Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:05-03-2016 01 Uruchomiony przez User (administrator) NOTEBOOKHP (12-04-2016 10:10:38) Uruchomiony z C:\Documents and Settings\User\Pulpit Załadowane profile: User (Dostępne profile: User & fdg) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVK\AVKWCtl.exe (Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE (IDT, Inc.) C:\Program Files\IDT\WDM\STACSV.EXE (ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVKTray\AVKTray.exe (Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe (G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVK\AVKService.exe (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFLTR.EXE (G Data Software AG) C:\Program Files\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (G DATA Software AG) C:\Program Files\G Data\TotalProtection\Firewall\GDFirewallTray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Aladdin Knowledge Systems Ltd.) C:\WINDOWS\system32\hasplms.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe (QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (G Data Software AG) C:\Program Files\G Data\TotalProtection\Firewall\GDFwSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (G DATA Software) C:\Program Files\G Data\TotalProtection\TSNxG\TSNxGService.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [737280 2009-04-21] (Andrea Electronics Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G DATA\TotalProtection\Firewall\GDFirewallTray.exe [1874040 2016-02-18] (G DATA Software AG) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\Program Files\G DATA\TotalProtection\AVKTray\AVKTray.exe,C:\Program Files\G DATA\TotalProtection\AVKKid\AVKCKS.exe,c:\program files\g data\totalprotection\avkkid\avkcks.exe Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-07-29] (ATI Technologies Inc.) HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\...\Run: [Akamai NetSession Interface] => "C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\...\Run: [] => [X] HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [1035264 2008-04-15] (Microsoft Corporation) <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{286BA1B0-3349-4719-A8F7-C85062BECE57}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1417001333-1958367476-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Window Title = Informatyk: tel. 662 441 851 www.pc-pomoc.com BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation) Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH) FireFox: ======== FF ProfilePath: C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\22kg0s7o.default-1458808031671 FF Homepage: www.onet.pl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] () FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-10-13] ( ) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\User\Dane aplikacji\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-23] [Brak podpisu cyfrowego] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-13] (Agere Systems) R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2790368 2016-02-18] (G Data Software AG) R2 AVKService; C:\Program Files\G DATA\TotalProtection\AVK\AVKService.exe [970872 2016-02-11] (G Data Software AG) R2 AVKWCtl; C:\Program Files\G DATA\TotalProtection\AVK\AVKWCtl.exe [3237352 2016-02-18] (G Data Software AG) R2 GDBackupSvc; C:\Program Files\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe [3985528 2016-02-16] (G Data Software AG) R3 GDFwSvc; C:\Program Files\G DATA\TotalProtection\Firewall\GDFwSvc.exe [2511232 2016-03-04] (G Data Software AG) R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [791160 2016-02-18] (G Data Software AG) S3 GDTunerSvc; C:\Program Files\G DATA\TotalProtection\AVKTuner\AVKTunerService.exe [2455160 2016-02-11] (G Data Software AG) R2 hasplms; C:\WINDOWS\system32\hasplms.exe [2549248 2008-07-17] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-02-25] (Lexmark International, Inc.) [Brak podpisu cyfrowego] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 QDLService2kHP; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [329976 2009-07-27] (QUALCOMM, Inc.) R2 STacSV; c:\program files\idt\wdm\STacSV.exe [221266 2009-08-05] (IDT, Inc.) [Brak podpisu cyfrowego] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH) R3 TSNxGService; C:\Program Files\G