Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 17-09-2017 01 Uruchomiony przez mama (administrator) WOLTY-70C132807 (19-09-2017 20:05:26) Uruchomiony z C:\FRST Załadowane profile: mama (Dostępne profile: WOLTYŃSKA & mama & Administrator) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 7 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ======================================================== C:\FRST\FRST.exe => Win32/Suweezy? - pomyślnie przeniesiono ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (B.H.A Corporation) C:\WINDOWS\system32\bgsvcgen.exe (Aladdin Knowledge Systems Ltd.) C:\WINDOWS\system32\hasplms.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe () C:\WINDOWS\system32\drivers\WtSrv.exe (UC-Logic Technology Corp) C:\WINDOWS\system32\WService.exe (D-Link) C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe (Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (FUJIFILM Corporation) C:\Program Files\FinePixViewer\QuickDCF2.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe (Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe () C:\FRST\FRST.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [WService] => C:\WINDOWS\system32\WService.EXE [32768 2001-10-26] (UC-Logic Technology Corp) HKLM\...\Run: [D-Link AirPlus XtremeG DWL-G520] => C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe [1327104 2007-06-27] (D-Link) HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17881600 2009-05-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [hpqSRMon] => [X] HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-09] (AVAST Software) HKLM\...\Run: [SecurDisc] => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [1629480 2007-11-26] (Nero AG) HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] () HKLM\...\Run: [InCD] => C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057064 2007-11-26] (Nero AG) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKU\S-1-5-21-861567501-789336058-682003330-1005\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.) HKU\S-1-5-21-861567501-789336058-682003330-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\WITECZ~1.SCR [6412288 2014-08-04] () HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe -update pepperplugin Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ExifLauncher2.lnk [2008-12-07] ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk [2015-03-09] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\WOLTYŃSKA\Menu Start\Programy\Autostart\Myboard FKeys.lnk [2017-09-08] ShortcutTarget: Myboard FKeys.lnk -> C:\Documents and Settings\WOLTYŃSKA\Dane aplikacji\Microsoft\Installer\{CA5F828E-66D1-4B9E-A5A5-EEABC9E641CB}\GreenF.exe () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C7D8F9D6-D18B-4959-8390-CDF345BE91B8}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-861567501-789336058-682003330-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/pl-pl/?ocid=UP97DHP&pc=UP97 HKU\S-1-5-21-861567501-789336058-682003330-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EPL&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EPL&apn_dbr=ie&apn_uid=9E48A267-ACD4-46AA-A92F-E918E3BE9DE5&itbv=12.23.0.15&doi=2015-01-29&psv=&pt=tb hxxp://www.bing.pl URLSearchHook: HKU\S-1-5-21-861567501-789336058-682003330-1005 - (Brak nazwy) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Brak pliku SearchScopes: HKU\S-1-5-21-861567501-789336058-682003330-1005 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-861567501-789336058-682003330-1005 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-861567501-789336058-682003330-1005 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^PL&gct=sb&itbv=12.23.0.15&apn_uid=9E48A267-ACD4-46AA-A92F-E918E3BE9DE5&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^PL&apn_dbr=ie&doi=2015-01-29&trgb=IE&q={searchTerms}&psv=&pt=tb BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-09-09] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-861567501-789336058-682003330-1005 -> Brak nazwy - {4F524A2D-5637-4300-76A7-7A786E7484D7} - Brak pliku DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228306217678 DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} hxxp://www.ustka.pl/new/kamery/WinWebPush.