Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:17-02-2016 Uruchomiony przez JB (administrator) DELL-KOMPUTER (17-02-2016 21:31:45) Uruchomiony z C:\Temp Załadowane profile: JB (Dostępne profile: JB & BK & TKKF & roocik) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: IE) Tryb startu: Safe Mode (minimal) Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AutoRegisterCerts] => C:\Program Files (x86)\Unizeto\proCertum CardManager\cryptoCertumScanner.exe [154624 2013-08-26] (Unizeto Technologies SA) HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks) HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {291128a9-aeb7-11e4-b610-889ffab3a9e0} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {49354056-1a3c-11e4-854a-f04da2d311ec} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {5604a7ce-1276-11e4-ba95-f04da2d311ec} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {74498c1d-e268-11e3-966a-f04da2d311ec} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {772ed183-14d5-11e4-9b9e-889ffab3a9e0} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {86e20a95-b380-11e4-9bac-889ffab3a9e0} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {af3cd285-deb0-11e3-841b-f04da2d311ec} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {b4720524-c482-11e2-afaa-0026c7f6ad10} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {bc93769c-efe6-11e3-845c-889ffab3a9e0} - G:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {cbb1ddc2-f8fa-11e2-82fc-f04da2d311ec} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {cbb1dddc-f8fa-11e2-82fc-f04da2d311ec} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {cbb1de8f-f8fa-11e2-82fc-889ffab3a9e0} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {d86c2661-86ad-11e4-9985-0026c7f6ad10} - E:\.\autorun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {f6d17298-3e64-11e3-b8f0-f04da2d311ec} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {f701cd7e-1d15-11e3-8070-f04da2d311ec} - E:\AutoRun.exe HKU\S-1-5-21-2582836123-903221213-2652349814-1002\...\MountPoints2: {fa1bd702-c45c-11e2-80ee-806e6f6e6963} - E:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-23] (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0A328C74-1B5E-44A0-B2A0-822D1F39B115}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{0AE6A556-4140-435B-89CF-D599B553E3AA}: [NameServer] 212.2.96.53 212.2.96.54 Tcpip\..\Interfaces\{40FF2903-5BD2-427A-B55B-10F77CF1C1D4}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{7D7121B0-F608-4CFB-9CDE-CF9A40FFA0E9}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A113E027-F906-4529-8242-3729B343926D}: [NameServer] 212.2.96.53 212.2.96.54 Tcpip\..\Interfaces\{B0530A68-E881-492D-AF1D-8C72CDA1547D}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CBEDA2E6-B4C4-4BEF-AD34-3024BBB4A099}: [NameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{FC9DC4F9-C2DE-410A-A3C5-971ECD452051}: [NameServer] 212.2.96.53 212.2.96.54 Internet Explorer: ================== HKU\S-1-5-21-2582836123-903221213-2652349814-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=pl-pl SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2582836123-903221213-2652349814-1002 -> {EBA85FC4-B3BA-48C2-8941-8E076C74A4A7} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-15] (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-15] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\JB\AppData\Roaming\Mozilla\Firefox\Profiles\yIsONkIR.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=pl-pl FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-12] () FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-12] () FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-15] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-09] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\JB\AppData\Roaming\Mozilla\Firefox\Profiles\yIsONkIR.default\searchplugins\bing-.xml [2015-12-03] FF Extension: Avira Browser Safety - C:\Users\JB\AppData\Roaming\Mozilla\Firefox\Profiles\yIsONkIR.default\Extensions\abs@avira.com [2016-02-15] FF Extension: Bing Search - C:\Users\JB\AppData\Roaming\Mozilla\Firefox\Profiles\yIsONkIR.