Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 24-05-2017 Uruchomiony przez bafist (administrator) X-779C59798CB84 (25-05-2017 20:43:39) Uruchomiony z C:\Documents and Settings\bafist\Moje dokumenty Załadowane profile: bafist (Dostępne profile: bafist) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: "C:\Program Files\Firefox\Firefox.exe" -osint -url "%1") Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] () HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-03] () HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-04] (AVAST Software) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Winlogon: [UIHost] logonui.exe Brak pliku Winlogon\Notify\crypt32chain: crypt32.dll [X] Winlogon\Notify\cryptnet: cryptnet.dll [X] Winlogon\Notify\cscdll: cscdll.dll [X] Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\Schedule: wlnotify.dll [X] Winlogon\Notify\sclgntfy: sclgntfy.dll [X] Winlogon\Notify\SensLogn: WlNotify.dll [X] Winlogon\Notify\termsrv: wlnotify.dll [X] Winlogon\Notify\wlballoon: wlnotify.dll [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2000478354-1060284298-725345543-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.) HKU\S-1-5-21-2000478354-1060284298-725345543-1003\...\Run: [World of Tanks] => "E:\World of Tanks\WargamingGameUpdater.exe" HKU\S-1-5-21-2000478354-1060284298-725345543-1003\...\Run: [background_fault] => "background_fault\aswRD.exe" "background_fault\bf.dll",background_fault_collector HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> logon.scr HKLM\...\Providers\Internet Print Provider: inetpp.dll HKLM\...\Providers\LanMan Print Services: win32spl.dll HKLM\...\Providers\ssj072fy: C:\Program Files\Whukogercult Schedule\local32spl.dll IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll -> Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-04] (AVAST Software) Startup: C:\Documents and Settings\bafist\Menu Start\Programy\Autostart\Powiadomienia monitorowania tuszu - HP Deskjet 2510 series.lnk [2017-05-25] ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\..\Interfaces\{DF9EDEFD-8D8F-4F25-824D-DA827D9D9CDF}: [NameServer] 192.168.1.1,194.204.159.1 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493978266&z=2955a55ef092737a03e09b9gfz8t6cdt0m4b9cee3w&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493978266&z=2955a55ef092737a03e09b9gfz8t6cdt0m4b9cee3w&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35 HKU\S-1-5-21-2000478354-1060284298-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493978266&z=2955a55ef092737a03e09b9gfz8t6cdt0m4b9cee3w&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35 HKU\S-1-5-21-2000478354-1060284298-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493978266&z=2955a55ef092737a03e09b9gfz8t6cdt0m4b9cee3w&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35&q={searchTerms} HKU\S-1-5-21-2000478354-1060284298-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493978266&z=2955a55ef092737a03e09b9gfz8t6cdt0m4b9cee3w&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35 HKU\S-1-5-21-2000478354-1060284298-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493978266&z=2955a55ef092737a03e09b9gfz8t6cdt0m4b9cee3w&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493978266&z=2955a55ef092737a03e09b9gfz8t6cdt0m4b9cee3w&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493978266&z=2955a55ef092737a03e09b9gfz8t6cdt0m4b9cee3w&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35&q={searchTerms} SearchScopes: HKU\S-1-5-21-2000478354-1060284298-725345543-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-19] (Oracle Corporation) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll => Brak pliku BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-19] (Oracle Corporation) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1293578143906 DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Brak pliku StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495617671&z=05340a228e12470f19aeda7gdz2t9wbqfg3m4q1mao&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-08-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-08-19] (Oracle Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.) StartMenuInternet: Firefox.exe - c:\program files\firefox\firefox.