Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:07-02-2016 Uruchomiony przez User (administrator) 54D9BD8C92414BC (11-02-2016 11:39:34) Uruchomiony z C:\Documents and Settings\User\Moje dokumenty\Downloads Załadowane profile: User (Dostępne profile: User) Platform: Microsoft Windows XP Home Edition Dodatek Service Pack 2 (X86) Język: Polski Internet Explorer Wersja 6 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (France Telecom SA) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (France Telecom SA) C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2016-02-08] (Synaptics, Inc.) HKLM\...\Run: [CtrlVol] => C:\Program Files\Launch Manager\CtrlVol.exe HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\WButton.exe HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe" HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [34304 2016-02-08] (Adobe Systems Incorporated) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [204800 2016-02-08] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2016-02-08] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2016-02-08] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2016-02-08] (Brother Industries, Ltd.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [BEWINTERNET-PL-IEWSessionManager] => C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe [135168 2016-02-08] (France Telecom SA) HKLM\...\Run: [CardDetectorHUAWEI1752_1552] => C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe [282624 2009-10-14] (France Telecom SA) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-07] (AVAST Software) HKU\S-1-5-21-436374069-261903793-725345543-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1667584 2016-02-08] (Microsoft Corporation) HKU\S-1-5-21-436374069-261903793-725345543-1004\...\Run: [ares] => "C:\Documents and Settings\User\Pulpit\Ares\Ares.exe" -h HKU\S-1-5-21-436374069-261903793-725345543-1004\...\Run: [Komunikator] => C:\Program Files\Tlen.pl\tlen.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {132c557a-691c-11dd-bc5e-001e370e6e9d} - E:\yrat.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {33062fde-682c-11e1-85f7-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {3306dd5a-9f83-11e2-8bbb-001e370e6e9d} - I:\ococeh.pif HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {33659330-726b-11e1-862f-001e370e6e9d} - G:\MicroLauncher.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {63d52654-67e8-11e1-85f4-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {63d52658-67e8-11e1-85f4-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {63d5265a-67e8-11e1-85f4-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {63d5265e-67e8-11e1-85f4-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {6870ef42-686d-11e1-85fb-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {6870ef49-686d-11e1-85fb-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {6870ef4d-686d-11e1-85fb-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {6870ef4f-686d-11e1-85fb-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {728a05be-72b2-11e1-8636-001e370e6e9d} - G:\MicroLauncher.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {7669df64-83a8-11e5-9628-001e370e6e9d} - E:\esbxjf.pif HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {7cf9da26-6d42-11e1-8616-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {7cf9da29-6d42-11e1-8616-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {80ae8b14-70bf-11e1-8620-001e370e6e9d} - G:\MicroLauncher.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {8b32dfa2-8162-11df-83c1-001e370e6e9d} - E:\ekimwv.pif HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {b692c9ee-5a67-11dd-aca4-806d6172696f} - kohamt.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {b692c9ef-5a67-11dd-aca4-806d6172696f} - jaxolj.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {b9517aec-67e3-11e1-85f2-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {b9517af0-67e3-11e1-85f2-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {b9517af2-67e3-11e1-85f2-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {b9517af6-67e3-11e1-85f2-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {d83561ce-687b-11e1-85fc-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {d83561d2-687b-11e1-85fc-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {d8bb0161-c9d8-11e3-909f-00a0c6000000} - E:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {e5203ee8-6779-11e1-85ea-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {ef984f96-70c0-11e1-8621-001e370e6e9d} - G:\MicroLauncher.