Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 05-02-2017 Uruchomiony przez Admin (administrator) DOM-DA2212A2C7A (06-02-2017 17:02:15) Uruchomiony z C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie Załadowane profile: Admin (Dostępne profile: Admin) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\WINDOWS\ATK0100\HControl.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe () C:\WINDOWS\ATK0100\ATKOSD.exe (HP) C:\WINDOWS\system32\HPZipm12.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [497024 2009-07-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [HControl] => C:\WINDOWS\ATK0100\HControl.exe [106496 2006-02-23] () HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-02] (AVAST Software) HKLM\...\Run: [] => [X] HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\Run: [EPSON SX130 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE [208384 2010-12-07] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\Run: [ABBYY Screenshot Reader Bonus] => [X] HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {17e05bee-f5b6-11e2-8160-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {17fac02e-f552-11e2-815d-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {17fac031-f552-11e2-815d-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {17fac033-f552-11e2-815d-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {196b69ea-f601-11e2-8164-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {2b0a2eae-f5fc-11e2-8163-b154bd777a79} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {2ee183fc-6f31-11e1-9488-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {37473ab6-f88b-11e2-816f-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {4241f42c-53f9-11e1-9400-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {4241f430-53f9-11e1-9400-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {43814998-1963-11e3-81da-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {54057ef8-fa82-11e2-8178-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {6ac058f2-745f-11e1-94a5-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {7b7774dc-f60e-11e2-8167-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {846f9658-f2cf-11e2-8155-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {846f965c-f2cf-11e2-8155-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {94080e98-902b-11e1-953e-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {941d1176-131f-11e3-81b3-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {998c70b8-bc2d-11e3-837d-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {a16e8f8a-f556-11e2-815e-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {a16e8f8f-f556-11e2-815e-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {a16e8f93-f556-11e2-815e-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {a3e8fb0e-f7ba-11e2-816c-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {a9d51f4a-1e0f-11e3-81ef-e41cb49a8319} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {adf95a5a-1879-11e3-81d6-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {b1328628-1cb1-11e4-8474-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {bb9f0f6a-126a-11e3-81ac-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {bb9f0f6c-126a-11e3-81ac-1c4bd6ce2f77} - I:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {bdece50a-f5b3-11e2-815f-1c4bd6ce2f77} - F:\AutoRun.exe HKU\S-1-5-21-725345543-1677128483-1417001333-1004\...\MountPoints2: {d44fc548-1880-11e3-81d7-1c4bd6ce2f77} - F:\LGAutoRun.exe HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => Brak pliku ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-01-02] (AVAST Software) ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{1F2A62F4-5DAB-43A5-A285-6BA008E4CDAD}: [DhcpNameServer] 192.168.10.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-725345543-1677128483-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-02] (AVAST Software) BHO: Brak nazwy -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> Brak pliku BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation) Toolbar: HKLM - Brak nazwy - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Brak pliku DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\dr5r1n46.default [2017-02-06] FF user.js: detected! => C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\dr5r1n46.default\user.js [2014-06-22] FF Extension: (Adblock Plus) - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\dr5r1n46.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23] FF SearchPlugin: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\dr5r1n46.default\searchplugins\wot-safe-search.xml [2014-01-19] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-09] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-04] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-725345543-1677128483-1417001333-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2009-07-31] (LizardTech) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\all-gemius.js [2013-09-20] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1403458442&from=cor&uid=WDCXWD3200BEVT-80A0RT0_WD-WXE1A305332153321" CHR Profile: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default [2017-01-28] CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-31] CHR Extension: (Google Search) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-31] CHR Extension: (Avast Online