Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:13-04-2016 Uruchomiony przez Asia (administrator) MAREK-M (17-04-2016 15:40:22) Uruchomiony z C:\Documents and Settings\Asia\Pulpit\FRST Załadowane profile: MarekM & Asia (Dostępne profile: MarekM & Mama & Grzegorz & Agnieszka & Asia & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Ahead Software AG) D:\Program Files\Ahead\InCD\incdsrv.exe (brother Industries Ltd) C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE (ABBYY (BIT Software)) C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY) D:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (Autodesk, Inc.) D:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (Jetico Inc. Oy) D:\Program Files\Jetico\BestCrypt Volume Encryption\bcveserv.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (FSPro Labs) C:\WINDOWS\system32\fsproflt.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (HP) C:\WINDOWS\system32\HPZipm12.exe (Ralink Technology, Corp.) D:\Program Files\Ralink\Common\RaRegistry.exe (SoftEther VPN Project at University of Tsukuba, Japan.) D:\Program Files\SoftEther VPN Client\vpnclient.exe (Softwareentwicklung Remus - ArchiCrypt) C:\WINDOWS\system32\STGRAMDiskHandler32.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (RaMMicHaeL) D:\Program Files\Unchecky\bin\unchecky_svc.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (RaMMicHaeL) D:\Program Files\Unchecky\bin\unchecky_bg.exe (Zbshareware Lab) D:\Program Files\USB Disk Security\USBGuard.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Steganos Software GmbH) D:\Program Files\Steganos Privacy Suite 14\SteganosHotKeyService.exe () C:\Program Files\Kalendarz XP\Kalendarz.exe (Ralink Technology, Corp.) D:\Program Files\Ralink\Common\RaUI.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (SRWare) C:\Program Files\SRWare Iron\chrome.exe (SRWare) C:\Program Files\SRWare Iron\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [USB Antivirus] => D:\Program Files\USB Disk Security\USBGuard.exe [819200 2009-12-14] (Zbshareware Lab) HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18670592 2009-07-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation) HKLM\...\Run: [Steganos HotKeys] => D:\Program Files\Steganos Privacy Suite 14\SteganosHotKeyService.exe [100864 2014-02-25] (Steganos Software GmbH) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\Run: [D:\Program Files\NetMeter\NetMeter.exe] => D:\Program Files\NetMeter\NetMeter.exe [331264 2007-08-11] () HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\Run: [appnhost] => C:\Documents and Settings\MarekM\Ustawienia lokalne\Dane aplikacji\Mixesoft\AppNHost\appnhost.exe HKU\S-1-5-21-725345543-117609710-1801674531-1007\...\Run: [Gadu-Gadu] => "D:\Program Files\Gadu-Gadu\gg.exe" /tray HKU\S-1-5-21-725345543-117609710-1801674531-1007\...\MountPoints2: {a94189f0-eb3a-11de-9a34-40618606fd9a} - M:\Launcher.exe IFEO\capture.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\coreldrw.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\corelpp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\csbprof.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\fontnav.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\isuspm.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\mediabuilder.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\rave.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\trace.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO\trueimage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" Lsa: [Authentication Packages] msv1_0 relog_ap ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2012-02-07] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.) ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2012-02-07] (Autodesk, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk [2014-05-04] ShortcutTarget: Kalendarz XP.lnk -> C:\Program Files\Kalendarz XP\Kalendarz.exe () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk [2015-07-22] ShortcutTarget: Ralink Wireless Utility.lnk -> D:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk [2016-04-17] ShortcutTarget: Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{DCB968E2-B180-4CBF-B32F-103A7FB300CB}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-725345543-117609710-1801674531-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=107 SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {00E75D5A-1EF6-0FCD-6096-04FD1E40251D} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {3AF9BCD7-FCED-4A53-BA42-F9F9E8BD79F3} URL = hxxp://www.allegro.pl/search.php?sg=0&string={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {9BF778F9-21B6-4E99-9C3E-44915143B438} URL = hxxp://pl.wikipedia.org/w/index.php?title=Specjalna:Szukaj&search={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {C0346BBE-E7FF-4FFF-BB16-62AA4ADAE1A1} URL = hxxp://megaslownik.pl/slownik.php?phrase={searchTerms}&lang=de SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> {E1955806-0136-42D0-98CB-428EECFA4C77} URL = hxxp://megaslownik.pl/slownik.php?phrase={searchTerms}&lang=en SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1007 -> {8C1C951E-7CFA-48CC-9503-12BEB52C132A} URL = hxxp://pl.wikipedia.org/w/index.php?title=Specjalna:Szukaj&search={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1007 -> {A65268CD-4DB5-4A94-BF99-3A13487ED3CF} URL = hxxp://www.allegro.pl/search.php?sg=0&string={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1007 -> {D60AF745-4E4D-48AC-AF34-DDB0137232B9} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1007 -> {DB5855CC-AD43-4D76-B175-CB218241DAB8} URL = hxxp://megaslownik.pl/slownik.php?phrase={searchTerms}&lang=de SearchScopes: HKU\S-1-5-21-725345543-117609710-1801674531-1007 -> {EB535D08-6766-49AE-BA04-EE9331F45E13} URL = hxxp://megaslownik.pl/slownik.php?phrase={searchTerms}&lang=en BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.) BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated) Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - D:\Program Files\Steganos Privacy Suite 14\SPMIEToolbar.dll [2014-02-25] (Steganos Software GmbH) Toolbar: HKU\S-1-5-21-725345543-117609710-1801674531-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-725345543-117609710-1801674531-1007 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Asia\Dane aplikacji\Mozilla\Firefox\Profiles\s4thl1f1.default FF DefaultSearchEngine: Mysearchdial FF SearchEngineOrder.1: Mysearchdial FF SelectedSearchEngine: Mysearchdial FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtDyC0F0Dzy0Azz0CtCyCtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1719256000&ir= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-10] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN) FF user.js: detected! => C:\Documents and Settings\Asia\Dane aplikacji\Mozilla\Firefox\Profiles\s4thl1f1.default\user.js [2013-10-25] FF SearchPlugin: C:\Documents and Settings\Asia\Dane aplikacji\Mozilla\Firefox\Profiles\s4thl1f1.default\searchplugins\Mysearchdial.xml [2013-10-30] FF Extension: mysearchdial.com - C:\Documents and Settings\Asia\Dane aplikacji\Mozilla\Firefox\Profiles\s4thl1f1.default\extensions\ffxtlbr@mysearchdial.com [2013-10-30] [Brak podpisu cyfrowego] FF Extension: MySearchDial - C:\Documents and Settings\Asia\Dane aplikacji\Mozilla\Firefox\Profiles\s4thl1f1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-10-30] [Brak podpisu cyfrowego] FF Extension: Brak nazwy - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [nie znaleziono] FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Asia\Dane aplikacji\Mozilla\Firefox\Profiles\s4thl1f1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-11-15] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-725345543-117609710-1801674531-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\MarekM\Dane aplikacji\IDM\idmmzcc5 => nie znaleziono Chrome: ======= CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-04-18] StartMenuInternet: chrome.exe - C:\Program Files\SRWare Iron\chrome.exe ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ABBYY.Licensing.FineReader.Corporate.9.0; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe [759072 2008-10-27] (ABBYY (BIT Software)) R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; D:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2008-02-27] (Acronis) R2 Autodesk Content Service; D:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 BcveServ; D:\Program Files\Jetico\BestCrypt Volume Encryption\bcveserv.exe [150816 2015-07-02] (Jetico Inc. Oy) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Brak podpisu cyfrowego] R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [Brak podpisu cyfrowego] S3 CGVPNCliSrvc; D:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1983264 2016-02-22] (ESET) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-05-04] (Flexera Software, Inc.) R2 fsproflt; C:\WINDOWS\system32\fsproflt.exe [139952 2009-12-04] (FSPro Labs) R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 