; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe [759072 2008-10-27] (ABBYY (BIT Software)) R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; D:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2008-02-27] (Acronis) R2 Autodesk Content Service; D:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 BcveServ; D:\Program Files\Jetico\BestCrypt Volume Encryption\bcveserv.exe [150816 2015-07-02] (Jetico Inc. Oy) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Brak podpisu cyfrowego] R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [Brak podpisu cyfrowego] S3 CGVPNCliSrvc; D:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [913144 2012-03-07] (ESET) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-05-04] (Flexera Software, Inc.) R2 fsproflt; C:\WINDOWS\system32\fsproflt.exe [139952 2009-12-04] (FSPro Labs) R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 InCDsrv; D:\Program Files\Ahead\InCD\InCDsrv.exe [876656 2004-03-24] (Ahead Software AG) [Brak podpisu cyfrowego] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153392 2012-08-09] (Sun Microsystems, Inc.) S2 KMService; C:\WINDOWS\system32\srvany.exe [8192 2011-05-31] () [Brak podpisu cyfrowego] S4 PLAY ONLINE. RunOuc; C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [246112 2012-04-27] () R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-03] (HP) [Brak podpisu cyfrowego] R2 RalinkRegistryWriter; D:\Program Files\Ralink\Common\RaRegistry.exe [391472 2013-06-26] (Ralink Technology, Corp.) S3 RaMediaServer; D:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [Brak podpisu cyfrowego] R2 SEVPNCLIENT; D:\Program Files\SoftEther VPN Client\vpnclient.exe [3544632 2014-09-13] (SoftEther VPN Project at University of Tsukuba, Japan.) R2 Steganos Volatile Disk; C:\WINDOWS\system32\STGRAMDiskHandler32.exe [349184 2013-07-17] (Softwareentwicklung Remus - ArchiCrypt) [Brak podpisu cyfrowego] S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [494088 2008-02-27] () R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software) S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [918016 2006-12-01] (Microsoft Corporation) [Brak podpisu cyfrowego] S4 Update BatBrowse; "C:\Program Files\BatBrowse\updateBatBrowse.exe" [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) R0 bcfnt; C:\WINDOWS\system32\Drivers\bcfnt.sys [396736 2015-06-25] (Jetico Inc. Oy) R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [160816 2012-03-14] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET) R1 ElRawDisk; C:\WINDOWS\system32\drivers\elrawdsk32bit.sys [20392 2008-07-26] (EldoS Corporation) R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [148504 2012-03-14] (ESET) R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [40336 2012-03-14] (ESET) R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61936 2012-03-14] (ESET) R0 fsh; C:\WINDOWS\system32\Drivers\fsh.sys [48832 2015-05-19] (Jetico Inc. Oy) R0 FSProFilter; C:\WINDOWS\System32\Drivers\FSPFltd.sys [43792 2008-06-05] (FSPro Labs) S3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [18120 2001-11-08] ( ) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2010-03-11] (Aladdin Knowledge Systems) [Brak podpisu cyfrowego] S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-04-27] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-04-27] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2012-04-27] (Huawei Technologies Co., Ltd.) R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [126968 2015-03-27] (Tonec Inc.) R4 InCDfs; C:\WINDOWS\system32\Drivers\InCDfs.sys [99568 2004-03-24] (Ahead Software AG) [Brak podpisu cyfrowego] R1 InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [27664 2004-03-24] (Ahead Software AG) [Brak podpisu cyfrowego] U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [9561 2004-03-24] (Ahead Software AG) [Brak podpisu cyfrowego] R3 mhk; C:\WINDOWS\system32\Drivers\mhk.sys [17856 2014-06-19] (Jetico, Inc.) R3 moh; C:\WINDOWS\system32\Drivers\moh.sys [12352 2014-06-19] (Jetico, Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) S3 Neo_VPN; C:\WINDOWS\System32\DRIVERS\Neo_0004.sys [25824 2014-09-13] (SoftEther VPN Project at University of Tsukuba, Japan.) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [57320 2009-11-12] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation) R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2003-04-16] (PowerQuest Corporation) [Brak podpisu cyfrowego] S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1660488 2013-09-06] (Ralink Technology, Corp.) R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [26336 2012-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) R1 SLEE_18_DRIVER; C:\WINDOWS\system32\drivers\Sleen18.sys [91992 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - ) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2012-03-09] () [Brak podpisu cyfrowego] R1 STGMFEngine32; C:\WINDOWS\system32\drivers\STGMFEngine32.sys [16384 2013-07-17] (Softwareentwicklung Remus - ArchiCrypt.com) [Brak podpisu cyfrowego] R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project) [Brak podpisu cyfrowego] R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2009-12-06] (Acronis) R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2009-12-06] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software) S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [Brak podpisu cyfrowego] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [239488 2012-04-27] (Huawei Technologies Co., Ltd.) S4 IntelIde; Brak ImagePath U3 anbt4sz1; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-15 17:13 - 2016-04-15 16:28 - 00017882 _____ C:\Documents and Settings\MarekM\Pulpit\Fixlog.txt 2016-04-15 16:10 - 2016-04-15 16:10 - 00000000 ____D C:\Documents and Settings\MarekM\Dane aplikacji\ElevatedDiagnostics 2016-04-15 16:09 - 2016-04-15 16:09 - 00000000 ____D C:\MATS 2016-04-15 16:02 - 2016-04-15 16:02 - 00347816 _____ (Microsoft Corporation) C:\Documents and Settings\MarekM\Pulpit\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe 2016-04-15 12:37 - 2016-04-15 13:05 - 00001817 _____ C:\Documents and Settings\MarekM\Pulpit\Opis na forum.txt 2016-04-15 12:34 - 2016-04-15 17:15 - 00000000 ____D C:\FRST 2016-04-15 12:33 - 2016-04-15 16:28 - 00000000 ____D C:\Documents and Settings\MarekM\Pulpit\FRST 2016-04-13 20:03 - 2016-04-13 20:03 - 00874163 _____ C:\Documents and Settings\MarekM\Pulpit\wypis z rej gruntów.pdf 2016-04-13 18:33 - 2016-04-13 18:33 - 00000000 ____D D:\Program Files\ESET 2016-04-13 16:52 - 2016-04-13 16:52 - 00000000 ____D C:\Documents and Settings\MarekM\Pulpit\Umowy cywilno_prawne 2016-04-10 21:56 - 2016-04-10 21:56 - 00008904 _____ C:\Documents and Settings\MarekM\Pulpit\cc_20160410_215623.reg 2016-04-10 21:16 - 2016-04-15 17:16 - 00000410 _____ C:\WINDOWS\Tasks\At6.job 2016-04-10 21:16 - 2016-04-10 21:16 - 00000000 ____D C:\Documents and Settings\MarekM\Dane aplikacji\PriceFountainUpdateVer 2016-03-26 18:51 - 2016-04-11 22:06 - 00000804 _____ C:\Documents and Settings\MarekM\Pulpit\Czsczenie głowicy i wymiana -Brother.txt 2016-03-26 15:59 - 2016-03-25 13:52 - 00270144 _____ C:\Documents and Settings\MarekM\Pulpit\Schemat rozdz.SN i nN _LU Polska.dwg 2016-03-26 13:45 - 2016-03-26 20:12 - 00000000 ____D C:\Documents and Settings\MarekM\Pulpit\Instr.Ruch 2016-03-19 17:26 - 2012-11-22 22:57 - 01390272 _____ C:\Documents and Settings\MarekM\Pulpit\zam.4981 - MRwb-2x630-4 B&P Engineering Przeworsk.dwg ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-15 17:16 - 2009-12-05 12:52 - 00000000 __SHD C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2016-04-15 17:15 - 2009-12-05 12:54 - 00000000 ____D C:\Documents and Settings\MarekM\Ustawienia lokalne\Temp 2016-04-15 17:13 - 2013-07-18 11:12 - 00000460 