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-03] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-05-22] [Brak podpisu cyfrowego] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] S4 Huawei E3272; C:\ProgramData\MobileBrServ\mbbservice.exe [240720 2013-12-03] () S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] () S4 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [656976 2013-05-21] () S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [62848 2014-08-21] (Advanced Card Systems Ltd.) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245760 2013-05-28] (Huawei Technologies Co., Ltd.) S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [124416 2010-04-21] (Wireless Device) S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [129024 2010-04-20] (QUALCOMM Incorporated) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-17 21:30 - 2016-02-17 21:31 - 00246230 _____ C:\Windows\ntbtlog.txt 2016-02-17 21:03 - 2016-02-17 21:04 - 00000000 ____D C:\FRST 2016-02-16 00:00 - 2016-02-16 00:01 - 00000000 ____D C:\Pit-11-2015 2016-02-15 23:40 - 2016-02-15 23:40 - 01308952 _____ (Ministerstwo Finansów ) C:\Users\JB\Downloads\e-Deklaracje-wtyczka.exe 2016-02-15 23:40 - 2016-02-15 23:40 - 00707672 _____ C:\Users\JB\AppData\Local\unins000.exe 2016-02-15 23:40 - 2016-02-15 23:40 - 00011761 _____ C:\Users\JB\AppData\Local\unins000.msg 2016-02-15 23:40 - 2016-02-15 23:40 - 00003223 _____ C:\Users\JB\AppData\Local\unins000.dat 2016-02-15 23:39 - 2016-02-16 22:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-02-15 23:38 - 2016-02-16 21:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-02-15 23:38 - 2016-02-15 23:38 - 00002009 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-02-15 23:23 - 2016-02-15 23:23 - 00000000 ____D C:\ProgramData\Sun 2016-02-15 23:22 - 2016-02-15 23:22 - 00000000 ____D C:\Users\JB\AppData\Roaming\Sun 2016-02-15 23:22 - 2016-02-15 23:22 - 00000000 ____D C:\Users\JB\.oracle_jre_usage 2016-02-15 23:19 - 2016-02-15 23:19 - 00000000 ____D C:\Users\JB\AppData\LocalLow\Oracle 2016-02-15 23:17 - 2016-02-15 23:19 - 50265184 _____ (Oracle Corporation) C:\Users\JB\Downloads\jre-8u73-windows-i586.exe 2016-02-14 18:58 - 2016-02-14 19:06 - 00000000 ____D C:\Users\JB\Desktop\janusz rmf 2016-02-01 18:17 - 2016-02-01 18:17 - 00000000 ____D C:\Users\JB\Documents\efile-backup 2016-01-31 23:06 - 2016-01-31 23:06 - 00003984 _____ C:\Windows\System32\Tasks\e-pity2015_styczen 2016-01-31 23:06 - 2016-01-31 23:06 - 00003984 _____ C:\Windows\System32\Tasks\e-pity2015_kwiecien 2016-01-31 23:06 - 2016-01-31 23:06 - 00001174 _____ C:\Users\JB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-pity Płatnika.lnk 2016-01-31 23:06 - 2016-01-31 23:06 - 00001144 _____ C:\Users\JB\Desktop\e-pity Płatnika.lnk 2016-01-31 23:06 - 2016-01-31 23:06 - 00000000 ____D C:\Users\JB\Documents\efile 2016-01-31 23:06 - 2016-01-31 23:06 - 00000000 ____D C:\Users\JB\AppData\Roaming\epityPlatnika 2016-01-31 23:06 - 2016-01-31 23:06 - 00000000 ____D C:\Users\JB\AppData\Roaming\com.efile.epityPlatnika 2016-01-31 23:06 - 2016-01-31 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity Płatnika 2016-01-31 23:06 - 2016-01-31 23:06 - 00000000 ____D C:\Program Files (x86)\e-file 2016-01-31 22:05 - 2016-01-31 22:05 - 00000000 ____D C:\Windows\pss 2016-01-31 21:48 - 2016-01-31 21:48 - 00000000 __SHD C:\Users\BK\AppData\Local\EmieUserList 2016-01-31 21:48 - 2016-01-31 21:48 - 00000000 __SHD C:\Users\BK\AppData\Local\EmieSiteList 2016-01-31 21:48 - 2016-01-31 21:48 - 00000000 __SHD C:\Users\BK\AppData\Local\EmieBrowserModeList ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-02-17 21:22 - 2013-05-22 21:01 - 00000000 ____D C:\Temp 2016-02-17 21:15 - 2009-07-14 05:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-17 21:15 - 2009-07-14 05:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-17 21:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-17 21:07 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-02-17 21:01 - 2014-03-27 20:14 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1F25F810-A7FC-4F93-9C32-5E6A36EBCAD6} 2016-02-17 20:56 - 2011-01-30 14:04 - 02142986 _____ C:\Windows\system32\perfh015.dat 2016-02-17 20:56 - 2011-01-30 14:04 - 00639980 _____ C:\Windows\system32\perfc015.dat 2016-02-17 20:56 - 2009-07-14 06:13 - 00005438 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-17 20:55 - 2013-05-23 21:38 - 00000000 ____D C:\Users\JB\AppData\Local\SoftThinks 2016-02-17 20:51 - 2013-05-23 05:12 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-17 02:35 - 2015-06-30 18:40 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2016-02-16 00:09 - 2013-05-24 05:23 - 00000000 ____D C:\Users\JB\AppData\Roaming\Adobe 2016-02-16 00:06 - 2013-07-30 14:41 - 00000000 ____D C:\Users\JB\AppData\Local\Adobe 2016-02-15 23:47 - 2013-05-23 05:12 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-02-15 23:47 - 2013-05-23 05:12 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-15 23:47 - 2013-05-23 05:12 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-02-15 23:46 - 2011-01-30 12:33 - 00000000 ____D C:\ProgramData\Sonic 2016-02-15 23:38 - 2013-05-23 04:43 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-02-15 23:38 - 2011-01-30 12:40 - 00000000 ____D C:\ProgramData\Adobe 2016-02-15 23:25 - 2015-03-19 17:11 - 00001657 _____ C:\Users\JB\proCertumSmartSignHelpPanel_1_pl.xml 2016-02-15 23:23 - 2015-03-02 17:31 - 00000000 ____D C:\ProgramData\Oracle 2016-02-15 23:23 - 2015-03-02 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-15 23:23 - 2013-05-23 04:33 - 00000000 ____D C:\Program Files (x86)\Java 2016-02-15 23:22 - 2013-05-23 21:38 - 00000000 ____D C:\Users\JB 2016-02-15 23:21 - 2013-05-23 04:33 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-02-12 20:33 - 2014-07-05 10:34 - 00000000 ____D C:\Users\JB\AppData\Local\ElevatedDiagnostics 2016-02-12 20:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-02-11 21:22 - 2013-05-24 05:25 - 00000000 ____D C:\Users\JB\AppData\Roaming\Skype 2016-02-07 20:39 - 2014-12-29 23:00 - 00000000 ____D C:\Users\JB\Documents\Pliki programu Outlook 2016-02-01 18:28 - 2014-01-28 17:11 - 00000000 ____D C:\Users\JB\Desktop\nr.6) 2016-01-31 21:53 - 2013-05-24 05:12 - 00000000 ____D C:\Users\BK\AppData\LocalLow\HPAppData 2016-01-31 20:54 - 2013-05-24 05:07 - 00106064 _____ C:\Users\BK\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-31 20:54 - 2013-05-24 05:06 - 00001423 _____ C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-31 20:45 - 2013-05-23 21:41 - 00106064 _____ C:\Users\TKKF\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-20 21:45 - 2014-11-09 17:16 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-02-15 23:40 - 2016-02-15 23:40 - 0003223 _____ () C:\Users\JB\AppData\Local\unins000.dat 2016-02-15 23:40 - 2016-02-15 23:40 - 0707672 _____ () C:\Users\JB\AppData\Local\unins000.exe 2016-02-15 23:40 - 2016-02-15 23:40 - 0011761 _____ () C:\Users\JB\AppData\Local\unins000.msg 2015-02-18 21:56 - 2015-02-18 21:56 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-05-22 20:23 - 2013-05-22 11:27 - 0001006 _____ () C:\ProgramData\hpzinstall.log Niektóre pliki w TEMP: ==================== C:\Users\BK\AppData\Local\Temp\avgnt.exe C:\Users\JB\AppData\Local\Temp\avgnt.exe C:\Users\JB\AppData\Local\Temp\BingSvc.exe C:\Users\JB\AppData\Local\Temp\BSvcProcessor.exe C:\Users\JB\AppData\Local\Temp\BSvcUpdater.exe C:\Users\JB\AppData\Local\Temp\cryptoapi4java.dll C:\Users\JB\AppData\Local\Temp\DefaultPack.EXE C:\Users\JB\AppData\Local\Temp\nativecall.dll C:\Users\JB\AppData\Local\Temp\SkypeSetup.exe C:\Users\roocik\AppData\Local\Temp\avgnt.exe C:\Users\TKKF\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-01-31 23:27 ==================== Koniec FRST.txt ============================