Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 07.02.2018 01 Uruchomiony przez janm (administrator) LAPTOP-JANM (08-02-2018 09:21:37) Uruchomiony z C:\Users\janm.dom\Downloads Załadowane profile: defaultuser0 & JanM & janm & da_janm & MSSQL$TEST & (Dostępne profile: defaultuser0 & JanM & janm & da_janm & MSSQL$TEST) Platform: Windows 10 Pro Wersja 1709 16299.192 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ESET) C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Microsoft) C:\Program Files\Softland\novaPDF 9\Server\novapdfs.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.TEST\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\IntelCpHeciSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Azure Recovery Services Agent\bin\OBRecoveryServicesManagementAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Azure Recovery Services Agent\bin\cbengine.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ESET) C:\Program Files\ESET\ESET Endpoint Security\egui.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120836.inf_amd64_ccaf7e7e1e972b78\igfxEM.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Nektra S.A.) C:\Program Files (x86)\Simple Sp. z o.o\CRM\launcher.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Spotify Ltd) C:\Users\janm.dom\AppData\Roaming\Spotify\Spotify.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Spotify Ltd) C:\Users\janm.dom\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\janm.dom\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\janm.dom\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\janm.dom\AppData\Roaming\Spotify\Spotify.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Users\janm.dom\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation) C:\Users\janm.dom\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation) C:\Users\janm.dom\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation) C:\Users\janm.dom\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation) C:\Users\janm.dom\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1712.3351.0_x64__8wekyb3d8bbwe\Calculator.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-07] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [OEAPI] => C:\Program Files (x86)\Simple Sp. z o.o\CRM\launcher.exe [69632 2007-06-26] (Nektra S.A.) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKU\S-1-5-21-4097414500-3318791038-2806143569-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) HKU\S-1-5-21-4097414500-3318791038-2806143569-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23778992 2018-02-06] (Microsoft Corporation) HKU\S-1-5-21-4097414500-3318791038-2806143569-1001\...\Run: [Spotify Web Helper] => C:\Users\JanM\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-30] (Spotify Ltd) HKU\S-1-5-21-4097414500-3318791038-2806143569-1001\...\Run: [Spotify] => C:\Users\JanM\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-30] (Spotify Ltd) HKU\S-1-5-21-4097414500-3318791038-2806143569-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) HKU\S-1-5-21-561302537-2371562129-3018458699-1665\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23778992 2018-02-06] (Microsoft Corporation) HKU\S-1-5-21-561302537-2371562129-3018458699-1665\...\Run: [Spotify Web Helper] => C:\Users\janm.dom\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-01-30] (Spotify Ltd) HKU\S-1-5-21-561302537-2371562129-3018458699-1665\...