Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 17-03-2019 Uruchomiony przez Fenek (administrator) FENEK-AD7D9134F (31-03-2019 22:49:31) Uruchomiony z H:\Documents and Settings\Fenek\Pulpit Załadowane profile: Fenek (Dostępne profile: Fenek & UpdatusUser & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 6 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) H:\Program Files\kingsoft\kingsoft antivirus\kxescore.exe (Leadtek Research Inc.) [Brak podpisu cyfrowego] H:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Microsoft Windows Publisher -> Microsoft Corporation) H:\WINDOWS\system32\rundll32.exe (Acronis, Inc -> Acronis) H:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis, Inc -> Acronis) H:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis, Inc -> Acronis) H:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) H:\WINDOWS\RTHDCPL.EXE (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) H:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe (Microsoft Corporation -> Microsoft Corporation) H:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Acronis, Inc -> Acronis) H:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (NVIDIA Corporation -> NVIDIA Corporation) H:\WINDOWS\system32\nvsvc32.exe (O&O Software GmbH -> O&O Software GmbH) H:\Program Files\OO Software\Defrag\oodag.exe (Microsoft Windows Component Publisher -> Microsoft Corporation) H:\WINDOWS\system32\wdfmgr.exe (Windows (R) Codename Longhorn DDK provider) [Brak podpisu cyfrowego] H:\Program Files\UPHClean\uphclean.exe (Microsoft Windows Publisher -> Microsoft Corporation) H:\WINDOWS\system32\alg.exe (Microsoft Corporation -> Microsoft Corporation) H:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [WinFast Schedule] => H:\Program Files\WinFast\WFTVFM\WFWIZ.exe [278528 2005-03-02] (Leadtek Research Inc.) [Brak podpisu cyfrowego] HKLM\...\Run: [NvMediaCenter] => H:\WINDOWS\system32\NvMCTray.dll [209184 2013-09-12] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] => H:\WINDOWS\system32\NvCpl.dll [15693600 2013-09-12] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [TrueImageMonitor.exe] => H:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [1164912 2006-10-16] (Acronis, Inc -> Acronis) HKLM\...\Run: [AcronisTimounterMonitor] => H:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1941784 2006-10-16] (Acronis, Inc -> Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] => H:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [87584 2006-10-16] (Acronis, Inc -> Acronis) HKLM\...\Run: [RTHDCPL] => H:\WINDOWS\RTHDCPL.EXE [18750976 2009-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) HKLM\...\Run: [kxesc] => h:\program files\kingsoft\kingsoft antivirus\kxetray.exe [1595056 2017-09-04] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) Winlogon\Notify\AtiExtEvent: H:\WINDOWS\system32\Ati2evxx.dll [2009-09-18] (ATI Technologies Inc.) HKU\S-1-5-21-2000478354-1078081533-839522115-1003\...\Run: [OfficeSyncProcess] => H:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.trspch] => H:\WINDOWS\system32\tssoft32.acm [8192 2001-10-26] (Microsoft Windows Publisher -> DSP GROUP, INC.) HKLM\...\Drivers32: [vidc.I420] => H:\WINDOWS\system32\msh263.drv [294912 2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.iv31] => H:\WINDOWS\system32\ir32_32.dll [199168 2001-10-26] (Microsoft Windows Publisher -> ) HKLM\...\Drivers32: [vidc.iv32] => H:\WINDOWS\system32\ir32_32.dll [199168 2001-10-26] (Microsoft Windows Publisher -> ) HKLM\...\Drivers32: [vidc.iv41] => H:\WINDOWS\system32\ir41_32.ax [848384 2004-08-04] (Microsoft Windows Publisher -> Intel Corporation) HKLM\...\Drivers32: [msacm.msg723] => H:\WINDOWS\system32\msg723.acm [118784 2001-10-26] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.M263] => H:\WINDOWS\system32\msh263.drv [294912 2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.M261] => H:\WINDOWS\system32\msh261.drv [188416 2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.msaudio1] => H:\WINDOWS\system32\msaud32.acm [294912 2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.sl_anet] => H:\WINDOWS\system32\sl_anet.acm [86016 2004-08-04] (Microsoft Windows Publisher -> Sipro Lab Telecom Inc.) HKLM\...\Drivers32: [msacm.iac2] => H:\WINDOWS\system32\iac25_32.ax [199680 2004-08-04] (Microsoft Windows Publisher -> Intel Corporation) HKLM\...\Drivers32: [VIDC.MPG4] => H:\WINDOWS\system32\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Drivers32: [VIDC.MP42] => H:\WINDOWS\system32\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.iv50] => H:\WINDOWS\system32\ir50_32.dll [755200 2004-08-04] (Microsoft Windows Publisher -> Intel Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> H:\WINDOWS\inf\unregmp2.exe [2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [>{26923b43-4d38-484f-9b9e-de460746276c}] -> H:\WINDOWS\system32\shmgrate.exe [2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> H:\WINDOWS\system32\shmgrate.exe [2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> H:\Program Files\Outlook Express\setup50.exe [2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> H:\WINDOWS\system32\advpack.dll [2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{5945c046-1e7d-11d1-bc44-00c04fd912be}] -> H:\WINDOWS\system32\advpack.dll [2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> H:\WINDOWS\system32\advpack.dll [2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> H:\Program Files\Outlook Express\setup50.exe [2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> H:\WINDOWS\System32\cscui.dll [2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Lsa: [Authentication Packages] msv1_0 relog_ap ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 217.173.176.6 217.173.176.34 Tcpip\..