DATA\TotalProtection\TSNxG\TSNxGService.exe [255608 2014-07-01] (G DATA Software) R2 yksvc; C:\WINDOWS\System32\yk51x86.dll [282624 2009-07-17] (Marvell) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 5U876UVC; C:\WINDOWS\System32\DRIVERS\5U876.sys [118656 2009-06-30] (Ricoh co.,Ltd.) [Brak podpisu cyfrowego] S3 ACSSCR; C:\WINDOWS\System32\DRIVERS\a38usb.sys [33536 2006-03-24] (Advanced Card Systems Ltd) R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation) [Brak podpisu cyfrowego] R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] R0 Amddfltr; C:\WINDOWS\System32\DRIVERS\Amddfltr.sys [15416 2008-03-13] (Advanced Micro Devices) R0 amdide; C:\WINDOWS\System32\DRIVERS\amdide.sys [11832 2010-06-30] (Advanced Micro Devices Inc.) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) [Brak podpisu cyfrowego] R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1746432 2010-05-21] (Broadcom Corporation) [Brak podpisu cyfrowego] R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [992424 2009-05-07] (Broadcom Corporation.) R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-05-07] (Broadcom Corporation.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R0 GDBehave; C:\WINDOWS\System32\drivers\GDBehave.sys [112256 2016-03-08] (G Data Software AG) R1 GDKBB; C:\WINDOWS\system32\drivers\GDKBB32.sys [33304 2016-03-08] (G Data Software AG) R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt32.sys [27160 2016-03-08] (G Data Software AG) R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [164352 2016-03-08] (G Data Software AG) R0 GDNdisIc; C:\WINDOWS\System32\drivers\GDNdisIc.sys [30048 2015-05-03] (G Data Software AG) R2 GDTdiInterceptor; C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [53248 2015-11-10] (G Data Software AG) R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [69024 2015-05-04] (G Data Software) S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.) [Brak podpisu cyfrowego] R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2010-07-25] (Aladdin Knowledge Systems) [Brak podpisu cyfrowego] R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [91136 2016-03-08] (G Data Software AG) S3 HpqKbFiltr; C:\WINDOWS\System32\DRIVERS\HpqKbFiltr.sys [16768 2007-06-18] (Hewlett-Packard Development Company, L.P.) [Brak podpisu cyfrowego] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1644211 2009-08-05] (IDT, Inc.) [Brak podpisu cyfrowego] R0 TS4NT; C:\WINDOWS\System32\Drivers\TS4nt.sys [95232 2016-03-15] (G DATA Software AG) S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31872 2008-04-14] (Microsoft Corporation) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [297728 2009-07-17] (Marvell) [Brak podpisu cyfrowego] S4 IntelIde; Brak ImagePath U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-12 09:01 - 2016-04-12 09:21 - 00014652 _____ C:\Documents and Settings\User\Pulpit\Fixlog.txt 2016-04-12 08:37 - 2016-04-12 08:37 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\ElevatedDiagnostics 2016-04-12 08:35 - 2016-04-12 08:46 - 00000000 ____D C:\MATS 2016-04-12 08:14 - 2016-04-12 08:14 - 00000706 _____ C:\Documents and Settings\All Users\Pulpit\TeamViewer 11.lnk 2016-04-12 08:14 - 2016-04-12 08:14 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 11 2016-04-12 08:11 - 2016-04-12 08:14 - 09788824 _____ (TeamViewer GmbH) C:\Documents and Settings\User\Pulpit\TeamViewer_Setup_pl.exe 2016-04-09 13:26 - 2016-04-09 13:26 - 00008056 _____ C:\Documents and Settings\User\Pulpit\gmer.txt 2016-04-09 11:53 - 2016-04-09 11:53 - 00000861 _____ C:\Documents and Settings\User\Pulpit\gmer_prescan.txt 2016-04-09 11:44 - 2016-04-09 11:44 - 00496160 _____ (Duplex Secure Ltd) C:\Documents and Settings\User\Pulpit\SPTDinst-v189-x86.exe 2016-04-09 11:30 - 2016-04-09 11:30 - 00380928 _____ C:\Documents and Settings\User\Pulpit\rdl5h744.exe 2016-04-09 11:17 - 2016-04-09 11:17 - 00075266 _____ C:\Documents and Settings\User\Pulpit\Shortcut.txt 2016-04-09 11:15 - 2016-04-09 11:17 - 00043320 _____ C:\Documents and Settings\User\Pulpit\Addition.txt 2016-04-09 11:13 - 2016-04-12 10:11 - 00015745 _____ C:\Documents and Settings\User\Pulpit\FRST.txt 2016-04-09 11:11 - 2016-04-12 10:10 - 00000000 ____D C:\FRST 2016-04-09 11:08 - 2016-04-09 11:08 - 01725440 _____ (Farbar) C:\Documents and Settings\User\Pulpit\FRST.exe 