Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 29-10-2019 Uruchomiony przez Sekretariat (administrator) WPPZ-LUBONS (MSI MS-7816) (30-10-2019 10:23:44) Uruchomiony z C:\Users\Sekretariat\Desktop Załadowane profile: Sekretariat (Dostępne profile: Sekretariat) Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska) Domyślna przeglądarka: Chrome Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel CASE -> ) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel CASE -> Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Opero sp. z o.o. -> IT System sp. z o.o.) [Brak podpisu cyfrowego] C:\Program Files (x86)\Xopero\Opero.Client.ClientService.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel CASE -> Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle America, Inc. -> Oracle Corporation) HKLM\...\RunOnce: [ASYNCMAC] => C:\Windows\INF\netrasa.inf [25220 2014-11-21] (Microsoft Windows -> ) HKU\S-1-5-21-3869469449-3362611002-3826677493-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-21-3869469449-3362611002-3826677493-1001\...\Run: [PIT Projekt] => C:\Program Files (x86)\PIT-Y.pl 2019\PIT-Y.exe [1596416 2019-02-26] (PIT-Y.pl) [Brak podpisu cyfrowego] HKU\S-1-5-21-3869469449-3362611002-3826677493-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-11-21] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-23] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level ==================== Zaplanowane zadania (filtrowane) ============ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {7BC3D911-DCE6-48D6-8D24-B9AE63EFBD17} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\SymErr.exe [92288 2017-10-25] (Symantec Corporation -> Symantec Corporation) Task: {8B77FC71-080E-495E-AE96-B6EEEF275E3B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) Task: {E1C635DE-EE07-4132-BB15-D46473561968} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\SymErr.exe [92288 2017-10-25] (Symantec Corporation -> Symantec Corporation) Task: {F0657C25-B93D-4A44-8B69-22599C2FC15E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 208.91.112.53 Tcpip\..\Interfaces\{D9A7BD58-18F0-4B5D-AE4E-9D9A2F4F1628}: [DhcpNameServer] 1.1.1.1 208.91.112.53 Internet Explorer: ================== HKU\S-1-5-21-3869469449-3362611002-3826677493-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?PC=UF01 BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-02] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-02] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-02] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-02] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-01-26] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.google.pl/" CHR Profile: C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default [2019-10-30] CHR Extension: (Prezentacje) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-20] CHR Extension: (Dokumenty) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20] CHR Extension: (Dysk Google) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-25] CHR Extension: (YouTube) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-25] CHR Extension: (Google Search) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-25] CHR Extension: (Adobe Acrobat) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-01] CHR Extension: (Arkusze) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20] CHR Extension: (Dokumenty Google offline) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-09] CHR Extension: (Gmail) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24] CHR Extension: (Chrome Media Router) - C:\Users\Sekretariat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-23] CHR HKU\S-1-5-21-3869469449-3362611002-3826677493-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324568 2014-06-24] (Intel Corporation - pGFX -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] (Intel CASE -> ) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe [157976 2017-10-25] (Symantec Corporation -> Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe [378088 2017-10-25] (Symantec Corporation -> Symantec Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 Xopero_backupagent; C:\Program Files (x86)\Xopero\Opero.Client.ClientService.exe [16720 2016-05-20] (Opero sp. z o.o. -> IT System sp. z o.o.) