Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:05-03-2016 01 Uruchomiony przez G580 (administrator) LENOVO (30-03-2016 17:53:59) Uruchomiony z C:\Users\G580\Downloads Załadowane profile: G580 & UpdatusUser (Dostępne profile: G580 & UpdatusUser) Platform: Windows 8 Pro (X64) Język: Polski (Polska) Internet Explorer Wersja 10 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (BitTorrent Inc.) C:\Users\G580\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\G580\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe (BitTorrent Inc.) C:\Users\G580\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe (AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-752980834-4026949763-570849984-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation) HKU\S-1-5-21-752980834-4026949763-570849984-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-752980834-4026949763-570849984-1001\...\MountPoints2: {5c9d2be4-5d22-11e4-be80-c0143dcadeb2} - "D:\Startme.exe" ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-03-30] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\..\Interfaces\{0828365C-C592-46DE-AC92-2049293824D8}: [NameServer] 149.156.67.233,149.156.89.30 Internet Explorer: ================== URLSearchHook: [S-1-5-21-752980834-4026949763-570849984-1002] UWAGA => Brak domyślnego URLSearchHook SearchScopes: HKU\S-1-5-21-752980834-4026949763-570849984-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-16] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-16] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\G580\AppData\Roaming\Mozilla\Firefox\Profiles\ynwv0y5k.default FF NewTab: C:\\ProgramData\\Quotenamrons\\ff.NT FF DefaultSearchEngine: findit FF Homepage: google.pl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-16] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll [2013-02-07] (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-752980834-4026949763-570849984-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\G580\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS) FF user.js: detected! => C:\Users\G580\AppData\Roaming\Mozilla\Firefox\Profiles\ynwv0y5k.default\user.js [2014-08-03] FF Extension: WOT - C:\Users\G580\AppData\Roaming\Mozilla\Firefox\Profiles\ynwv0y5k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10] FF Extension: Tree Style Tab - C:\Users\G580\AppData\Roaming\Mozilla\Firefox\Profiles\ynwv0y5k.default\extensions\treestyletab@piro.sakura.ne.jp.xpi [2016-03-12] FF Extension: QuickJava - C:\Users\G580\AppData\Roaming\Mozilla\Firefox\Profiles\ynwv0y5k.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-03-24] FF Extension: Lightbeam - C:\Users\G580\AppData\Roaming\Mozilla\Firefox\Profiles\ynwv0y5k.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-12-05] FF Extension: Quick Translator - C:\Users\G580\AppData\Roaming\Mozilla\Firefox\Profiles\ynwv0y5k.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2015-05-30] FF Extension: Video DownloadHelper - C:\Users\G580\AppData\Roaming\Mozilla\Firefox\Profiles\ynwv0y5k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30] FF Extension: Adblock Plus - C:\Users\G580\AppData\Roaming\Mozilla\Firefox\Profiles\ynwv0y5k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23] FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [Brak podpisu cyfrowego] Chrome: ======= CHR Profile: C:\Users\G580\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Sklep) - C:\Users\G580\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-19] CHR Extension: (Dysk Google) - C:\Users\G580\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-19] CHR