Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:30-04-2016 Uruchomiony przez admin (administrator) MAREKL (04-05-2016 09:06:20) Uruchomiony z C:\WINDOWS\wirus Załadowane profile: admin (Dostępne profile: admin) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.3.0.0\Lightshot.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe (Huawei Technologies Co., Ltd.) C:\Documents and Settings\admin\Dane aplikacji\T-Mobile Internet Manager\ouc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe (Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe (The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe () C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (Lenovo Group Limited) C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.EXE (Microsoft Corporation) C:\WINDOWS\system32\WISPTIS.EXE (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [LenovoAutoScrollUtility] => C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [101440 2011-10-20] (Lenovo Group Limited) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2007-12-19] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [884736 2007-12-12] (Analog Devices, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2350392 2012-09-10] (Synaptics Incorporated) HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [1093632 2010-12-10] (Lenovo Group Limited) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3930896 2016-04-20] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [LXBXCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16 HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] () HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-117609710-854245398-725345543-1003\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk [2012-11-07] ShortcutTarget: BTTray.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 Tcpip\..\Interfaces\{90AFBC31-4AB6-487B-9266-A48D2BF132C1}: [DhcpNameServer] 194.204.152.34 194.204.159.1 Internet Explorer: ================== HKU\S-1-5-21-117609710-854245398-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-117609710-854245398-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\waym27it.default FF Homepage: google.pl FF NetworkProxy: "backup.ftp", "127.0.0.1" FF NetworkProxy: "backup.ftp_port", 9050 FF NetworkProxy: "backup.socks", "127.0.0.1" FF NetworkProxy: "backup.socks_port", 9050 FF NetworkProxy: "backup.ssl", "127.0.0.1" FF NetworkProxy: "backup.ssl_port", 9050 FF NetworkProxy: "ftp", "37.247.48.250" FF NetworkProxy: "ftp_port", 993 FF NetworkProxy: "http", "37.247.48.250" FF NetworkProxy: "http_port", 993 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "37.247.48.250" FF NetworkProxy: "socks_port", 993 FF NetworkProxy: "ssl", "37.247.48.250" FF NetworkProxy: "ssl_port", 993 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-05-04] () FF Extension: Auto Refresh - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\waym27it.default\Extensions\autorefresh@plugin.xpi [2016-04-28] FF Extension: Add-on Compatibility Reporter - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\waym27it.default\Extensions\compatibility@addons.mozilla.org.xpi [2016-04-27] FF Extension: Firebug - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\waym27it.default\Extensions\firebug@software.joehewitt.com.xpi [2016-03-31] FF Extension: FoxyProxy Standard - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\waym27it.default\Extensions\foxyproxy@eric.h.jung [2016-02-17] FF Extension: SQLite Manager - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\waym27it.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-04-27] FF Extension: Video DownloadHelper - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\waym27it.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-04-13] FF Extension: BetterPrivacy - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\waym27it.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-27] FF Extension: PriceMInuus - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\tzd2h352.Tomek\Extensions\Ve3eI@EtigO.com [2016-01-11] [Brak podpisu cyfrowego] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4016608 2016-04-20] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [886032 2016-04-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [594904 2016-04-20] (AVG Technologies CZ, s.r.o.) R2 EMP_NSWLSV; C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe [98304 2008-05-09] (SEIKO EPSON CORPORATION) [Brak podpisu cyfrowego] R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe [213432 2012-11-07] (FileOpen Systems Inc.) R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [65536 2007-01-31] (The Firebird Project) [Brak podpisu cyfrowego] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [1527893 2007-01-31] (The Firebird Project) [Brak