\Interfaces\{A20C950E-0BEB-4F7C-845C-4CFEB81C4BF3}: [DhcpNameServer] 217.173.176.6 217.173.176.34 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-2000478354-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2000478354-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM -> Domyślne = {74198672-5F7D-4FE9-A611-4AC1D5A66A15} URLSearchHook: HKU\S-1-5-21-2000478354-1078081533-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\WINDOWS\system32\shdocvw.dll (Microsoft Windows Publisher -> Microsoft Corporation) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2000478354-1078081533-839522115-1003 -> {szukaj.gazeta.pl} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> H:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> H:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 59kz4uwx.default FF ProfilePath: H:\Documents and Settings\Fenek\Dane aplikacji\Mozilla\SeaMonkey\Profiles\59kz4uwx.default [2019-03-31] FF ProfilePath: H:\Documents and Settings\Fenek\Dane aplikacji\Mozilla\Firefox\Profiles\teksh3qn.default-1488190997359 [2019-03-31] FF Homepage: H:\Documents and Settings\Fenek\Dane aplikacji\Mozilla\Firefox\Profiles\teksh3qn.default-1488190997359 -> hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ff&p_mkt=pl&p_tsrc=301&p_w=y1w29 FF Extension: (Adblock Plus - darmowy adblocker) - H:\Documents and Settings\Fenek\Dane aplikacji\Mozilla\Firefox\Profiles\teksh3qn.default-1488190997359\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-03-31] FF Plugin: @adobe.com/FlashPlayer -> H:\WINDOWS\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-18] () [Brak podpisu cyfrowego] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> H:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> H:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> H:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) StartMenuInternet: FIREFOX.EXE - firefox.exe ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AcrSch2Svc; H:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [230944 2006-10-16] (Acronis, Inc -> Acronis) S2 Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [602112 2009-09-18] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) S2 KMService; H:\WINDOWS\system32\srvany.exe [8192 2017-08-27] () [Brak podpisu cyfrowego] R2 kxescore; h:\program files\kingsoft\kingsoft antivirus\kxescore.exe [123992 2017-09-04] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) R2 OODefragAgent; H:\Program Files\OO Software\Defrag\oodag.exe [1381672 2013-11-05] (O&O Software GmbH -> O&O Software GmbH) S3 SwPrv; H:\WINDOWS\system32\dllhost.exe /Processid:{69B1D026-3D3C-4AA4-A659-1C9DAB51B01D} [5120 2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 UPHClean; H:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows (R) Codename Longhorn DDK provider) [Brak podpisu cyfrowego] S2 SpyEmrgHealth; Brak ImagePath ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 Ambfilt; H:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Microsoft Windows Hardware Compatibility Publisher -> Creative) S3 aswTap; H:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2015-01-02] (AVAST Software a.s. -> The OpenVPN Project) S3 ati2mtag; H:\WINDOWS\System32\DRIVERS\ati2mtag.sys [4477952 2009-09-18] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) S3 CCDECODE; H:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 gfiark; H:\WINDOWS\System32\drivers\gfiark.sys [33616 2012-12-17] (GFI Software (Florida) Inc. -> GFI Software) R0 gfibto; H:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-02-23] (GFI Software Development Ltd. -> GFI Software) R3 IntcAzAudAddService; H:\WINDOWS\System32\drivers\RtkHDAud.sys [5922816 2009-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) R0 kavbootc; H:\WINDOWS\System32\drivers\kavbootc.sys [27240 2017-09-04] (Zhuhai Kingsoft Software Co.,Ltd -> Kingsoft Corporation) R1 KDHacker; h:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [125784 2017-09-04] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) R2 kisknl; H:\WINDOWS\system32\drivers\kisknl.sys [165176 2017-09-04] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) R3 ksapi; H:\WINDOWS\system32\drivers\ksapi.sys [82264 2017-09-04] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) R4 KUsbGuard; H:\program files\kingsoft\kingsoft antivirus\kusbquery.sys [14200 2017-09-04] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) S3 Monfilt; H:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.) S0 