Extension: (YouTube) - C:\Users\G580\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-19] CHR Extension: (Szukaj w Google) - C:\Users\G580\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-19] CHR Extension: (Google Wallet) - C:\Users\G580\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19] CHR Extension: (Gmail) - C:\Users\G580\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-19] CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957816 2012-10-21] (Broadcom Corporation.) S3 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [256568 2016-02-16] (Connectify) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) R1 cfywlan1; C:\Windows\system32\DRIVERS\cfywlan1.sys [36736 2016-03-20] (Connectify) R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [43872 2016-03-20] (Connectify) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET) R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET) R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET) S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.) S3 ggsomc; C:\Windows\system32\DRIVERS\ggsomc.sys [30424 2016-01-06] (Sony Mobile Communications) S3 MAUSBFASTTRACK; C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-03-30 17:53 - 2016-03-30 17:54 - 00016344 _____ C:\Users\G580\Downloads\FRST.txt 2016-03-29 15:40 - 2016-03-29 15:40 - 00014877 _____ C:\Users\G580\Downloads\Mistrzowie_Pieniedzy_-_The_Money_Masters_ 1996 _[DVDRip XviD-ziar25]_[Napisy_PL][Torrenty.org].torrent 2016-03-27 02:33 - 2016-03-29 15:16 - 00000000 ____D C:\Users\G580\Downloads\SpankingThem - 23 y.o. Katerina [.wmv][PornLeech] 2016-03-27 02:33 - 2016-03-29 15:15 - 00000000 ____D C:\Users\G580\AppData\LocalLow\uTorrent 2016-03-26 16:28 - 2016-03-30 09:28 - 00000080 _____ C:\Users\G580\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk 2016-03-26 15:16 - 2016-03-26 23:55 - 00000000 ____D C:\Users\G580\Desktop\raporty 2016-03-26 14:48 - 2016-03-30 17:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-26 14:48 - 2016-03-26 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-03-26 14:47 - 2016-03-26 14:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-03-26 14:47 - 2016-03-26 14:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-26 14:47 - 2016-03-10 15:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-03-26 14:47 - 2016-03-10 15:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-26 14:47 - 2016-03-10 15:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-03-26 14:43 - 2016-03-26 14:43 - 00000000 ____D C:\Users\G580\Doctor Web 2016-03-26 14:34 - 2016-03-26 14:34 - 22851472 _____ (Malwarebytes ) C:\Users\G580\Downloads\mbam-setup-2.2.1.1043.exe 2016-03-26 14:32 - 2016-03-26 14:36 - 186056048 _____ C:\Users\G580\Downloads\launch.exe 2016-03-26 13:55 - 2016-03-30 17:40 - 00000000 ____D C:\Users\G580\AppData\Local\ClassicShell 2016-03-26 13:55 - 2016-03-26 13:55 - 00000000 ____D C:\Users\G580\AppData\Roaming\ClassicShell 2016-03-26 13:55 - 2016-03-26 13:55 - 00000000 ____D C:\ProgramData\ClassicShell 2016-03-26 13:51 - 2016-03-26 14:05 - 00000000 ____D C:\Program Files\Classic Shell 2016-03-26 13:51 - 2016-03-26 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2016-03-26 13:49 - 2016-03-26 13:49 - 06493696 _____ C:\Users\G580\AppData\Roaming\agent.dat 2016-03-26 13:49 - 2016-03-26 13:49 - 01621433 _____ C:\Users\G580\AppData\Roaming\Moveex.tst 2016-03-26 13:49 - 2016-03-26 13:49 - 00402905 _____ C:\Users\G580\AppData\Roaming\SumZamla.bin 2016-03-26 13:49 - 2016-03-26 13:49 - 00127488 _____ C:\Users\G580\AppData\Roaming\Installer.dat 