Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 03-10-2017 01 Uruchomiony przez Ola (administrator) OLA-KOMPUTER (04-10-2017 21:45:11) Uruchomiony z C:\Users\Ola\Downloads Załadowane profile: Ola (Dostępne profile: Ola) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Lenovo) C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE () C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Lenovo) C:\Users\Ola\AppData\Local\Apps\2.0\4GKTXOYQ.0M2\WJAO5VT9.4DL\lsb...tion_2d7b41b05b24775e_0001.0006_3b0a905c8de4f74a\LSB.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-604180192-1442903964-936779649-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd) HKU\S-1-5-21-604180192-1442903964-936779649-1000\...\MountPoints2: {a71904c7-d3fd-11e6-9c2c-60d819bd8a69} - F:\FATE_setup.exe Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-01-05] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4979BC2B-A33E-4C18-B06F-A2F626149D05}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{E7C09974-CEA8-4CF7-893C-7B8F7CF1A288}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{F6D5E820-73A4-4385-B137-19693A47B4AE}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-604180192-1442903964-936779649-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-01] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.pl/?gfe_rd=cr&ei=_XJuWOTZN6_i8AfbrbyICw CHR Profile: C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default [2017-10-04] CHR Extension: (Prezentacje Google) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-01] CHR Extension: (Dokumenty Google) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-01] CHR Extension: (Dysk Google) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-05] CHR Extension: (YouTube) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-05] CHR Extension: (Adobe Acrobat) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13] CHR Extension: (Arkusze Google) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-05] CHR Extension: (Dokumenty Google offline) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-05] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Adblock plus uBlock - Bloker reklam) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2017-09-13] CHR Extension: (Gmail) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-05] CHR Extension: (Chrome Media Router) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-15] CHR HKU\S-1-5-21-604180192-1442903964-936779649-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) R2 connect2hotspot; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [100680 2016-11-29] (Lenovo) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.) S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [711256 2016-11-01] (Lenovo.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23928 2017-08-16] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-01-06] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-01-06] (Disc Soft Ltd) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [119680 2017-03-08] (Future Technology Devices International Ltd.) S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [89792 2017-03-08] (Future Technology Devices International Ltd.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2017-09-27] () R3 ALSysIO; \??\C:\Users\Ola\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA U0 Partizan; system32\drivers\Partizan.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-10-04 21:44 - 2017-10-04 21:44 - 000000000 ____D C:\Users\Ola\Downloads\FRST-OlderVersion 2017-10-02 19:10 - 2017-10-02 19:10 - 000000787 _____ C:\Users\Ola\Desktop\Europa Universalis - Rzym.lnk 2017-10-02 19:10 - 2017-10-02 19:10 - 000000000 ____D C:\Users\Ola\Downloads\europa-universalis-rome 2017-10-02 19:10 - 2017-10-02 19:10 - 000000000 ____D C:\Users\Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paradox Interactive 2017-10-02 16:37 - 2017-10-02 16:37 - 000013931 _____ C:\Users\Ola\Downloads\[torrenty.to] Rolnik szuka żony (2017) [S04E04] [480p] [WEBRip] [x264] [PL] [H1].torrent 2017-10-01 17:15 - 2017-10-01 17:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-10-01 17:15 - 2017-10-01 17:15 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-10-01 17:15 - 2017-10-01 17:15 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-01 17:14 - 2017-10-01 17:14 - 000002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-10-01 17:14 - 2017-10-01 17:14 - 000002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-10-01 17:13 - 2017-10-01 17:13 - 000003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-10-01 17:13 - 2017-10-01 17:13 - 000003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-10-01 17:06 - 2017-10-01 17:06 - 000058143 _____ C:\Users\Ola\Documents\bookmarks_01.10.2017.html 2017-10-01 17:00 - 2017-10-01 17:43 - 000000000 ____D C:\Users\Ola\Desktop\mbar 2017-10-01 17:00 - 2017-10-01 17:15 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-10-01 17:00 - 2017-10-01 17:00 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Ola\Downloads\mbar-1.09.3.1001.exe 2017-10-01 15:08 - 2017-10-01 15:08 - 004593808 _____ C:\Users\Ola\Downloads\STAG_4_QBOX_QNEXT_STAG_300_QMAX_ (1).pdf 2017-10-01 10:57 - 2017-10-01 10:58 - 012109616 _____ C:\Users\Ola\Downloads\europa-universalis-rome.zip 2017-09-30 23:03 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2017-09-30 23:03 