Security) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-28] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-28] CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-31] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-08-13] (Adobe Systems) [Brak podpisu cyfrowego] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-02] (AVAST Software) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes) S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.) S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.) S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2017-01-02] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2017-01-02] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2017-01-02] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2017-01-02] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2017-01-02] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2017-01-02] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2017-01-02] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2017-01-02] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2017-01-02] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224752 2017-01-02] (AVAST Software) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-08-18] (DT Soft Ltd) R3 ETD; C:\WINDOWS\System32\DRIVERS\ETD.sys [87040 2009-07-29] (ELAN Microelectronic Corp.) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [Brak podpisu cyfrowego] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-10-28] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-28] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-28] (HP) R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [39424 2009-08-05] (Atheros Communications, Inc.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5632 2005-02-17] () S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia) R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1799680 2009-03-27] () R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software) R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1390976 2009-08-17] (VIA Technologies, Inc.) R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2009-03-16] (Atheros Communications, Inc.) U3 DfSdkS; Brak ImagePath S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S4 IntelIde; Brak ImagePath U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-06 17:00 - 2017-02-06 17:02 - 00000000 ____D C:\FRST 2017-02-06 16:39 - 2017-02-06 16:39 - 00000000 ____D C:\Documents and Settings\Admin\Pulpit\zacinanie 2017-02-05 13:35 - 2017-02-05 21:43 - 00000644 _____ C:\Documents and Settings\Admin\Pulpit\zadaniazacinanie.txt 2017-01-27 20:08 - 2017-01-27 21:28 - 00000000 ____D C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\ESET 2017-01-27 18:37 - 2017-02-05 13:55 - 00219072 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-01-27 18:37 - 2017-02-05 13:55 - 00142112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-01-27 18:37 - 2017-02-05 13:55 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-01-27 18:36 - 2017-01-27 18:36 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-27 18:36 - 2017-01-27 18:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes 2017-01-27 18:36 - 2017-01-27 18:36 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2017-01-27 18:36 - 2016-12-14 12:55 - 00059968 _____ C:\WINDOWS\system32\Drivers\mbae.sys 2017-01-21 19:36 - 2017-01-21 19:36 - 00000000 ____D C:\Program Files\Common Files\Java 2017-01-21 19:35 - 2017-01-21 19:35 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Sun 2017-01-12 15:46 - 2017-01-12 18:57 - 00002347 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-06 17:02 - 2011-06-01 13:43 - 00000000 ____D C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie 2017-02-06 17:02 - 2011-05-30 18:25 - 00000000 ____D C:\Documents and Settings\Admin\Ustawienia lokalne\Temp 2017-02-06 16:40 - 2011-05-30 18:25 - 00000000 ____D C:\Documents and Settings\Admin\Pulpit 2017-02-06 16:39 - 2012-06-01 13:19 - 00000000 ____D C:\Documents and Settings\Admin\Moje dokumenty\Łukasz 2017-02-06 16:35 - 2011-05-30 18:37 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2017-02-06 16:30 - 2016-05-07 17:07 - 00000542 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1462637216.job 2017-02-06 16:28 - 2012-07-06 17:18 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2017-02-06 16:16 - 2013-11-28 15:31 - 00000362 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Admin.job 2017-02-06 16:11 - 2012-07-05 11:02 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-06 15:40 - 2011-05-30 19:55 - 01193638 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-06 15:40 - 2001-10-30 13:00 - 00527696 _____ C:\WINDOWS\system32\perfh015.dat 2017-02-06 15:40 - 2001-10-30 13:00 - 00102810 _____ C:\WINDOWS\system32\perfc015.dat 2017-02-06 15:36 - 2014-03-06 18:23 - 00000222 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2017-02-06 15:36 - 2011-05-30 18:37 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-02-06 15:36 - 2011-05-30 18:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-06 15:21 - 2011-05-30 19:56 - 00000462 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{CA7B4CB9-AB1B-4059-95F1-4C5BDB4D9BCE}.job 2017-02-06 15:19 - 2001-10-30 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2017-02-05 22:36 - 2014-07-03 11:20 - 00786112 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2017-02-05 22:36 - 2011-05-30 18:25 - 00000292 ___SH C:\Documents and Settings\Admin\ntuser.ini 2017-02-05 22:36 - 2011-05-30 18:23 - 