Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:05-03-2016 01 Uruchomiony przez User (administrator) NOTEBOOKHP (09-04-2016 11:13:12) Uruchomiony z C:\Documents and Settings\User\Pulpit Załadowane profile: User (Dostępne profile: User & fdg) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVK\AVKWCtl.exe (Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE (IDT, Inc.) C:\Program Files\IDT\WDM\STACSV.EXE (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe (G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFLTR.EXE (Aladdin Knowledge Systems Ltd.) C:\WINDOWS\system32\hasplms.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe (QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (G DATA Software AG) C:\Program Files\G Data\TotalProtection\Firewall\GDFirewallTray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Akamai Technologies, Inc.) C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\Firewall\GDFwSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [737280 2009-04-21] (Andrea Electronics Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [295072 2012-12-19] (RealNetworks, Inc.) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G DATA\TotalProtection\Firewall\GDFirewallTray.exe [1874040 2016-02-18] (G DATA Software AG) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\Program Files\G DATA\TotalProtection\AVKTray\AVKTray.exe,C:\Program Files\G DATA\TotalProtection\AVKKid\AVKCKS.exe,c:\program files\g data\totalprotection\avkkid\avkcks.exe Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-07-29] (ATI Technologies Inc.) HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [1035264 2008-04-15] (Microsoft Corporation) <==== UWAGA HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [1035264 2008-04-15] (Microsoft Corporation) <==== UWAGA HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\...\Run: [] => [X] HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [1035264 2008-04-15] (Microsoft Corporation) <==== UWAGA HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [1035264 2008-04-15] (Microsoft Corporation) <==== UWAGA Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\TB-Tray.lnk [2012-10-05] ShortcutTarget: TB-Tray.lnk -> C:\Program Files\Thunderbird-Tray\TBTray.exe (Brak pliku) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{286BA1B0-3349-4719-A8F7-C85062BECE57}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Window Title = Informatyk: tel. 662 441 851 www.pc-pomoc.com BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader) BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation) Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH) FireFox: ======== FF ProfilePath: C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\22kg0s7o.default-1458808031671 FF Homepage: www.onet.pl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] () FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-10-13] ( ) FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-12-19] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-12-19] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\User\Dane aplikacji\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012-12-19] (RealPlayer) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-03-23] [Brak podpisu cyfrowego] FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-23] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-24] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2012-07-18] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-19] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-04-30] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => Brak pliku CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => Brak pliku CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => Brak pliku CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\pdf.dll => Brak pliku CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Brak pliku CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => Brak pliku CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Brak pliku CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll => Brak pliku CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll => Brak pliku CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll => Brak pliku CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll => Brak pliku CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29] CHR Extension: (Google Search) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-29] CHR Extension: (Gmail) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-29] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-13] (Agere