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab FireFox: ======== FF DefaultProfile: 58r0zdhe.default FF ProfilePath: C:\Documents and Settings\mama\Dane aplikacji\Mozilla\Firefox\Profiles\58r0zdhe.default [2017-08-19] FF NewTab: C:\Documents and Settings\mama\Dane aplikacji\Mozilla\Firefox\Profiles\58r0zdhe.default -> chrome://fvd.speeddial/content/fvd_about_blank.html FF Homepage: C:\Documents and Settings\mama\Dane aplikacji\Mozilla\Firefox\Profiles\58r0zdhe.default -> chrome://fvd.speeddial/content/fvd_about_blank.html FF Extension: (Avira Browser Safety) - C:\Documents and Settings\mama\Dane aplikacji\Mozilla\Firefox\Profiles\58r0zdhe.default\Extensions\abs@avira.com [2017-07-02] FF Extension: (Firefox Hotfix) - C:\Documents and Settings\mama\Dane aplikacji\Mozilla\Firefox\Profiles\58r0zdhe.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-11] FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Documents and Settings\mama\Dane aplikacji\Mozilla\Firefox\Profiles\58r0zdhe.default\Extensions\pavel.sherbakov@gmail.com [2016-05-01] FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => nie znaleziono FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-06-27] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com => nie znaleziono FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-19] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-861567501-789336058-682003330-1005\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-04] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=1.1.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service) [Brak podpisu cyfrowego] S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5830352 2017-09-09] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-09] (AVAST Software) R2 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [86016 2005-04-30] (B.H.A Corporation) [Brak podpisu cyfrowego] R2 hasplms; C:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] () S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [Brak podpisu cyfrowego] R2 WinTabService; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [36864 2001-10-26] () [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 A3AB; C:\WINDOWS\System32\DRIVERS\A3AB.sys [547744 2007-05-24] (D-Link Corporation) S3 ABndis; C:\WINDOWS\System32\DRIVERS\abndis.sys [34384 2009-12-06] (ArcaBit) R3 ABndisMP; C:\WINDOWS\System32\DRIVERS\abndis.sys [34384 2009-12-06] (ArcaBit) R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) R2 ANIO; C:\WINDOWS\system32\ANIO.SYS [28195 2005-12-11] (Alpha Networks Inc.) [Brak podpisu cyfrowego] R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [267520 2017-09-09] (AVAST Software s.r.o.) R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157416 2017-09-09] (AVAST Software s.r.o.) R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276736 2017-09-09] (AVAST Software s.r.o.) R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50384 2017-09-09] (AVAST Software s.r.o.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42856 2017-09-09] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [124952 2017-09-09] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [70112 2017-09-09] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70864 2017-09-09] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [773800 2017-09-09] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [500136 2017-09-09] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [202712 2017-09-09] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [296824 2017-09-09] (AVAST Software) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP) R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG) R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG) U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16040 2007-11-26] (Nero AG) R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG) S3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-02-02] (Atheros Communications, Inc.) R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2008-02-06] (Logitech Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [150568 2008-06-24] (Marvell