Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 08-01-2017 Uruchomiony przez Administrator (administrator) ADM-BD693A7B4CA (08-01-2017 21:01:04) Uruchomiony z C:\Documents and Settings\Administrator\Pulpit Załadowane profile: Administrator (Dostępne profile: Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxescore.exe (Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\mixer.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE () C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (SurfRight B.V.) C:\Documents and Settings\Administrator\Pulpit\HitmanPro.exe (SurfRight B.V.) C:\Documents and Settings\Administrator\Pulpit\HitmanPro.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [DWPersistentQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation) HKLM\...\Run: [kxesc] => c:\program files\kingsoft\kingsoft antivirus\kxetray.exe [1595056 2015-10-14] (Kingsoft Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [C-Media Mixer] => Mixer.exe /startup HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20117648 2012-10-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [C-Media Echo Control] => C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe [147456 2001-12-05] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02] (Logitech, Inc.) Winlogon\Notify\RailNotification: HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo HKU\S-1-5-21-1214440339-1425521274-1417001333-500\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe -update pepperplugin HKLM\...\Providers\s2a8nbos: C:\Program Files\Ckernodruqaward Launcher\local32spl.dll [275456 2017-01-06] () SecurityProviders: msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2014-04-29] (Microsoft Corporation) ShellExecuteHooks: Brak nazwy - {C3EBF838-CCFC-11E6-83BB-64006A5CFC23} - C:\Documents and Settings\Administrator\Dane aplikacji\Rinisifosp\Mucotionrugh.dll -> Brak pliku Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2016-09-04] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk [2015-10-14] ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{1F4470A9-C028-4EBB-8780-BF5EEC2174C9}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{43E10F99-3AF5-49FF-AFC9-D60FE776FEA3}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{43E10F99-3AF5-49FF-AFC9-D60FE776FEA3}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKU\S-1-5-21-1214440339-1425521274-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-16] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-16] (Oracle Corporation) FireFox: ======== FF DefaultProfile: m6tjvzi9.default FF ProfilePath: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\m6tjvzi9.default [2017-01-06] FF NewTab: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\m6tjvzi9.default -> hxxp://www.trotux.com/?z=cf9fc57803037641f671ba6gez7becdm9o3t3qet9q&from=isr&uid=WDCXWD2500AAKS-00L9A0_WD-WCAV2290945609456&type=hp FF DefaultSearchEngine: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\m6tjvzi9.default -> trotux FF SelectedSearchEngine: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\m6tjvzi9.default -> trotux FF Homepage: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\m6tjvzi9.default -> hxxp://www.trotux.com/?z=cf9fc57803037641f671ba6gez7becdm9o3t3qet9q&from=isr&uid=WDCXWD2500AAKS-00L9A0_WD-WCAV2290945609456&type=hp FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\m6tjvzi9.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31] FF Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\m6tjvzi9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23] FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\m6tjvzi9.default\searchplugins\e3mx8umq.xml [2017-01-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-10-14] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-16] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1214440339-1425521274-1417001333-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=cf9fc57803037641f671ba6gez7becdm9o3t3qet9q&from=isr&uid=WDCXWD2500AAKS-00L9A0_WD-WCAV2290945609456&type=hp CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=cf9fc57803037641f671ba6gez7becdm9o3t3qet9q&from=isr&uid=WDCXWD2500AAKS-00L9A0_WD-WCAV2290945609456&type=hp" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=cf9fc57803037641f671ba6gez7becdm9o3t3qet9q&from=isr&uid=WDCXWD2500AAKS-00L9A0_WD-WCAV2290945609456&type=sp CHR DefaultSearchKeyword: ChromeDefaultData -> trotux CHR Profile: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData [2017-01-06] <==== UWAGA CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-22] CHR Extension: (Dysk Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-22] CHR Extension: (SoundCloud Downloader) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\baignpanbngjdimbgmannbolcbplmofl [2016-09-17] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-22] CHR Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-17] CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Advance Adblock Plus) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\eknnbffdlphlgfbkjlclmleipefbfadd [2016-09-17] CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-22] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-22] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-22] Opera: ======= OPR Extension: (Free Flash, Unity3D and html5 games) - C:\Documents and Settings\Administrator\Dane aplikacji\Opera Software\Opera Stable\Extensions\egjicgmgibgofmekojoaaddjkagfajjh [2016-03-01] OPR Extension: (SoundCloud Downloader) - C:\Documents and Settings\Administrator\Dane aplikacji\Opera Software\Opera Stable\Extensions\kpciblepmmhnahjlcpodhkgnhidgmlio [2015-10-15] OPR Extension: (SoundCloud Music Downloader) - C:\Documents and Settings\Administrator\Dane aplikacji\Opera Software\Opera Stable\Extensions\mojgbmmagfhkinpgpmeimjcjpkogdljb [2015-10-15] OPR Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Dane aplikacji\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-10-29] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Gruvch; C:\Program Files\Sirespbebege\WerheknideghtCnf.dll [179200 2017-01-06] () [Brak podpisu cyfrowego] R2 kxescore; c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [123992 2015-10-14] (Kingsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [281760 2016-01-18] () R3 cmpci; C:\WINDOWS\System32\drivers\cmaudio.sys [370382 2009-05-06] (C-Media Inc) S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2014-04-29] (Microsoft Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388824 2017-01-08] (Symantec Corporation) R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) R0 kavbootc; C:\WINDOWS\System32\drivers\kavbootc.sys [27240 2015-10-14] (Kingsoft Corporation) R1 KDHacker; c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [125784 2015-10-14] (Kingsoft Corporation) R2 kisknl; C:\WINDOWS\system32\drivers\kisknl.sys [165176 2015-10-14] (Kingsoft Corporation) R3 ksapi; C:\WINDOWS\system32\drivers\ksapi.sys [82264 2015-10-14] (Kingsoft Corporation) R4 KUsbGuard; C:\program files\kingsoft\kingsoft antivirus\kusbquery.sys [14200 2015-10-14] (Kingsoft Corporation) R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2016-01-18] () S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [53632 2007-09-20] (NVIDIA Corporation) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [29728 2007-11-09] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2007-09-20] (NVIDIA Corporation) S4 IntelIde; Brak ImagePath U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2014-04-29] (Microsoft Corporation) U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-08 21:01 - 2017-01-08 21:01 - 00017083 _____ C:\Documents and Settings\Administrator\Pulpit\FRST.txt 2017-01-08 20:46 - 2017-01-08 20:46 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro 2017-01-08 20:45 - 2017-01-08 20:45 - 11005320 _____ (SurfRight B.V.) C:\Documents and Settings\Administrator\Pulpit\HitmanPro.exe 2017-01-08 18:11 - 2017-01-08 21:01 - 00000000 ____D C:\FRST 2017-01-08 18:10 - 2017-01-08 18:10 - 01761280 _____ (Farbar) C:\Documents and Settings\Administrator\Pulpit\FRST.exe 2017-01-08 17:53 - 2017-01-08 17:53 - 03988944 _____ C:\Documents and Settings\Administrator\Pulpit\adwcleaner_6.042_www.INSTALKI.pl.exe 2017-01-08 17:03 - 2017-01-08 18:01 - 00000472 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1483891423.job 2017-01-08 17:03 - 2017-01-08 17:03 - 00000675 _____ C:\Documents and Settings\All Users\Pulpit\Opera.lnk 2017-01-08 17:03 - 2017-01-08 17:03 - 00000675 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk 2017-01-08 16:53 - 2017-01-08 16:53 - 01131944 _____ (Opera Software) C:\Documents and Settings\Administrator\Pulpit\OperaSetup.exe 2017-01-06 20:16 - 2017-01-06 20:16 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2017-01-06 20:10 - 2017-01-06 20:10 - 00000420 _____ C:\WINDOWS\Tasks\Tajuryhecation Log.job 2017-01-06 20:10 - 2017-01-06 20:10 - 00000000 ____D C:\Program Files\Ckernodruqaward Launcher 2017-01-06 20:09 - 2017-01-06 20:58 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\Rinisifosp 2017-01-06 20:09 - 2017-01-06 20:09 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Documents and Settings\Administrator\libeay32.dll 2017-01-06 20:09 - 2017-01-06 20:09 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Documents