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3088738A-CF49-43E6-AC83-1C3B2E20A7EB}.job 2016-04-15 17:13 - 2009-12-05 12:54 - 00000000 ____D C:\Documents and Settings\MarekM\Pulpit 2016-04-15 17:07 - 2015-06-05 19:58 - 00000224 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2016-04-15 17:07 - 2014-09-20 22:59 - 00000280 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-725345543-117609710-1801674531-1003.job 2016-04-15 17:07 - 2009-12-05 12:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-15 17:07 - 2009-11-20 21:32 - 00272291 _____ C:\WINDOWS\system32\NvApps.xml 2016-04-15 17:07 - 2008-04-15 14:00 - 00013724 _____ C:\WINDOWS\system32\wpa.dbl 2016-04-15 17:06 - 2013-02-20 23:38 - 00393216 _____ C:\WINDOWS\system32\config\TuneUp.evt 2016-04-15 17:06 - 2009-12-09 20:07 - 00000000 ____D C:\Documents and Settings\MarekM\Dane aplikacji\DMCache 2016-04-15 17:06 - 2009-12-05 13:40 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2016-04-15 17:06 - 2009-12-05 12:53 - 00032618 _____ C:\WINDOWS\SchedLgU.Txt 2016-04-15 17:05 - 2012-04-28 00:02 - 00000464 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{A34C7207-85FE-49D1-BB51-A2356925EB7B}.job 2016-04-15 17:03 - 2015-10-30 00:03 - 00000432 _____ C:\WINDOWS\Tasks\At5.job 2016-04-15 16:48 - 2015-10-30 00:03 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol 2016-04-15 16:48 - 2009-12-05 13:39 - 00000000 ____D C:\Documents and Settings\All Users 2016-04-15 16:46 - 2014-05-10 00:46 - 00000424 _____ C:\WINDOWS\Tasks\At4.job 2016-04-15 16:46 - 2014-04-18 10:46 - 00000432 _____ C:\WINDOWS\Tasks\At3.job 2016-04-15 16:46 - 2014-01-30 19:46 - 00000432 _____ C:\WINDOWS\Tasks\At2.job 2016-04-15 16:46 - 2013-10-25 21:46 - 00000428 _____ C:\WINDOWS\Tasks\At1.job 2016-04-15 16:46 - 2009-12-05 12:54 - 00000000 __SHD C:\Documents and Settings\MarekM\Ustawienia lokalne\Historia 2016-04-15 16:28 - 2009-12-08 21:40 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2016-04-15 16:28 - 2009-12-08 21:40 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2016-04-15 16:28 - 2009-12-08 16:51 - 00000000 __SHD C:\Documents and Settings\Asia\Ustawienia lokalne\Historia 2016-04-15 16:27 - 2009-12-08 16:51 - 00000000 ____D C:\Documents and Settings\Asia\Ustawienia lokalne\Temp 2016-04-15 16:27 - 2009-12-08 16:33 - 00000000 __SHD C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Historia 2016-04-15 16:26 - 2009-12-08 16:33 - 00000000 ____D C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Temp 2016-04-15 16:26 - 2009-12-08 15:59 - 00000000 __SHD C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Historia 2016-04-15 16:25 - 2009-12-08 16:21 - 00000000 __SHD C:\Documents and Settings\Mama\Ustawienia lokalne\Historia 2016-04-15 16:25 - 2009-12-08 16:21 - 00000000 ____D C:\Documents and Settings\Mama\Ustawienia lokalne\Temp 2016-04-15 16:25 - 2009-12-08 15:59 - 00000000 ____D C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Temp 2016-04-15 16:24 - 2009-12-09 16:15 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-04-15 16:24 - 2009-12-05 13:40 - 00000000 __SHD C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2016-04-15 16:24 - 2009-12-05 12:53 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2016-04-15 16:24 - 2009-12-05 12:53 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2016-04-15 16:10 - 2009-12-05 12:54 - 00000000 __RHD C:\Documents and Settings\MarekM\Dane aplikacji 2016-04-15 15:56 - 2009-12-05 12:54 - 00000000 ___HD C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji 2016-04-15 14:51 - 2014-05-05 00:41 - 00470662 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2016-04-15 14:51 - 2011-04-01 23:54 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt 2016-04-15 12:26 - 2009-04-03 08:44 - 00000000 __SHD C:\Documents and Settings\MarekM\Pulpit\Pr.do log 2016-04-15 10:46 - 2013-12-19 07:46 - 00000265 _____ C:\Documents and