Semiconductor, Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2009-06-03] (VSO Software) [Brak podpisu cyfrowego] S3 Tablet2k; C:\WINDOWS\System32\Drivers\Tablet2k.sys [15370 2001-10-26] (Windows (R) 2000 DDK provider) [Brak podpisu cyfrowego] R1 TClass2k; C:\WINDOWS\System32\DRIVERS\TClass2k.sys [22650 2001-10-26] (Windows (R) 2000 DDK provider) [Brak podpisu cyfrowego] S3 UCTblHid; C:\WINDOWS\System32\DRIVERS\UCTblHid.sys [10906 2001-10-26] (Windows (R) 2000 DDK provider) [Brak podpisu cyfrowego] S4 IntelIde; Brak ImagePath S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X] S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X] U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-17 13:34 - 2017-09-17 13:34 - 000001880 _____ C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2017-09-17 13:34 - 2017-09-17 13:34 - 000000000 ___RD C:\Program Files\Skype 2017-09-17 13:34 - 2017-09-17 13:34 - 000000000 ____D C:\Program Files\Common Files\Skype 2017-09-17 13:34 - 2017-09-17 13:34 - 000000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Skype 2017-09-16 21:31 - 2017-09-16 21:31 - 000000035 _____ C:\Documents and Settings\mama\Pulpit\Nowy Dokument tekstowy (2).txt 2017-09-09 20:19 - 2017-09-09 20:18 - 000304816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-09-08 23:53 - 2017-09-08 23:53 - 000000000 ____D C:\Documents and Settings\WOLTYŃSKA\Dane aplikacji\AVAST Software 2017-09-08 23:52 - 2017-09-08 23:52 - 000000000 ____D C:\Documents and Settings\WOLTYŃSKA\Ustawienia lokalne\Dane aplikacji\Thunderbird 2017-09-08 23:52 - 2017-09-08 23:52 - 000000000 ____D C:\Documents and Settings\WOLTYŃSKA\Dane aplikacji\Thunderbird 2017-09-08 23:52 - 2017-09-08 23:52 - 000000000 ____D C:\Documents and Settings\WOLTYŃSKA\Dane aplikacji\Mozilla 2017-09-07 19:31 - 2017-09-07 19:49 - 000000000 ____D C:\Documents and Settings\mama\Pulpit\2017_0603wrocław 2017-08-22 16:18 - 2017-08-22 16:18 - 000000780 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Thunderbird.lnk ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-19 20:06 - 2008-12-30 11:55 - 000000000 ____D C:\Documents and Settings\mama\Ustawienia lokalne\Temp 2017-09-19 20:05 - 2017-08-11 18:47 - 000000000 ____D C:\FRST 2017-09-19 20:01 - 2009-03-21 21:26 - 000000000 ____D C:\Documents and Settings\mama\Dane aplikacji\Skype 2017-09-19 15:03 - 2013-10-03 19:45 - 000000262 _____ C:\WINDOWS\Tasks\EPUpdater.job 2017-09-19 14:00 - 2009-05-24 14:30 - 000003284 _____ C:\WINDOWS\system32\ANIWZCS{C7D8F9D6-D18B-4959-8390-CDF345BE91B8} 2017-09-19 13:20 - 2017-08-19 19:26 - 000000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job 2017-09-19 12:24 - 2017-05-17 11:34 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2017-09-19 12:23 - 2008-12-03 13:27 - 000000211 ___SH C:\boot.ini 2017-09-19 12:23 - 2008-04-15 14:00 - 000000670 _____ C:\WINDOWS\win.ini 2017-09-19 12:23 - 2008-04-15 14:00 - 000000227 _____ C:\WINDOWS\system.ini 2017-09-19 12:20 - 2009-03-14 15:18 - 000000005 _____ C:\WINDOWS\system32\ANIWZCSUSERNAME{C7D8F9D6-D18B-4959-8390-CDF345BE91B8} 2017-09-19 12:19 - 2008-12-03 13:34 - 000000007 _____ C:\WINDOWS\system32\ANIWZCSUSERNAME 2017-09-19 12:18 - 2014-10-13 15:23 - 000000454 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1388769754.job 2017-09-19 12:18 - 2008-12-03 13:51 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2017-09-19 12:18 - 2008-12-03 12:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-19 12:17 - 2008-12-03 13:51 - 000000000 _____ C:\WINDOWS\system32\Drivers\logiflt.iad 2017-09-19 11:03 - 2008-12-30 11:55 - 000000188 ___SH C:\Documents and Settings\mama\ntuser.ini 2017-09-19 11:03 - 2008-12-03 12:43 - 000032436 _____ C:\WINDOWS\SchedLgU.Txt 2017-09-17 15:17 - 2008-12-05 16:58 - 000000000 ____D C:\Program Files\Opera 2017-09-17 13:36 - 2008-12-07 17:26 - 000000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Skype 2017-09-17 13:34 - 2008-12-03 13:28 - 000000000 ____D C:\Documents and Settings\All Users\Pulpit 2017-09-17 13:34 - 2008-12-03 13:28 - 000000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy 2017-09-17 10:57 - 2008-12-03 12:39 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-09-16 21:50 - 