and Settings\Administrator\ssleay32.dll 2017-01-06 20:08 - 2017-01-06 20:14 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Phpage 2017-01-06 20:08 - 2017-01-06 20:09 - 00000000 ____D C:\Program Files\Sirespbebege 2017-01-04 21:06 - 2017-01-04 21:06 - 00090112 _____ C:\WINDOWS\Minidump\Mini010417-01.dmp 2016-12-29 16:11 - 2016-12-29 16:11 - 00090112 _____ C:\WINDOWS\Minidump\Mini122916-01.dmp ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-08 21:01 - 2015-10-14 08:36 - 00000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2017-01-08 21:01 - 2015-10-14 08:36 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit 2017-01-08 20:46 - 2015-10-14 10:07 - 00000000 ___HD C:\Documents and Settings\All Users\Dane aplikacji 2017-01-08 20:32 - 2015-12-10 16:22 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-08 18:09 - 2015-10-14 11:53 - 06356992 _____ C:\WINDOWS\system32\config\KAVEventLog.EVT 2017-01-08 18:02 - 2015-10-29 20:59 - 00000000 ____D C:\AdwCleaner 2017-01-08 18:01 - 2014-04-29 00:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2017-01-08 18:00 - 2015-10-14 08:36 - 00000238 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2017-01-08 18:00 - 2015-10-14 08:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-01-08 17:59 - 2015-10-14 08:36 - 00032440 _____ C:\WINDOWS\SchedLgU.Txt 2017-01-08 17:59 - 2015-10-14 08:36 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2017-01-08 17:44 - 2015-10-14 10:02 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2017-01-08 17:03 - 2015-10-14 10:07 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2017-01-08 17:03 - 2015-10-14 10:07 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2017-01-08 17:03 - 2015-10-14 10:01 - 00000000 ____D C:\Program Files\Opera 2017-01-08 16:49 - 2015-10-14 08:24 - 00001625 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Czytnik funkcji BitLocker To Go.lnk 2017-01-08 16:38 - 2015-10-14 08:36 - 00000000 ____D C:\Documents and Settings\Administrator 2017-01-08 15:54 - 2015-10-14 11:53 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\kingsoft 2017-01-08 15:50 - 2015-10-14 08:29 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-01-07 12:37 - 2015-10-23 14:18 - 00000992 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-01-06 21:06 - 2015-10-14 10:05 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2017-01-06 21:04 - 2015-10-14 10:15 - 00000000 ____D C:\Documents and Settings\Administrator\Dane aplikacji\Foxit Software 2017-01-06 20:15 - 2015-10-16 20:33 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty\Nowy folder 2017-01-06 20:15 - 2015-10-14 10:02 - 00000000 ____D C:\Program Files\Google 2017-01-06 20:15 - 2013-01-13 16:49 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty\Nowy folder (2) 2017-01-06 20:09 - 2015-10-14 08:36 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji 2017-01-06 20:08 - 2015-10-14 08:36 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji 2017-01-06 19:53 - 2015-10-14 09:09 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2017-01-06 13:46 - 2015-10-17 15:04 - 00202785 _____ C:\Documents and Settings\Administrator\Pulpit\lista.m3u8 2017-01-04 21:06 - 2015-10-14 15:06 - 00000000 ____D C:\WINDOWS\Minidump 2016-12-24 11:23 - 2015-10-14 08:36 - 00000000 ___RD C:\Documents and Settings\Administrator\Moje dokumenty 2016-12-21 15:37 - 2015-10-14 10:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-12-14 02:12 - 2015-10-14 11:56 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help Pliki do przeniesienia lub usunięcia: ==================== C:\Documents and Settings\Administrator\Del1C8A.bat C:\Documents and Settings\Administrator\libeay32.dll C:\Documents and Settings\Administrator\ssleay32.dll C:\Documents and Settings\Default User\Del1C8A.bat Niektóre pliki w TEMP: ==================== C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\condefclean.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\drm_dialogs.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\drm_dyndata_7370012.dll C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\jre-8u101-windows-au.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\jre-8u65-windows-au.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\jre-8u73-windows-au.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\OperaSetup xp (1).exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\OperaSetup xp.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is50.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_is6C.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\_isD.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================