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {ef984f9b-70c0-11e1-8621-001e370e6e9d} - G:\MicroLauncher.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {ffdef6b8-685d-11e1-85fa-001e370e6e9d} - G:\AutoRun.exe HKU\S-1-5-21-436374069-261903793-725345543-1004\...\MountPoints2: {ffdef6bc-685d-11e1-85fa-001e370e6e9d} - G:\AutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-07] (AVAST Software) Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk [2011-01-27] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () AlternateShell: ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{859AD885-3370-4A8C-903A-2CFF8A0B7F05}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://wyborcza.pl/0,0.html?p=014 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-436374069-261903793-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki HKU\S-1-5-21-436374069-261903793-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-436374069-261903793-725345543-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki" <======= UWAGA SearchScopes: HKLM -> DefaultScope - brak wartości SearchScopes: HKU\S-1-5-21-436374069-261903793-725345543-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09] (Sun Microsystems, Inc.) DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\7eirywhp.default-1455134741375 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.) FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-436374069-261903793-725345543-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-15] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-01-27] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-08] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.pl/ CHR StartupUrls: Default -> "hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki" CHR Profile: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Avast Online Security) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-07] CHR Extension: (FromDocToPDF) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-01-29] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-07] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-02-10] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-07] (AVAST Software) R2 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [90112 2009-10-14] (France Telecom SA) [Brak podpisu cyfrowego] R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-02-02] (Sun Microsystems, Inc.) S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [146888 2016-01-08] (Mozilla Foundation) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-02-07] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-02-07] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-02-07] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-02-07] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [812720 2016-02-07] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [447848 2016-02-07] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [171608 2016-02-07] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67088 2016-02-07] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221240 2016-02-10] (AVAST Software) S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation) S3 ew_hwusbdev; C:\WINDOWS\System32\DRIVERS\ew_hwusbdev.sys [102784 2012-03-20] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.) R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [630272 2007-05-01] (Conexant Systems Inc.) R1 Hotkey; C:\WINDOWS\system32\Drivers\Hotkey.sys [9867 2003-04-28] () R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-21] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-21] (Conexant Systems, Inc.) S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-03-20] (Huawei Technologies Co., Ltd.) S3 hwusbfake; C:\WINDOWS\System32\DRIVERS\ewusbfake.sys [102656 2009-08-04] (Huawei Technologies Co., Ltd.) S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2012-05-11] (MBB Incorporated) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation) R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2203520 2007-02-24] (Intel Corporation) S3 PCAMPR5; C:\WINDOWS\system32\PCAMPR5.SYS [34688 2009-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [Brak podpisu cyfrowego] S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [32128 2009-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) [Brak podpisu cyfrowego] S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2006-03-02] () S3 