InCDsrv; D:\Program Files\Ahead\InCD\InCDsrv.exe [876656 2004-03-24] (Ahead Software AG) [Brak podpisu cyfrowego] S2 KMService; C:\WINDOWS\system32\srvany.exe [8192 2011-05-31] () [Brak podpisu cyfrowego] S4 PLAY ONLINE. RunOuc; C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [246112 2012-04-27] () R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-03] (HP) [Brak podpisu cyfrowego] R2 RalinkRegistryWriter; D:\Program Files\Ralink\Common\RaRegistry.exe [391472 2013-06-26] (Ralink Technology, Corp.) S3 RaMediaServer; D:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [Brak podpisu cyfrowego] R2 SEVPNCLIENT; D:\Program Files\SoftEther VPN Client\vpnclient.exe [3544632 2014-09-13] (SoftEther VPN Project at University of Tsukuba, Japan.) R2 Steganos Volatile Disk; C:\WINDOWS\system32\STGRAMDiskHandler32.exe [349184 2013-07-17] (Softwareentwicklung Remus - ArchiCrypt) [Brak podpisu cyfrowego] S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [494088 2008-02-27] () R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software) R2 Unchecky; D:\Program Files\Unchecky\bin\unchecky_svc.exe [254904 2016-04-16] (RaMMicHaeL) S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [918016 2006-12-01] (Microsoft Corporation) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) R0 bcfnt; C:\WINDOWS\system32\Drivers\bcfnt.sys [396736 2015-06-25] (Jetico Inc. Oy) R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206312 2016-02-09] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [146024 2016-02-09] (ESET) R2 ekbdflt; C:\WINDOWS\System32\DRIVERS\ekbdflt.sys [111040 2016-02-09] (ESET) R1 ElRawDisk; C:\WINDOWS\system32\drivers\elrawdsk32bit.sys [20392 2008-07-26] (EldoS Corporation) R1 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [152728 2016-02-09] (ESET) R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [47168 2016-02-09] (ESET) R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [69816 2016-02-09] (ESET) R0 fsh; C:\WINDOWS\system32\Drivers\fsh.sys [48832 2015-05-19] (Jetico Inc. Oy) R0 FSProFilter; C:\WINDOWS\System32\Drivers\FSPFltd.sys [43792 2008-06-05] (FSPro Labs) S3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [18120 2001-11-08] ( ) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2010-03-11] (Aladdin Knowledge Systems) [Brak podpisu cyfrowego] S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2012-04-27] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2012-04-27] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2012-04-27] (Huawei Technologies Co., Ltd.) R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [127224 2015-04-18] (Tonec Inc.) R4 InCDfs; C:\WINDOWS\system32\Drivers\InCDfs.sys [99568 2004-03-24] (Ahead Software AG) [Brak podpisu cyfrowego] R1 InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [27664 2004-03-24] (Ahead Software AG) [Brak podpisu cyfrowego] U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [9561 2004-03-24] (Ahead Software AG) [Brak podpisu cyfrowego] R3 mhk; C:\WINDOWS\system32\Drivers\mhk.sys [17856 2014-06-19] (Jetico, Inc.) R3 moh; C:\WINDOWS\system32\Drivers\moh.sys [12352 2014-06-19] (Jetico, Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) S3 Neo_VPN; C:\WINDOWS\System32\DRIVERS\Neo_0004.sys [25824 2014-09-13] (SoftEther VPN Project at University of Tsukuba, Japan.) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [57320 2009-11-12] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation) R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2003-04-16] (PowerQuest Corporation) [Brak podpisu cyfrowego] S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1660488 2013-09-06] (Ralink Technology, Corp.) R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [26336 2012-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) R1 SLEE_18_DRIVER; C:\WINDOWS\system32\drivers\Sleen18.sys [91992 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - ) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2012-03-09] () [Brak podpisu cyfrowego] R1 STGMFEngine32; C:\WINDOWS\system32\drivers\STGMFEngine32.sys [16384 2013-07-17] (Softwareentwicklung Remus - ArchiCrypt.com) [Brak podpisu cyfrowego] R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project) [Brak podpisu cyfrowego] R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2009-12-06] (Acronis) R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2009-12-06] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software) S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [Brak