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495617671&z=05340a228e12470f19aeda7gdz2t9wbqfg3m4q1mao&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35 Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&ts=1494836058&z=68764b041a5aca518eb0ba4gaz6t5zfbdccq3e1wdw&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35&q={searchTerms} CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites CHR Profile: C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\ChromeDefaultData [2017-05-24] <==== UWAGA CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: chrome.exe - c:\program files\google\chrome\application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495617671&z=05340a228e12470f19aeda7gdz2t9wbqfg3m4q1mao&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35 StartMenuInternet: Google Chrome - c:\program files\google\chrome\application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495617671&z=05340a228e12470f19aeda7gdz2t9wbqfg3m4q1mao&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35 Opera: ======= StartMenuInternet: (HKLM) OperaStable - c:\program files\opera\launcher.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495617671&z=05340a228e12470f19aeda7gdz2t9wbqfg3m4q1mao&from=che0812&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F1EHSV35HSV35 ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-04] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-04] (AVAST Software) S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [1289224 2017-03-21] () R2 BIT; C:\ProgramData\BIT\BIT.dll [1811968 2017-05-24] (TODO: <公司名>) [Brak podpisu cyfrowego] <==== UWAGA S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego] S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [229376 2010-05-17] (Puran Software) [Brak podpisu cyfrowego] R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [Brak podpisu cyfrowego] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S2 snare; C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\snare\Snare.dll [X] R2 WinSAPSvc; C:\Documents and Settings\bafist\Dane aplikacji\WinSAPSvc\WinSAP.dll [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-05-18] (Cisco Systems, Inc.) [Brak podpisu cyfrowego] R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-09] (Realtek Semiconductor Corp.) S3 Asushwio; C:\WINDOWS\system32\drivers\Asushwio.sys [5824 2003-03-27] () [Brak podpisu cyfrowego] R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [258288 2017-05-04] (AVAST Software s.r.o.) R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [148696 2017-05-04] (AVAST Software s.r.o.) R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [268016 2017-05-04] (AVAST Software s.r.o.) R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [41664 2017-05-04] (AVAST Software s.r.o.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-05-04] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [31064 2017-05-04] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [107928 2017-05-04] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [60760 2017-05-04] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-05-04] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [764576 2017-05-04] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [482608 2017-05-04] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [181080 2017-05-13] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [279800 2017-05-04] (AVAST Software) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [Brak podpisu cyfrowego] R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.) S3 MSI_DVD_010507; C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys [22328 2010-05-10] (Your Corporation) S3 MSI_MSIBIOS_010507; C:\Program Files\MSI\MSIWDev\msibios32_100507.sys [25912 2010-05-10] (Your Corporation) S3 MSI_VGASYS_010507; C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys [16696 2010-05-10] () R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [93568 2010-12-11] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33536 2010-12-11] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2010-12-11] (NVIDIA Corporation) S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [1076968 2012-05-14] (Realtek Semiconductor Corporation ) S3 usb_rndis; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12800 2008-04-14] (Microsoft Corporation) R3 vbusax; C:\WINDOWS\System32\DRIVERS\vbusax.sys [8416 2002-11-11] (Alcohol Soft Co., Ltd.) [Brak podpisu cyfrowego] R3 vdevax; C:\WINDOWS\System32\DRIVERS\vdevax.sys [92384 2002-11-11] (Alcohol Soft Co., Ltd.) [Brak podpisu cyfrowego] S3 vncmirror; C:\WINDOWS\System32\DRIVERS\vncmirror.sys [4608 2015-08-08] (RealVNC Ltd.) S4 IntelIde; Brak ImagePath S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== UWAGA U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) R4 sptd; System32\Drivers\sptd.sys [X] U1 WS2IFSL; Brak ImagePath U3 a7ftpzod; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-25 