ZTEusbnet; C:\WINDOWS\System32\DRIVERS\ZTEusbnet.sys [134144 2012-05-11] (ZTE Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [100992 2008-04-17] (Huawei Technologies Co., Ltd.) S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X] S4 IntelIde; Brak ImagePath S1 mailKmd; Brak ImagePath U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-11 11:13 - 2016-02-11 11:39 - 00000000 ____D C:\FRST 2016-02-10 21:05 - 2016-02-10 21:05 - 00000000 ____D C:\Documents and Settings\User\Pulpit\Stare dane programu Firefox 2016-02-10 20:41 - 2016-02-10 20:48 - 00000000 ____D C:\AdwCleaner 2016-02-08 19:37 - 2016-02-07 15:31 - 00334280 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-02-08 09:07 - 2016-02-08 09:07 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Temp 2016-02-08 08:57 - 2016-02-08 08:57 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\AVAST Software 2016-02-08 08:22 - 2016-02-08 08:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini020816-01.dmp 2016-02-07 15:35 - 2016-02-10 19:25 - 00221240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2016-02-07 15:35 - 2016-02-07 15:31 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2016-02-07 15:35 - 2016-02-07 15:31 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-02-07 15:35 - 2016-02-07 15:31 - 00064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2016-02-07 15:35 - 2016-02-07 15:31 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-02-07 15:35 - 2016-02-07 15:31 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-02-07 15:33 - 2016-02-08 19:39 - 00001689 _____ C:\Documents and Settings\All Users\Pulpit\Avast Free Antivirus.lnk 2016-02-07 15:33 - 2016-02-07 15:33 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\AVAST Software 2016-02-07 15:32 - 2016-02-11 09:27 - 00000360 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2016-02-07 15:31 - 2016-02-07 15:31 - 00812720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2016-02-07 15:31 - 2016-02-07 15:31 - 00171608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys 2016-02-07 15:31 - 2016-02-07 15:31 - 00067088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2016-02-07 15:31 - 2016-02-07 15:31 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-02-07 15:28 - 2016-02-07 15:28 - 00000000 ____D C:\Program Files\AVAST Software 2016-02-07 15:28 - 2016-02-07 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software 2016-02-07 11:38 - 2016-02-07 11:38 - 00000312 _____ C:\DelFix.txt 2016-02-07 11:38 - 2016-02-07 11:38 - 00000000 ____D C:\WINDOWS\ERUNT 2016-02-03 08:27 - 2016-02-10 20:41 - 00000000 ____D C:\Documents and Settings\User\Moje dokumenty\Pobrane 2016-01-31 15:08 - 2016-01-31 15:08 - 00000000 ____D C:\Documents and Settings\User\Pulpit\AUDIO1_TS 2016-01-30 16:18 - 2016-01-31 17:50 - 00000567 _____ C:\Documents and Settings\User\Dane aplikacji\burnaware.ini 2016-01-30 15:49 - 2016-01-30 15:49 - 00000569 _____ C:\Documents and Settings\All Users\Pulpit\BurnAware Free.lnk 2016-01-30 15:49 - 2016-01-30 15:49 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\BurnAware Free 2016-01-30 15:49 - 2016-01-30 15:49 - 00000000 ____D C:\BurnAware Free 2016-01-30 15:48 - 2016-02-11 11:48 - 00000424 _____ C:\WINDOWS\Tasks\At1.job 2016-01-30 15:48 - 2016-02-11 09:21 - 00000456 _____ C:\WINDOWS\Tasks\UserFrothedAntilogsV2.job 2016-01-30 15:48 - 2016-01-30 15:48 - 00000000 ____D C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FrothedAntilogs 2016-01-30 15:47 - 2016-01-30 15:47 - 00943700 _____ (Soft Application Internet ) C:\Documents and Settings\User\Pulpit\BurnAware-Free-13053-dp.exe 2016-01-29 17:10 - 2016-01-29 17:10 - 01004160 _____ (Software Lite ) C:\Documents and Settings\User\Pulpit\DVDFab HD Decrypter 9[1].2.1.8.exe 2016-01-20 14:21 - 2015-12-15 21:52 - 00049804 _____ C:\Documents and Settings\User\Pulpit\hanka.odt 2016-01-20 14:21 - 2015-05-01 21:44 - 00072554 _____ C:\Documents and Settings\User\Pulpit\podanie ani word.pdf 2016-01-20 14:21 - 2015-05-01 21:24 - 00421997 _____ C:\Documents and Settings\User\Pulpit\CURRICULUM VITAE.pdf 2016-01-20 13:01 - 2016-01-20 13:01 - 00050096 _____ C:\Documents and Settings\User\Pulpit\CURRICULUM VITAE ani.odt 2016-01-13 20:56 - 2016-01-13 20:56 - 00001026 _____ C:\Documents and Settings\User\Pulpit\Skrót do Klasyczny - wzór pierwszy (1).lnk ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-11 11:56 - 2008-07-25 16:01 - 00000000 ____D C:\Documents and