2016-03-26 13:49 - 2016-03-26 13:49 - 00018432 _____ C:\Users\G580\AppData\Roaming\Main.dat 2016-03-26 11:31 - 2016-03-26 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2016-03-26 11:26 - 2016-03-26 11:26 - 01183432 _____ (Microsoft Corporation) C:\Users\G580\Downloads\sdksetup.exe 2016-03-26 11:15 - 2016-03-26 11:15 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-03-26 11:15 - 2016-03-26 11:15 - 00000000 ____D C:\Program Files\CCleaner 2016-03-26 11:10 - 2016-03-26 11:11 - 06868672 _____ (Piriform Ltd) C:\Users\G580\Downloads\ccsetup516.exe 2016-03-22 16:15 - 2016-03-22 16:15 - 00102525 _____ C:\Users\G580\Downloads\w12_konspekt.pdf 2016-03-20 12:00 - 2016-03-30 17:53 - 00000000 ____D C:\FRST 2016-03-20 11:57 - 2016-03-20 11:57 - 02374144 _____ (Farbar) C:\Users\G580\Downloads\FRST64.exe 2016-03-20 11:28 - 2016-03-30 09:29 - 00000394 _____ C:\Users\Public\Desktop\Connectify Hotspot 2016.lnk 2016-03-20 11:28 - 2016-03-26 12:25 - 00000000 ____D C:\Program Files (x86)\Connectify 2016-03-20 11:28 - 2016-03-20 11:28 - 00043872 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys 2016-03-20 11:28 - 2016-03-20 11:28 - 00036736 _____ (Connectify) C:\Windows\system32\Drivers\cfywlan1.sys 2016-03-20 11:28 - 2016-03-20 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2016 2016-03-20 11:27 - 2016-03-20 11:31 - 00000000 ____D C:\ProgramData\Connectify 2016-03-20 11:27 - 2016-03-20 11:27 - 09457328 _____ (Connectify) C:\Users\G580\Downloads\Connectify2016Installer.exe 2016-03-13 12:12 - 2016-03-30 09:28 - 00000882 _____ C:\Users\G580\Desktop\UJ.lnk 2016-03-09 10:02 - 2016-03-09 10:02 - 00205824 _____ C:\Users\G580\Downloads\Designing a PC Game Engine.pdf 2016-03-09 09:32 - 2016-02-21 07:23 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-03-09 09:32 - 2016-02-21 05:43 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-03-09 09:32 - 2016-02-21 05:43 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-03-09 09:32 - 2016-02-21 05:43 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-03-09 09:32 - 2016-02-21 05:43 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-03-09 09:32 - 2016-02-21 05:43 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-03-09 09:32 - 2016-02-05 16:09 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-03-08 18:18 - 2016-03-08 18:18 - 00188607 _____ C:\Users\G580\Downloads\Quant czyli matematyk w banku - Konrad Augustynski.pdf 2016-03-07 18:02 - 2016-03-07 18:02 - 00123601 _____ C:\Users\G580\Downloads\top1.pdf 2016-03-05 23:14 - 2016-03-05 23:14 - 00000000 ____D C:\Users\G580\AppData\Roaming\MathematicaPlayer 2016-03-05 23:14 - 2016-03-05 23:14 - 00000000 ____D C:\Users\G580\AppData\Local\MathematicaPlayer 2016-03-05 23:14 - 2016-03-05 23:14 - 00000000 ____D C:\ProgramData\MathematicaPlayer 2016-03-05 23:13 - 2016-03-05 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram CDF Player 2016-03-05 23:13 - 2016-03-05 23:13 - 00000000 ____D C:\ProgramData\Mathematica 2016-03-05 23:13 - 2016-03-05 23:13 - 00000000 ____D C:\Program Files\Extras 2016-03-05 23:13 - 2016-03-05 23:13 - 00000000 ____D C:\Program Files\Common Files\Wolfram Research 2016-03-05 23:13 - 2013-02-07 20:39 - 00369968 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i3.dll 2016-03-05 23:13 - 2013-02-07 20:39 - 00360752 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcpip32.mlp 2016-03-05 23:13 - 2013-02-07 20:39 - 00258864 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i2.dll 2016-03-05 23:13 - 2013-02-07 20:39 - 00252720 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i1.dll 2016-03-05 