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider) R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\BASHDefs\20191024.001\BHDrvx64.sys [1935880 2019-06-14] (Symantec Corporation -> Symantec Corporation) R1 ccSettings_{8634B14A-C0FB-45CB-9078-8C9026B5C124}; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\ccSetx64.sys [174328 2017-10-25] (Symantec Corporation -> Symantec Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-15] (Symantec Corporation -> Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2019-10-30] (Symantec Corporation -> Symantec Corporation) S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [115328 2008-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\IPSDefs\20191028.061\IDSvia64.sys [1441800 2019-05-22] (Symantec Corporation -> Symantec Corporation) R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [4746344 2014-06-24] (WDKTestCert autobuild1,129951326103516559 -> Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] (Intel CASE -> ) R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] (Intel CASE -> ) R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] (Intel CASE -> ) R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] (Intel CASE -> ) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SRTSP64.SYS [801920 2017-10-25] (Symantec Corporation -> Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SRTSPX64.SYS [49280 2017-10-25] (Symantec Corporation -> Symantec Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\SyDvCtrl64.sys [44528 2017-10-25] (Symantec Corporation -> Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0603000.00F\symefasi.sys [1717912 2017-10-25] (Symantec Corporation -> Symantec Corporation) S0 SymELAM; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SymELAM.sys [24192 2017-10-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-10-25] (Symantec Corporation -> Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\Ironx64.SYS [308896 2017-10-25] (Symantec Corporation -> Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SYMNETS.SYS [567448 2017-10-25] (Symantec Corporation -> Symantec Corporation) R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [195896 2017-10-25] (Symantec Corporation -> Symantec Corporation) R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [121328 2017-10-25] (Symantec Corporation -> Symantec Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\SDSDefs\20171024.024\ENG64.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\SDSDefs\20171024.024\EX64.SYS [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) =================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-10-30 10:23 - 2019-10-30 10:24 - 000018724 _____ C:\Users\Sekretariat\Desktop\FRST.txt 2019-10-30 10:10 - 2019-10-30 10:14 - 000000000 ____D C:\ProgramData\HitmanPro 2019-10-30 09:55 - 2019-10-30 09:55 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3869469449-3362611002-3826677493-1001 2019-10-30 09:43 - 2019-10-30 09:43 - 000000000 ____D C:\Users\Sekretariat\AppData\Local\mbamtray 2019-10-30 09:43 - 2019-10-30 09:43 - 000000000 ____D C:\Users\Sekretariat\AppData\Local\mbam 2019-10-30 09:38 - 2019-10-30 09:38 - 000000000 ____D C:\AdwCleaner 2019-10-30 09:11 - 2019-10-30 10:24 - 000000000 ____D C:\FRST 2019-10-30 09:10 - 2019-10-30 09:10 - 001619968 _____ (Farbar) C:\Users\Sekretariat\Desktop\FRST64.exe 2019-10-17 06:50 - 2019-10-17 06:50 - 000058982 _____ C:\Users\Sekretariat\Desktop\20191015133312-79.pdf 2019-10-09 06:17 - 2019-10-06 05:12 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2019-10-09 06:17 - 2019-10-06 04:49 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2019-10-09 06:17 - 2019-10-06 04:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2019-10-09 06:17 - 2019-10-06 04:46 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2019-10-09 06:17 - 2019-10-06 04:36 - 000797696 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2019-10-09 06:17 - 2019-10-06 04:34 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2019-10-09 06:17 - 2019-10-06 04:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2019-10-09 06:17 - 2019-10-06 04:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2019-10-09 06:17 - 2019-10-06 04:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2019-10-09 06:17 - 2019-10-06 04:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2019-10-09 06:17 - 2019-10-06 04:17 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2019-10-09 06:17 - 2019-10-06 04:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2019-10-09 06:17 - 2019-10-06 04:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2019-10-09 06:17 - 2019-10-06 04:12 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2019-10-09 06:17 - 2019-10-06 04:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2019-10-09 06:17 - 2019-10-06 04:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2019-10-09 06:17 - 2019-10-06 04:06 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2019-10-09 06:17 - 2019-10-06 04:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2019-10-09 06:17 - 2019-10-06 04:05 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2019-10-09 06:17 - 2019-10-06 04:03 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2019-10-09 06:17 - 2019-10-06 03:58 - 015413760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2019-10-09 