Settings\User\Ustawienia lokalne\Temp 2016-02-11 11:52 - 2011-01-05 18:59 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-11 11:51 - 2013-01-15 16:03 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-02-11 10:52 - 2008-07-25 16:00 - 00032384 _____ C:\WINDOWS\SchedLgU.Txt 2016-02-11 09:23 - 2008-07-25 16:01 - 00000000 ____D C:\Documents and Settings\User\Pulpit 2016-02-11 09:21 - 2011-01-05 18:59 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-11 09:21 - 2008-07-25 16:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-11 09:20 - 2008-07-25 16:01 - 00000292 ___SH C:\Documents and Settings\User\ntuser.ini 2016-02-10 21:12 - 2016-01-08 05:18 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-02-10 20:56 - 2013-01-15 16:03 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-02-10 20:56 - 2011-07-19 11:33 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-02-10 20:48 - 2008-07-25 17:45 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2016-02-10 20:48 - 2008-07-25 16:01 - 00000000 __RHD C:\Documents and Settings\User\Dane aplikacji 2016-02-10 19:55 - 2011-01-05 19:06 - 00001825 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome.lnk 2016-02-08 20:26 - 2008-09-22 18:28 - 01982464 _____ C:\Documents and Settings\User\Moje dokumenty\LOCKTDK V216-T01.exe 2016-02-08 19:39 - 2008-07-25 17:36 - 00000000 ___HD C:\WINDOWS\inf 2016-02-08 09:27 - 2012-04-15 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Skype 2016-02-08 09:26 - 2012-04-15 20:36 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\Skype 2016-02-08 09:26 - 2008-07-25 17:45 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2016-02-08 09:26 - 2008-07-25 17:45 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2016-02-08 09:14 - 2008-09-15 17:58 - 00000000 ____D C:\Program Files\PC Connectivity Solution 2016-02-08 09:13 - 2008-07-26 09:29 - 00000000 ____D C:\Program Files\Launch Manager 2016-02-08 09:11 - 2015-08-15 15:10 - 00118784 _____ C:\Documents and Settings\User\Pulpit\NMP-1.4.0.35b_plk.exe 2016-02-08 09:07 - 2008-07-25 16:00 - 00000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2016-02-08 08:57 - 2012-03-07 09:33 - 00000000 ____D C:\Program Files\Orange 2016-02-08 08:49 - 2008-07-26 08:59 - 00131072 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe 2016-02-08 08:48 - 2008-07-26 08:59 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe 2016-02-08 08:47 - 2008-07-26 08:59 - 00135168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe 2016-02-07 01:43 - 2008-07-25 17:46 - 01087700 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-07 01:43 - 2006-03-02 13:00 - 00490866 _____ C:\WINDOWS\system32\perfh015.dat 2016-02-07 01:43 - 2006-03-02 13:00 - 00084078 _____ C:\WINDOWS\system32\perfc015.dat 2016-02-06 23:43 - 2006-03-02 13:00 - 00002422 _____ C:\WINDOWS\system32\wpa.dbl 2016-02-03 19:52 - 2008-07-25 16:01 - 00000000 ___HD C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji 2016-02-03 08:27 - 2008-07-25 16:01 - 00000000 ___RD C:\Documents and Settings\User\Moje dokumenty 2016-01-29 16:55 - 2012-08-22 11:31 - 00020480 _____ C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-01-19 12:47 - 2012-03-07 18:49 - 00009480 _____ C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2016-01-19 02:57 - 2008-09-16 20:24 - 00034174 _____ C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt ==================== Pliki w katalogu głównym wybranych folderów ======= 2010-01-31 11:39 - 2010-01-31 11:39 - 0000004 _____ () C:\Documents and Settings\User\Dane aplikacji\avdrn.dat 2016-01-30 16:18 - 2016-01-31 17:50 - 0000567 _____ () C:\Documents and Settings\User\Dane aplikacji\burnaware.ini 2012-08-22 11:31 - 2016-01-29 16:55 - 0020480 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Pliki do przeniesienia lub usunięcia: ==================== C:\Windows\Tasks\At1.job Niektóre pliki w TEMP: ==================== C:\Documents and Settings\User\Ustawienia lokalne\Temp\2C.exe C:\Documents and Settings\User\Ustawienia lokalne\Temp\ReconsolidatingSachet.dll C:\Documents and Settings\User\Ustawienia lokalne\Temp\sqlite3.dll C:\Documents and Settings\User\Ustawienia lokalne\Temp\winqkir.exe C:\Documents and Settings\User\Ustawienia lokalne\Temp\{4B6F448B-B222-4F31-A008-8E22E44CB310}-GoogleUpdateSetup.exe C:\Documents and Settings\User\Ustawienia lokalne\Temp\{7DC31DB6-F367-452D-8942-202FC505D2C6}-GoogleUpdateSetup.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================