23:13 - 2013-02-07 20:39 - 00173360 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmodule32.dll 2016-03-05 23:13 - 2013-02-07 20:39 - 00095536 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcp32.mlp 2016-03-05 23:13 - 2013-02-07 20:39 - 00088368 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlshm32.mlp 2016-03-05 23:13 - 2013-02-07 20:39 - 00078128 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmap32.mlp 2016-03-05 23:12 - 2016-03-05 23:12 - 00000000 ____D C:\Program Files (x86)\Wolfram Research 2016-03-05 23:04 - 2016-03-05 23:08 - 201814584 _____ (Wolfram Research, Inc. ) C:\Users\G580\Downloads\CDFPlayer_9.0.1_WIN.exe 2016-03-05 18:59 - 2016-03-05 18:59 - 08572298 _____ C:\Users\G580\Downloads\G580 mój lapek.pdf 2016-03-04 08:21 - 2016-03-04 08:21 - 21337334 _____ C:\Users\G580\Downloads\Data_Structures_and_Algorithms_in_C_Plus_Plus_Adam_Drozdek.pdf 2016-03-01 21:38 - 2016-03-01 21:38 - 00000000 ____D C:\Users\G580\Tracing 2016-03-01 21:33 - 2016-03-01 21:33 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-03-01 21:33 - 2016-03-01 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-03-01 20:22 - 2016-03-01 20:22 - 00241675 _____ C:\Users\G580\Downloads\mat1_biomatematyka_rekr_2015.pdf 2016-02-29 22:22 - 2016-02-29 22:22 - 03323715 _____ C:\Users\G580\Downloads\Tony Buzan-Use Your Head.pdf 2016-02-29 22:21 - 2016-02-29 23:28 - 10245878 _____ C:\Users\G580\Downloads\Buzan T. - Genialna pamięć.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-03-30 17:54 - 2014-04-06 23:32 - 00000000 ____D C:\Users\G580\AppData\Roaming\uTorrent 2016-03-30 17:52 - 2014-04-22 17:21 - 00000000 ____D C:\Users\G580\AppData\Roaming\AIMP3 2016-03-30 17:14 - 2012-07-26 11:50 - 00898834 _____ C:\Windows\system32\perfh015.dat 2016-03-30 17:14 - 2012-07-26 11:50 - 00202630 _____ C:\Windows\system32\perfc015.dat 2016-03-30 17:14 - 2012-07-26 09:28 - 02084924 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-30 17:14 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\Inf 2016-03-30 09:29 - 2015-11-28 14:38 - 00001845 _____ C:\Users\Public\Desktop\GeoGebra.lnk 2016-03-30 09:29 - 2015-08-02 14:34 - 00001005 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2016-03-30 09:29 - 2015-02-09 17:55 - 00000899 _____ C:\Users\Public\Desktop\AIMP3.lnk 2016-03-30 09:29 - 2015-01-06 19:13 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-30 09:29 - 2014-04-04 22:48 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-03-30 09:28 - 2014-02-27 22:42 - 00001438 _____ C:\Users\G580\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-30 09:28 - 2014-02-27 22:42 - 00000851 _____ C:\Users\G580\Desktop\Downloads.lnk 2016-03-30 09:10 - 2014-04-04 13:25 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-29 17:38 - 2014-04-06 23:52 - 00000000 ____D C:\Users\G580\AppData\Roaming\vlc 2016-03-28 22:43 - 2014-10-14 20:55 - 00000000 ____D C:\Users\G580\AppData\Roaming\CodeBlocks 2016-03-28 09:10 - 2015-07-25 15:16 - 00000000 ____D C:\Program Files (x86)\Steam 2016-03-27 18:39 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF 2016-03-27 18:38 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-27 16:03 - 2014-10-18 17:53 - 00000000 ____D C:\Users\G580\Downloads\Filmy 2016-03-27 16:01 - 2014-08-24 21:47 - 00000000 ____D C:\Users\G580\AppData\Roaming\Skype 2016-03-26 21:57 - 2014-04-02 09:05 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-752980834-4026949763-570849984-1001 2016-03-26 16:50 - 2014-02-27 22:41 - 00000000 ____D C:\Users\G580 2016-03-26 16:28 - 2015-01-22 22:23 - 00000000 ____D C:\ProgramData\APN 