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2017-09-30 23:03 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2017-09-30 23:03 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2017-09-30 23:03 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2017-09-30 23:03 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2017-09-30 23:03 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2017-09-30 23:03 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2017-09-30 23:03 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2017-09-30 23:03 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2017-09-30 23:03 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2017-09-30 23:03 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2017-09-30 23:03 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2017-09-30 23:03 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2017-09-30 23:03 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2017-09-30 23:03 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2017-09-30 23:03 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2017-09-30 23:03 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2017-09-30 23:03 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2017-09-30 23:03 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2017-09-30 23:03 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2017-09-30 23:03 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2017-09-30 23:03 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2017-09-30 23:03 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2017-09-30 23:03 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2017-09-30 23:03 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2017-09-30 23:03 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2017-09-30 23:03 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2017-09-30 23:03 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2017-09-30 23:03 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2017-09-30 23:03 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2017-09-30 23:03 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2017-09-30 23:03 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2017-09-30 23:03 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2017-09-30 23:03 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2017-09-30 23:03 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2017-09-30 23:03 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2017-09-30 23:03 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2017-09-30 23:03 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2017-09-30 23:03 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2017-09-30 23:03 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2017-09-30 23:03 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2017-09-30 23:03 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2017-09-30 23:03 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2017-09-30 23:03 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2017-09-30 23:03 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2017-09-30 23:03 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2017-09-30 23:03 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2017-09-30 23:03 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2017-09-30 23:03 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2017-09-30 23:03 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2017-09-30 23:03 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2017-09-30 23:03 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2017-09-30 23:03 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2017-09-30 23:03 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2017-09-30 23:03 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2017-09-30 23:03 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2017-09-30 23:03 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2017-09-30 23:03 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2017-09-30 23:03 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2017-09-30 23:03 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2017-09-30 23:03 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2017-09-30 23:02 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2017-09-30 23:02 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2017-09-30 23:02 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2017-09-30 23:02 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2017-09-30 23:02 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2017-09-30 23:02 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2017-09-30 23:02 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2017-09-30 23:02 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2017-09-30 23:02 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2017-09-30 23:02 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2017-09-30 23:02 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2017-09-30 23:02 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2017-09-30 23:02 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2017-09-30 23:02 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2017-09-30 23:02 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2017-09-30 23:02 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2017-09-30 22:58 - 2017-10-02 