\MountPoints2: {acb43f29-0d34-11e7-ad06-183da2e490a2} - "E:\Lenovo_Suite.exe" HKU\S-1-5-21-561302537-2371562129-3018458699-1668\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) HKU\S-1-5-80-1154474632-3252713351-422293269-2314206600-2954882910\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) HKU\S-1-5-80-2408335982-318821711-611095156-4047941426-2664505300\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) HKU\S-1-5-80-2855241259-914520108-344085408-878068078-1633458626\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) HKU\S-1-5-80-2909360683-993700205-2603473673-144821520-3220573649\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) HKU\S-1-5-80-3794401387-2181061858-3367874983-108955344-722516548\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) HKU\S-1-5-80-3845590347-2542187841-2496047690-3888782948-381783706\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) HKU\S-1-5-80-813931961-1208158019-2848320512-1346124292-1829261956\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation) Startup: C:\Users\JanM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk [2016-12-29] ShortcutTarget: Wysyłanie do programu OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\janm.dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk [2018-01-24] ShortcutTarget: Wysyłanie do programu OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 192.168.0.95 fsctx300 Tcpip\..\Interfaces\{04ec139a-eeff-4701-ab04-524722554fa8}: [NameServer] 192.168.0.151,8.8.8.8 Tcpip\..\Interfaces\{5796c418-4d3c-4dea-bad5-9de5f188f3e9}: [DhcpNameServer] 62.179.1.62 62.179.1.63 Internet Explorer: ================== HKU\S-1-5-21-561302537-2371562129-3018458699-1665\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-06] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-02-06] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-02-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-05] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-05] (Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-06] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: asjp0nuf.default FF ProfilePath: C:\Users\janm.dom\AppData\Roaming\Mozilla\Firefox\Profiles\asjp0nuf.default [2018-02-08] FF Homepage: Mozilla\Firefox\Profiles\asjp0nuf.default -> hxxps://domstationeryspzoo.sharepoint.com/_layouts/15/sharepoint.aspx FF Extension: (Grammarly for Firefox) - C:\Users\janm.dom\AppData\Roaming\Mozilla\Firefox\Profiles\asjp0nuf.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-02-03] FF Extension: (Translate Now) - C:\Users\janm.dom\AppData\Roaming\Mozilla\Firefox\Profiles\asjp0nuf.default\Extensions\@translatenow.xpi [2017-12-04] FF Extension: (FireGestures) - C:\Users\janm.dom\AppData\Roaming\Mozilla\Firefox\Profiles\asjp0nuf.default\Extensions\firegestures@xuldev.org.xpi [2017-06-12] [Przestarzałe] FF Extension: (MinimizeToTray revived (MinTrayR)) - C:\Users\janm.dom\AppData\Roaming\Mozilla\Firefox\Profiles\asjp0nuf.default\Extensions\mintrayr@tn123.ath.cx [2016-12-30] [Przestarzałe] FF Extension: (Gesturefy) - C:\Users\janm.dom\AppData\Roaming\Mozilla\Firefox\Profiles\asjp0nuf.default\Extensions\{506e023c-7f2b-40a3-8066-bc5deb40aebe}.xpi [2018-01-31] FF Extension: (Adblock Plus) - C:\Users\janm.dom\AppData\Roaming\Mozilla\Firefox\Profiles\asjp0nuf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13] FF Extension: (DownThemAll!) - C:\Users\janm.dom\AppData\Roaming\Mozilla\Firefox\Profiles\asjp0nuf.