2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Program Files\Common Files\Java 2016-03-24 09:58 - 2016-03-24 09:57 - 00153088 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2016-03-24 09:57 - 2016-03-24 09:59 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Java 2016-03-24 09:57 - 2016-03-24 09:57 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2016-03-24 09:42 - 2016-03-24 09:42 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-03-24 09:42 - 2016-03-24 09:42 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-03-23 08:49 - 2016-04-12 09:02 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-03-16 16:30 - 2016-03-16 16:30 - 00110592 _____ C:\WINDOWS\Minidump\Mini031616-02.dmp 2016-03-16 16:26 - 2016-03-16 16:25 - 00110592 _____ C:\WINDOWS\Minidump\Mini031616-01.dmp 2016-03-15 22:37 - 2016-03-15 22:37 - 00000730 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk 2016-03-15 22:37 - 2016-03-15 22:37 - 00000724 _____ C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk 2016-03-15 22:17 - 2016-03-15 22:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-03-15 22:17 - 2016-03-15 22:17 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight 2016-03-15 21:27 - 2016-03-15 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\G DATA TOTAL PROTECTION ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-12 10:11 - 2010-05-21 13:25 - 00000000 ____D C:\Documents and Settings\User\Ustawienia lokalne\Temp 2016-04-12 09:59 - 2011-12-09 17:04 - 00000460 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{58477204-31AB-4F2C-965F-FD6774E632E3}.job 2016-04-12 09:29 - 2015-06-24 23:09 - 00000460 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job 2016-04-12 09:28 - 2010-05-21 15:10 - 01127314 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-12 09:28 - 2008-04-15 19:00 - 00504064 _____ C:\WINDOWS\system32\perfh015.dat 2016-04-12 09:28 - 2008-04-15 19:00 - 00091112 _____ C:\WINDOWS\system32\perfc015.dat 2016-04-12 09:23 - 2014-03-08 01:09 - 00000220 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2016-04-12 09:23 - 2012-12-19 23:39 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1417001333-1958367476-1801674531-1003.job 2016-04-12 09:23 - 2012-10-05 21:51 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-1958367476-1801674531-1003.job 2016-04-12 09:23 - 2010-05-21 13:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-12 09:22 - 2010-05-21 15:09 - 00257456 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-12 09:22 - 2010-05-21 13:22 - 00032472 _____ C:\WINDOWS\SchedLgU.Txt 2016-04-12 09:22 - 2009-07-29 17:03 - 00219120 _____ C:\WINDOWS\system32\ativvaxx.cap 2016-04-12 09:21 - 2014-06-11 22:54 - 00000000 ____D C:\Program Files\TeamViewer 2016-04-12 09:21 - 2010-05-21 13:25 - 00000000 ____D C:\Documents and Settings\User\Pulpit 2016-04-12 09:14 - 2010-05-21 13:25 - 00000000 __SHD C:\Documents and Settings\User\Ustawienia lokalne\Historia 2016-04-12 09:05 - 2010-05-21 13:22 - 00000000 __SHD C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2016-04-12 09:03 - 2014-08-03 16:37 - 00000000 __SHD C:\Documents and Settings\fdg\Ustawienia lokalne\Historia 2016-04-12 09:03 - 2014-08-03 16:37 - 00000000 ____D C:\Documents and Settings\fdg\Ustawienia lokalne\Temp 2016-04-12 09:02 - 2010-05-21 15:10 - 00000000 __SHD C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2016-04-12 09:02 - 2010-05-21 15:10 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2016-04-12 09:02 - 2010-05-21 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2016-04-12 09:02 - 2010-05-21 15:09 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2016-04-12 09:02 - 2010-05-21 13:25 - 00000000 ___RD C:\Documents and Settings\User\Menu Start\Programy\Autostart 2016-04-12 09:02 - 2010-05-21 13:25 - 00000000 ___HD C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji 2016-04-12 09:02 - 2010-05-21 13:22 - 00000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2016-04-12 09:02 - 2010-05-21 13:22 - 00000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2016-04-12 08:37 - 2010-05-21 13:25 - 00000000 __RHD C:\Documents and Settings\User\Dane aplikacji 2016-04-12 08:28 - 2010-05-21 16:02 - 00061600 _____ C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2016-04-12 08:15 - 2010-07-30 14:41 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\TeamViewer 