Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 14.03.2018 Uruchomiony przez Izabela Machejek (administrator) LAPTOP (29-03-2018 19:28:00) Uruchomiony z C:\Documents and Settings\Izabela Machejek\Pulpit Załadowane profile: Izabela Machejek (Dostępne profile: Izabela Machejek & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (SafeBoot International) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe () C:\Program Files\Google\Drive\googledrivesync.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Aladdin Knowledge Systems Ltd.) C:\WINDOWS\system32\hasplms.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (QUALCOMM, Inc.) C:\QUALCOMM\QDLService\QDLService.exe () C:\Program Files\Common Files\RbtProt\sgsrv.exe () C:\Program Files\Google\Drive\googledrivesync.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (HP) C:\Program Files\HPQ\HP Connection Manager 2\bin\mdvauthsrv.exe (HP) C:\Program Files\HPQ\HP Connection Manager 2\bin\mdvsrv.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2029640 2009-05-14] (ESET) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-01-17] (Analog Devices, Inc.) HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [298536 2007-11-27] (ActivIdentity) HKLM\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule HKLM\...\Run: [HPCam_Menu] => C:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-17] (Intel Corporation) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177720 2009-02-18] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-06] (Synaptics Incorporated) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [506936 2009-03-10] (Hewlett-Packard) HKLM\...\Run: [zCpqset] => C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [81920 2008-12-11] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu Winlogon\Notify\ackpbsc: C:\WINDOWS\system32\ackpbsc.dll [2007-11-27] (ActivIdentity) Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-11-27] (ActivIdentity) Winlogon\Notify\DeviceNP: C:\WINDOWS\system32\DeviceNP.dll [2008-08-06] (Hewlett-Packard Limited) Winlogon\Notify\OneCard: C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2009-01-28] (Bioscrypt Inc.) HKU\S-1-5-21-1993962763-1715567821-839522115-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company) HKU\S-1-5-21-1993962763-1715567821-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-1993962763-1715567821-839522115-1003\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [40257336 2017-08-31] () HKU\S-1-5-21-1993962763-1715567821-839522115-1003\...\MountPoints2: {4064ce8f-675f-11e5-8534-001e6577f968} - "I:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-1993962763-1715567821-839522115-1003\...\MountPoints2: {6da14e1c-c63a-11e3-8374-001e6577f968} - J:\Startme.exe HKU\S-1-5-21-1993962763-1715567821-839522115-1003\...\MountPoints2: {85a831e8-c902-11e0-806a-001e6577f968} - J:\LaunchU3.exe -a HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [116648 2015-06-06] (Google Inc.) HKU\S-1-5-18\...\Run: [Google+ Auto Backup] => C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.) AppInit_DLLs: apshook.dll => C:\WINDOWS\system32\apshook.dll [76560 2009-01-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{131EB034-5448-482C-A56D-7292EC68120E}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Internet Explorer: ================== HKU\S-1-5-21-1993962763-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope - brak wartości SearchScopes: HKU\S-1-5-21-1993962763-1715567821-839522115-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-01-14] (Hewlett-Packard) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation) BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-01-28] (Bioscrypt Inc.) DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll [2007-01-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Izabela Machejek\Dane aplikacji\Mozilla\Firefox\Profiles\sk5i3naa.default [2018-03-27] FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Izabela Machejek\Dane aplikacji\Mozilla\Firefox\Profiles\sk5i3naa.