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-07-28] [Przestarzałe] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] () FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2015-10-22] () FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2015-10-22] (Unauthorized copy) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-05] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-22] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2016-06-27] () FF Plugin HKU\S-1-5-21-561302537-2371562129-3018458699-1665: SkypeForBusinessPlugin-15.8 -> C:\Users\janm.dom\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-561302537-2371562129-3018458699-1665: SkypeForBusinessPlugin64-15.8 -> C:\Users\janm.dom\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default [2018-02-02] CHR Extension: (Brak nazwy) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18] CHR Extension: (Brak nazwy) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18] CHR Extension: (Brak nazwy) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-24] CHR Extension: (Brak nazwy) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-24] CHR Extension: (Brak nazwy) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18] CHR Extension: (Brak nazwy) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-24] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Brak nazwy) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-24] CHR Extension: (Chrome Media Router) - C:\Users\janm.dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15] CHR HKU\S-1-5-21-561302537-2371562129-3018458699-1665\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968432 2018-01-30] (Microsoft Corporation) S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Security\ehttpsrv.exe [51872 2016-05-24] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe [1648224 2016-05-24] (ESET) R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1708192 2016-07-01] (ESET) S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Security\eshasrv.exe [193696 2016-05-24] (ESET) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation) S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [23040 2016-03-04] () [Brak podpisu cyfrowego] R2 MSSQL$TEST; c:\Program Files\Microsoft SQL Server\MSSQL11.TEST\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] () S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [Brak podpisu cyfrowego] R2 NovaPdf9Server; C:\Program Files\Softland\novaPDF 9\Server\novapdfs.exe [56248 2017-12-13] (Microsoft) R3 obengine; C:\Program Files\Microsoft Azure Recovery Services Agent\bin\cbengine.exe [23752 2017-09-01] (Microsoft Corporation) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [Brak podpisu cyfrowego] R2 RecoveryServicesManagementAgent; C:\Program Files\Microsoft Azure Recovery Services Agent\bin\OBRecoveryServicesManagementAgent.exe [28360 2017-09-01] (Microsoft Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-07] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation) S4 SQLAgent$TEST; c:\Program Files\Microsoft SQL Server\MSSQL11.TEST\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ACSSCR; C:\WINDOWS\system32\DRIVERS\a38usb.sys [77832 2016-11-28] (Advanced Card Systems Ltd.) S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-29] (Advanced Micro Devices, Inc.) S3 dcdbas; C:\WINDOWS\System32\drivers\dcdbas64.sys [38472 2011-02-02] (Dell Inc.) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [264864 2016-05-23] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196768 2016-05-23] (ESET) R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [215720 2016-05-23] (ESET) R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [61096 2016-05-23] (ESET) R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [84640 2016-05-23] (ESET) S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation) R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation) S3 unisofthid; C:\WINDOWS\System32\drivers\unisofthid.sys [19456 2012-03-19] (Windows (R) Win 7 DDK provider) R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-07-17] (Oracle Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-08 09:21 - 2018-02-08 09:21 - 000025351 _____ C:\Users\janm.dom\Downloads\FRST.txt 2018-02-08 09:21 - 2018-02-08 09:21 - 000000000 ____D C:\FRST 2018-02-08 09:18 - 2018-02-08 09:18 - 002402304 _____ (Farbar) C:\Users\janm.dom\Downloads\FRST64.exe 2018-02-08 09:11 - 2018-02-08 09:11 - 014178840 _____ (Malwarebytes Corp.) C:\Users\janm.dom\Downloads\mbar-1.10.3.1001.exe 2018-02-08 09:10 - 2018-02-08 09:11 - 004944584 _____ (AO Kaspersky Lab) C:\Users\janm.dom\Downloads\tdsskiller.exe 2018-02-08 08:17 - 2018-02-08 08:17 - 000478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\E6134795.sys 2018-02-08 08:17 - 2018-02-08 08:17 - 000085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\74934924.sys 2018-02-08 08:15 - 2018-02-08 08:16 - 141561128 _____ (Kaspersky Lab ZAO) C:\Users\janm.dom\Downloads\KVRT(1).exe 2018-02-08 07:29 - 2018-02-08 07:29 - 000000000 ___HD C:\OneDriveTemp 2018-02-07 10:21 - 2018-02-07 10:22 - 000000170 _____ C:\Users\janm.dom\Desktop\Nowy dokument tekstowy.txt 2018-02-06 10:36 - 2018-02-06 10:37 - 000001514 _____ C:\Users\janm.dom\Desktop\handel (pliki).lnk 2018-02-06 10:08 - 2018-02-07 08:28 - 000176348 _____ C:\Users\janm.dom\Desktop\Abis - lista produktów.xlsx 2018-02-06 10:08 - 2018-02-06 10:07 - 000187963 _____ C:\Users\janm.dom\Documents\Abis - lista produktów.xlsx 2018-02-05 14:05 - 2018-02-05 14:05 - 000185976 _____ C:\Users\janm.dom\Desktop\faktura_wnetrze_zrobiona_inna.psr 2018-02-05 14:04 - 2018-02-05 15:04 - 000107008 _____ C:\Users\janm.dom\Desktop\faktura_wnetrze.psr 2018-02-05 14:04 - 2018-02-05 14:04 - 000189262 _____ C:\Users\janm.dom\Desktop\korekta_wnetrze.psr 2018-02-03 21:05 - 2018-02-03 21:28 - 000030763 _____ C:\Users\janm.dom\Desktop\FCC.xlsx 2018-02-02 10:30 - 2018-02-02 10:30 - 000442503 _____ C:\Users\janm.dom\Downloads\OnlinePayment-terms-and-conditions(2).pdf 2018-02-02 10:27 - 2018-02-02 10:27 - 000442503 _____ C:\Users\janm.dom\Downloads\OnlinePayment-terms-and-conditions.pdf 2018-02-02 10:27 - 2018-02-02 10:27 - 000442503 _____ C:\Users\janm.dom\Downloads\OnlinePayment-terms-and-conditions(1).pdf 2018-02-02 09:03 - 2018-02-02 09:03 - 000000000 ____D C:\RecordDownload 2018-02-02 08:55 - 2018-02-02 08:55 - 001181616 _____ C:\Users\janm.dom\Downloads\webplugin(2).exe 2018-02-02 08:54 - 2018-02-02 08:54 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlugin 2018-02-02 08:54 - 2018-02-02 08:54 - 000000000 ____D C:\Program Files (x86)\webrec 2018-02-02 08:51 - 2018-02-02 08:51 - 001181616 _____ C:\Users\janm.dom\Downloads\webplugin(1).exe 2018-02-02 08:50 - 2018-02-02 08:50 - 001181616 _____ C:\Users\janm.dom\Downloads\webplugin.exe 2018-02-02 08:01 - 2018-02-02 09:11 - 000000102 _____ C:\Users\janm.dom\Desktop\Gurgul.txt 2018-02-01 23:00 - 2018-02-01 23:00 - 000103300 _____ C:\Users\janm.dom\Downloads\MTSummary_Raport śledzenia wiadomości 1.02.2018, 124243_a7b90eaf-0d36-4b1f-ad40-7ed178994c29.txt 2018-02-01 22:51 - 2018-02-01 22:51 - 000177506 _____ C:\Users\janm.dom\Downloads\polaroids.1.41.zip 2018-02-01 07:39 - 2018-02-01 07:39 - 000000000 ____D C:\Users\janm.dom\AppData\Local\Notepad++ 2018-01-31 21:26 - 2018-02-08 08:17 - 000006362 _____ C:\WINDOWS\ntbtlog.txt 2018-01-31 21:13 - 2018-01-31 21:14 - 000000000 ____D C:\NPE 2018-01-31 20:56 - 2018-01-31 21:17 - 000000000 ____D C:\Users\janm.dom\AppData\Local\NPE 2018-01-31 20:56 - 2018-01-31 20:56 - 000000000 ____D C:\ProgramData\Norton 2018-01-31 20:42 - 2018-01-31 20:43 - 009494240 _____ (Symantec Corporation) C:\Users\janm.dom\Downloads\NPE.exe 2018-01-31 20:14 - 2018-01-31 20:14 - 000000000 ____D C:\ProgramData\Dbg 2018-01-31 19:52 - 2018-01-31 20:56 - 000000000 ____D C:\KVRT_Data 2018-01-31 19:51 - 2018-01-31 19:52 - 140307240 _____ (Kaspersky Lab ZAO) C:\Users\janm.dom\Downloads\KVRT.exe 2018-01-31 18:57 - 2018-02-01 13:15 - 000000000 ____D C:\WINDOWS\Minidump 2018-01-31 16:46 - 2018-01-31 16:46 - 000000000 _____ C:\Users\janm.dom\Desktop\czy jeden dostawca, czy jedno zamowienie to jeden plik excela, czy zawsze jest euto.txt 2018-01-31 12:05 - 2018-01-31 12:06 - 000000033 _____ C:\Users\janm.dom\Desktop\lekarz.txt 2018-01-31 08:58 - 2018-01-31 08:58 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\CDB564A37286452887A1961345C33252_new 2018-01-31 08:54 - 2018-01-31 08:58 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\CDB564A37286452887A1961345C33252 2018-01-31 08:03 - 2018-01-31 08:03 - 026885872 _____ C:\Users\janm.dom\Downloads\TeamViewerPortable.zip 2018-01-30 08:37 - 2018-01-30 08:37 - 000020709 _____ C:\Users\janm.dom\Downloads\krs.pdf 2018-01-30 07:00 - 2018-01-30 07:00 - 000003564 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-dom-janm 2018-01-29 15:28 - 2018-01-29 15:28 - 000000000 ____D C:\Users\janm.dom\Downloads\dom 2018-01-29 15:15 - 2018-01-29 15:16 - 004012130 _____ C:\Users\janm.dom\Downloads\dom.zip 2018-01-29 07:24 - 2018-01-29 07:25 - 106657942 _____ C:\Users\janm.dom\Downloads\SCA-Oferta_Sezon_Szkola2018.zip 2018-01-25 09:09 - 2018-01-31 08:16 - 000000687 _____ C:\Users\janm.dom\Desktop\Lista .txt 2018-01-24 13:39 - 2018-01-24 13:39 - 000000165 ____H C:\Users\janm.dom\Desktop\~$Zestawienie VPN.xlsx 2018-01-24 13:25 - 2018-01-24 13:25 - 026554784 _____ (Microsoft Corporation) C:\Users\janm.dom\Downloads\AccessDatabaseEngine.exe 2018-01-24 13:15 - 2018-01-24 13:15 - 028631968 _____ (Microsoft Corporation) C:\Users\janm.dom\Downloads\AccessDatabaseEngine_X64.exe 2018-01-24 10:21 - 2018-01-24 13:06 - 000279692 _____ C:\Users\janm.dom\Desktop\wms.psp 2018-01-24 08:39 - 2018-01-24 08:39 - 000000000 _____ C:\Users\janm.dom\Desktop\Paragony znaczniki.txt 2018-01-23 08:36 - 2018-02-01 11:25 - 000011440 _____ C:\Users\janm.dom\Desktop\Zestawienie VPN.xlsx 2018-01-18 14:02 - 2018-01-18 14:03 - 000000071 _____ C:\Users\janm.dom\Desktop\ping_fsctx.bat 2018-01-16 09:36 - 2018-01-16 09:36 - 000000000 ____D C:\Users\janm.dom\Downloads\aa 2018-01-16 09:35 - 2017-07-28 16:10 - 006364160 _____ C:\Users\janm.dom\Downloads\ID Pair.exe 2018-01-16 09:35 - 2017-07-18 11:30 - 000000000 ____D C:\Users\janm.dom\Downloads\Multi-link_Technology 2018-01-16 09:34 - 2018-01-16 09:35 - 007345705 _____ C:\Users\janm.dom\Downloads\GXIDPair_20170728A.RAR 2018-01-16 08:02 - 2018-01-16 08:02 - 007906720 _____ (Tim Kosse) C:\Users\janm.dom\Downloads\FileZilla_3.30.0_win64-setup.exe 2018-01-09 14:11 - 2018-01-09 14:11 - 000000000 ____D C:\Users\janm.dom\Desktop\CRM ustawienia dla faktur ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-02-08 09:14 - 2016-12-30 09:44 - 000000136 _____ C:\WINDOWS\system32\config\netlogon.ftl 2018-02-08 09:12 - 2017-06-19 14:26 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\Acrylic Wi-Fi Home 2018-02-08 09:12 - 2017-06-19 14:26 - 000000000 ____D C:\Program Files\Acrylic Wi-Fi Home 2018-02-08 