2016-04-12 00:20 - 2010-05-21 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2016-04-12 00:18 - 2010-05-21 13:25 - 00000188 ___SH C:\Documents and Settings\User\ntuser.ini 2016-04-11 18:40 - 2011-04-07 15:01 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt 2016-04-10 12:13 - 2011-04-22 14:48 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2016-04-10 12:08 - 2011-04-22 14:50 - 00000676 _____ C:\Documents and Settings\All Users\Menu Start\Programy\e-Deklaracje.lnk 2016-04-10 12:08 - 2011-04-07 00:26 - 00000000 ____D C:\Program Files\e-Deklaracje 2016-04-06 12:59 - 2014-08-28 19:22 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2016-04-06 09:43 - 2013-02-12 19:07 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\foobar2000 2016-04-05 16:38 - 2013-02-14 20:28 - 00063488 _____ C:\Documents and Settings\User\Pulpit\sklepy.xls 2016-03-30 00:15 - 2012-12-19 23:39 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1417001333-1958367476-1801674531-1003.job 2016-03-27 10:27 - 2008-04-15 19:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2016-03-24 17:16 - 2014-06-24 22:08 - 00000000 ____D C:\Documents and Settings\User\Moje dokumenty\Pobrane 2016-03-24 10:00 - 2014-10-27 00:37 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Oracle 2016-03-24 09:59 - 2013-07-01 09:58 - 00000000 ____D C:\Program Files\Java 2016-03-24 09:58 - 2015-09-05 19:52 - 00000000 ____D C:\Documents and Settings\User\.oracle_jre_usage 2016-03-24 09:42 - 2010-05-24 08:44 - 00000000 ____D C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Adobe 2016-03-23 22:24 - 2012-04-27 15:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-03-16 22:24 - 2012-10-05 21:51 - 00000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-1958367476-1801674531-1003.job 2016-03-16 16:30 - 2013-02-06 12:29 - 00000000 ____D C:\WINDOWS\Minidump 2016-03-15 22:39 - 2010-12-03 21:43 - 00000000 ____D C:\Documents and Settings\User\Dane aplikacji\Skype 2016-03-15 21:34 - 2015-01-13 13:31 - 00002267 _____ C:\Documents and Settings\All Users\Pulpit\Skype.lnk 2016-03-15 21:27 - 2015-05-03 19:00 - 00001674 _____ C:\Documents and Settings\All Users\Pulpit\G DATA TOTAL PROTECTION.lnk 2016-03-15 21:27 - 2015-04-08 17:58 - 00095232 _____ (G DATA Software AG) C:\WINDOWS\system32\Drivers\TS4nt.sys 2016-03-15 21:26 - 2010-05-21 15:01 - 00000000 ___HD C:\WINDOWS\inf 2016-03-15 21:25 - 2013-06-01 12:27 - 00000000 ____D C:\Program Files\Common Files\G Data 2016-03-14 22:15 - 2016-03-10 00:08 - 00000000 ____D C:\Documents and Settings\User\Pulpit\Stare dane programu Firefox 2016-03-13 16:53 - 2012-12-31 23:46 - 00021726 _____ C:\Documents and Settings\User\Pulpit\licznik.xlsx ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-07-23 21:35 - 2014-07-23 21:35 - 0000000 _____ () C:\Documents and Settings\User\Dane aplikacji\gdfw.log 2014-07-23 21:35 - 2015-04-08 17:56 - 0000976 _____ () C:\Documents and Settings\User\Dane aplikacji\gdscan.log 2010-05-21 16:01 - 2010-05-21 16:01 - 0000000 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\AtStart.txt 2010-11-26 13:25 - 2013-01-13 11:40 - 0014848 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-05-21 16:01 - 2010-05-21 16:01 - 0000000 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DSwitch.txt 2011-01-21 19:21 - 2011-02-15 18:20 - 0000000 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\FnF4.txt 2011-12-20 22:41 - 2011-12-20 22:41 - 0000129 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2010-05-21 16:01 - 2010-05-21 16:01 - 0000000 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\QSwitch.txt 2014-01-26 16:14 - 2014-01-26 16:14 - 0006383 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\recently-used.xbel 2011-05-24 15:57 - 2013-04-30 12:54 - 0006201 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\unins000.dat 2013-04-30 12:54 - 2013-04-30 12:53 - 0707504 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\unins000.exe 2013-04-30 12:50 - 2013-04-30 12:54 - 0011761 _____ () C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\unins000.msg 2015-06-22 22:50 - 2015-06-22 22:50 - 0000057 _____ () C:\Documents and Settings\All Users\Dane aplikacji\Ament.ini 2010-10-04 21:18 - 2011-12-20 22:55 - 0002376 _____ () C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================