podpisu cyfrowego] R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [276048 2013-02-06] () S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited) S3 lxbx_device; C:\WINDOWS\system32\lxbxcoms.exe [462848 2005-01-07] (Lexmark International, Inc.) S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 NFService; C:\Program Files\Fastream IQ Web FTP Server Engine\IQWebFTPServerEngine.exe [3221504 2008-10-14] (Fastream Technologies) [Brak podpisu cyfrowego] R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [1645568 2012-09-24] () [Brak podpisu cyfrowego] R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664064 2012-09-24] (Lenovo Group Limited) R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2613200 2015-10-12] (Paramount Software UK Ltd) R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited) R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [1118208 2010-12-10] () [Brak podpisu cyfrowego] R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1425408 2010-12-10] (Lenovo Group Limited) [Brak podpisu cyfrowego] R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1171456 2010-12-10] (Lenovo Group Limited) [Brak podpisu cyfrowego] S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [22016 2013-06-23] (Apache Software Foundation) [Brak podpisu cyfrowego] S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [10923520 2013-06-23] () [Brak podpisu cyfrowego] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 Amfilter; C:\WINDOWS\System32\DRIVERS\Amfilter.sys [8704 2007-01-24] (A4Tech Co.,Ltd.) [Brak podpisu cyfrowego] S3 Amusbprt; C:\WINDOWS\System32\DRIVERS\Amusbprt.sys [14336 2007-03-13] (A4Tech Co.,Ltd.) [Brak podpisu cyfrowego] R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134944 2016-02-16] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [240896 2016-04-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207792 2016-01-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [191232 2016-03-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [46848 2016-04-14] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies) R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533152 2009-09-18] (Broadcom Corporation.) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [993576 2010-09-23] (Broadcom Corporation.) R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.) R3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.) R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [51752 2010-09-16] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 dfmirage; C:\WINDOWS\System32\DRIVERS\dfmirage.sys [31896 2011-11-16] (DemoForge, LLC) R3 EboardTouch; C:\WINDOWS\System32\DRIVERS\eboard_touch.sys [16128 2011-06-16] (e@Board) R1 EMP_MAP; C:\WINDOWS\System32\DRIVERS\EMP_Map.sys [6400 2008-04-08] () [Brak podpisu cyfrowego] S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () [Brak podpisu cyfrowego] S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [Brak podpisu cyfrowego] S3 filtertdidriver; C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys [7552 2009-02-27] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [217016 2010-06-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [993464 2010-06-02] (Conexant Systems, Inc.) S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-03-04] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [70528 2013-03-04] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27776 2013-03-04] (Huawei Technologies Co., Ltd.) S3 k750bus; C:\WINDOWS\System32\DRIVERS\k750bus.sys [55216 2005-07-07] (MCCI) S3 k750mdfl; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [6576 2005-07-07] (MCCI) S3 k750mdm; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [89872 2005-07-07] (MCCI) S3 k750mgmt; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [81728 2005-07-07] (MCCI) S3 k750obex; C:\WINDOWS\System32\DRIVERS\k750obex.sys [79488 2005-07-07] (MCCI) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2016-01-04] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 Ndisprot; C:\WINDOWS\System32\DRIVERS\EP_NSWD.sys [19584 2008-04-08] (Windows (R) 2000 DDK provider) [Brak podpisu cyfrowego] R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation) R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2006-03-02] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2006-03-02] (Microsoft Corporation) R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2012-10-31] (Microsoft Corporation) [Brak podpisu cyfrowego] S3 PSMounterEx; C:\WINDOWS\system32\drivers\psmounterex.sys [156048 2015-10-12] (Windows (R) Win 7 DDK provider) R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Windows (R) Win 7 DDK provider) R0 sfdrv01a; C:\WINDOWS\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce)) R0 