Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:15-06-2016 Uruchomiony przez user_2 (administrator) PRACOWNIA3 (15-06-2016 17:19:43) Uruchomiony z C:\do instalacji Załadowane profile: user_2 (Dostępne profile: user & user_2 & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (brother Industries Ltd) C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE (InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (Aladdin Knowledge Systems Ltd.) C:\WINDOWS\system32\hasplms.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe () C:\WINDOWS\system32\PSIService.exe () C:\Documents and Settings\All Users\Dane aplikacji\RbtProt\sgsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Akamai Technologies, Inc.) C:\Documents and Settings\user_2\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Akamai Technologies, Inc.) C:\Documents and Settings\user_2\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [29831168 2008-05-14] (VIA Technologies, Inc.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [WorksFUD] => C:\Program Files\Microsoft Works\wkfud.exe [24576 2001-10-05] (Microsoft® Corporation) HKLM\...\Run: [Microsoft Works Portfolio] => C:\Program Files\Microsoft Works\WksSb.exe [331830 2001-08-23] (Microsoft® Corporation) HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [28738 2001-08-16] (Microsoft® Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard) HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [233472 2003-10-23] (Hewlett-Packard Company) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.) HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_45\bin\jusched.exe" Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-09-28] (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-19\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-20\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-73586283-412668190-682003330-1004\...\Run: [Allway Sync 'n' Go] => "D:\Allway Sync 'n' Go\Bin\syncappw.exe" -m HKU\S-1-5-21-73586283-412668190-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-73586283-412668190-682003330-1004\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\user_2\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-73586283-412668190-682003330-1004\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-73586283-412668190-682003330-1004\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-73586283-412668190-682003330-1004\...\MountPoints2: {b9187534-68a3-11df-beb1-002215cc1e70} - D:\start.exe HKU\S-1-5-21-73586283-412668190-682003330-1004\...\MountPoints2: {d5155392-8bd2-11de-be30-002215cc1e70} - lcw.exe HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0 ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk [2009-04-07] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Works Calendar Reminders.lnk [2009-02-12] ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk [2009-04-22] ShortcutTarget: Przyspieszenie uruchomienia programu AutoCAD.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61 Tcpip\..\Interfaces\{07ED5E48-6FB2-4F5D-974E-0966BB57DD8B}: [DhcpNameServer] 62.179.1.60 62.179.1.61 Internet Explorer: ================== HKU\S-1-5-21-73586283-412668190-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {d3f22a84-2a84-49eb-91e6-5dadaaf0165d} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm324YYpl&ptnrS=GRxdm324YYpl&si=4124&ptb=1C14E1FE-77C3-49F8-A6E2-CC3FA5FC2510&ind=2012041709&n=77ed51ed&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-73586283-412668190-682003330-1004 -> DefaultScope {256778B9-196A-4638-A7BF-6C2FFD421847} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-73586283-412668190-682003330-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=8B30817C-377A-4B76-B54A-86713E2E74CB&apn_sauid=3289FC9C-3D1E-43BF-9FE9-A68F98BABAA0 SearchScopes: HKU\S-1-5-21-73586283-412668190-682003330-1004 -> {256778B9-196A-4638-A7BF-6C2FFD421847} URL = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-73586283-412668190-682003330-1004 -> {d3f22a84-2a84-49eb-91e6-5dadaaf0165d} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm324YYpl&ptnrS=GRxdm324YYpl&si=4124&ptb=1C14E1FE-77C3-49F8-A6E2-CC3FA5FC2510&ind=2012041709&n=77ed51ed&psa=&st=sb&searchfor={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-03] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-03] (Oracle Corporation) Toolbar: HKU\S-1-5-21-73586283-412668190-682003330-1004 -> Brak nazwy - {D4027C7F-154A-4066-A1AD-4243D8127440} - Brak pliku DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {68282C51-9459-467B-95BF-3C0E89627E55} hxxp://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-10-23] (Hewlett-Packard Company) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\user_2\Dane aplikacji\Mozilla\Firefox\Profiles\e2ec9l4a.default-1448885321281 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-06] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-03] (Oracle Corporation) FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Documents and Settings\user_2\Dane aplikacji\Mozilla\Firefox\Profiles\e2ec9l4a.default-1448885321281\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-19] [Brak podpisu cyfrowego] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [606208 2010-09-28] (ATI Technologies Inc.) [Brak podpisu cyfrowego] S3 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2010-12-02] (Autodesk) [Brak podpisu cyfrowego] R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [Brak podpisu cyfrowego] R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Brak podpisu cyfrowego] R2 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.) R2 hasplms; C:\WINDOWS\system32\hasplms.exe [2869760 2009-04-21] (Aladdin Knowledge Systems Ltd.