Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:27-09-2015 Uruchomiony przez pawel.dziopa (administrator) A110 (29-09-2015 21:12:40) Uruchomiony z C:\Users\pawel.dziopa\Downloads\frst Załadowane profile: pawel.dziopa (Dostępne profile: pawel.dziopa & x & DefaultAppPool) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (ESET) C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ESET) C:\Program Files\ESET\ESET Endpoint Security\egui.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Learnpulse) C:\Users\pawel.dziopa\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-02-24] (Synaptics Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Security\egui.exe [4148664 2014-04-04] (ESET) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1085744 2012-11-21] (Lenovo) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-123836412-2427045690-4114815500-2297\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-123836412-2427045690-4114815500-2297\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google) HKU\S-1-5-21-123836412-2427045690-4114815500-2297\...\Run: [Screenpresso] => C:\Users\pawel.dziopa\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [11928080 2015-07-27] (Learnpulse) HKU\S-1-5-21-123836412-2427045690-4114815500-2297\...\Policies\Explorer: [ForceRunOnStartMenu] 1 ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) Startup: C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Notes 8.5 (Basic).lnk [2013-09-16] ShortcutTarget: Lotus Notes 8.5 (Basic).lnk -> C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe (IBM Corp) Startup: C:\Users\pawel.dziopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WTW.lnk [2013-09-24] ShortcutTarget: WTW.lnk -> C:\Program Files\K2T\WTW\wtw.exe (K2T.eu, Kaworu) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-123836412-2427045690-4114815500-2297\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-123836412-2427045690-4114815500-2297\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.pl/ URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKU\S-1-5-21-123836412-2427045690-4114815500-2297 -> {CEEFA020-1A9E-4764-933B-04E6E2751F31} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-07] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-07] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-04-09] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\pawel.dziopa\AppData\Roaming\Mozilla\Firefox\Profiles\5ga9r8wh.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-02] (Microsoft Corporation) FF Plugin-x32: @comarch.com/NOL,version=3.0 -> C:\Program Files (x86)\Common Files\NOL3\npn30plugin.dll [2013-09-25] (COMARCH S.A.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-07] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2013-10-02] (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin HKU\S-1-5-21-123836412-2427045690-4114815500-2297: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll Brak pliku FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2014-02-13] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\pawel.dziopa\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-02-13] (Cisco WebEx LLC) FF Extension: Firebug - C:\Users\pawel.dziopa\AppData\Roaming\Mozilla\Firefox\Profiles\5ga9r8wh.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-27] FF Extension: Seoptimer.com - SEO Audit - C:\Users\pawel.dziopa\AppData\Roaming\Mozilla\Firefox\Profiles\5ga9r8wh.default\Extensions\jid0-SAMLlzwG5OuSfGwYx8EVjBUykLw@jetpack.xpi [2013-10-14] FF Extension: Cookie Controller - C:\Users\pawel.dziopa\AppData\Roaming\Mozilla\Firefox\Profiles\5ga9r8wh.