Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 12-11-2017 03 Uruchomiony przez Labo (administrator) LABO-KOMPUTER (12-11-2017 18:47:20) Uruchomiony z C:\Users\Labo\Desktop\czyszczenie kompa itd\FRST Załadowane profile: Labo (Dostępne profile: Labo) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe (RealNetworks, Inc.) C:\Users\Public\Music\Sample Music\Update\realsched.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-08-29] (COMODO) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-08] (COMODO) HKLM-x32\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [7690936 2017-06-30] (COMODO) HKLM-x32\...\Run: [TkBellExe] => C:\Users\Public\Music\Sample Music\update\realsched.exe [295512 2014-01-01] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4186988172-1173553768-2461565187-1000\...\MountPoints2: I - I:\LaunchU3.exe -a HKU\S-1-5-21-4186988172-1173553768-2461565187-1000\...\MountPoints2: J - J:\LaunchU3.exe -a HKU\S-1-5-21-4186988172-1173553768-2461565187-1000\...\MountPoints2: {8fefa132-9f33-11e4-9b29-7845c409dd9b} - I:\LaunchU3.exe -a HKU\S-1-5-21-4186988172-1173553768-2461565187-1000\...\MountPoints2: {9fc45c5c-6eb6-11e3-8df8-7845c40acf52} - J:\LaunchU3.exe -a ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 194.204.152.34 194.204.159.1 Tcpip\..\Interfaces\{93662B54-26DE-4352-844E-EBBA48BBEDAC}: [DhcpNameServer] 194.204.152.34 194.204.159.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho64.dll [2017-06-30] (COMODO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: lmxhu472.default FF ProfilePath: C:\Users\Labo\AppData\Roaming\Mozilla\Firefox\Profiles\lmxhu472.default [2017-11-10] FF NewTab: Mozilla\Firefox\Profiles\lmxhu472.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lmxhu472.default -> Search Provided by Yahoo FF Homepage: Mozilla\Firefox\Profiles\lmxhu472.default -> hxxps://www.google.pl/?gws_rd=ssl FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Labo\AppData\Roaming\Mozilla\Firefox\Profiles\lmxhu472.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-08] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-01] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Users\Public\Music\Sample Music\Netscape6\nppl3260.dll [2014-01-01] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Users\Public\Music\Sample Music\Netscape6\nprpplugin.dll [2014-01-01] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.pl/ CHR StartupUrls: Default -> "hxxps://www.google.pl/" CHR NewTab: Default -> Not-active:"chrome-extension://ajcmdlkeklfmbjffnlofgfkjcnpfckab/newtab.html" CHR Profile: C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default [2017-11-12] CHR Extension: (Prezentacje) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (BestY NewTab) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajcmdlkeklfmbjffnlofgfkjcnpfckab [2015-11-27] CHR Extension: (Dokumenty) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Dysk Google) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-29] CHR Extension: (Google Search) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Arkusze) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Dokumenty Google offline) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-09] CHR Extension: (RealDownloader) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-05-29] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27] CHR Extension: (Dodatkowe możliwości) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdbniimnbcplmecnonjghlimhojieel [2016-08-12] CHR Extension: (Gmail) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29] CHR Extension: (Chrome Media Router) - C:\Users\Labo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-12] CHR HKLM\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4186988172-1173553768-2461565187-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] Opera: ======= StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501616 2017-08-29] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-08-29] (COMODO) R2 csssrv; C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe [3210936 2017-06-30] (COMODO) R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-08] (COMODO) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [Brak podpisu cyfrowego] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 cmdcss; C:\Windows\system32\drivers\cmdcss.sys [112152 2017-06-30] (COMODO) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-08-08] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [844584 2017-08-08] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-08-08] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [122520 2017-08-08] (COMODO) R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-08-08] (COMODO) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S3 MFE_RR; \??