podpisu cyfrowego] U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [239488 2012-04-27] (Huawei Technologies Co., Ltd.) S4 IntelIde; Brak ImagePath U3 abhgmlmg; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-17 15:38 - 2016-04-17 15:38 - 00000000 ____D C:\Documents and Settings\Asia\Ustawienia lokalne\Dane aplikacji\Chromium 2016-04-17 15:37 - 2016-04-17 15:40 - 00000000 ____D C:\Documents and Settings\Asia\Pulpit\FRST 2016-04-17 15:36 - 2016-04-17 15:36 - 00000000 ____D C:\Documents and Settings\Asia\Dane aplikacji\Steganos 2016-04-16 11:06 - 2016-04-16 11:06 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Internet Download Manager 2016-04-16 11:06 - 2015-04-18 03:06 - 00127224 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmtdi.sys 2016-04-16 10:48 - 2016-04-16 10:48 - 00000000 ____D D:\Program Files\Unchecky 2016-04-16 10:48 - 2016-04-16 10:48 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Unchecky 2016-04-16 10:48 - 2016-04-16 10:48 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Unchecky 2016-04-16 10:22 - 2016-04-16 11:04 - 00000992 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-04-16 07:45 - 2016-04-16 07:45 - 00001778 _____ C:\Documents and Settings\All Users\Pulpit\ESET Ochrona bankowości internetowej.lnk 2016-04-16 07:45 - 2016-04-16 07:45 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\ESET 2016-04-16 07:45 - 2016-04-16 07:45 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ESET 2016-04-15 12:34 - 2016-04-17 15:40 - 00000000 ____D C:\FRST ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-17 15:40 - 2009-12-08 16:51 - 00000000 ____D C:\Documents and Settings\Asia\Ustawienia lokalne\Temp 2016-04-17 15:38 - 2013-07-18 11:12 - 00000460 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3088738A-CF49-43E6-AC83-1C3B2E20A7EB}.job 2016-04-17 15:38 - 2009-12-08 16:51 - 00000000 ___HD C:\Documents and Settings\Asia\Ustawienia lokalne\Dane aplikacji 2016-04-17 15:37 - 2009-12-08 16:51 - 00000000 ____D C:\Documents and Settings\Asia\Pulpit 2016-04-17 15:36 - 2015-06-05 19:58 - 00000224 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2016-04-17 15:36 - 2012-04-28 00:02 - 00000464 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{A34C7207-85FE-49D1-BB51-A2356925EB7B}.job 2016-04-17 15:36 - 2009-12-08 16:51 - 00000000 __SHD C:\Documents and Settings\Asia\Ustawienia lokalne\Historia 2016-04-17 15:36 - 2009-12-08 16:51 - 00000000 __RHD C:\Documents and Settings\Asia\Dane aplikacji 2016-04-17 15:36 - 2009-12-05 13:40 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2016-04-17 15:36 - 2009-11-20 21:32 - 00272291 _____ C:\WINDOWS\system32\NvApps.xml 2016-04-17 15:36 - 2008-04-15 14:00 - 00013724 _____ C:\WINDOWS\system32\wpa.dbl 2016-04-17 15:20 - 2009-12-08 16:21 - 00000000 __RHD C:\Documents and Settings\Mama\Dane aplikacji 2016-04-17 15:20 - 2009-12-05 13:40 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2016-04-17 13:48 - 2013-02-20 23:38 - 00458752 _____ C:\WINDOWS\system32\config\TuneUp.evt 2016-04-17 13:45 - 2009-12-05 12:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-16 22:46 - 2009-12-05 12:53 - 00032470 _____ C:\WINDOWS\SchedLgU.Txt 2016-04-16 11:06 - 2009-12-05 13:40 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2016-04-16 11:06 - 2009-12-05 13:35 - 00000000 ___HD C:\WINDOWS\inf 2016-04-16 11:00 - 2014-05-05 00:41 - 01949694 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-725345543-117609710-1801674531-1003-0.dat 2016-04-16 11:00 - 2014-05-05 00:41 - 00470662 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat 2016-04-16 11:00 - 2009-12-05 12:54 - 00000000 ____D C:\Documents and Settings\MarekM 2016-04-16 10:59 - 2016-01-28 21:28 - 00000000 ____D D:\Program Files\Internet Download Manager 2016-04-16 10:50 - 2009-12-05 13:40 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2016-04-16 10:23 - 2012-04-01 20:30 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-04-16 10:23 - 2011-08-07 08:27 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-04-16 09:11 - 2011-04-01 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2016-04-16 09:11 - 2010-01-08 16:55 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office 2016-04-16 08:12 - 2009-12-05 13:40 - 00000000 ___HD C:\Documents and Settings\All Users\Szablony 2016-04-16 01:03 - 2016-03-12 13:05 - 01083444 _____ C:\WINDOWS\ntbtlog.txt 2016-04-15 23:44 - 2009-12-08 21:40 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2016-04-15 23:11 - 2009-12-08 21:40 