2017-02-24 20:31 - 000000992 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-09-16 21:31 - 2008-12-30 11:55 - 000000000 ____D C:\Documents and Settings\mama\Pulpit 2017-09-16 19:06 - 2008-12-03 13:28 - 000000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2017-09-15 19:41 - 2008-04-15 14:00 - 000013646 _____ C:\WINDOWS\system32\wpa.dbl 2017-09-14 14:50 - 2008-12-30 11:55 - 000000000 ___HD C:\Documents and Settings\mama\Ustawienia lokalne\Dane aplikacji 2017-09-13 13:45 - 2008-12-30 11:55 - 000000000 ____D C:\Documents and Settings\mama 2017-09-09 20:21 - 2008-12-03 13:22 - 000000000 ___HD C:\WINDOWS\inf 2017-09-09 20:19 - 2017-08-19 19:25 - 000202712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000773800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000500136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000296824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000276736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000267520 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000157416 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000124952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000070864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000070112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000050384 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys 2017-09-09 20:18 - 2017-08-19 19:25 - 000042856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-09-08 23:53 - 2008-12-03 12:43 - 000000188 ___SH C:\Documents and Settings\WOLTYŃSKA\ntuser.ini 2017-09-08 23:53 - 2008-12-03 12:43 - 000000000 __RHD C:\Documents and Settings\WOLTYŃSKA\Dane aplikacji 2017-09-08 23:52 - 2008-12-03 12:43 - 000000000 ___HD C:\Documents and Settings\WOLTYŃSKA\Ustawienia lokalne\Dane aplikacji 2017-09-08 23:52 - 2008-12-03 12:43 - 000000000 ____D C:\Documents and Settings\WOLTYŃSKA\Ustawienia lokalne\Temp 2017-09-08 23:49 - 2008-12-03 12:43 - 000000000 ___RD C:\Documents and Settings\WOLTYŃSKA\Menu Start\Programy 2017-09-07 19:25 - 2008-12-07 16:31 - 000000000 ____D C:\Program Files\FinePixViewer 2017-08-22 16:17 - 2008-12-03 13:28 - 001088160 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-08-22 16:17 - 2008-04-15 14:00 - 000491118 _____ C:\WINDOWS\system32\perfh015.dat 2017-08-22 16:17 - 2008-04-15 14:00 - 000084370 _____ C:\WINDOWS\system32\perfc015.dat 2017-08-22 16:11 - 2008-12-03 13:22 - 000000000 ____D C:\WINDOWS\Help ==================== Pliki w katalogu głównym wybranych folderów ======= 2009-06-03 14:41 - 2009-10-15 18:35 - 000087608 _____ () C:\Documents and Settings\mama\Dane aplikacji\inst.exe 2009-06-03 14:41 - 2009-10-15 18:35 - 000007887 _____ () C:\Documents and Settings\mama\Dane aplikacji\pcouffin.cat 2009-06-03 14:41 - 2009-10-15 18:35 - 000001144 _____ () C:\Documents and Settings\mama\Dane aplikacji\pcouffin.inf 2009-06-03 14:41 - 2009-10-15 18:35 - 000000033 _____ () C:\Documents and Settings\mama\Dane aplikacji\pcouffin.log 2009-06-03 14:41 - 2009-10-15 18:35 - 000047360 _____ (VSO Software) C:\Documents and Settings\mama\Dane aplikacji\pcouffin.sys 2011-12-26 19:44 - 2017-04-27 19:27 - 000054784 _____ () C:\Documents and Settings\mama\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2008-12-03 13:37 - 2015-03-09 21:52 - 000019260 _____ () C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log 2014-11-10 22:17 - 2014-11-10 22:17 - 000005054 _____ () C:\Documents and Settings\All Users\Dane aplikacji\mtbjfghn.xbe Pliki do przeniesienia lub usunięcia: ==================== C:\Documents and Settings\mama\Aniolek PL.exe C:\Documents and Settings\mama\felix.exe C:\Documents and Settings\mama\PhotoScapeSetup_V3.3.exe Niektóre pliki w TEMP: ==================== 2017-01-29 15:42 - 2017-01-29 15:42 - 000000000 ____D () C:\Documents and Settings\mama\Ustawienia lokalne\Temp\avgnt.exe 2017-01-06 15:03 - 2007-11-06 20:07 - 000484696 ____N (Hewlett-Packard) C:\Documents and Settings\mama\Ustawienia lokalne\Temp\hpzmsi01.exe 2017-01-06 15:03 - 2007-11-06 20:07 - 000787800 ____N (Hewlett-Packard) C:\Documents and Settings\mama\Ustawienia lokalne\Temp\hpzscr01.EXE ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================