06:17 - 2019-10-06 03:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2019-10-09 06:17 - 2019-10-06 03:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2019-10-09 06:17 - 2019-10-06 03:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2019-10-09 06:17 - 2019-10-06 03:56 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2019-10-09 06:17 - 2019-10-06 03:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2019-10-09 06:17 - 2019-10-06 03:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2019-10-09 06:17 - 2019-10-06 03:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2019-10-09 06:17 - 2019-10-06 03:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2019-10-09 06:17 - 2019-10-06 03:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2019-10-09 06:17 - 2019-10-06 03:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2019-10-09 06:17 - 2019-10-06 03:45 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2019-10-09 06:17 - 2019-10-06 03:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2019-10-09 06:17 - 2019-10-06 03:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2019-10-09 06:17 - 2019-10-06 03:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2019-10-09 06:17 - 2019-10-06 03:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2019-10-09 06:17 - 2019-09-19 06:24 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll 2019-10-09 06:17 - 2019-09-17 07:55 - 001541144 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2019-10-09 06:17 - 2019-09-17 04:48 - 001376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2019-10-09 06:17 - 2019-09-15 23:28 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll 2019-10-09 06:17 - 2019-09-15 05:53 - 000532568 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2019-10-09 06:17 - 2019-09-15 02:26 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe 2019-10-09 06:17 - 2019-09-15 02:18 - 000672768 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll 2019-10-09 06:17 - 2019-09-07 21:24 - 000038408 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2019-10-09 06:17 - 2019-09-07 21:00 - 000537320 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2019-10-09 06:17 - 2019-09-07 21:00 - 000467040 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2019-10-09 06:17 - 2019-09-07 21:00 - 000413904 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2019-10-09 06:17 - 2019-09-07 21:00 - 000140136 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2019-10-09 06:17 - 2019-09-07 20:38 - 002535968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2019-10-09 06:17 - 2019-09-07 20:37 - 000157432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys 2019-10-09 06:17 - 2019-09-07 18:17 - 000451024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2019-10-09 06:17 - 2019-09-07 18:17 - 000414312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2019-10-09 06:17 - 2019-09-07 18:17 - 000372552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2019-10-09 06:17 - 2019-09-07 18:17 - 000136952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2019-10-09 06:17 - 2019-09-07 18:16 - 000033512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2019-10-09 06:17 - 2019-09-07 18:13 - 001901904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2019-10-09 06:17 - 2019-09-07 17:26 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE 2019-10-09 06:17 - 2019-09-07 17:17 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll 2019-10-09 06:17 - 2019-09-07 17:13 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll 2019-10-09 06:17 - 2019-09-07 16:54 - 000138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE 2019-10-09 06:17 - 2019-09-07 16:50 - 001254912 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll 2019-10-09 06:17 - 2019-09-07 16:43 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll 2019-10-09 06:17 - 2019-09-07 16:04 - 007035904 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2019-10-09 06:17 - 2019-09-07 16:04 - 003551232 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2019-10-09 06:17 - 2019-09-07 16:03 - 003825152 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2019-10-09 06:17 - 2019-09-07 15:57 - 006216192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2019-10-09 06:17 - 2019-09-07 15:56 - 003277824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2019-10-09 06:17 - 2019-09-07 02:32 - 000567048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2019-10-09 06:17 - 2019-09-07 02:32 - 000430832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2019-10-09 06:17 - 2019-09-07 02:15 - 000320240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2019-10-09 06:17 - 2019-09-06 17:33 - 000403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2019-10-09 06:17 - 2019-09-06 17:32 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2019-10-09 