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2013-10-15] FF Extension: QuickJava - C:\Users\pawel.dziopa\AppData\Roaming\Mozilla\Firefox\Profiles\5ga9r8wh.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-03-02] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird [2014-12-29] Chrome: ======= CHR Profile: C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25] CHR Extension: (Gmail) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-14] CHR Profile: C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Profile: C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 4 CHR Extension: (Google Drive) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-25] CHR Extension: (AdBlock) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-25] CHR Extension: (Gmail) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25] CHR Profile: C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 5 CHR Extension: (Docs) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29] CHR Extension: (Google Drive) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-29] CHR Extension: (YouTube) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29] CHR Extension: (Gmail) - C:\Users\pawel.dziopa\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29] CHR HKU\S-1-5-21-123836412-2427045690-4114815500-2297\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PAWEL~1.DZI\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-04-07] CHR HKU\S-1-5-21-123836412-2427045690-4114815500-2297\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation) S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe [42048 2014-04-04] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe [1029704 2014-04-04] (ESET) S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [191368 2014-04-04] (ESET) R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [160048 2012-11-21] (Lenovo) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation) S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [188200 2013-01-28] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [3417480 2010-08-11] (IBM) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] () R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2014-11-28] (Apple Inc.) R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1348344 2014-11-28] (BlackBerry Limited) S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-09-10] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry) S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.) S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219696 2014-04-10] (ESET) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [185224 2013-09-09] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [147096 2013-09-09] (ESET) R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71472 2012-11-21] (Windows (R) Win 7 DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-25] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [288992 2013-01-08] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-04-20] (Duplex Secure Ltd.) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-07-17] (Microsoft Corporation) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-04-30] (Vimicro Corporation) R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-29 21:06 - 2015-09-29 21:12 - 00000000 ____D C:\Users\pawel.dziopa\Downloads\frst 2015-09-29 14:00 - 2015-09-29 14:00 - 02986038 _____ C:\Users\pawel.dziopa\Downloads\18359_222.bmp 2015-09-29 11:47 - 2015-09-29 11:52 - 00004004 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2EA5BDA5-AB11-4631-805A-0E898DF44C0E} 2015-09-29 11:11 - 2015-09-29 21:08 - 00002476 _____ C:\Windows\PFRO.log 2015-09-29 11:07 - 2015-09-29 11:07 - 00027976 _____ C:\ComboFix.txt 2015-09-29 10:48 - 2015-09-29 10:48 - 00002302 _____ C:\Users\pawel.dziopa\Desktop\JRT.txt 2015-09-29 10:42 - 2015-09-29 10:42 - 00000000 ____D C:\AdwCleaner 2015-09-29 10:40 - 2015-09-29 10:41 - 01800512 _____ (Malwarebytes) C:\Users\pawel.dziopa\Downloads\JRT.exe 2015-09-29 10:24 - 2015-09-29 10:26 - 05636489 ____R (Swearware) C:\Users\pawel.dziopa\Downloads\ComboFix.exe 2015-09-29 10:23 - 2015-09-29 10:24 - 01670656 _____ C:\Users\pawel.dziopa\Downloads\AdwCleaner.exe 2015-09-28 13:51 - 2015-09-28 13:21 - 00002587 _____ C:\Users\pawel.dziopa\Desktop\42667099.xml 2015-09-28 13:17 - 2015-09-28 13:17 - 00082028 _____ C:\Users\pawel.dziopa\Downloads\18323_Zeszyt1.xlsx 2015-09-28 10:09 - 2015-09-28 10:09 - 00078128 _____ C:\Users\pawel.dziopa\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-28 10:05 - 2015-09-29 21:08 - 00000876 _____ C:\Windows\setupact.log 2015-09-28 10:05 - 2015-09-28 10:05 - 00346784 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-28 10:05 - 2015-09-28 10:05 - 00000000 _____ C:\Windows\setuperr.log 2015-09-27 18:13 - 2015-09-27 18:13 - 00006658 _____ C:\Users\pawel.dziopa\Documents\cc_20150927_181335.reg 2015-09-27 16:57 - 2015-09-29 21:12 - 00000000 ____D C:\FRST 2015-09-27 16:57 - 2015-09-29 21:06 - 00000000 ____D C:\Users\pawel.dziopa\Downloads\trjan 2015-09-27 16:50 - 2015-09-27 16:50 - 00899072 _____ (Farbar) C:\Users\pawel.dziopa\Downloads\FSS.exe 2015-09-25 15:36 - 2015-09-25 15:36 - 03571978 _____ C:\Users\pawel.dziopa\Desktop\XX_Inventory_Balance_Report_250915_1.xls 2015-09-25 13:43 - 2015-09-25 13:43 - 00242016 _____ C:\Users\pawel.dziopa\Downloads\spybot_1.txt 2015-09-25 11:10 - 2015-09-25 11:10 - 00001746 _____ C:\Users\pawel.dziopa\Documents\cc_20150925_110958.reg 2015-09-25 11:09 - 2015-09-25 11:09 - 00014174 _____ C:\Users\pawel.dziopa\Documents\cc_20150925_110944.reg 2015-09-25 10:59 - 2015-09-25 10:59 - 00000914 _____ C:\Users\pawel.dziopa\Documents\cc_20150925_105858.reg 2015-09-23 14:23 - 2015-09-23 14:24 - 02208561 _____ C:\Users\pawel.dziopa\Desktop\BK.xlsx 2015-09-23 13:45 - 2015-09-23 13:45 - 00013262 _____ C:\Users\pawel.dziopa\Downloads\18230_2015-09-23_odwieszanie_zamowien_automatycznie_-_DK_INTERNATIONAL.xlsb 2015-09-23 13:10 - 2015-09-23 12:45 - 00000454 _____ C:\Users\pawel.dziopa\Desktop\42662015.xml 2015-09-23 13:10 - 2015-09-23 12:45 - 00000454 _____ C:\Users\pawel.dziopa\Desktop\42662014.xml 2015-09-23 13:10 - 2015-09-23 12:45 - 00000454 _____ C:\Users\pawel.dziopa\Desktop\42662013.xml 2015-09-23 13:10 - 2015-09-23 12:45 - 00000454 _____ C:\Users\pawel.dziopa\Desktop\42662012.xml 2015-09-22 15:08 - 2015-09-22 15:08 - 00029679 _____ C:\Users\pawel.dziopa\Downloads\18158_Blad_Oracle.xlsx 2015-09-22 12:22 - 2015-09-22 12:23 - 03888054 _____ C:\Users\pawel.dziopa\Downloads\18162_blad.bmp 2015-09-22 11:24 - 2015-09-22 11:24 - 00000000 ____D C:\Windows\pss 2015-09-21 11:06 - 2015-09-21 11:06 - 00012983 _____ C:\Users\pawel.dziopa\Downloads\Pro_Photo_Sample_Pack.zip 2015-09-21 10:57 - 2015-09-21 10:57 - 00002348 _____ C:\Users\pawel.dziopa\Documents\cc_20150921_105752.reg 2015-09-17 13:56 - 2015-09-17 13:56 - 02359350 _____ C:\Users\pawel.dziopa\Downloads\18053_bez tytulu2 (1).bmp 2015-09-17 12:14 - 2015-09-17 12:14 - 02359350 _____ C:\Users\pawel.dziopa\Downloads\18053_bez tytulu2.bmp 2015-09-16 12:52 - 2015-09-16 12:52 - 00002383 _____ C:\Users\pawel.dziopa\Desktop\fundamentalna.txt 2015-09-16 12:49 - 2015-09-16 12:49 - 02359350 _____ C:\Users\pawel.dziopa\Downloads\18009_zal.nr_2 (1).bmp 2015-09-16 12:29 - 2015-09-16 12:29 - 02359350 _____ C:\Users\pawel.dziopa\Downloads\18009_zal.nr_2.bmp 2015-09-14 16:06 - 2015-09-14 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-09-14 10:18 - 2015-09-14 10:18 - 00000280 _____ C:\Users\pawel.dziopa\Documents\cc_20150914_101800.reg 2015-09-14 10:17 - 2015-09-14 10:17 - 00012680 _____ C:\Users\pawel.dziopa\Documents\cc_20150914_101748.reg 2015-09-14 10:00 - 2015-09-14 10:00 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Local\TempTaskUpdateDetectionCB3ED792-CEF7-4131-91F1-0B2DDAB4DC34 2015-09-10 14:13 - 2015-09-10 14:13 - 04708924 _____ C:\Users\pawel.dziopa\Downloads\XXR_INV_STANY_MAG_LOK_100915.xls 2015-09-10 14:12 - 2015-09-10 14:12 - 02058381 _____ C:\Users\pawel.dziopa\Downloads\XX_Inventory_Balance_Report_100915.xls 2015-09-09 18:01 - 2015-09-24 17:53 - 00002456 _____ C:\Users\pawel.dziopa\Desktop\09-09-2015.txt 2015-09-09 12:06 - 2015-09-09 12:42 - 433805702 _____ C:\Users\pawel.dziopa\Downloads\InstallOpenGeneral.exe 2015-09-09 11:59 - 2015-09-09 11:59 - 00213027 _____ C:\Users\pawel.dziopa\Downloads\W00_WR_41b.zip 2015-09-09 11:32 - 2015-09-09 11:32 - 00395204 _____ C:\Users\pawel.dziopa\Downloads\XXR_OE_Price_Book_simple_versi_090915.xls 2015-09-07 15:57 - 2015-09-27 17:26 - 00000120 _____ C:\Users\pawel.dziopa\kontomierz.pl.148593.kontomierz.save 2015-09-07 15:54 - 2015-09-29 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-09-07 15:45 - 2015-09-07 15:45 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Roaming\Sun 2015-09-07 15:45 - 2015-09-07 15:45 - 00000000 ____D C:\Users\pawel.dziopa\.oracle_jre_usage 2015-09-07 09:53 - 2015-09-07 09:53 - 00000000 ____D C:\Windows\system32\LSC 2015-09-03 13:10 - 2015-09-03 13:10 - 00001703 _____ C:\Users\pawel.dziopa\Downloads\Analiza techniczna live (2).ics 2015-09-03 11:46 - 2015-09-03 11:46 - 01717587 _____ C:\Users\pawel.dziopa\Desktop\FNDWRR.xml 2015-09-03 11:45 - 2015-09-03 11:46 - 00000000 ____D C:\Users\pawel.dziopa\Documents\Notesy programu OneNote 2015-09-02 18:57 - 2015-09-02 18:57 - 00000440 _____ C:\Users\pawel.dziopa\Desktop\2 wrze.txt 2015-09-02 12:48 - 2015-09-11 17:47 - 00002924 _____ C:\Users\pawel.dziopa\Desktop\ami SII.txt 2015-09-01 09:25 - 2015-09-01 09:25 - 00002490 _____ C:\Users\pawel.dziopa\Documents\cc_20150901_092523.reg 2015-09-01 09:18 - 2015-09-01 09:18 - 00003418 _____ C:\Users\pawel.dziopa\Documents\cc_20150901_091855.reg 2015-08-31 17:59 - 2015-09-02 18:56 - 00000667 _____ C:\Users\pawel.dziopa\Desktop\storna.txt 2015-08-31 16:12 - 2015-08-31 16:12 - 00001770 _____ C:\Users\pawel.dziopa\Downloads\Analiza techniczna live (1).ics ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-29 21:11 - 2013-10-03 11:48 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Local\TSVNCache 2015-09-29 21:11 - 2013-07-17 03:53 - 629710336 ___SH C:\Windows\lenovo_fastboot.img 2015-09-29 21:09 - 2013-09-16 09:05 - 00000462 _____ C:\Windows\SMSCFG.ini 2015-09-29 21:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-29 21:07 - 2015-06-08 10:26 - 00000000 ____D C:\Users\pawel.dziopa\Desktop\Allegro Armani 2015-09-29 21:07 - 2013-07-17 03:36 - 01437720 _____ C:\Windows\WindowsUpdate.log 2015-09-29 21:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-09-29 21:01 - 2015-02-27 12:06 - 00000000 ____D C:\Program Files (x86)\Java 2015-09-29 20:57 - 2013-09-24 16:34 - 00000000 ____D C:\Program Files\HaoZip 