sfsync04; C:\WINDOWS\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce)) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2012-11-09] (Duplex Secure Ltd.) R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) R1 tcpipBM; C:\WINDOWS\system32\drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [Brak podpisu cyfrowego] R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited) R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [13936 2012-09-24] (Lenovo Group Limited) R3 vdisp; C:\WINDOWS\System32\DRIVERS\EMP_Vd1.sys [7680 2008-04-08] (Windows (R) 2000 DDK provider) S3 VNUSB; C:\WINDOWS\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.) [Brak podpisu cyfrowego] S3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2011-12-09] (Wondershare) S3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2011-12-09] (Wondershare) S3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2011-12-09] (Wondershare) S3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2011-12-09] (Wondershare) S3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2011-12-09] (Wondershare) U3 a6um4quw; C:\WINDOWS\system32\Drivers\a6um4quw.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder) U5 avgunivx; C:\Windows\System32\Drivers\avgunivx.sys [61696 2016-04-18] (AVG Technologies CZ, s.r.o.) U3 DfSdkS; Brak ImagePath U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249600 2013-01-23] (Huawei Technologies Co., Ltd.) S4 IntelIde; Brak ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Brak podpisu cyfrowego] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-04 01:06 - 2016-05-04 09:03 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-05-04 01:06 - 2016-05-04 01:06 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-05-04 01:06 - 2016-05-04 01:06 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-05-04 01:03 - 2016-05-04 01:03 - 00000000 ____D C:\Documents and Settings\admin\Menu Start\Programy\Akcesoria 2016-05-04 00:52 - 2016-05-04 00:54 - 00000000 __HDC C:\WINDOWS\ie8 2016-05-04 00:42 - 2011-08-16 12:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll 2016-05-04 00:40 - 2016-05-04 00:40 - 17037680 _____ (Microsoft Corporation) C:\Documents and Settings\admin\Pulpit\IE8-WindowsXP-x86-PLK.exe 2016-05-04 00:40 - 2016-05-04 00:40 - 06776168 _____ (Microsoft Corporation) C:\Documents and Settings\admin\Pulpit\WindowsUpdateAgent30-x86.exe 2016-05-03 21:38 - 2016-05-03 21:39 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\PatryK M- zadania z C++ 2016-05-02 21:54 - 2016-05-02 21:55 - 00000000 ____D C:\totalcmd 2016-05-02 21:54 - 2016-05-02 21:54 - 00000000 ____D C:\Documents and Settings\admin\Dane aplikacji\GHISLER 2016-05-02 21:54 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\UC.PIF 2016-05-02 21:54 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\RAR.PIF 2016-05-02 21:54 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\PKZIP.PIF 2016-05-02 21:54 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\PKUNZIP.PIF 2016-05-02 21:54 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\LHA.PIF 2016-05-02 21:54 - 2015-09-17 08:52 - 00000545 _____ C:\WINDOWS\ARJ.PIF 2016-05-01 22:43 - 2016-05-01 22:43 - 00078189 _____ C:\Documents and Settings\admin\Pulpit\scanlog.txt 2016-05-01 12:17 - 2016-05-01 12:18 - 00016628 _____ C:\WINDOWS\ntbtlog.txt 2016-05-01 05:20 - 2016-05-04 09:06 - 00000000 ____D C:\FRST 2016-04-30 18:41 - 2016-05-04 09:06 - 00000000 ____D C:\WINDOWS\wirus 2016-04-16 19:28 - 2016-04-16 19:28 - 00398594 _____ C:\Documents and Settings\admin\Pulpit\Zadania otwarte krótkiej odpowiedzi (I-II).pdf 2016-04-11 19:13 - 2016-04-11 19:13 - 00037627 _____ C:\Documents and Settings\admin\Pulpit\spkrasni20160411.pdf 2016-04-06 07:38 - 2016-04-06 09:39 - 00583186 _____ C:\Documents and Settings\admin\Pulpit\Sprawdzian szóstoklsisty.pptx ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-04 09:06 - 2015-08-31 09:50 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Rok szkolny 2015-2016 2016-05-04 09:06 - 2012-10-31 13:28 - 00000000 ____D C:\Documents and Settings\admin\Ustawienia lokalne\Temp 2016-05-04 08:51 - 2012-10-31 18:58 - 00000300 _____ C:\WINDOWS\Tasks\PMTask.job 2016-05-04 07:59 - 2012-10-31 14:00 - 00000000 ____D C:\WINDOWS\repair 2016-05-04 07:58 - 2012-11-11 12:45 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2016-05-04 07:58 - 2012-10-31 13:15 - 00000000 ____D C:\WINDOWS\Registration 2016-05-04 07:53 - 2012-11-02 09:44 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2016-05-04 07:51 - 2016-01-10 20:56 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2016-05-04 07:49 - 2015-11-02 23:24 - 00000442 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1446499447.job 2016-05-04 07:48 - 2012-10-31 13:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-04 