Systems) R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2790368 2016-02-18] (G Data Software AG) R2 AVKService; C:\Program Files\G DATA\TotalProtection\AVK\AVKService.exe [970872 2016-02-11] (G Data Software AG) R2 AVKWCtl; C:\Program Files\G DATA\TotalProtection\AVK\AVKWCtl.exe [3237352 2016-02-18] (G Data Software AG) R2 GDBackupSvc; C:\Program Files\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe [3985528 2016-02-16] (G Data Software AG) R3 GDFwSvc; C:\Program Files\G DATA\TotalProtection\Firewall\GDFwSvc.exe [2511232 2016-03-04] (G Data Software AG) R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [791160 2016-02-18] (G Data Software AG) S3 GDTunerSvc; C:\Program Files\G DATA\TotalProtection\AVKTuner\AVKTunerService.exe [2455160 2016-02-11] (G Data Software AG) R2 hasplms; C:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-02-25] (Lexmark International, Inc.) [Brak podpisu cyfrowego] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 QDLService2kHP; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [329976 2009-07-27] (QUALCOMM, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () R2 STacSV; c:\program files\idt\wdm\STacSV.exe [221266 2009-08-05] (IDT, Inc.) [Brak podpisu cyfrowego] S3 TSNxGService; C:\Program Files\G DATA\TotalProtection\TSNxG\TSNxGService.exe [255608 2014-07-01] (G DATA Software) R2 yksvc; C:\WINDOWS\System32\yk51x86.dll [282624 2009-07-17] (Marvell) [Brak podpisu cyfrowego] S2 Update BrowseMark; "C:\Program Files\BrowseMark\updateBrowseMark.exe" [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 5U876UVC; C:\WINDOWS\System32\DRIVERS\5U876.sys [118656 2009-06-30] (Ricoh co.,Ltd.) [Brak podpisu cyfrowego] S3 ACSSCR; C:\WINDOWS\System32\DRIVERS\a38usb.sys [33536 2006-03-24] (Advanced Card Systems Ltd) R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation) [Brak podpisu cyfrowego] R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] R0 Amddfltr; C:\WINDOWS\System32\DRIVERS\Amddfltr.sys [15416 2008-03-13] (Advanced Micro Devices) R0 amdide; C:\WINDOWS\System32\DRIVERS\amdide.sys [11832 2010-06-30] (Advanced Micro Devices Inc.) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) [Brak podpisu cyfrowego] R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1746432 2010-05-21] (Broadcom Corporation) [Brak podpisu cyfrowego] R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [992424 2009-05-07] (Broadcom Corporation.) R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-05-07] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R0 GDBehave; C:\WINDOWS\System32\drivers\GDBehave.sys [112256 2016-03-08] (G Data Software AG) R1 GDKBB; C:\WINDOWS\system32\drivers\GDKBB32.sys [33304 2016-03-08] (G Data Software AG) R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt32.sys [27160 2016-03-08] (G Data Software AG) R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [164352 2016-03-08] (G Data Software AG) R0 GDNdisIc; C:\WINDOWS\System32\drivers\GDNdisIc.sys [30048 2015-05-03] (G Data Software AG) R2 GDTdiInterceptor; C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [53248 2015-11-10] (G Data Software AG) R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [69024 2015-05-04] (G Data Software) S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2010-07-25] (Aladdin Knowledge Systems) [Brak podpisu cyfrowego] R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [91136 2016-03-08] (G Data Software AG) S3 HpqKbFiltr; C:\WINDOWS\System32\DRIVERS\HpqKbFiltr.sys [16768 2007-06-18] (Hewlett-Packard Development Company, L.P.) [Brak podpisu cyfrowego] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] () [Brak podpisu cyfrowego] R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1644211 2009-08-05] (IDT, Inc.) [Brak podpisu cyfrowego] R0 TS4NT; C:\WINDOWS\System32\Drivers\TS4nt.sys [95232 2016-03-15] (G DATA Software AG) S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31872 2008-04-14] (Microsoft Corporation) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [297728 2009-07-17] (Marvell) [Brak podpisu cyfrowego] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X] S3 HPFXBULK; system32\drivers\hpfxbulk.sys [X] S3 HPFXFAX; system32\drivers\hpfxfax.