2015-09-29 20:55 - 2013-07-17 13:19 - 00830872 _____ C:\Windows\system32\perfh015.dat 2015-09-29 20:55 - 2013-07-17 13:19 - 00184834 _____ C:\Windows\system32\perfc015.dat 2015-09-29 20:55 - 2009-07-14 07:13 - 01903914 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-29 19:51 - 2013-10-03 11:36 - 00000000 ___RD C:\Users\pawel.dziopa\Dysk Google 2015-09-29 19:33 - 2009-07-14 06:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-29 19:33 - 2009-07-14 06:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-29 17:47 - 2013-09-13 23:19 - 00001040 _____ C:\Windows\system32\config\netlogon.ftl 2015-09-29 17:23 - 2014-07-02 15:30 - 00000600 _____ C:\Users\pawel.dziopa\AppData\Roaming\winscp.rnd 2015-09-29 15:12 - 2015-06-09 19:09 - 00000000 ____D C:\Users\pawel.dziopa\Desktop\KATALOGI 2015-09-29 11:07 - 2015-03-13 13:39 - 00000000 ____D C:\Qoobox 2015-09-29 11:02 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-09-29 10:45 - 2013-09-23 14:16 - 00000000 ____D C:\Users\pawel.dziopa 2015-09-28 17:54 - 2013-09-24 16:21 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Roaming\Notepad++ 2015-09-25 14:01 - 2015-06-05 10:46 - 00000000 ____D C:\ProgramData\ALLPlayer 2015-09-25 14:01 - 2015-06-05 10:46 - 00000000 ____D C:\Program Files (x86)\ALLPlayer 2015-09-25 13:56 - 2013-09-26 15:30 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Local\CrashDumps 2015-09-25 13:20 - 2015-03-06 10:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-25 11:44 - 2013-07-16 20:57 - 00000000 ____D C:\ProgramData\Lenovo 2015-09-25 11:43 - 2013-07-17 04:02 - 00000000 ____D C:\Windows\System32\Tasks\TVT 2015-09-25 11:43 - 2013-07-17 03:50 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2015-09-25 11:43 - 2013-07-17 03:42 - 00000000 ____D C:\Program Files (x86)\Lenovo 2015-09-25 11:05 - 2015-06-05 10:46 - 00000000 ____D C:\Program Files (x86)\NapiProjekt 2015-09-25 11:05 - 2013-07-17 03:52 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo 2015-09-25 11:02 - 2013-09-25 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo App Shop 2015-09-25 11:02 - 2013-07-17 03:41 - 00000000 ____D C:\ProgramData\Intel 2015-09-25 11:02 - 2013-07-17 03:40 - 00000000 ____D C:\Program Files (x86)\Intel 2015-09-25 11:02 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2015-09-25 10:57 - 2013-12-02 15:11 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Roaming\TeamViewer 2015-09-25 10:14 - 2013-09-16 08:12 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-09-25 09:51 - 2013-07-17 03:52 - 00000000 ____D C:\ProgramData\Validity 2015-09-21 14:43 - 2013-09-25 14:00 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Roaming\foobar2000 2015-09-16 10:48 - 2014-01-29 16:03 - 00000000 ____D C:\Users\pawel.dziopa\Desktop\SQLE 2015-09-14 16:07 - 2013-09-25 10:49 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Local\Google 2015-09-14 16:06 - 2013-09-25 10:49 - 00000000 ____D C:\Program Files (x86)\Google 2015-09-14 11:25 - 2015-02-27 15:24 - 00000000 ____D C:\Windows\Minidump 2015-09-14 10:37 - 2015-03-06 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-14 10:37 - 2015-03-06 10:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-09-10 14:05 - 2013-09-24 17:30 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Roaming\SQL Developer 2015-09-09 11:57 - 2014-06-26 11:48 - 00004608 _____ C:\Users\pawel.dziopa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-09-08 18:06 - 2014-10-07 16:46 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Roaming\Tropico 4 2015-09-07 15:54 - 2015-03-03 