\C:\Users\Labo\AppData\Local\Temp\mfe_rr.sys [X] <==== UWAGA ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-10-20 11:11 - 2017-10-20 11:11 - 005584001 _____ C:\Users\Labo\Downloads\crafter_35i50.pdf 2017-10-20 11:11 - 2017-10-20 11:11 - 005584001 _____ C:\Users\Labo\Downloads\crafter_35i50 (1).pdf 2017-10-20 00:28 - 2017-10-20 00:30 - 071535032 _____ (Malwarebytes ) C:\Users\Labo\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe 2017-10-13 08:22 - 2017-10-13 08:23 - 000000000 ____D C:\Users\Labo\AppData\Roaming\Free Window Registry Repair 2017-10-13 08:21 - 2017-10-13 08:21 - 000000000 ____D C:\Users\Labo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2017-10-13 08:21 - 2017-10-13 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2017-10-13 08:21 - 2017-10-13 08:21 - 000000000 ____D C:\Program Files (x86)\Free Window Registry Repair 2017-10-13 08:17 - 2017-10-13 08:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2017-10-13 08:17 - 2017-10-13 08:17 - 000000000 ____D C:\Program Files (x86)\HD Tune 2017-10-13 07:49 - 2017-10-13 07:49 - 000000000 _____ C:\Windows\system32\sfc.txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-11-12 18:47 - 2017-10-11 07:50 - 000000000 ____D C:\FRST 2017-11-12 18:47 - 2016-09-15 07:04 - 001474832 _____ C:\Windows\system32\Drivers\sfi.dat 2017-11-12 18:43 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2017-11-12 18:17 - 2009-07-14 05:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-12 18:17 - 2009-07-14 05:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-12 18:13 - 2011-03-02 11:29 - 001032946 _____ C:\Windows\system32\perfh015.dat 2017-11-12 18:13 - 2011-03-02 11:29 - 000252210 _____ C:\Windows\system32\perfc015.dat 2017-11-12 18:13 - 2009-07-14 06:13 - 000006508 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-12 18:09 - 2016-09-15 07:00 - 000003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4186988172-1173553768-2461565187-1000 2017-11-12 18:09 - 2016-09-09 07:36 - 000003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4186988172-1173553768-2461565187-1000 2017-11-12 18:08 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-12 11:18 - 2013-05-17 06:42 - 000000000 ____D C:\Users\Labo\Desktop\VBH 2017-11-10 11:15 - 2017-05-06 04:15 - 000000000 ____D C:\Users\Labo\AppData\LocalLow\Mozilla 2017-11-10 01:53 - 2014-11-27 21:31 - 000000000 ____D C:\Users\Labo\Desktop\Daniel 2017-11-07 21:23 - 2015-05-29 16:28 - 000002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-07 21:23 - 2015-05-29 16:28 - 000002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-01 08:05 - 2013-07-10 08:34 - 000000000 ____D C:\Users\Labo\AppData\Local\ElevatedDiagnostics 2017-10-29 09:58 - 2013-05-14 13:20 - 000076192 _____ C:\Users\Labo\Desktop\NADGODZINY.xlsx 2017-10-29 03:48 - 2017-06-12 06:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-29 03:48 - 2013-09-03 05:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-28 07:53 - 2009-07-14 06:08 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-10-27 12:16 - 2017-03-20 08:27 - 000003886 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1489994843 2017-10-27 12:16 - 2017-03-20 08:26 - 000000000 ____D C:\Program Files\Opera 2017-10-26 10:05 - 2017-06-28 14:49 - 000004582 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-10-26 10:05 - 2012-10-19 20:39 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-26 10:05 - 2012-10-19 20:39 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-26 10:05 - 2012-10-19 20:39 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-26 10:05 - 2012-10-19 20:39 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-26 10:05 - 2012-10-19 20:39 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-21 12:59 - 2016-09-15 11:29 - 000263530 _____ C:\Windows\system32\Drivers\fvstore.dat 2017-10-21 04:38 - 2016-09-15 08:20 - 000000000 ____D C:\Users\Labo\Desktop\czyszczenie kompa itd 2017-10-20 23:49 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF 2017-10-20 00:45 - 2017-10-03 08:04 - 000000000 ____D C:\Program Files\Malwarebytes 2017-10-20 00:45 - 2016-09-09 07:04 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-18 22:46 - 2015-07-11 23:42 - 000000000 ____D C:\Users\Labo\Desktop\jakob 2017-10-17 01:52 - 2015-11-16 22:27 - 000000000 ____D C:\Users\Labo\AppData\Roaming\Anki2 2017-10-17 01:49 - 2015-11-16 22:02 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk 2017-10-13 11:21 - 2016-12-09 02:01 - 000022603 _____ C:\Users\Labo\Desktop\Zmiany rok 2017.xlsx ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-12-19 05:35 - 2016-09-07 23:40 - 000000528 _____ () C:\Users\Labo\AppData\Roaming\WB.CFG 2016-09-09 07:45 - 2016-09-09 07:46 - 000007858 _____ () C:\Users\Labo\AppData\Local\CleanupUninstall.txt 2017-03-27 04:53 - 2017-03-27 04:53 - 000007605 _____ () C:\Users\Labo\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-11-09 00:37 ==================== Koniec FRST.txt ============================