Anonim / 2 lata, 3 miesiące temu | Download | Plaintext | Odpowiedz |

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:23-11-2015
Uruchomiony przez Dośka (administrator) DOŚKA-PC (24-11-2015 23:16:58)
Uruchomiony z D:\FRST
Załadowane profile: Dośka (Dostępne profile: Dośka & Po)
Platform: Microsoft® Windows Vista Home Premium Service Pack 1 (X86) Język: Polski (Polska)
Internet Explorer Wersja 7 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Interactive Digital Media) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
() C:\Program Files\Mobile Partner\Mobile Partner.exe
(Spotify Ltd) C:\Users\Dośka\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(eRmail Company, s. r. o.) C:\Users\Dośka\AppData\Roaming\eRclient\eRclient.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-04-23] (Google)
HKLM\...\Run: [Desktop SMS] => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\Run: [Spotify Web Helper] => C:\Users\Dośka\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-08] (Spotify Ltd)
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-09-12] (Google Inc.)
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\Run: [GoogleChromeAutoLaunch_8CD19449AFDA41178D23967C3FA1A496] => C:\Program Files\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\Run: [eRclient] => C:\Users\Dośka\AppData\Roaming\eRclient\eRclient.exe [1269248 2013-07-15] (eRmail Company, s. r. o.)
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\Run: [Spotify] => C:\Users\Dośka\AppData\Roaming\Spotify\Spotify.exe [6611512 2015-03-08] (Spotify Ltd)
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\MountPoints2: {34c27408-da49-11e4-b3da-001e335e126b} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\MountPoints2: {64936366-dead-11e3-939d-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\MountPoints2: {a137db4c-6382-11e4-9f42-001e335e126b} - F:\AutoRun.exe
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\MountPoints2: {b935dee6-deab-11e3-8e1f-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\...\MountPoints2: {db1fad14-9cc2-11e4-a623-001e335e126b} - G:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2008-04-23] (Google)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-04-23]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-04-23]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Dośka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2014-10-30]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Dośka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2015-01-19]
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.2.96.51 212.2.96.52
Tcpip\..\Interfaces\{47039F63-D5B1-4ACE-9038-7A64906DC3B3}: [DhcpNameServer] 212.2.96.51 212.2.96.52
Tcpip\..\Interfaces\{67915726-0F87-42B0-8D38-6CE3FA5D4D3F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B92F1E5E-C90D-49BB-B63F-C27DF8923A64}: [DhcpNameServer] 193.41.112.14 193.41.112.18
Tcpip\..\Interfaces\{D354A19B-477A-4AD8-A151-E2CB4BC6C8A9}: [DhcpNameServer] 212.2.96.51 212.2.96.52

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1444469111&z=455c922ee0e6e522a6da286g9z0z7zezfq2t3g0g3g&from=exp1&uid=toshibaxmk1652gsx_682vf3nesxx682vf3nes
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1444469111&z=455c922ee0e6e522a6da286g9z0z7zezfq2t3g0g3g&from=exp1&uid=toshibaxmk1652gsx_682vf3nesxx682vf3nes&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1444469111&z=455c922ee0e6e522a6da286g9z0z7zezfq2t3g0g3g&from=exp1&uid=toshibaxmk1652gsx_682vf3nesxx682vf3nes
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1444469111&z=455c922ee0e6e522a6da286g9z0z7zezfq2t3g0g3g&from=exp1&uid=toshibaxmk1652gsx_682vf3nesxx682vf3nes&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1444469111&z=455c922ee0e6e522a6da286g9z0z7zezfq2t3g0g3g&from=exp1&uid=toshibaxmk1652gsx_682vf3nesxx682vf3nes
HKU\S-1-5-21-2103866577-1562501296-307099122-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1444469111&z=455c922ee0e6e522a6da286g9z0z7zezfq2t3g0g3g&from=exp1&uid=toshibaxmk1652gsx_682vf3nesxx682vf3nes
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1444469111&z=455c922ee0e6e522a6da286g9z0z7zezfq2t3g0g3g&from=exp1&uid=toshibaxmk1652gsx_682vf3nesxx682vf3nes&q={searchTerms}
SearchScopes: HKLM -> {39E013AE-D006-4177-92AB-E9D3B4CBA92A} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2103866577-1562501296-307099122-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1444469111&z=455c922ee0e6e522a6da286g9z0z7zezfq2t3g0g3g&from=exp1&uid=toshibaxmk1652gsx_682vf3nesxx682vf3nes&q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2103866577-1562501296-307099122-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.piesearch.com/?type=sc&ts=1445521583&pid=etc22&uid=d18df966-44da-43d0-b1f1-6fd2b091487e