20:43 - 2017-05-25 20:44 - 00017224 _____ C:\Documents and Settings\bafist\Moje dokumenty\FRST.txt 2017-05-25 20:42 - 2017-05-25 20:43 - 00000000 ____D C:\FRST 2017-05-25 20:39 - 2017-05-25 20:39 - 00380928 _____ C:\Documents and Settings\bafist\Moje dokumenty\4km4xegj.exe 2017-05-25 20:38 - 2017-05-25 20:38 - 01770496 _____ (Farbar) C:\Documents and Settings\bafist\Moje dokumenty\FRST.exe 2017-05-25 20:27 - 2017-05-25 20:27 - 00496160 _____ (Duplex Secure Ltd) C:\Documents and Settings\bafist\Moje dokumenty\SPTDinst-v189-x86.exe 2017-05-25 19:50 - 2017-05-25 20:35 - 00001598 _____ C:\Documents and Settings\bafist\Pulpit\fixitpc.pl.txt 2017-05-23 13:03 - 2017-05-25 20:44 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\snare 2017-05-23 13:03 - 2017-05-23 13:03 - 00000000 ____D C:\Jopetiondipas 2017-05-22 22:52 - 2017-05-22 22:52 - 00001957 _____ C:\Documents and Settings\All Users\Pulpit\HP Deskjet 2510 series.lnk 2017-05-22 22:52 - 2017-05-22 22:52 - 00000904 _____ C:\Documents and Settings\All Users\Pulpit\Zakup materiaウ eksploatacyjnych - HP Deskjet 2510 series.lnk 2017-05-22 22:52 - 2012-06-13 05:24 - 01979280 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrv_DJ2510.dll 2017-05-22 22:52 - 2012-06-13 05:24 - 00529808 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsAC11.dll 2017-05-22 22:52 - 2012-06-13 05:24 - 00495504 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia1_DJ2510.dll 2017-05-22 22:52 - 2012-06-13 05:24 - 00268688 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsAC11LM.dll 2017-05-22 22:52 - 2012-06-13 05:24 - 00220560 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkcoiAC11.dll 2017-05-22 22:52 - 2012-06-13 04:47 - 02216336 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkinsAC11.exe 2017-05-18 13:03 - 2017-05-23 16:06 - 00000000 ____D C:\Program Files\Aracerdomarafiy 2017-05-18 13:03 - 2017-05-23 16:06 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\CSHMDR 2017-05-18 13:03 - 2017-05-19 22:08 - 00000000 ____D C:\Reimward 2017-05-17 11:55 - 2017-05-17 11:56 - 00000000 ____D C:\Program Files\Firefox 2017-05-15 02:22 - 2017-05-21 20:01 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\CWASRE 2017-05-14 20:31 - 2017-05-14 20:27 - 00000030 _____ C:\AVScanner.ini 2017-05-14 20:27 - 2017-05-20 23:18 - 00000992 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-05-13 00:02 - 2017-05-25 02:21 - 00000458 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1494626517.job 2017-05-13 00:02 - 2017-05-13 00:02 - 00000675 _____ C:\Documents and Settings\All Users\Pulpit\Opera.lnk 2017-05-13 00:02 - 2017-05-13 00:02 - 00000675 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk 2017-05-13 00:02 - 2017-05-13 00:02 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\Opera Software 2017-05-13 00:02 - 2017-05-13 00:02 - 00000000 ____D C:\Documents and Settings\bafist\Dane aplikacji\Opera Software 2017-05-13 00:01 - 2017-05-13 00:02 - 00000000 ____D C:\Program Files\Opera 2017-05-12 14:47 - 2016-05-19 08:42 - 00067288 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys 2017-05-11 13:03 - 2017-05-18 15:11 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\NPASRE 2017-05-08 23:50 - 2017-05-08 23:50 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\Temp 2017-05-05 13:03 - 2017-05-05 13:03 - 00000000 ___HD C:\$AV_ASW 2017-05-04 12:51 - 2017-05-04 12:51 - 00330768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-05-03 13:03 - 2017-05-12 17:11 - 00000000 ____D C:\Insist 2017-05-02 14:38 - 2017-05-06 03:16 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\Kitty ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-25 20:44 - 2017-04-21 00:59 - 00000000 ____D C:\Documents and Settings\bafist\Dane aplikacji\WinSAPSvc 2017-05-25 20:44 - 2010-12-11 14:00 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Temp 2017-05-25 20:43 - 2010-12-11 14:00 - 00000000 ___RD C:\Documents and Settings\bafist\Moje dokumenty 2017-05-25 20:36 - 2015-11-05 14:41 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2017-05-25 20:28 - 2016-08-01 09:57 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-05-25 19:50 - 2010-12-11 14:00 - 00000000 ____D C:\Documents and Settings\bafist\Pulpit 2017-05-25 19:24 - 2017-03-21 12:45 - 00000000 ____D C:\Program Files\Common Files\BattlEye 2017-05-25 18:53 - 2015-09-17 23:45 - 00000484 _____ C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job 2017-05-25 17:03 - 2017-04-20 21:02 - 00000640 _____ C:\WINDOWS\Tasks\Jntiondruqither.job 2017-05-25 02:21 - 2017-02-16 18:26 - 00000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job 