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [53248 2005-07-25] (Hewlett-Packard Company) [Brak podpisu cyfrowego] R2 MSSQL$ATHENASOFT; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [Brak podpisu cyfrowego] R2 SG_Service; C:\Documents and Settings\All Users\Dane aplikacji\RbtProt\sgsrv.exe [180224 2007-11-21] () [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [352256 2009-01-16] (Aladdin Knowledge Systems Ltd.) S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238208 2009-03-13] (Aladdin Knowledge Systems Ltd.) S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [16384 2009-06-22] (Aladdin Knowledge Systems Ltd.) R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [5425152 2010-09-28] (ATI Technologies Inc.) [Brak podpisu cyfrowego] R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904 2010-08-19] (ATI Technologies, Inc.) S3 AVPsys; C:\WINDOWS\system32\drivers\cdaudio.sys [18688 2001-08-17] (Microsoft Corporation) S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2011-07-22] (Phoenix Technologies) [Brak podpisu cyfrowego] R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [587776 2009-07-09] (Aladdin Knowledge Systems Ltd.) R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2009-04-07] (Aladdin Knowledge Systems) [Brak podpisu cyfrowego] R0 hotcore3; C:\WINDOWS\System32\drivers\hotcore3.sys [38448 2008-01-17] (Paragon Software Group) R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] () R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [36600 2014-10-24] (Riverbed Technology, Inc.) S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [12753664 2011-05-25] (NVIDIA Corporation) [Brak podpisu cyfrowego] R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-05-15] () [Brak podpisu cyfrowego] R1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [32352 2008-01-17] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [131456 2008-01-17] (Paragon) R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [238080 2008-05-08] (VIA Technologies, Inc.) S4 IntelIde; Brak ImagePath U1 WS2IFSL; Brak ImagePath S1 zjmkivnq; \??\C:\WINDOWS\system32\drivers\zjmkivnq.sys [X] U3 fwdiykog; \??\C:\DOCUME~1\user_2\USTAWI~1\Temp\fwdiykog.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-06-15 17:19 - 2016-06-15 17:19 - 00000000 ____D C:\FRST 2016-06-15 16:26 - 2016-06-15 16:26 - 00000000 __SHD C:\Documents and Settings\user_2\IETldCache 2016-06-15 16:19 - 2016-06-15 16:19 - 00000000 ____D C:\WINDOWS\ie8updates 2016-06-15 16:16 - 2016-06-15 16:17 - 00000000 __HDC C:\WINDOWS\ie8 2016-06-15 16:13 - 2014-02-06 01:08 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2016-06-15 16:13 - 2014-02-06 01:08 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2016-06-15 16:13 - 2014-02-06 01:08 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2016-06-15 16:13 - 2014-02-06 01:08 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2016-06-15 16:13 - 2011-08-16 12:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll 2016-06-15 16:08 - 2016-06-15 16:26 - 00000000 ____D C:\Documents and Settings\user_2\Ustawienia lokalne\Dane aplikacji\FSDART 2016-06-15 16:08 - 2016-06-15 16:08 - 00000000 ____D C:\Documents and Settings\user_2\Ustawienia lokalne\Dane aplikacji\F-Secure 2016-05-25 16:49 - 2016-05-25 18:08 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-06-15 17:19 - 2009-04-07 12:17 - 00000000 ____D C:\Documents and Settings\user_2\Ustawienia lokalne\Temp 2016-06-15 17:19 - 2009-04-02 14:00 - 00000000 ____D C:\do instalacji 2016-06-15 17:00 - 2012-04-16 14:37 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-06-15 16:26 - 2014-03-25 16:15 - 00000224 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2016-06-15 16:26 - 2009-04-07 12:18 - 00000815 _____ C:\Documents and Settings\user_2\Menu Start\Programy\Internet Explorer.lnk 2016-06-15 16:26 - 2009-04-07 12:18 - 00000000 ___RD C:\Documents and Settings\user_2\Moje dokumenty\Moje obrazy 2016-06-15 16:26 - 2009-04-07 12:18 - 00000000 ___RD C:\Documents and Settings\user_2\Moje dokumenty\Moja muzyka 2016-06-15 16:26 - 2009-04-07 12:17 - 00000000 ___RD C:\Documents and Settings\user_2\Moje dokumenty 2016-06-15 16:26 - 2009-04-07 12:17 - 00000000 ___RD C:\Documents and Settings\user_2\Menu Start\Programy 2016-06-15 16:26 - 2009-04-07 12:17 - 00000000 ____D C:\Documents and Settings\user_2 2016-06-15 16:26 - 2008-12-30 18:07 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2016-06-15 16:26 - 2008-12-30 18:07 - 00000000 ___HD C:\WINDOWS\inf 2016-06-15 16:26 - 2008-12-30 18:07 - 00000000 ____D C:\WINDOWS\Media 2016-06-15 16:26 - 2008-12-30 18:07 - 00000000 ____D C:\WINDOWS\Help 2016-06-15 16:26 - 2008-12-30 17:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-15 16:26 - 2008-04-15 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2016-06-15 16:25 - 2009-04-07 12:17 - 00000188 ___SH C:\Documents and Settings\user_2\ntuser.ini 2016-06-15 16:25 - 2008-12-30 18:16 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2016-06-15 16:25 - 2008-12-30 17:36 - 00032632 _____ C:\WINDOWS\SchedLgU.Txt 2016-06-15 16:19 - 2008-12-31 12:36 - 00000000 ___HD C:\WINDOWS\$hf_mig$ 2016-06-15 16:19 - 2008-12-30 18:15 - 00001374 _____ C:\WINDOWS\imsins.BAK 2016-06-15 16:08 - 2009-04-07 12:17 - 00000000 ___HD C:\Documents and Settings\user_2\Ustawienia lokalne\Dane aplikacji 2016-06-15 16:03 - 2008-12-30 18:12 - 00000000 ____D C:\Documents and Settings\All Users 2016-06-15 15:56 - 2008-12-30 17:25 - 00001619 _____ C:\Documents and Settings\All Users\Menu Start\Określ dostęp do programów i ich ustawienia domyślne.lnk 2016-06-15 15:44 - 2013-08-14 14:21 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-06-15 15:40 - 2008-12-31 12:48 - 139785240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-06-06 20:00 - 2013-07-05 11:46 - 00000358 _____ C:\WINDOWS\Tasks\sokół.job 2016-06-06 20:00 - 2012-04-16 14:37 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-06-06 20:00 - 2011-10-20 13:03 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-05-25 18:08 - 2015-09-22 17:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-03-17 21:27 - 2007-11-20 09:23 - 0000060 ____R () C:\Program Files\BRINST.INI 2012-03-19 15:21 - 2012-03-19 16:12 - 0003584 _____ () C:\Documents and Settings\user_2\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-15 16:18 - 2014-05-15 16:18 - 0000001 _____ () C:\Documents and Settings\user_2\Ustawienia lokalne\Dane aplikacji\llftool.4.40.agreement 2008-04-15 14:00 - 2008-05-19 01:57 - 102662144 _____ () C:\Documents and Settings\All Users\msqrplk.exe Pliki do przeniesienia lub usunięcia: ==================== C:\Documents and Settings\All Users\msqrplk.exe Niektóre pliki w TEMP: ==================== C:\Documents and Settings\user\Ustawienia lokalne\Temp\FNP_ACT_InstallerCA.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\AcDeltree.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\ApnStub.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\cdo1060651107.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\cdo1083161941.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\cvasds0.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\cvasds1.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\FNP_ACT_InstallerCA.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\fsclm.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\fsonlinescanner.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\fsprod.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\fssfm.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\hdinst_x64.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\herss.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\hpbpnpsp.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\install_flash_player.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-6u15-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-6u17-windows-i586-iftw-rv.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-6u20-windows-i586-iftw-rv.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-6u33-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-6u37-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-7u21-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-7u40-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-7u51-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-7u55-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-7u67-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-7u71-windows-i586-iftw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-8u31-windows-au.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\jre-8u45-windows-au.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\preconfig.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\syncapp.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\syncappw.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\SyncHook.dll C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\SystemRequirementsLabx.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\UNINST.EXE C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\_is5.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\_is6A.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\_is7E.exe C:\Documents and Settings\user_2\Ustawienia lokalne\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll Niektóre zerobajtowe pliki/foldery: ========================== C:\Windows\System32\BRLM03A.DLL C:\Windows\System32\BRLMW03A.DLL C:\Windows\System32\BROSNMP.DLL C:\Windows\System32\BRTCPCON.DLL ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================