MpFilter; H:\WINDOWS\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation -> Microsoft Corporation) S3 NdisIP; H:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) R3 NVHDA; H:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-06-16] (NVIDIA Corporation -> NVIDIA Corporation) S3 P0630VID; H:\WINDOWS\System32\DRIVERS\P0630Vid.sys [67968 2005-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.) S3 pcouffin; H:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2012-08-30] (VSO Software) [Brak podpisu cyfrowego] R3 RTLE8023xp; H:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [142336 2009-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation ) S3 Secdrv; H:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] (Microsoft Windows Publisher -> ) R2 StarOpen; H:\Windows\System32\Drivers\StarOpen.sys [13120 2016-02-21] (Rocket Division Software Ltd -> ) R1 Tcpip; H:\WINDOWS\System32\DRIVERS\tcpip.sys [359040 2015-10-25] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 tifsfilter; H:\WINDOWS\System32\DRIVERS\tifsfilt.sys [39264 2013-10-28] (Acronis, Inc -> Acronis) S3 VClone; H:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [Brak podpisu cyfrowego] R2 WF23880; H:\WINDOWS\System32\drivers\wf88vcap.sys [208851 2004-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Copyright @2000-2006 Leadtek Research Inc.) R2 WF88XBAR; H:\WINDOWS\System32\drivers\WF88XBAR.sys [10324 2004-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Copyright @2000-2006 Leadtek Research Inc.) R3 WFIOCTL; H:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [9446 2005-01-06] (Leadtek Research Inc.) [Brak podpisu cyfrowego] R2 WFTUNE; H:\WINDOWS\System32\drivers\WF88TUNE.sys [34789 2004-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Copyright @2000-2006 Leadtek Research Inc.) R1 ZAM; H:\WINDOWS\System32\drivers\zam32.sys [181496 2016-09-07] (Zemana Ltd. -> Zemana Ltd.) S4 IntelIde; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-03-31 22:49 - 2019-03-31 22:50 - 000017606 _____ H:\Documents and Settings\Fenek\Pulpit\FRST.txt 2019-03-31 22:49 - 2019-03-31 22:49 - 000000000 ____D H:\FRST 2019-03-31 22:48 - 2019-03-31 22:48 - 001793024 _____ (Farbar) H:\Documents and Settings\Fenek\Pulpit\FRST.exe ==================== Jeden miesiąc (zmodyfikowane) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-03-31 22:50 - 2012-05-21 16:32 - 000000000 ____D H:\Documents and Settings\Fenek\Ustawienia lokalne\Temp 2019-03-31 22:49 - 2017-03-03 18:06 - 000027941 _____ H:\WINDOWS\ZAM.krnl.trace 2019-03-31 22:49 - 2012-05-21 16:32 - 000000000 ____D H:\Documents and Settings\Fenek\Pulpit 2019-03-31 22:48 - 2012-05-21 16:32 - 000000000 ____D H:\Documents and Settings\Fenek 2019-03-31 22:45 - 2013-10-17 11:49 - 000025068 _____ H:\WINDOWS\system32\nvAppTimestamps 2019-03-31 22:07 - 2017-09-04 13:19 - 000065536 _____ H:\WINDOWS\system32\config\KAVEventLog.EVT 2019-03-31 22:00 - 2012-05-21 16:31 - 000000006 ____H H:\WINDOWS\Tasks\SA.DAT 2019-03-31 21:59 - 2018-08-14 17:18 - 000011232 ____N H:\WINDOWS\SchedLgU.Txt 2019-03-31 21:59 - 2015-11-24 19:28 - 000065536 _____ H:\WINDOWS\system32\config\OAlerts.evt 2019-03-31 21:59 - 2012-05-21 18:18 - 000000000 ____D H:\Documents and Settings\All Users\Pulpit 2019-03-31 21:59 - 2012-05-21 18:18 - 000000000 ____D H:\Documents and Settings\All Users\Menu Start\Programy 2019-03-31 21:59 - 2012-05-21 16:32 - 000000292 ___SH H:\Documents and Settings\Fenek\ntuser.ini 2019-03-31 21:59 - 2012-05-21 16:32 - 000000000 __RHD H:\Documents and Settings\Fenek\Dane aplikacji 2019-03-31 21:47 - 2001-07-22 03:17 - 000002206 _____ H:\WINDOWS\system32\wpa.dbl ==================== Pliki w katalogu głównym wybranych folderów ======= 2012-06-07 23:10 - 2017-02-27 13:45 - 000087608 _____ () H:\Documents and Settings\Fenek\Dane aplikacji\inst.exe 2012-06-07 23:10 - 2017-02-27 13:45 - 000007887 _____ () H:\Documents and Settings\Fenek\Dane aplikacji\pcouffin.cat 2012-06-07 23:10 - 2017-02-27 13:45 - 000001144 _____ () H:\Documents and Settings\Fenek\Dane aplikacji\pcouffin.inf 2012-06-07 23:10 - 2017-02-27 13:45 - 000047360 _____ (VSO Software) H:\Documents and Settings\Fenek\Dane aplikacji\pcouffin.sys 2012-06-07 23:10 - 2016-11-28 15:00 - 000001189 _____ () H:\Documents and Settings\Fenek\Dane aplikacji\vso_ts_preview.xml 2015-01-07 13:04 - 2015-01-09 10:44 - 000000100 _____ () H:\Documents and Settings\Fenek\Dane aplikacji\WB.CFG 2012-05-22 23:18 - 2018-08-13 23:17 - 000089088 _____ () H:\Documents and Settings\Fenek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) H:\WINDOWS\explorer.exe => Plik podpisany cyfrowo H:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo H:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo H:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo H:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo H:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo H:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo H:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo H:\WINDOWS\system32\dllhost.exe => Plik podpisany cyfrowo H:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================