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2016-04-15 23:10 - 2009-12-08 15:59 - 00000000 __RHD C:\Documents and Settings\Grzegorz\Dane aplikacji 2016-04-15 21:18 - 2009-12-08 16:21 - 00000188 ___SH C:\Documents and Settings\Mama\ntuser.ini 2016-04-15 21:17 - 2016-02-09 00:53 - 00000000 ____D C:\Documents and Settings\Mama\Dane aplikacji\Steganos 2016-04-15 21:16 - 2009-12-08 16:21 - 00000000 ____D C:\Documents and Settings\Mama\Ustawienia lokalne\Temp 2016-04-15 21:15 - 2009-12-08 16:21 - 00000000 __SHD C:\Documents and Settings\Mama\Ustawienia lokalne\Historia 2016-04-15 21:12 - 2009-12-05 12:53 - 00000000 __SHD C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2016-04-15 20:24 - 2009-12-05 12:52 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2016-04-15 20:23 - 2013-09-30 20:28 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\SRWare Iron 2016-04-15 20:23 - 2012-11-14 21:48 - 00000714 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2016-04-15 20:02 - 2012-09-16 22:30 - 00001886 ____C C:\WINDOWS\IE4 Error Log.txt 2016-04-15 18:18 - 2015-06-05 12:59 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-04-15 18:06 - 2009-12-08 14:48 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-15 16:48 - 2015-10-30 00:03 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol 2016-04-15 16:48 - 2009-12-05 13:39 - 00000000 ____D C:\Documents and Settings\All Users 2016-04-15 16:28 - 2009-12-08 21:40 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2016-04-15 16:28 - 2009-12-08 21:40 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2016-04-15 16:27 - 2009-12-08 16:33 - 00000000 __SHD C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Historia 2016-04-15 16:26 - 2009-12-08 16:33 - 00000000 ____D C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Temp 2016-04-15 16:26 - 2009-12-08 15:59 - 00000000 __SHD C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Historia 2016-04-15 16:25 - 2009-12-08 15:59 - 00000000 ____D C:\Documents and Settings\Grzegorz\Ustawienia lokalne\Temp 2016-04-15 16:24 - 2009-12-09 16:15 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-04-15 16:24 - 2009-12-05 13:40 - 00000000 __SHD C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2016-04-15 16:24 - 2009-12-05 12:53 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2016-04-15 14:51 - 2011-04-01 23:54 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt 2016-04-15 10:46 - 2013-12-19 07:46 - 00000265 _____ C:\Documents and Settings\NetworkService\Dane aplikacji\WB.CFG 2016-04-13 18:33 - 2009-12-05 12:48 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2016-04-09 09:33 - 2015-06-05 19:58 - 00000218 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2016-03-31 22:02 - 2008-04-15 14:00 - 00000744 _____ C:\WINDOWS\win.ini 2016-03-29 18:10 - 2009-12-05 13:41 - 01329014 ____C C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-29 18:10 - 2008-04-15 14:00 - 00591832 _____ C:\WINDOWS\system32\perfh015.dat 2016-03-29 18:10 - 2008-04-15 14:00 - 00121326 _____ C:\WINDOWS\system32\perfc015.dat 2016-03-26 18:49 - 2011-04-19 22:47 - 00008128 _____ C:\WINDOWS\system32\d3d9caps.dat ==================== Pliki w katalogu głównym wybranych folderów ======= 2009-12-10 14:52 - 2001-09-25 22:05 - 1707856 _____ (Microsoft Corporation) D:\Program Files\InstMsiA.Exe 2009-12-10 14:52 - 2001-09-12 01:04 - 1821008 _____ (Microsoft Corporation) D:\Program Files\InstMsiW.Exe 2009-12-10 14:52 - 2005-07-22 16:04 - 0165888 ____C () D:\Program Files\InternetTranslator.msi 2009-12-10 14:52 - 2005-06-30 10:45 - 0010985 _____ () D:\Program Files\InternetTranslatorLicence.rtf 2013-01-13 16:04 - 2005-06-22 11:49 - 2485760 _____ () D:\Program Files\MSM.exe 2010-01-25 12:28 - 2010-04-21 19:48 - 0000086 _____ () D:\Program Files\persist.cfg 2009-12-10 14:52 - 2005-05-10 10:56 - 0114688 _____ (Microsoft Corporation) D:\Program Files\Setup.Exe 2009-12-10 14:52 - 2005-07-18 13:15 - 0000049 _____ () D:\Program Files\Setup.Ini 2013-01-13 16:04 - 2013-01-13 16:05 - 1142512 _____ () D:\Program Files\Uninst.isu 2010-04-03 08:48 - 1993-11-25 14:27 - 0000279 _____ () D:\Program Files\WML1TO4.GRC 2014-02-02 14:46 - 2015-08-30 15:46 - 0000127 _____ () C:\Documents and Settings\Asia\Dane aplikacji\WB.CFG 2012-01-02 15:45 - 2012-01-02 15:45 - 0003584 ____C () C:\Documents and Settings\Asia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-12-06 23:24 - 2012-01-11 14:39 - 0002628 ____C () C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================