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-07 15:52 - 2015-03-03 10:19 - 00274016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-09-07 15:52 - 2015-03-03 09:54 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-09-03 09:32 - 2014-11-27 09:27 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Roaming\LSC 2015-09-02 18:31 - 2014-10-09 09:40 - 00034446 _____ C:\ads_err.adt 2015-09-02 18:31 - 2014-10-09 09:40 - 00003072 _____ C:\ads_err.adi 2015-09-01 09:32 - 2015-06-09 08:54 - 00000000 ____D C:\found.000 2015-09-01 09:21 - 2013-09-23 14:17 - 00000000 ____D C:\Users\pawel.dziopa\AppData\Roaming\Adobe 2015-09-01 09:21 - 2013-07-17 03:52 - 00000000 ____D C:\ProgramData\Adobe 2015-09-01 09:21 - 2013-07-17 03:52 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-09-01 09:19 - 2013-07-17 03:59 - 00000000 ____D C:\Windows\System32\Tasks\Intel(R) Small Business Advantage 2015-08-31 17:58 - 2015-08-05 11:18 - 00004499 _____ C:\Users\pawel.dziopa\Desktop\FV_COBO_BŁEDNE_OPISY.txt ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-01-22 10:56 - 2015-01-22 10:56 - 0000000 _____ () C:\Users\pawel.dziopa\AppData\Roaming\AbsoluteReminder.xml 2014-06-11 13:50 - 2014-06-11 13:50 - 0000060 _____ () C:\Users\pawel.dziopa\AppData\Roaming\Camdata.ini 2014-06-11 13:50 - 2014-06-11 13:50 - 0000408 _____ () C:\Users\pawel.dziopa\AppData\Roaming\CamLayout.ini 2014-06-11 13:50 - 2014-06-11 13:50 - 0000408 _____ () C:\Users\pawel.dziopa\AppData\Roaming\CamShapes.ini 2014-06-11 13:41 - 2014-06-11 13:50 - 0004535 _____ () C:\Users\pawel.dziopa\AppData\Roaming\CamStudio.cfg 2014-10-09 10:36 - 2015-04-17 08:50 - 0000154 _____ () C:\Users\pawel.dziopa\AppData\Roaming\Rim.Desktop.Exception.log 2014-10-09 10:35 - 2014-10-09 10:35 - 0001153 _____ () C:\Users\pawel.dziopa\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2014-10-09 10:36 - 2015-04-17 08:50 - 0000154 _____ () C:\Users\pawel.dziopa\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-06-11 13:23 - 2014-06-11 13:23 - 0000096 _____ () C:\Users\pawel.dziopa\AppData\Roaming\version2.xml 2014-07-02 15:30 - 2015-09-29 17:23 - 0000600 _____ () C:\Users\pawel.dziopa\AppData\Roaming\winscp.rnd 2014-06-26 11:48 - 2015-09-09 11:57 - 0004608 _____ () C:\Users\pawel.dziopa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-30 14:01 - 2015-02-05 16:00 - 0000600 _____ () C:\Users\pawel.dziopa\AppData\Local\PUTTY.RND 2014-04-01 16:44 - 2014-04-01 16:44 - 0012573 _____ () C:\Users\pawel.dziopa\AppData\Local\recently-used.xbel 2015-03-31 14:45 - 2015-03-31 14:46 - 0007597 _____ () C:\Users\pawel.dziopa\AppData\Local\resmon.resmoncfg 2013-10-03 10:39 - 2013-10-03 10:39 - 0000003 _____ () C:\Users\pawel.dziopa\AppData\Local\updater.log 2013-10-03 10:39 - 2014-12-18 09:36 - 0000425 _____ () C:\Users\pawel.dziopa\AppData\Local\UserProducts.xml 2014-12-13 12:08 - 2014-12-13 12:08 - 0000000 _____ () C:\Users\pawel.dziopa\AppData\Local\{C135A637-02BC-461A-89A9-34E50F4EAF9A} 2013-07-17 03:48 - 2013-07-17 03:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-12-29 09:32 - 2014-12-29 09:32 - 0003072 _____ () C:\ProgramData\wtwLicensing.db 2013-07-17 03:57 - 2013-07-17 03:57 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log 2013-07-17 03:54 - 2013-07-17 03:55 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2013-07-17 03:55 - 2013-07-17 03:56 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2013-07-17 03:56 - 2013-07-17 03:57 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-09-23 12:34 ==================== Koniec FRST.txt ============================