Settings\NetworkService\Dane aplikacji\WB.CFG 2016-04-13 19:57 - 2009-12-05 12:54 - 00000292 ___SH C:\Documents and Settings\MarekM\ntuser.ini 2016-04-13 19:56 - 2016-03-12 13:05 - 00425546 _____ C:\WINDOWS\ntbtlog.txt 2016-04-13 19:56 - 2015-10-28 20:41 - 00000000 ____D C:\Documents and Settings\MarekM\Pulpit\Krawczyk_Dębica 2016-04-13 18:33 - 2009-12-05 12:48 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2016-04-13 16:56 - 2009-12-05 12:54 - 00000000 ___RD C:\Documents and Settings\MarekM\Menu Start 2016-04-12 23:57 - 2014-05-05 00:41 - 01949694 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-725345543-117609710-1801674531-1003-0.dat 2016-04-10 21:32 - 2009-12-05 12:54 - 00000000 ___RD C:\Documents and Settings\MarekM\Menu Start\Programy 2016-04-10 21:18 - 2012-04-01 20:30 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-04-10 21:18 - 2011-08-07 08:27 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-04-10 21:07 - 2009-12-05 18:30 - 00000000 ____D C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji\Adobe 2016-04-10 21:04 - 2016-01-28 21:28 - 00000000 ____D C:\Documents and Settings\MarekM\Dane aplikacji\IDM 2016-04-10 18:46 - 2014-09-20 18:46 - 00000171 _____ C:\Documents and Settings\MarekM\Dane aplikacji\WB.CFG 2016-04-09 09:33 - 2015-06-05 19:58 - 00000218 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2016-03-31 23:15 - 2009-12-05 12:54 - 00000000 ____D C:\Documents and Settings\MarekM 2016-03-31 22:02 - 2008-04-15 14:00 - 00000744 _____ C:\WINDOWS\win.ini 2016-03-29 18:10 - 2009-12-05 13:41 - 01329014 ____C C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-29 18:10 - 2008-04-15 14:00 - 00591832 _____ C:\WINDOWS\system32\perfh015.dat 2016-03-29 18:10 - 2008-04-15 14:00 - 00121326 _____ C:\WINDOWS\system32\perfc015.dat 2016-03-26 18:49 - 2011-04-19 22:47 - 00008128 _____ C:\WINDOWS\system32\d3d9caps.dat 2016-03-19 19:07 - 2012-02-22 23:37 - 00000000 ____D C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji\cache 2016-03-17 22:43 - 2012-03-21 21:58 - 00000000 ____D C:\Documents and Settings\MarekM\Pulpit\Parametryzacje liczników ==================== Pliki w katalogu głównym wybranych folderów ======= 2009-12-10 14:52 - 2001-09-25 22:05 - 1707856 _____ (Microsoft Corporation) D:\Program Files\InstMsiA.Exe 2009-12-10 14:52 - 2001-09-12 01:04 - 1821008 _____ (Microsoft Corporation) D:\Program Files\InstMsiW.Exe 2009-12-10 14:52 - 2005-07-22 16:04 - 0165888 ____C () D:\Program Files\InternetTranslator.msi 2009-12-10 14:52 - 2005-06-30 10:45 - 0010985 _____ () D:\Program Files\InternetTranslatorLicence.rtf 2013-01-13 16:04 - 2005-06-22 11:49 - 2485760 _____ () D:\Program Files\MSM.exe 2010-01-25 12:28 - 2010-04-21 19:48 - 0000086 _____ () D:\Program Files\persist.cfg 2009-12-10 14:52 - 2005-05-10 10:56 - 0114688 _____ (Microsoft Corporation) D:\Program Files\Setup.Exe 2009-12-10 14:52 - 2005-07-18 13:15 - 0000049 _____ () D:\Program Files\Setup.Ini 2013-01-13 16:04 - 2013-01-13 16:05 - 1142512 _____ () D:\Program Files\Uninst.isu 2010-04-03 08:48 - 1993-11-25 14:27 - 0000279 _____ () D:\Program Files\WML1TO4.GRC 2014-09-20 18:46 - 2016-04-10 18:46 - 0000171 _____ () C:\Documents and Settings\MarekM\Dane aplikacji\WB.CFG 2009-12-09 09:48 - 2015-09-26 17:41 - 0074752 ____C () C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-08-08 21:44 - 2011-08-08 21:44 - 0000131 ____C () C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2013-10-25 21:46 - 2013-10-25 21:45 - 0351112 _____ () C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji\mysearchdial-speeddial.crx 2009-12-06 23:24 - 2012-01-11 14:39 - 0002628 ____C () C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log Pliki do przeniesienia lub usunięcia: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job C:\Windows\Tasks\At5.job C:\Windows\Tasks\At6.job ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================