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive 2017-09-30 22:44 - 2017-09-30 22:44 - 000000000 ____D C:\Users\Ola\AppData\Roaming\Mount&Blade 2017-09-30 20:56 - 2017-09-30 20:56 - 000031893 _____ C:\Users\Ola\Downloads\Shortcut.txt 2017-09-30 20:53 - 2017-10-04 21:47 - 000013033 _____ C:\Users\Ola\Downloads\FRST.txt 2017-09-30 20:53 - 2017-09-30 20:56 - 000031165 _____ C:\Users\Ola\Downloads\Addition.txt 2017-09-30 20:18 - 2017-09-30 20:18 - 000000000 ____D C:\ProgramData\RegRun 2017-09-30 20:16 - 2017-09-30 20:50 - 000000000 ____D C:\Program Files (x86)\UnHackMe 2017-09-30 20:16 - 2017-09-30 20:34 - 000000000 ____D C:\Users\Ola\Documents\RegRun2 2017-09-30 20:16 - 2017-09-30 20:16 - 000000002 RSHOT C:\Windows\winstart.bat 2017-09-30 20:16 - 2017-09-30 20:16 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT 2017-09-30 20:16 - 2017-09-30 20:16 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2017-09-30 20:15 - 2017-10-04 20:50 - 000002896 _____ C:\Windows\System32\Tasks\AutoKMS 2017-09-30 20:15 - 2017-10-04 20:50 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job 2017-09-30 20:15 - 2017-09-30 20:26 - 000000000 ____D C:\Windows\AutoKMS 2017-09-30 20:11 - 2017-09-30 20:11 - 000000000 ____D C:\Users\Ola\Downloads\unhackmeb 2017-09-30 20:09 - 2017-09-30 20:09 - 018866003 _____ C:\Users\Ola\Downloads\unhackmeb.zip 2017-09-30 17:14 - 2017-10-04 21:45 - 000000000 ____D C:\FRST 2017-09-30 17:11 - 2017-10-04 21:44 - 002399744 _____ (Farbar) C:\Users\Ola\Downloads\FRST64.exe 2017-09-29 19:28 - 2017-09-29 19:30 - 000000000 ____D C:\AdwCleaner 2017-09-29 19:28 - 2017-09-29 19:28 - 008249808 _____ (Malwarebytes) C:\Users\Ola\Downloads\adwcleaner_7.0.3.0.exe 2017-09-26 18:10 - 2017-09-26 18:11 - 000014066 _____ C:\Users\Ola\Downloads\[torrenty.to] Rolnik szuka żony (2017) [S04E03] [480p] [WEBRip] [x264] [Lektor PL] [H1].torrent 2017-09-19 18:48 - 2017-09-19 18:48 - 000013845 _____ C:\Users\Ola\Downloads\[torrenty.to] Rolnik szuka żony -2017- [S04E02] [480p] [WEBRip] [x264-B666] [PL].torrent 2017-09-18 17:44 - 2017-09-18 17:44 - 001856760 _____ C:\Users\Ola\Downloads\DOC180917-18092017083729.pdf 2017-09-13 12:40 - 2017-09-13 12:40 - 000000303 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2017-09-13 12:40 - 2017-09-13 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo 2017-09-09 10:23 - 2017-09-09 10:24 - 000000133 _____ C:\Users\Ola\Desktop\Sweet Dreams Super Simple Songs.url 2017-09-04 12:31 - 2017-09-04 12:31 - 000065832 _____ C:\Users\Ola\Downloads\Z019 (1).pdf 2017-09-04 12:30 - 2017-09-04 12:30 - 000065173 _____ C:\Users\Ola\Downloads\Z019.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-10-04 21:09 - 2009-07-14 06:45 - 000025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-04 21:09 - 2009-07-14 06:45 - 000025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-04 21:02 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-04 21:01 - 2009-07-14 07:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-10-04 11:12 - 2017-01-05 18:11 - 000000000 ____D C:\Users\Ola\AppData\Local\Deployment 2017-10-03 23:33 - 2017-01-06 13:52 - 000000000 ____D C:\Users\Ola\AppData\Roaming\BitComet 2017-10-01 18:58 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache 2017-10-01 17:14 - 2017-01-05 18:11 - 000000000 ____D C:\Program Files (x86)\Google 2017-10-01 16:57 - 2017-09-01 19:14 - 000000000 ____D C:\Users\Ola 2017-10-01 15:01 - 2009-07-14 19:55 - 000739932 _____ C:\Windows\system32\perfh015.dat 2017-10-01 15:01 - 2009-07-14 19:55 - 000155474 _____ C:\Windows\system32\perfc015.dat 2017-10-01 15:01 - 2009-07-14 07:13 - 001668226 _____ C:\Windows\system32\PerfStringBackup.INI 2017-10-01 15:01 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2017-10-01 14:54 - 2017-08-05 18:36 - 000006291 _____ C:\Users\Ola\AppData\Local\AcStag.lyt 2017-10-01 14:54 - 2017-07-07 07:23 - 000003585 _____ C:\Users\Ola\AppData\Local\AcStag.ini 2017-09-30 22:58 - 2017-01-05 21:48 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-09-27 17:59 - 2017-07-05 12:40 - 000031152 _____ C:\Windows\system32\Drivers\pmxdrv.sys 2017-09-20 22:11 - 2017-09-03 08:34 - 000000183 _____ C:\Users\Ola\Desktop\Muzyka dla niemowląt.url 2017-09-15 17:13 - 2017-01-05 20:17 - 000000000 ____D C:\ProgramData\Lenovo 2017-09-13 12:40 - 2017-01-05 20:22 - 000000000 ____D C:\Windows\System32\Tasks\TVT 2017-09-13 12:40 - 2017-01-05 20:17 - 000000000 ____D C:\Program Files (x86)\Lenovo ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-07-09 14:01 - 2014-07-09 14:01 - 000022976 _____ (Intel Corporation) C:\Users\Ola\AppData\Roaming\JomCap.dll 2017-07-07 07:23 - 2017-10-01 14:54 - 000003585 _____ () C:\Users\Ola\AppData\Local\AcStag.ini 2017-08-05 18:36 - 2017-10-01 14:54 - 000006291 _____ () C:\Users\Ola\AppData\Local\AcStag.lyt Niektóre pliki w TEMP: ==================== 2017-04-14 11:05 - 2017-04-14 11:05 - 016312432 _____ () C:\Users\Ola\AppData\Local\Temp\Bit592A.tmp.exe 2017-09-26 18:11 - 2017-09-26 18:11 - 016739360 _____ () C:\Users\Ola\AppData\Local\Temp\Bit5E9.tmp.exe 2017-09-03 20:55 - 2017-09-03 20:55 - 016739360 _____ () C:\Users\Ola\AppData\Local\Temp\Bit678B.tmp.exe 2010-05-13 23:22 - 2010-05-13 23:22 - 000174440 ____R (Microsoft Corporation) C:\Users\Ola\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-10-01 18:49 ==================== Koniec FRST.txt ============================