02:33 - 2012-10-31 16:43 - 00000000 ____D C:\WINDOWS\ie8updates 2016-05-04 02:33 - 2012-10-31 14:00 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2016-05-04 02:33 - 2012-10-31 14:00 - 00000000 ___HD C:\WINDOWS\inf 2016-05-04 02:33 - 2012-10-31 13:28 - 00000188 ___SH C:\Documents and Settings\admin\ntuser.ini 2016-05-04 02:33 - 2012-10-31 13:27 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt 2016-05-04 01:07 - 2012-10-31 13:28 - 00000000 ____D C:\Documents and Settings\admin\Pulpit 2016-05-04 01:06 - 2014-08-27 11:58 - 00000000 ____D C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Adobe 2016-05-04 01:03 - 2012-10-31 14:00 - 00000000 ____D C:\WINDOWS\Help 2016-05-04 01:03 - 2012-10-31 13:28 - 00000803 _____ C:\Documents and Settings\admin\Menu Start\Programy\Internet Explorer.lnk 2016-05-04 01:03 - 2012-10-31 13:28 - 00000000 ___RD C:\Documents and Settings\admin\Menu Start\Programy 2016-05-04 00:55 - 2012-10-31 14:09 - 00001355 _____ C:\WINDOWS\imsins.BAK 2016-05-04 00:54 - 2012-10-31 13:18 - 00000000 ___HD C:\WINDOWS\$hf_mig$ 2016-05-04 00:53 - 2012-10-31 14:00 - 00000000 ____D C:\WINDOWS\Media 2016-05-04 00:34 - 2013-02-15 00:54 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol 2016-05-04 00:34 - 2012-10-31 14:08 - 00000000 ____D C:\Documents and Settings\All Users 2016-05-04 00:33 - 2012-10-31 13:28 - 00000000 __SHD C:\Documents and Settings\admin\Ustawienia lokalne\Historia 2016-05-04 00:29 - 2012-10-31 14:08 - 00000000 __SHD C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2016-05-04 00:29 - 2012-10-31 13:27 - 00000000 __SHD C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2016-05-04 00:29 - 2012-10-31 13:27 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2016-05-04 00:29 - 2012-10-31 13:27 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2016-05-04 00:28 - 2013-02-15 00:54 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-05-04 00:28 - 2012-10-31 14:08 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2016-05-04 00:28 - 2012-10-31 13:28 - 00000000 __RHD C:\Documents and Settings\admin\Dane aplikacji 2016-05-04 00:28 - 2012-10-31 13:28 - 00000000 ___HD C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji 2016-05-04 00:21 - 2012-10-31 13:28 - 00000000 ____D C:\Documents and Settings\admin 2016-05-03 23:48 - 2013-03-20 20:18 - 00000000 ____D C:\Program Files\Opera 2016-05-03 23:48 - 2013-03-20 20:18 - 00000000 ____D C:\Documents and Settings\admin\Dane aplikacji\Opera 2016-05-03 23:48 - 2012-10-31 14:08 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2016-05-03 23:45 - 2013-01-08 20:36 - 00000000 ____D C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google 2016-05-03 23:43 - 2012-10-31 17:17 - 00000000 ____D C:\Program Files\Java 2016-05-03 23:42 - 2012-10-31 14:09 - 01254796 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-03 23:42 - 2006-03-02 14:00 - 00555410 _____ C:\WINDOWS\system32\perfh015.dat 2016-05-03 23:42 - 2006-03-02 14:00 - 00105058 _____ C:\WINDOWS\system32\perfc015.dat 2016-05-03 23:41 - 2012-10-31 16:51 - 00000000 ____D C:\Documents and Settings\admin\Dane aplikacji\Mozilla 2016-05-03 23:32 - 2014-02-16 17:19 - 00000000 ____D C:\WINDOWS\system32\Adobe 2016-05-03 21:54 - 2015-03-11 13:17 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Pliki z zajęć komputerowych 2016-05-03 21:47 - 2015-10-25 21:00 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Przygotowania do matury 2016-05-03 21:46 - 2015-11-22 21:20 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Prawo oświatowe 2016-05-03 21:46 - 2015-09-13 16:25 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Szkoła - pliki 2016-05-03 21:43 - 2015-11-11 12:32 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Instrukcje 2016-05-03 21:40 - 2014-08-28 22:08 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Programy bez instalacjii 2016-05-03 21:35 - 2012-11-01 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2016-05-03 21:35 - 2012-11-01 21:04 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office 2016-05-03 21:34 - 2015-11-30 20:16 - 00000000 ____D C:\Documents and Settings\admin\Dane aplikacji\CodeBlocks 2016-05-03 14:14 - 2014-06-18 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\AVG 2016-05-03 14:14 - 2013-12-26 21:25 - 01476185 _____ C:\WINDOWS\setupapi.log.1.old 2016-05-03 14:02 - 2012-10-31 17:49 - 00165440 _____ C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2016-05-03 14:02 - 2012-10-31 14:08 - 00567096 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-05-03 00:18 - 2012-12-15 01:59 - 00000000 ____D C:\Documents and Settings\admin\Dane aplikacji\Notepad++ 2016-05-02 16:14 - 2006-03-02 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2016-05-01 05:20 - 2012-10-31 