08:55 - 2016-12-30 10:09 - 000000000 ____D C:\Users\janm.dom\AppData\LocalLow\Mozilla 2018-02-08 08:54 - 2017-10-18 08:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-02-08 07:57 - 2017-01-09 14:57 - 000322170 _____ C:\Users\janm.dom\AppData\Roaming\registryFileStorage_userA.cfg 2018-02-08 07:34 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-02-08 07:29 - 2017-11-14 10:36 - 000000000 ___RD C:\Users\janm.dom\dom Stationery Sp. z o.o 2018-02-08 07:29 - 2017-06-29 13:01 - 000000000 ____D C:\Users\janm.dom\AppData\Local\Spotify 2018-02-08 07:29 - 2017-06-29 12:59 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\Spotify 2018-02-08 07:29 - 2017-01-09 14:57 - 000322170 _____ C:\Users\janm.dom\AppData\Roaming\registryFileStorage_userB.cfg 2018-02-08 07:29 - 2016-12-30 10:27 - 000000000 __RDL C:\Users\janm.dom\OneDrive - dom Stationery Sp. z o.o 2018-02-08 07:29 - 2016-12-29 18:15 - 000000000 __SHD C:\Users\JanM\IntelGraphicsProfiles 2018-02-08 07:26 - 2017-01-24 09:03 - 000002314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-07 13:56 - 2017-10-18 08:45 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF73E026-68E2-412A-941F-48175018D002} 2018-02-07 13:17 - 2017-06-27 09:48 - 000000000 ____D C:\Users\janm.dom\Desktop\Skrypty SQL 2018-02-07 11:19 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-02-07 08:37 - 2016-12-30 10:13 - 000002292 ____H C:\Users\janm.dom\Documents\Default.rdp 2018-02-07 08:30 - 2017-10-18 08:37 - 000000000 ____D C:\Users\janm.dom\AppData\Local\Packages 2018-02-07 08:01 - 2016-12-29 09:39 - 000000000 ____D C:\Users\janm.dom\Desktop\dom 2018-02-07 07:50 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-02-07 07:48 - 2016-12-29 10:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-02-07 07:35 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-02-07 07:31 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-02-07 07:31 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-02-05 14:00 - 2016-12-30 10:10 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\SIMPLEERP610 2018-02-05 12:12 - 2017-11-07 11:41 - 000000000 ____D C:\Users\janm.dom\Desktop\WMS 2018-02-05 10:10 - 2017-06-05 09:53 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\obs-studio 2018-02-05 08:40 - 2016-12-29 11:25 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2018-02-05 08:40 - 2016-12-29 11:25 - 000000000 ____D C:\ProgramData\Oracle 2018-02-05 08:40 - 2016-12-29 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-02-05 08:40 - 2016-12-29 11:25 - 000000000 ____D C:\Program Files (x86)\Java 2018-02-05 07:30 - 2016-12-29 09:50 - 000106503 _____ C:\Users\janm.dom\Desktop\RCP - sprawdzenie czasu.xlsx 2018-02-03 21:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2018-02-02 12:28 - 2018-01-02 07:40 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation 2018-02-02 12:19 - 2016-12-29 14:42 - 000000000 ____D C:\Users\janm.dom\Documents\Odebrane pliki 2018-02-02 07:36 - 2017-04-21 09:35 - 000000000 ____D C:\Users\janm.dom\Desktop\drukarki 2018-02-01 11:39 - 2017-07-27 12:23 - 003077632 _____ C:\Users\janm.dom\Desktop\RYCZAŁT2018.xls 2018-02-01 10:27 - 2017-10-18 08:36 - 000000000 ____D C:\Users\janm.dom 2018-02-01 07:38 - 2017-01-03 11:02 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\Notepad++ 2018-01-31 21:18 - 2017-10-18 08:44 - 003447328 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-01-31 21:18 - 2017-09-30 15:31 - 001598800 _____ C:\WINDOWS\system32\perfh015.dat 2018-01-31 21:18 - 2017-09-30 15:31 - 000400022 _____ C:\WINDOWS\system32\perfc015.dat 