FireFox:
========
FF ProfilePath: C:\Users\Dośka\AppData\Roaming\Mozilla\Firefox\Profiles\7ntmj811.default
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: piesearch
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1444469111&z=455c922ee0e6e522a6da286g9z0z7zezfq2t3g0g3g&from=exp1&uid=toshibaxmk1652gsx_682vf3nesxx682vf3nes
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\oursurfing.xml [2015-10-10]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\piesearch.xml [2015-10-22]
FF Extension: deskCut - C:\Users\Dośka\AppData\Roaming\Mozilla\Firefox\Profiles\7ntmj811.default\extensions\deskCutv2@gmail.com [2015-10-10] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-22] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Dośka\AppData\Roaming\Mozilla\Firefox\Profiles\7ntmj811.default\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.piesearch.com/?type=sc&ts=1445521583&pid=etc22&uid=d18df966-44da-43d0-b1f1-6fd2b091487e
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-08-01]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.pl/","hxxps://www.qassa.pl/startpage.php"
CHR Profile: C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Torrent Search) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-01-25]
CHR Extension: (Plain) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpcdipecmmhmhfchegpaflpjkmceiip [2015-01-25]
CHR Extension: (Dysk Google) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Stylish) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-09-30]
CHR Extension: (XKit) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-01-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Google Hangouts) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-10]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Quick Menu) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggihoncmelambjaefiboekididcaffe [2015-11-12]
CHR Extension: (Gmail) - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [oggihoncmelambjaefiboekididcaffe] - C:\Users\Dośka\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggihoncmelambjaefiboekididcaffe.crx [2015-10-22]

Opera: 
=======
OPR Extension: (Discover Treasure) - C:\Users\Dośka\AppData\Roaming\Opera Software\Opera Stable\Extensions\imolfkdfmddfkflofnmfalngnmiijhij [2015-10-10]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.piesearch.com/?type=sc&ts=1445521583&pid=etc22&uid=d18df966-44da-43d0-b1f1-6fd2b091487e

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [Brak podpisu cyfrowego]
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-04-23] (Google) [Brak podpisu cyfrowego]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655712 2011-08-23] ()
S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer2247.exe [236816 2015-10-09] (MustangService)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [Brak podpisu cyfrowego]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [Brak podpisu cyfrowego]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-09-09] (Huawei Technologies Co., Ltd.)
R3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [66688 2011-09-09] (Huawei Technologies Co., Ltd.)
R3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-09-09] (Huawei Technologies Co., Ltd.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [239488 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 ppfd_vt_1_10_0_22; system32\drivers\ppfd_vt_1_10_0_22.sys [X]
S3 Tosrfcom; Brak ImagePath

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-11-24 23:07 - 2015-11-24 23:16 - 00000000 ____D C:\FRST
2015-11-24 21:46 - 2015-11-24 21:49 - 00000000 ____D C:\AdwCleaner
2015-11-14 20:37 - 2015-11-14 20:37 - 00001507 _____ C:\Users\Dośka\.recently-used.xbel
2015-11-13 17:09 - 2015-11-13 17:09 - 00000444 _____ C:\Windows\PFRO.log
2015-11-12 18:00 - 2015-11-12 18:00 - 00000000 ____D C:\Users\Dośka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-12 18:00 - 2015-11-12 18:00 - 00000000 ____D C:\Program Files\CCleaner
2015-10-25 23:01 - 2015-10-25 23:01 - 00000698 _____ C:\Users\Po\Desktop\Icy Tower.lnk
2015-10-25 23:01 - 2015-10-25 23:01 - 00000000 ____D C:\games

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-11-24 23:16 - 2014-05-15 11:50 - 01187346 _____ C:\Windows\WindowsUpdate.log
2015-11-24 23:15 - 2014-05-16 17:47 - 00000000 ____D C:\Users\Dośka\AppData\Roaming\Spotify
2015-11-24 23:14 - 2014-05-16 17:50 - 00000000 ____D C:\Users\Dośka\AppData\Local\Spotify
2015-11-24 23:13 - 2014-05-15 12:23 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-24 23:13 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-24 23:13 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-24 23:13 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-24 23:11 - 2006-11-02 14:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-24 22:19 - 2014-09-25 11:42 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-24 22:18 - 2014-05-15 12:23 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-24 21:49 - 2014-09-27 17:33 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-11-14 20:52 - 2014-09-12 22:32 - 00000000 ____D C:\Users\Dośka\.gimp-2.6
2015-11-14 20:37 - 2014-05-15 12:10 - 00000000 ____D C:\Users\Dośka
2015-11-14 17:01 - 2008-05-13 07:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 20:06 - 2008-01-21 07:24 - 01495264 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-12 20:06 - 2008-01-21 07:24 - 00672140 _____ C:\Windows\system32\perfh015.dat
2015-11-12 20:06 - 2008-01-21 07:24 - 00130516 _____ C:\Windows\system32\perfc015.dat
2015-11-12 07:24 - 2014-09-25 11:42 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-12 07:24 - 2014-09-25 11:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-11 12:26 - 2015-01-25 18:23 - 00002180 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-03 12:29 - 2015-01-19 15:58 - 00007889 _____ C:\Windows\BRRBCOM.INI

==================== Pliki w katalogu głównym wybranych folderów =======

2014-06-19 10:34 - 2015-01-19 15:13 - 0000680 _____ () C:\Users\Dośka\AppData\Local\d3d9caps.dat
2014-05-18 17:48 - 2015-04-06 18:21 - 0015872 _____ () C:\Users\Dośka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-14 11:12 - 2014-09-14 11:12 - 0000996 _____ () C:\Users\Dośka\AppData\Local\recently-used.xbel

Niektóre pliki w TEMP:
====================
C:\Users\Dośka\AppData\Local\Temp\Quarantine.exe
C:\Users\Dośka\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2015-11-24 23:18

==================== Koniec FRST.txt ============================