14:08 - 00000000 ___HD C:\Documents and Settings\Default User 2016-05-01 05:20 - 2012-10-31 13:27 - 00000000 __SHD C:\Documents and Settings\NetworkService 2016-05-01 05:20 - 2012-10-31 13:27 - 00000000 __SHD C:\Documents and Settings\LocalService 2016-04-28 18:11 - 2013-04-16 09:42 - 00004608 _____ C:\autozapis_.pf+ 2016-04-28 11:32 - 2012-10-31 13:18 - 00001599 _____ C:\Documents and Settings\Default User\Menu Start\Programy\Pomoc zdalna.lnk 2016-04-28 11:32 - 2012-10-31 13:18 - 00001507 _____ C:\Documents and Settings\All Users\Menu Start\Windows Update.lnk 2016-04-28 11:18 - 2012-10-31 13:28 - 00001599 _____ C:\Documents and Settings\admin\Menu Start\Programy\Pomoc zdalna.lnk 2016-04-27 09:00 - 2013-01-08 20:59 - 00002539 _____ C:\Documents and Settings\admin\Menu Start\Microsoft Office Word 2003.lnk 2016-04-22 09:53 - 2013-11-29 14:14 - 00000000 ____D C:\Program Files\Lx_cats 2016-04-20 20:34 - 2012-11-12 15:02 - 00010856 _____ C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2016-04-20 14:17 - 2014-07-24 14:04 - 00240896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys 2016-04-20 12:48 - 2015-09-13 16:17 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\osobiste i rodzinne 2016-04-19 13:26 - 2012-11-01 21:18 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt 2016-04-18 10:31 - 2013-01-13 20:10 - 00002557 _____ C:\Documents and Settings\admin\Menu Start\Microsoft Office Excel 2003.lnk 2016-04-18 09:10 - 2016-01-08 11:49 - 00061696 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgunivx.sys 2016-04-18 07:32 - 2012-11-01 22:49 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Skróty do programów 2016-04-17 22:15 - 2014-08-28 22:09 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Pliki z pulpitu 2016-04-17 22:11 - 2014-01-23 10:22 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Pobieranie 2016-04-17 21:39 - 2012-11-01 21:05 - 00000421 _____ C:\WINDOWS\ODBC.INI 2016-04-17 21:33 - 2013-08-29 13:31 - 00000000 ____D C:\Documents and Settings\admin\Pulpit\Rok szkolny 2013-2014 2016-04-14 10:54 - 2012-09-14 04:05 - 00046848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx86.sys 2016-04-14 03:15 - 2013-07-23 22:16 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-04-14 03:03 - 2012-11-02 19:12 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-13 11:48 - 2016-03-23 13:17 - 00033280 ___SH C:\Documents and Settings\admin\Pulpit\Thumbs.db ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-12-15 14:48 - 2013-12-15 14:48 - 0000008 ___SH () C:\Program Files\.dat000001.dat 2013-12-15 14:48 - 2013-12-15 14:48 - 0000008 ___SH () C:\Program Files\.dat000002.dat 2013-12-15 14:48 - 2013-12-17 18:24 - 0000008 ___SH () C:\Program Files\.data110704.dat 2013-12-15 14:48 - 2013-12-17 18:24 - 0000008 ___SH () C:\Program Files\.data211004.dat 2013-12-15 14:48 - 2013-12-17 18:24 - 0000008 ___SH () C:\Program Files\.data211204.dat 2013-12-15 14:48 - 2013-12-15 14:48 - 0000008 ___SH () C:\Program Files\.drv120405.dat 2013-10-28 00:28 - 2013-10-28 00:29 - 0000038 _____ () C:\Program Files\GPACgpac_pl.m3u 2013-12-15 14:48 - 2013-12-17 18:24 - 0000008 ___SH () C:\Documents and Settings\admin\Dane aplikacji\.addit001.dat 2013-12-15 14:48 - 2013-12-15 14:48 - 0000008 ___SH () C:\Documents and Settings\admin\Dane aplikacji\.app190905.dat 2013-12-15 14:48 - 2013-12-17 18:24 - 0000008 ___SH () C:\Documents and Settings\admin\Dane aplikacji\.data000.dat 2013-12-15 14:48 - 2013-12-17 18:24 - 0000008 ___SH () C:\Documents and Settings\admin\Dane aplikacji\.data001.dat 2013-12-15 14:48 - 2013-12-15 14:48 - 0000008 ___SH () C:\Documents and Settings\admin\Dane aplikacji\.drv120205.dat 2013-12-15 14:48 - 2013-12-15 14:48 - 0000008 ___SH () C:\Documents and Settings\admin\Dane aplikacji\.drv190904.dat 2012-11-11 12:38 - 2016-02-04 14:08 - 0038400 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-06 17:29 - 2013-10-06 17:29 - 0000001 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\llftool.4.12.agreement 2013-05-20 20:59 - 2013-05-20 20:59 - 0000001 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\llftool.4.30.agreement 2013-01-01 18:14 - 2013-01-05 19:41 - 0000600 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\PUTTY.RND 2015-11-10 10:29 - 2015-11-10 10:29 - 0003109 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\recently-used.xbel 2012-11-02 21:46 - 2012-11-02 21:46 - 0002160 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\unins000.dat 2012-11-02 21:46 - 2012-11-02 21:46 - 0707504 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\unins000.exe 2012-11-02 21:46 - 2012-11-02 21:46 - 0011761 _____ () C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\unins000.msg ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================