2016-03-26 16:28 - 2015-01-01 09:28 - 00000000 ____D C:\Users\G580\AppData\Roaming\IHlpr 2016-03-26 16:28 - 2012-07-26 09:19 - 00000000 ____D C:\Windows\ServiceProfiles 2016-03-26 14:14 - 2014-04-23 23:50 - 00000000 ____D C:\Users\G580\Downloads\Muzyka 2016-03-26 14:04 - 2014-07-14 13:00 - 00000000 ____D C:\Users\G580\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2016-03-26 14:04 - 2014-07-14 13:00 - 00000000 ____D C:\Program Files (x86)\DSPRobotics 2016-03-26 14:01 - 2016-01-16 17:14 - 00000000 ____D C:\Users\G580\AppData\Roaming\WarThunder 2016-03-26 13:10 - 2016-01-10 01:27 - 00000000 ____D C:\Users\G580\Downloads\ChomikBox 2016-03-26 12:25 - 2015-08-02 14:36 - 00000000 ____D C:\Users\G580\AppData\Roaming\TS3Client 2016-03-26 12:25 - 2015-02-28 20:37 - 00000000 ____D C:\Windows\Minidump 2016-03-26 12:25 - 2015-01-02 14:48 - 00000000 ____D C:\Users\G580\AppData\Roaming\DAEMON Tools Lite 2016-03-26 12:25 - 2014-02-27 22:35 - 00000000 ____D C:\Windows\Panther 2016-03-26 11:31 - 2015-05-27 08:35 - 00000000 ____D C:\Program Files (x86)\Windows Kits 2016-03-26 11:30 - 2015-05-27 08:19 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-24 23:12 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-03-24 22:10 - 2014-04-04 13:25 - 00003818 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-03-22 10:00 - 2015-06-03 19:08 - 00000000 ____D C:\Users\G580\AppData\Roaming\RStudio 2016-03-22 10:00 - 2015-06-03 19:08 - 00000000 ____D C:\Users\G580\AppData\Local\RStudio-Desktop 2016-03-22 10:00 - 2014-04-04 22:06 - 00003856 _____ C:\Users\G580\Documents\.Rhistory 2016-03-22 00:26 - 2014-04-04 22:45 - 00000000 ____D C:\Users\G580\Desktop\Wszystko i nic 2016-03-20 11:29 - 2016-02-12 14:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-20 11:29 - 2015-01-06 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-16 14:15 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp 2016-03-13 22:33 - 2015-08-02 14:34 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2016-03-13 12:09 - 2014-09-03 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2016-03-12 18:09 - 2015-12-17 23:44 - 00336896 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-12 18:08 - 2014-12-13 19:06 - 00000000 ____D C:\Windows\system32\appraiser 2016-03-09 09:56 - 2014-04-04 22:26 - 00000000 ____D C:\Windows\system32\MRT 2016-03-09 09:51 - 2014-04-04 22:26 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-03-09 09:32 - 2012-07-26 10:12 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-09 09:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2016-03-06 20:15 - 2016-02-23 21:08 - 00005033 _____ C:\Users\G580\Documents\Analiza Matematyczna.mm 2016-03-06 20:15 - 2016-02-23 14:25 - 00004805 _____ C:\Users\G580\Documents\Algebra Liniowa.mm 2016-03-01 21:33 - 2014-08-24 21:47 - 00000000 ____D C:\Users\G580\AppData\Local\Skype 2016-03-01 21:33 - 2014-08-24 21:47 - 00000000 ____D C:\ProgramData\Skype ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-03-26 13:49 - 2016-03-26 13:49 - 6493696 _____ () C:\Users\G580\AppData\Roaming\agent.dat 2016-03-26 13:49 - 2016-03-26 13:49 - 0127488 _____ () C:\Users\G580\AppData\Roaming\Installer.dat 2016-03-26 13:49 - 2016-03-26 13:49 - 0018432 _____ () C:\Users\G580\AppData\Roaming\Main.dat 2016-03-26 13:49 - 2016-03-26 13:49 - 1621433 _____ () C:\Users\G580\AppData\Roaming\Moveex.tst 2016-03-26 13:49 - 2016-03-26 13:49 - 0402905 _____ () C:\Users\G580\AppData\Roaming\SumZamla.bin ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-03-22 14:23 ==================== Koniec FRST.txt ============================