2018-01-31 21:13 - 2017-10-18 08:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-01-31 21:13 - 2017-09-29 09:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-01-31 20:12 - 2017-10-31 09:04 - 000000000 ____D C:\Users\janm.dom\AppData\Local\PlaceholderTileLogoFolder 2018-01-31 18:57 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-01-31 18:57 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF 2018-01-31 18:57 - 2016-12-29 09:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-01-31 18:57 - 2016-12-29 09:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-01-31 14:50 - 2016-12-29 12:23 - 000000000 ____D C:\Users\janm.dom\Documents\Visual Studio 2015 2018-01-31 14:21 - 2017-01-13 08:47 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\FileZilla 2018-01-31 08:03 - 2017-06-21 10:31 - 000000000 ____D C:\Users\janm.dom\Downloads\TeamViewerPortable 2018-01-30 17:50 - 2016-12-29 09:25 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-01-29 07:09 - 2017-10-18 08:45 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-561302537-2371562129-3018458699-1665 2018-01-29 07:09 - 2016-12-30 09:55 - 000002444 _____ C:\Users\janm.dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-01-29 07:09 - 2016-12-30 09:55 - 000000000 ___RD C:\Users\janm.dom\OneDrive 2018-01-26 14:32 - 2017-05-24 12:11 - 000000000 ____D C:\Users\janm.dom\Desktop\wydruki z Simple 2018-01-26 13:24 - 2016-12-30 10:57 - 000000000 ____D C:\Users\janm.dom\AppData\Local\CrashDumps 2018-01-26 11:23 - 2017-06-05 09:59 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\vlc 2018-01-25 08:31 - 2017-04-03 14:12 - 000000000 ____D C:\Users\janm.dom\JPK 2018-01-24 13:42 - 2017-10-18 08:36 - 000000000 ____D C:\Users\MSSQL$TEST 2018-01-24 13:26 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-01-24 13:26 - 2016-12-29 12:38 - 000000000 ____D C:\Program Files\Microsoft Office 2018-01-24 13:16 - 2017-01-11 08:19 - 000000000 ____D C:\Program Files (x86)\MSECache 2018-01-23 14:09 - 2017-05-19 07:52 - 000000000 ____D C:\Users\janm.dom\AppData\Local\SIMPLEERP610 2018-01-23 13:28 - 2017-08-28 11:34 - 000000000 ____D C:\Users\janm.dom\Desktop\kalkulacje 2018-01-22 19:09 - 2017-09-19 07:29 - 000000000 ____D C:\Users\janm.dom\Desktop\urlopy - testy wczytywania 2018-01-18 08:49 - 2016-12-29 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2018-01-18 08:49 - 2016-12-29 11:30 - 000000000 ____D C:\Program Files\FileZilla FTP Client 2018-01-16 11:56 - 2016-12-29 09:41 - 000000000 ____D C:\Users\janm.dom\Desktop\serwery 2018-01-15 09:37 - 2018-01-02 10:36 - 000187732 _____ C:\Users\janm.dom\Documents\DataWindow.pdf 2018-01-11 08:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache 2018-01-10 14:51 - 2016-12-29 12:30 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-01-10 14:47 - 2017-10-11 06:03 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-01-10 14:47 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-01-10 14:47 - 2016-12-29 12:30 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-01-10 09:28 - 2017-01-02 15:03 - 000000000 ____D C:\Users\janm.dom\AppData\Roaming\TeamViewer 2018-01-10 07:45 - 2017-04-05 09:28 - 000000000 ____D C:\Users\janm.dom\Desktop\strony 2018-01-09 14:15 - 2017-10-24 09:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits) 2018-01-09 14:14 - 2017-06-05 12:05 - 000000000 ____D C:\Program Files (x86)\Anvsoft ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-02-08 08:48 - 2017-02-08 08:48 - 000021368 _____ (Schneider Electric) C:\Users\janm.dom\en_res.