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S4 IntelIde; Brak ImagePath U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-09 11:13 - 2016-04-09 11:14 - 00024472 _____ C:\Documents and Settings\User\Pulpit\FRST.txt 2016-04-09 11:11 - 2016-04-09 11:13 - 00000000 ____D C:\FRST 2016-04-09 11:08 - 2016-04-09 11:08 - 01725440 _____ (Farbar) C:\Documents and Settings\User\Pulpit\FRST.exe 2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Program Files\Common Files\Java 2016-03-24 09:58 - 2016-03-24 09:57 - 00153088 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2016-03-24 09:57 - 2016-03-24 09:59 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Java 2016-03-24 09:57 - 2016-03-24 09:57 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2016-03-24 09:42 - 2016-03-24 09:42 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-03-24 09:42 - 2016-03-24 09:42 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-03-23 08:49 - 2016-03-23 11:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-03-16 16:30 - 2016-03-16 16:30 - 00110592 _____ C:\WINDOWS\Minidump\Mini031616-02.dmp 2016-03-16 16:26 - 2016-03-16 16:25 - 00110592 _____ C:\WINDOWS\Minidump\Mini031616-01.dmp 2016-03-15 22:37 - 2016-03-15 22:37 - 00000730 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2016-03-15 22:37 - 2016-03-15 22:37 - 00000724 _____ C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2016-03-15 22:17 - 2016-03-15 22:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-03-15 22:17 - 2016-03-15 22:17 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight 2016-03-15 21:27 - 2016-03-15 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\G DATA TOTAL PROTECTION 2016-03-10 00:08 - 2016-03-14 22:15 - 00000000 ____D C:\Documents and Settings\User\Pulpit\Stare dane programu Firefox ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-09 11:14 - 2010-05-21 13:25 - 00000000 ____D C:\Documents and Settings\User\Ustawienia lokalne\Temp 2016-04-09 11:13 - 2010-05-21 13:25 - 00000000 ____D C:\Documents and Settings\User\Pulpit 2016-04-09 11:07 - 2011-12-09 17:04 - 00000460 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{58477204-31AB-4F2C-965F-FD6774E632E3}.job 2016-04-09 10:29 - 2015-06-24 23:09 - 00000460 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job 2016-04-09 10:10 - 2015-06-22 22:52 - 00000468 _____ C:\WINDOWS\Tasks\At1.job 2016-04-09 08:55 - 2010-05-21 15:10 - 01127314 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-09 08:55 - 2008-04-15 19:00 - 00504064 _____ C:\WINDOWS\system32\perfh015.dat 2016-04-09 08:55 - 2008-04-15 19:00 - 00091112 _____ C:\WINDOWS\system32\perfc015.dat 2016-04-09 08:49 - 2014-03-08 01:09 - 00000220 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2016-04-09 08:49 - 2012-12-19 23:39 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1417001333-1958367476-1801674531-1003.job 2016-04-09 08:49 - 2012-10-05 21:51 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-1958367476-1801674531-1003.job 2016-04-09 08:49 - 2010-05-21 13:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-09 08:48 - 2009-07-29 17:03 - 00219120 _____ C:\WINDOWS\system32\ativvaxx.cap 2016-04-09 00:26 - 2010-05-21 13:25 - 00000188 ___SH C:\Documents and Settings\User\ntuser.ini 2016-04-09 00:26 - 2010-05-21 13:22 - 00032558 _____ C:\WINDOWS\SchedLgU.Txt 2016-04-09 00:00 - 2011-12-20 23:02 - 00000364 _____ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job 2016-04-08 22:52 - 2015-06-22 22:52 - 00000468 _____ C:\WINDOWS\Tasks\At3.job 2016-04-08 13:46 - 2011-04-07 15:01 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt 2016-04-06 14:00 - 2015-06-22 22:52 - 00000468 _____ C:\WINDOWS\Tasks\At4.job 2016-04-06 12:59 - 2014-08-28 19:22 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2016-04-06 09:43 - 2013-02-12 19:07 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\foobar2000 2016-04-05 20:40 - 2015-06-22 22:52 - 00000468 _____ C:\WINDOWS\Tasks\At2.job 2016-04-05 16:38 - 2013-02-14 20:28 - 00063488 _____ C:\Documents and Settings\User\Pulpit\sklepy.xls 2016-03-30 00:15 - 2012-12-19 23:39 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1417001333-1958367476-1801674531-1003.job 2016-03-27 10:27 - 2008-04-15 19:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2016-03-24 17:16 - 2014-06-24 22:08 - 00000000 ____D C:\Documents and Settings\User\Moje dokumenty\Pobrane 2016-03-24 10:00 - 2014-10-27 00:37 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Oracle 2016-03-24 09:59 - 2013-07-01 09:58 - 00000000 ____D C:\Program Files\Java 2016-03-24 09:58 - 2015-09-05 19:52 - 00000000 ____D C:\Documents and Settings\User\.oracle_jre_usage 2016-03-24 09:57 - 2010-05-21 15:10 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2016-03-24 09:42 - 2010-05-24 08:44 - 00000000 ____D C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Adobe 2016-03-23 22:24 - 2012-04-27 15:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-03-16 22:24 - 2012-10-05 21:51 - 00000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-1958367476-1801674531-1003.job 2016-03-16 16:30 - 2013-02-06 12:29 - 00000000 ____D C:\WINDOWS\Minidump 