06:17 - 2019-09-06 17:07 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2019-10-09 06:17 - 2019-09-06 16:37 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2019-10-09 06:17 - 2019-09-06 14:17 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2019-10-09 06:17 - 2019-09-06 14:17 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll 2019-10-09 06:17 - 2019-08-31 21:53 - 001501064 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2019-10-09 06:17 - 2019-08-31 21:51 - 001737720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2019-10-09 06:17 - 2019-08-31 21:51 - 001677232 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2019-10-09 06:17 - 2019-08-31 21:51 - 001537776 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2019-10-09 06:17 - 2019-08-31 21:51 - 001371472 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2019-10-09 06:17 - 2019-08-31 21:06 - 007362808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2019-10-09 06:17 - 2019-08-31 17:50 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2019-10-09 06:17 - 2019-08-22 14:31 - 000435712 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2019-10-09 06:17 - 2019-08-22 14:31 - 000358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2019-10-04 10:32 - 2019-10-04 10:32 - 000000000 ____D C:\Users\Sekretariat\AppData\Roaming\SPTemp 2019-10-04 06:47 - 2019-08-12 20:02 - 000117760 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll 2019-10-04 06:47 - 2019-08-12 19:16 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll 2019-10-03 07:21 - 2019-10-03 07:21 - 000192720 _____ C:\Users\Sekretariat\Desktop\Dopieszczony sernik .pdf 2019-10-02 12:00 - 2019-10-02 12:01 - 000000000 ____D C:\Users\Sekretariat\Desktop\wppz ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-10-30 10:24 - 2015-07-06 10:13 - 000000000 ____D C:\Users\Sekretariat\Documents\Pliki programu Outlook 2019-10-30 09:59 - 2014-11-21 05:46 - 001817498 _____ C:\Windows\system32\PerfStringBackup.INI 2019-10-30 09:59 - 2014-11-21 05:07 - 000799780 _____ C:\Windows\system32\perfh015.dat 2019-10-30 09:59 - 2014-11-21 05:07 - 000160522 _____ C:\Windows\system32\perfc015.dat 2019-10-30 09:59 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2019-10-30 09:50 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-10-30 09:39 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2019-10-30 09:26 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\GroupPolicy 2019-10-30 08:42 - 2015-07-01 16:23 - 000000000 ____D C:\Users\Sekretariat\AppData\Local\Packages 2019-10-30 07:28 - 2016-05-31 10:03 - 000000000 ____D C:\ProgramData\Backuplogs 2019-10-29 09:18 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\FxsTmp 2019-10-28 10:36 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\ELAM 2019-10-28 07:12 - 2015-07-02 11:40 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-10-25 07:55 - 2015-07-06 09:50 - 000000000 ____D C:\skany 2019-10-24 09:15 - 2015-07-06 09:48 - 000000000 ____D C:\Users\Sekretariat\Documents\Moje dokumenty 2019-10-23 05:41 - 2015-07-06 10:00 - 000002250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-10-23 05:41 - 2015-07-06 09:48 - 000002209 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-10-23 05:41 - 2015-07-06 09:48 - 000002209 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2019-10-17 06:47 - 2015-07-02 11:38 - 000000000 ____D C:\Users\Sekretariat\AppData\Local\Adobe 2019-10-16 06:35 - 2017-01-26 09:57 - 000000000 ____D C:\Program Files\Microsoft Office 15 2019-10-16 06:35 - 2013-08-22 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-10-11 06:16 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache 2019-10-09 13:12 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\PolicyDefinitions 2019-10-09 06:30 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp 2019-10-09 06:23 - 2015-07-01 17:15 - 000000000 ____D C:\Windows\system32\MRT 2019-10-09 06:21 - 2015-07-01 17:15 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2019-10-09 05:59 - 2019-09-11 06:48 - 000108392 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2019-10-09 05:59 - 2019-08-14 06:17 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2019-10-09 05:58 - 2019-09-11 06:48 - 000092040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2019-10-09 05:58 - 2019-08-14 06:17 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2019-10-08 11:36 - 2015-07-06 09:57 - 000000000 ____D C:\Program Files (x86)\Google 2019-10-05 11:32 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\system32\oobe 2019-10-02 10:13 - 2019-08-26 09:37 - 000000000 ____D C:\Users\Sekretariat\AppData\Local\CrashDumps ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) LastRegBack: 2019-10-28 07:58 ==================== Koniec FRST.txt ========================