00032578 _____ C:\WINDOWS\SchedLgU.Txt 2017-02-05 22:36 - 2011-05-30 18:23 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2017-02-05 22:35 - 2011-05-30 18:25 - 00000000 ____D C:\Documents and Settings\Admin 2017-02-05 15:32 - 2011-05-30 19:47 - 00000000 ___HD C:\WINDOWS\inf 2017-02-05 15:32 - 2011-05-30 18:29 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups 2017-02-05 13:26 - 2011-05-30 19:54 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2017-02-03 16:03 - 2013-06-10 15:34 - 00000000 ____D C:\Documents and Settings\Admin\Dane aplikacji\GG 2017-02-02 19:29 - 2012-04-11 09:41 - 00000000 ____D C:\Documents and Settings\Admin\Dane aplikacji\Wise Disk Cleaner 2017-01-31 16:00 - 2016-05-18 16:00 - 00000000 ____D C:\Program Files\Cossacks - The Art of War Demo 2017-01-30 21:25 - 2011-05-30 19:47 - 00000000 ____D C:\WINDOWS\Help 2017-01-29 14:21 - 2013-02-03 21:54 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2017-01-29 14:16 - 2011-05-30 18:03 - 00000000 ____D C:\WINDOWS\Registration 2017-01-28 17:52 - 2016-10-21 15:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-01-28 17:35 - 2011-05-30 18:25 - 00000000 ___HD C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji 2017-01-27 18:47 - 2013-06-10 15:59 - 00000000 ____D C:\Documents and Settings\Admin\Pulpit\Programy 2017-01-27 18:47 - 2011-05-30 19:55 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2017-01-27 18:36 - 2011-05-30 19:55 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2017-01-22 16:26 - 2014-12-13 21:29 - 00000000 ____D C:\Program Files\SpeedFan 2017-01-21 19:36 - 2012-07-05 11:02 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2017-01-21 19:36 - 2011-05-30 19:56 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2017-01-21 19:36 - 2011-05-30 18:04 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-01-21 19:35 - 2014-12-23 18:35 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2017-01-21 19:35 - 2014-04-20 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Java 2017-01-21 19:35 - 2011-05-30 19:49 - 00160256 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2017-01-21 19:34 - 2011-05-30 19:49 - 00000000 ____D C:\Program Files\Java 2017-01-18 17:54 - 2011-05-30 20:27 - 00000069 _____ C:\WINDOWS\NeroDigital.ini 2017-01-12 22:35 - 2016-12-21 17:22 - 00000000 _____ C:\WINDOWS\system32\last.dump 2017-01-12 15:58 - 2011-06-01 14:05 - 00000000 ____D C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Adobe 2017-01-12 15:46 - 2011-06-14 10:45 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-01-12 15:46 - 2011-06-14 10:45 - 00000000 ____D C:\Program Files\Adobe 2017-01-12 15:46 - 2011-05-30 19:15 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2017-01-08 15:00 - 2014-03-06 18:23 - 00000216 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-06-01 16:18 - 2015-06-01 16:18 - 0048486 _____ () C:\Documents and Settings\Admin\Dane aplikacji\Debut.dmp 2015-05-18 16:26 - 2015-05-18 16:26 - 0000932 _____ () C:\Documents and Settings\Admin\Dane aplikacji\Langu_de_at_pl.txt 2011-07-05 16:56 - 2016-12-31 20:56 - 0079360 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-01-28 20:09 - 2016-01-28 20:09 - 0000218 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\recently-used.xbel 2011-06-07 15:17 - 2015-12-14 20:20 - 0002117 _____ () C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log Niektóre pliki w TEMP: ==================== 2016-03-11 19:34 - 2006-10-25 14:17 - 0569344 _____ (Electronic Arts Inc.) C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\AutoRun.exe 2016-03-11 19:34 - 2006-10-25 14:17 - 0528384 _____ (Electronic Arts Inc.) C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\AutoRunGUI.dll 2016-03-11 19:34 - 2006-10-25 14:17 - 0720896 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\EAInstall.dll 2014-06-24 19:18 - 2016-04-18 16:49 - 0986136 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ggdrive-menu.exe 2014-06-24 19:18 - 2016-04-18 16:49 - 1228520 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\ggdrive-overlay.exe 2016-02-08 19:26 - 2016-02-08 19:27 - 7384608 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\HPPSdr.exe 2014-06-24 19:18 - 2014-02-05 16:07 - 0056856 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\installstats.exe 2014-09-29 18:06 - 2014-09-29 18:06 - 0937896 _____ (Oracle Corporation) C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\jre-7u71-windows-i586-iftw.exe 2014-12-18 18:29 - 2014-12-18 18:29 - 0641448 _____ (Oracle Corporation) C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\jre-8u31-windows-au.exe 2016-05-07 17:14 - 2016-05-07 17:14 - 0739904 _____ (Oracle Corporation) C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\jre-8u91-windows-au.exe 2014-12-03 18:53 - 2014-11-03 10:24 - 0121936 _____ (RealNetworks, Inc.) C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\lowproc.exe 2014-12-03 18:53 - 2014-12-03 19:00 - 0000000 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\SCC.dll 2014-12-13 21:30 - 2017-01-22 16:26 - 0192512 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\sfamcc00001.dll 2012-12-16 10:55 - 2012-12-16 10:55 - 0055296 _____ () C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\sfextra.dll 2014-12-03 18:53 - 2014-11-03 10:49 - 0090624 _____ (RealNetworks, Inc.) C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\stubhelper.dll ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================