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-14] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-02] [Przestarzałe] [Brak podpisu cyfrowego] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: (Eset Plugin) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-10-15] [Przestarzałe] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-15] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku] FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-06] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-06] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default [2018-03-26] CHR Extension: (Dokumenty) - C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19] CHR Extension: (Dysk Google) - C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-13] CHR Extension: (YouTube) - C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30] CHR Extension: (Google Search) - C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-13] CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (AdBlock) - C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-06] CHR Extension: (Google Keep – notatki i listy) - C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-03-06] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-19] CHR Extension: (Gmail) - C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01] CHR HKU\S-1-5-21-1993962763-1715567821-839522115-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 accoca; C:\Program Files\ActivIdentity\ActivClient\accoca.exe [185896 2007-11-27] (ActivIdentity) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-03-15] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [186640 2009-01-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [149776 2009-01-28] (Bioscrypt Inc.) R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1185016 2008-10-03] (AuthenTec, Inc.) S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-05-14] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [731840 2009-05-14] (ESET) S3 FLCDLOCK; C:\WINDOWS\system32\flcdlock.exe [349432 2008-08-06] (Hewlett-Packard Ltd) R2 hasplms; C:\WINDOWS\system32\hasplms.exe [2562048 2008-04-24] (Aladdin Knowledge Systems Ltd.) S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-02-11] (Hewlett-Packard Development Company, L.P) [Brak podpisu cyfrowego] R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2008-10-01] (SafeBoot International) R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-01-14] (Hewlett-Packard) [Brak podpisu cyfrowego] S3 ImapiService; C:\WINDOWS\system32\imapihp.exe [155136 2009-10-07] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [Brak podpisu cyfrowego] R2 mdvauthsrv; C:\Program Files\HPQ\HP Connection Manager 2\bin\mdvauthsrv.exe [399848 2009-02-13] (HP) [Brak podpisu cyfrowego] R2 mdvsrv; C:\Program Files\HPQ\HP Connection Manager 2\bin\mdvsrv.exe [281064 2009-02-13] (HP) [Brak podpisu cyfrowego] R2 QDLService; C:\QUALCOMM\QDLService\QDLService.exe [345336 2009-01-15] (QUALCOMM, Inc.) R2 SG_Service; C:\Program Files\Common Files\RbtProt\sgsrv.exe [155648 2005-04-25] () [Brak podpisu cyfrowego] S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [350720 2008-03-18] (Aladdin Knowledge Systems Ltd.) S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.) R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [271360 2014-09-17] () [Brak podpisu cyfrowego] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] () S3 DAMDrv; C:\WINDOWS\System32\DRIVERS\DAMDrv.sys [32256 2008-08-06] (Hewlett-Packard Development Company L.P.) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2013-09-17] (Disc Soft Ltd) R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [114472 2009-05-14] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94360 2009-05-14] (ESET) R3 Iviaspi; C:\WINDOWS\System32\drivers\Iviaspi.sys [10368 2005-09-21] (InterVideo, Inc.) [Brak podpisu cyfrowego] S2 Kmm4xNT; C:\WINDOWS\system32\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) [Brak podpisu cyfrowego] R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [18048 2014-09-17] () [Brak podpisu cyfrowego] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3634688 2009-01-06] (Intel Corporation) R3 QCFilterhp; C:\WINDOWS\System32\DRIVERS\qcfilterhp.sys [5248 2009-01-15] (QUALCOMM Incorporated) R3 qcusbnethp; C:\WINDOWS\System32\DRIVERS\qcusbnethp.sys [115200 2009-01-15] (QUALCOMM Incorporated) R3 qcusbserhp; C:\WINDOWS\System32\DRIVERS\qcusbserhp.sys [104448 2009-01-15] (QUALCOMM Incorporated) R3 ROCKEYNT; C:\WINDOWS\System32\DRIVERS\Rockey4.sys [22016 2009-10-08] (Feitian Technologies