2017-05-25 02:21 - 2016-03-19 11:00 - 00000548 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1458378049.job 2017-05-25 02:20 - 2015-12-27 13:50 - 00000000 ____D C:\Documents and Settings\bafist\Dane aplikacji\Skype 2017-05-25 02:20 - 2015-11-05 14:41 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-05-25 02:20 - 2010-12-11 13:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-25 00:17 - 2010-12-11 14:00 - 00000188 ___SH C:\Documents and Settings\bafist\ntuser.ini 2017-05-25 00:17 - 2010-12-11 14:00 - 00000000 ____D C:\Documents and Settings\bafist 2017-05-25 00:17 - 2010-12-11 13:59 - 00032210 _____ C:\WINDOWS\SchedLgU.Txt 2017-05-24 21:43 - 2010-12-12 15:55 - 00000000 ____D C:\Documents and Settings\bafist\Dane aplikacji\foobar2000 2017-05-24 16:34 - 2010-12-11 14:33 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2017-05-24 11:14 - 2010-12-11 14:00 - 00000000 __RHD C:\Documents and Settings\bafist\Dane aplikacji 2017-05-23 13:03 - 2010-12-11 14:00 - 00000000 ___HD C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji 2017-05-23 02:33 - 2001-07-21 22:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2017-05-22 23:01 - 2010-12-11 14:00 - 00000000 ___RD C:\Documents and Settings\bafist\Menu Start\Programy\Autostart 2017-05-22 23:00 - 2010-12-11 13:52 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria 2017-05-22 22:52 - 2016-04-19 21:00 - 00000000 ____D C:\Program Files\HP 2017-05-22 22:52 - 2016-04-19 21:00 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\HP 2017-05-22 22:52 - 2010-12-11 14:33 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2017-05-22 22:52 - 2010-12-11 14:29 - 00000000 ___HD C:\WINDOWS\inf 2017-05-21 01:04 - 2017-04-20 21:03 - 00000412 _____ C:\WINDOWS\Tasks\Whukogercult Schedule.job 2017-05-20 23:18 - 2010-12-11 13:54 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-05-20 11:58 - 2010-12-11 14:50 - 00000000 ____D C:\Program Files\Puran Defrag 2017-05-18 00:34 - 2011-02-13 15:26 - 01034072 _____ C:\WINDOWS\ntbtlog.txt 2017-05-17 23:56 - 2010-12-11 14:32 - 00000211 ___SH C:\boot.ini 2017-05-17 23:56 - 2001-07-21 22:16 - 00000643 _____ C:\WINDOWS\win.ini 2017-05-17 23:56 - 2001-07-21 22:15 - 00000227 _____ C:\WINDOWS\system.ini 2017-05-17 16:12 - 2015-10-10 04:08 - 00000000 ____D C:\Program Files\TeamViewer 2017-05-17 13:40 - 2010-12-16 00:34 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\Mozilla 2017-05-17 13:39 - 2010-12-16 00:34 - 00000000 ____D C:\Documents and Settings\bafist\Dane aplikacji\Mozilla 2017-05-17 13:39 - 2010-12-11 14:33 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2017-05-14 20:31 - 2010-12-11 14:33 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 2017-05-14 20:27 - 2012-10-02 00:33 - 00803320 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2017-05-14 20:27 - 2011-07-27 06:30 - 00144888 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2017-05-14 20:27 - 2010-12-16 01:10 - 00000000 ____D C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\Adobe 2017-05-13 00:35 - 2015-11-05 14:36 - 00181080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstmxp.sys 2017-05-12 14:46 - 2010-12-11 14:33 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty 2017-05-05 11:58 - 2015-11-05 14:42 - 00002137 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome.lnk 2017-05-05 11:58 - 2015-11-05 14:42 - 00002131 _____ C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2017-05-05 11:58 - 2015-03-16 00:16 - 00001115 _____ C:\Documents and Settings\bafist\Menu Start\Programy\Internet Explorer.lnk 2017-05-04 12:51 - 2017-02-16 18:26 - 00268016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys 2017-05-04 12:51 - 2017-02-16 18:26 - 00258288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys 2017-05-04 12:51 - 2017-02-16 18:26 - 00148696 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys 2017-05-04 12:51 - 2017-02-16 18:26 - 00041664 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys 2017-05-04 12:51 - 2016-03-19 11:00 - 00031064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2017-05-04 12:51 - 2015-09-23 14:47 - 00764576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2017-05-04 12:51 - 2015-09-23 14:47 - 00482608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2017-05-04 12:51 - 2015-09-23 14:47 - 00279800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2017-05-04 12:51 - 2015-09-23 14:47 - 00107928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-05-04 12:51 - 2015-09-23 14:47 - 00062152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-05-04 12:51 - 2015-09-23 