2016-03-15 22:39 - 2010-12-03 21:43 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\Skype 2016-03-15 22:37 - 2010-05-21 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2016-03-15 21:34 - 2015-01-13 13:31 - 00002267 _____ C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2016-03-15 21:27 - 2015-05-03 19:00 - 00001674 _____ C:\Documents and Settings\All Users\Pulpit\G DATA TOTAL PROTECTION.lnk 2016-03-15 21:27 - 2015-04-08 17:58 - 00095232 _____ (G DATA Software AG) C:\WINDOWS\system32\Drivers\TS4nt.sys 2016-03-15 21:26 - 2010-05-21 15:01 - 00000000 ___HD C:\WINDOWS\inf 2016-03-15 21:25 - 2013-06-01 12:27 - 00000000 ____D C:\Program Files\Common Files\G Data 2016-03-13 16:53 - 2012-12-31 23:46 - 00021726 _____ C:\Documents and Settings\User\Pulpit\licznik.xlsx 2016-03-13 01:20 - 2010-05-21 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-01-15 14:53 - 2015-01-15 14:53 - 0566208 _____ (MetaQuotes Software Corp.) C:\Program Files\avafinancial4setup.exe 2015-04-16 14:44 - 2015-04-16 14:44 - 1328408 _____ (MetaQuotes Software Corp.) C:\Program Files\go4x(1).exe 2015-04-16 14:36 - 2015-04-16 14:36 - 1328408 _____ (MetaQuotes Software Corp.) C:\Program Files\go4x.exe 2013-05-02 14:32 - 2013-05-02 14:48 - 192584504 _____ (Kaspersky Lab) C:\Program Files\kis13.0.1.4190pl-pl.exe 2012-10-10 20:00 - 2012-10-10 20:00 - 0448104 _____ () C:\Program Files\Pamela-for-Skype(22092).exe 2012-10-10 20:02 - 2012-10-10 20:02 - 9152480 _____ (Scendix Software-Vertriebsges. mbH) C:\Program Files\PamelaSetup_Basic.exe 2014-07-23 21:35 - 2014-07-23 21:35 - 0000000 _____ () C:\Documents and Settings\User\Dane aplikacji\gdfw.log 2014-07-23 21:35 - 2015-04-08 17:56 - 0000976 _____ () C:\Documents and Settings\User\Dane aplikacji\gdscan.log 2012-02-10 20:19 - 2012-02-10 20:20 - 0000080 _____ () C:\Documents and Settings\User\Dane aplikacji\Microsoft\Default.dat 2012-02-10 20:19 - 2012-02-10 20:19 - 0000001 _____ () C:\Documents and Settings\User\Dane aplikacji\Microsoft\DirectX.dat 2012-02-10 20:19 - 2012-02-10 20:19 - 0000001 _____ () C:\Documents and Settings\User\Dane aplikacji\Microsoft\etc.dat 2012-02-10 20:19 - 2012-02-10 20:19 - 0001917 _____ () C:\Documents and Settings\User\Dane aplikacji\Microsoft\localstore.rdf 2012-02-10 20:19 - 2012-02-10 20:19 - 0000226 _____ () C:\Documents and Settings\User\Dane aplikacji\Microsoft\Setup.dat 2012-02-10 20:19 - 2012-02-10 20:19 - 0000001 _____ () C:\Documents and Settings\User\Dane aplikacji\Microsoft\snd.dat 2012-02-10 20:19 - 2012-02-10 20:19 - 0000002 _____ () C:\Documents and Settings\User\Dane aplikacji\Microsoft\System.dat 2012-02-10 20:19 - 2012-02-10 20:19 - 0000001 _____ () C:\Documents and Settings\User\Dane aplikacji\Microsoft\Windows.dat 2010-05-21 16:01 - 2010-05-21 16:01 - 0000000 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\AtStart.txt 2010-11-26 13:25 - 2013-01-13 11:40 - 0014848 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-05-21 16:01 - 2010-05-21 16:01 - 0000000 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DSwitch.txt 2011-01-21 19:21 - 2011-02-15 18:20 - 0000000 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FnF4.txt 2011-12-20 22:41 - 2011-12-20 22:41 - 0000129 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2010-05-21 16:01 - 2010-05-21 16:01 - 0000000 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\QSwitch.txt 2014-01-26 16:14 - 2014-01-26 16:14 - 0006383 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\recently-used.xbel 2011-05-24 15:57 - 2013-04-30 12:54 - 0006201 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\unins000.dat 2013-04-30 12:54 - 2013-04-30 12:53 - 0707504 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\unins000.exe 2013-04-30 12:50 - 2013-04-30 12:54 - 0011761 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\unins000.msg 2015-06-22 22:50 - 2015-06-22 22:50 - 0000057 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini 2010-10-04 21:18 - 2011-12-20 22:55 - 0002376 _____ () C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log Pliki do przeniesienia lub usunięcia: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Niektóre pliki w TEMP: ==================== C:\Documents and Settings\fdg\Ustawienia lokalne\Temp\sfamcc00001.dll C:\Documents and Settings\fdg\Ustawienia lokalne\Temp\sfareca00001.dll C:\Documents and Settings\fdg\Ustawienia lokalne\Temp\sfextra.dll C:\Documents and Settings\User\Ustawienia lokalne\Temp\NEventMessages.dll C:\Documents and Settings\User\Ustawienia lokalne\Temp\NOSEventMessages.dll C:\Documents and Settings\User\Ustawienia lokalne\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================