Co., Ltd.) S3 Rockey_USB; C:\WINDOWS\System32\DRIVERS\Rockey4USB.sys [12928 2009-10-08] (Feitian Technologies Co., Ltd.) R1 RsvLock; C:\WINDOWS\system32\Drivers\RsvLock.sys [12528 2008-10-01] (SafeBoot International) R0 SafeBoot; C:\WINDOWS\system32\Drivers\SafeBoot.sys [109216 2008-10-01] () R0 SbAlg; C:\WINDOWS\system32\Drivers\SbAlg.sys [51408 2008-10-01] (SafeBoot N.V.) R0 SbFsLock; C:\WINDOWS\system32\Drivers\SbFsLock.sys [12960 2008-10-01] (SafeBoot International) R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1806768 2009-03-05] () S3 ssudserd; C:\WINDOWS\System32\DRIVERS\ssudserd.sys [181912 2013-05-02] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2008-11-24] (Marvell) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-03-29 19:28 - 2018-03-29 19:29 - 000020823 _____ C:\Documents and Settings\Izabela Machejek\Pulpit\FRST.txt 2018-03-29 19:27 - 2018-03-16 00:13 - 001764352 _____ (Farbar) C:\Documents and Settings\Izabela Machejek\Pulpit\FRST.exe 2018-03-26 21:27 - 2018-03-26 21:27 - 000090112 _____ C:\WINDOWS\Minidump\Mini032618-01.dmp 2018-03-26 21:25 - 2018-03-26 21:25 - 000005858 _____ C:\Documents and Settings\Izabela Machejek\Moje dokumenty\cc_20180326_212519.reg 2018-03-26 20:28 - 2018-03-26 20:31 - 000000000 ____D C:\AdwCleaner 2018-03-15 09:46 - 2018-03-24 10:44 - 000000980 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job 2018-03-15 09:46 - 2018-03-15 09:46 - 006210560 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2018-03-07 12:10 - 2018-03-07 12:12 - 000000000 ____D C:\Documents and Settings\Izabela Machejek\Pulpit\Koncert 16.12.2017 2018-03-03 00:38 - 2018-03-29 19:28 - 000000000 ____D C:\FRST 2018-03-02 17:38 - 2018-03-02 17:38 - 000000000 ____D C:\Program Files\Malwarebytes 2018-03-02 17:35 - 2018-03-02 17:35 - 000009382 _____ C:\Documents and Settings\Izabela Machejek\Moje dokumenty\cc_20180302_163549.reg 2018-03-02 17:32 - 2018-03-29 19:25 - 000000350 ____H C:\WINDOWS\Tasks\CCleaner Update.job ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-03-29 19:31 - 2009-10-07 15:06 - 000000911 _____ C:\Documents and Settings\All Users\Dane aplikacji\HPWALog.txt 2018-03-29 19:29 - 2009-10-07 15:54 - 001285414 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-03-29 19:29 - 2009-10-07 14:05 - 000000000 ____D C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Temp 2018-03-29 19:29 - 2006-03-02 14:00 - 000565950 _____ C:\WINDOWS\system32\perfh015.dat 2018-03-29 19:29 - 2006-03-02 14:00 - 000110872 _____ C:\WINDOWS\system32\perfc015.dat 2018-03-29 19:28 - 2009-10-07 14:05 - 000000000 ____D C:\Documents and Settings\Izabela Machejek\Pulpit 2018-03-29 19:25 - 2006-03-02 14:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl 2018-03-29 19:24 - 2014-03-07 14:23 - 000000244 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job 2018-03-29 19:24 - 2010-12-17 17:42 - 000001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2018-03-29 19:24 - 2009-10-07 15:53 - 000000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2018-03-29 19:24 - 2009-10-07 14:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-03-29 18:20 - 2009-10-07 14:05 - 000000188 ___SH C:\Documents and Settings\Izabela Machejek\ntuser.ini 2018-03-29 18:20 - 2009-10-07 14:04 - 000032380 _____ C:\WINDOWS\SchedLgU.Txt 2018-03-29 17:46 - 2012-04-17 20:47 - 000000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2018-03-29 17:24 - 2010-12-17 17:42 - 000001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2018-03-29 17:18 - 2015-06-06 21:13 - 000001152 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2018-03-29 16:20 - 2012-06-13 20:36 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2018-03-27 11:30 - 2016-11-20 22:25 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-03-26 22:29 - 2012-04-03 23:28 - 000000000 _____ C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\FnF4.txt 2018-03-26 21:27 - 2011-09-11 19:37 - 000000000 ____D C:\WINDOWS\Minidump 2018-03-26 21:25 - 2016-08-16 10:15 - 000926408 _____ C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2018-03-26 21:25 - 2009-10-07 14:05 - 000000000 ___RD C:\Documents and Settings\Izabela Machejek\Moje dokumenty 2018-03-26 21:25 - 2009-10-07 14:04 - 000000000 ___HD C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji 2018-03-26 21:24 - 2014-05-21 14:59 - 000000000 ____D C:\Documents and Settings\Izabela Machejek\Dane aplikacji\MPC-HC 2018-03-26 21:19 - 2009-10-07 14:05 - 000000000 ___RD C:\Documents and Settings\Izabela Machejek\Menu Start\Programy 2018-03-26 21:18 - 2015-06-06 21:13 - 000001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2018-03-26 21:18 - 2013-05-29 23:40 - 000000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Skype 2018-03-26 21:18 - 2009-10-07 14:05 - 000000000 ___HD C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji 2018-03-26 21:06 - 2010-05-05 18:59 - 000000000 ____D C:\Program Files\Autodesk 2018-03-26 20:28 - 2012-11-28 13:08 - 000000000 ____D C:\Documents and Settings\Izabela Machejek\Pulpit\programy pulpit 2018-03-24 10:44 - 2009-10-07 13:59 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-03-20 22:18 - 2012-02-09 20:05 - 000000106 _____ C:\Documents and Settings\Izabela Machejek\Dane aplikacji\default.pls 2018-03-20 22:18 - 2009-10-07 14:05 - 000000000 __RHD C:\Documents and Settings\Izabela Machejek\Dane aplikacji 2018-03-20 22:17 - 2010-02-10 19:06 - 000000069 _____ C:\WINDOWS\NeroDigital.ini 2018-03-18 22:33 - 2012-12-25 18:54 - 000002828 ___SH C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys 2018-03-18 00:50 - 2010-03-15 11:14 - 000000000 ____D C:\Documents and Settings\Izabela Machejek\Moje dokumenty\IZULA 2018-03-15 09:46 - 2012-04-17 20:47 - 000804352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2018-03-15 09:46 - 2011-11-07 19:18 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2018-03-03 02:04 - 2014-03-07 14:26 - 000000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2018-03-03 02:01 - 2009-10-07 14:04 - 000000000 __SHD C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia 2018-03-03 02:00 - 2009-10-07 14:05 - 000000000 __SHD C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Historia 2018-03-03 01:59 - 2014-10-22 23:34 - 000000000 __SHD C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia 2018-03-03 01:59 - 2014-10-22 23:34 - 000000000 ____D C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp 2018-03-03 01:59 - 2009-10-07 15:53 - 000000000 __SHD C:\Documents and Settings\Default User\Ustawienia lokalne\Historia 2018-03-03 01:59 - 2009-10-07 14:04 - 000000000 ___HD C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia 2018-03-03 01:59 - 2009-10-07 14:04 - 000000000 ____D C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp 2018-03-03 01:58 - 2014-06-20 21:28 - 000000000 ____D C:\Documents and Settings\LocalService\Menu Start\Programy\Autostart 2018-03-02 17:40 - 2009-10-07 15:53 - 000000000 ____D C:\Documents and Settings\All Users\Pulpit 2018-03-02 17:32 - 2009-10-07 16:47 - 000000000 ____D C:\Program Files\CCleaner 2018-03-02 17:14 - 2009-10-07 14:05 - 000000000 ___RD C:\Documents and Settings\Izabela Machejek\Menu Start\Programy\Autostart ==================== Pliki w katalogu głównym wybranych folderów ======= 2012-02-09 20:05 - 2018-03-20 22:18 - 000000106 _____ () C:\Documents and Settings\Izabela Machejek\Dane aplikacji\default.pls 2009-10-07 14:41 - 2009-10-07 14:41 - 000000000 _____ () C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\AtStart.txt 2011-01-23 19:16 - 2014-01-12 18:39 - 000012288 _____ () C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-10-07 14:41 - 2009-10-07 14:41 - 000000000 _____ () C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\DSwitch.txt 2012-04-03 23:28 - 2018-03-26 22:29 - 000000000 _____ () C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\FnF4.txt 2009-10-07 14:45 - 2009-10-07 14:45 - 000000141 _____ () C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2009-10-07 14:41 - 2009-10-07 14:41 - 000000000 _____ () C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\QSwitch.txt 2016-09-23 12:25 - 2016-09-23 12:25 - 000000945 _____ () C:\Documents and Settings\Izabela Machejek\Ustawienia lokalne\Dane aplikacji\recently-used.xbel 2012-12-25 18:54 - 2012-12-25 18:54 - 000000008 __RSH () C:\Documents and Settings\All Users\Dane aplikacji\50AF6DE89D.sys 2009-10-07 15:06 - 2018-03-29 19:31 - 000000911 _____ () C:\Documents and Settings\All Users\Dane aplikacji\HPWALog.txt 2012-12-25 18:54 - 2018-03-18 22:33 - 000002828 ___SH () C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================