14:47 - 00060760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2017-05-04 12:51 - 2015-09-23 14:47 - 00034136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-05-04 02:22 - 2017-04-20 21:03 - 00000000 ____D C:\Documents and Settings\bafist\Dane aplikacji\Vecosh ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Documents and Settings\bafist\Dane aplikacji\87U5dgLz1JsSpixurYrkeN3 2010-12-11 16:11 - 2013-01-09 01:58 - 0000600 _____ () C:\Documents and Settings\bafist\Dane aplikacji\winscp.rnd 2010-12-23 01:03 - 2015-08-11 14:07 - 0126976 _____ () C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-01-23 20:50 - 2013-01-23 20:50 - 0000600 _____ () C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\PUTTY.RND 2013-03-21 21:04 - 2013-03-21 21:04 - 0000218 _____ () C:\Documents and Settings\bafist\Ustawienia lokalne\Dane aplikacji\recently-used.xbel 2013-09-25 23:32 - 2013-09-25 23:32 - 0000057 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini Niektóre pliki w TEMP: ==================== 2014-03-02 00:39 - 2000-04-06 14:00 - 0263168 ____N () C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\binkw32.dll 2014-03-02 00:39 - 2001-05-18 13:00 - 0421888 ____N (Blizzard Entertainment) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\d2l_Install.exe 2014-03-01 23:20 - 2015-09-24 01:18 - 0065536 _____ (Sony DADC Austria AG) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\drm_dialogs.dll 2015-09-16 18:30 - 2015-09-24 03:36 - 0208896 _____ (Sony DADC Austria AG) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\drm_dyndata_7290011.dll 2015-02-15 20:33 - 2015-03-07 05:37 - 0212992 _____ (Sony DADC Austria AG) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\drm_dyndata_7320013.dll 2013-09-12 20:07 - 2014-12-21 13:24 - 0204800 _____ (Sony DADC Austria AG) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\drm_dyndata_7370008.dll 2013-09-12 16:48 - 2013-04-12 18:15 - 7672792 _____ (Foxit Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\Foxit Reader Updater.exe 2017-04-20 21:02 - 2017-04-20 21:02 - 0000000 _____ () C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\load.exe 2015-08-07 12:31 - 2015-08-07 12:31 - 3634040 _____ (Ask.com ) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\NEW44.tmp.exe 2015-08-07 12:36 - 2015-08-07 12:36 - 3634040 _____ (Ask.com ) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\NEW45.tmp.exe 2017-04-20 21:02 - 2017-04-20 21:02 - 0000000 _____ () C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\Setup.exe 2015-11-02 11:34 - 2008-04-14 22:51 - 0774144 _____ (Microsoft Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\setup_wm.exe 2016-09-19 16:45 - 2016-09-19 16:45 - 5243128 _____ () C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\Tibia_Setup_9ec0-af84-7a14-0736.exe 2016-09-19 16:34 - 2016-09-19 16:34 - 5243128 _____ () C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\Tibia_Setup_f75e-fa8a-d0ee-a6b0.exe 2015-11-13 17:41 - 2015-11-13 21:21 - 0224744 _____ () C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\tu17p84.exe 2015-11-13 17:26 - 2013-09-06 09:30 - 0104117 _____ () C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\Uninstall.exe 2015-09-16 18:05 - 2006-05-24 19:10 - 0455600 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is14.exe 2015-08-10 11:09 - 2007-01-20 03:46 - 0455600 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is1E.exe 2013-11-14 23:34 - 2008-10-16 14:20 - 0455952 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is2.exe 2016-03-19 21:25 - 2006-10-06 08:05 - 0456280 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is22B.exe 2015-07-23 17:58 - 2007-01-20 03:46 - 0455600 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is23.exe 2014-01-17 20:53 - 2007-01-20 03:46 - 0455600 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is3.exe 2016-11-02 16:01 - 2006-10-06 08:05 - 0456280 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is49.exe 2016-03-19 21:08 - 2006-10-06 08:05 - 0456280 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is68.exe 2015-07-21 18:04 - 2007-01-20 03:46 - 0455600 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is6E.exe 2013-11-15 00:19 - 2008-10-16 14:20 - 0455952 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_is84.exe 2013-11-15 00:31 - 2008-10-16 14:20 - 0455952 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_isC9.exe 2013-11-15 00:32 - 2008-10-16 14:20 - 0455952 ____R (Macrovision Corporation) C:\Documents and Settings\bafist\Ustawienia lokalne\Temp\_isCA.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================