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 000021368 _____ (Schneider Electric) C:\Users\janm.dom\es_res.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 000021880 _____ (Schneider Electric) C:\Users\janm.dom\fr_res.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 000021880 _____ (Schneider Electric) C:\Users\janm.dom\grm_res.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 000021368 _____ (Schneider Electric) C:\Users\janm.dom\it_res.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 000020344 _____ (Schneider Electric) C:\Users\janm.dom\jp_res.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 001079808 _____ (Microsoft Corporation) C:\Users\janm.dom\mfc80u.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 000626688 _____ (Microsoft Corporation) C:\Users\janm.dom\msvcr80.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 013923704 _____ (Schneider Electric) C:\Users\janm.dom\PCPE Setup.exe 2017-02-08 11:06 - 2017-02-08 08:48 - 015922552 _____ (Schneider Electric) C:\Users\janm.dom\PCPEInstaller.exe 2017-02-08 08:48 - 2017-02-08 08:48 - 000021368 _____ (Schneider Electric) C:\Users\janm.dom\pt_res.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 000018808 _____ () C:\Users\janm.dom\ResourceReader.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 000020856 _____ (Schneider Electric) C:\Users\janm.dom\ru_res.dll 2017-02-08 08:48 - 2017-02-08 08:48 - 000019832 _____ (Schneider Electric) C:\Users\janm.dom\zh_res.dll 2017-06-27 09:30 - 2017-06-27 09:30 - 000000116 _____ () C:\Users\janm.dom\AppData\Roaming\3oy403ot.tqw.vbs 2017-06-27 09:30 - 2017-06-27 09:30 - 000000057 _____ () C:\Users\janm.dom\AppData\Roaming\4iuvjcgk.ecm.url 2017-02-07 15:13 - 2017-02-07 15:13 - 000000116 _____ () C:\Users\janm.dom\AppData\Roaming\ccvsckgj.gzi.vbs 2017-02-16 11:35 - 2017-02-16 11:35 - 000000116 _____ () C:\Users\janm.dom\AppData\Roaming\dnytwwvf.3e3.vbs 2017-02-16 11:35 - 2017-02-16 11:35 - 000000071 _____ () C:\Users\janm.dom\AppData\Roaming\iac4kztb.fye.url 2017-04-03 08:36 - 2017-05-25 08:30 - 000000019 _____ () C:\Users\janm.dom\AppData\Roaming\kar_prod_setup.ini 2017-10-30 07:32 - 2017-10-30 07:32 - 000000116 _____ () C:\Users\janm.dom\AppData\Roaming\orq24uer.a45.vbs 2017-01-09 14:57 - 2018-02-08 07:57 - 000322170 _____ () C:\Users\janm.dom\AppData\Roaming\registryFileStorage_userA.cfg 2017-01-09 14:57 - 2018-02-08 07:29 - 000322170 _____ () C:\Users\janm.dom\AppData\Roaming\registryFileStorage_userB.cfg 2017-03-17 10:36 - 2017-03-17 10:36 - 000000071 _____ () C:\Users\janm.dom\AppData\Roaming\viu3oylp.rjj.url 2017-02-07 15:13 - 2017-02-07 15:13 - 000000071 _____ () C:\Users\janm.dom\AppData\Roaming\wo4veorc.b2g.url 2017-03-17 10:36 - 2017-03-17 10:36 - 000000116 _____ () C:\Users\janm.dom\AppData\Roaming\xeyb3v51.df0.vbs 2017-10-30 07:32 - 2017-10-30 07:32 - 000000057 _____ () C:\Users\janm.dom\AppData\Roaming\zjtefyof.s1n.url 2017-01-09 10:56 - 2017-04-18 13:47 - 000000600 _____ () C:\Users\janm.dom\AppData\Local\PUTTY.RND 2017-07-05 06:22 - 2017-07-05 06:22 - 000000218 _____ () C:\Users\janm.dom\AppData\Local\recently-used.xbel Niektóre pliki w TEMP: ==================== 2018-02-05 08:39 - 2018-02-05 08:39 - 001864256 _____ (Oracle Corporation) C:\Users\janm.dom\AppData\Local\Temp\jre-8u161-windows-au.exe 2018-02-01 07:38 - 2018-02-01 07:38 - 004167312 _____ (Don HO don.h@free.fr) C:\Users\janm.dom\AppData\Local\Temp\npp.7.5.4.Installer.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-01-29 07:59 ==================== Koniec FRST.txt ============================