Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:10-04-2016 01 Uruchomiony przez Amelka (administrator) DESKTOP-GTDN8QL (12-04-2016 11:59:18) Uruchomiony z C:\Users\Amelka\Desktop Załadowane profile: Amelka (Dostępne profile: Amelka) Platform: Windows 10 Home (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Edge) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\WINDOWS\System32\atiesrxx.exe (AMD) C:\WINDOWS\System32\atieclxx.exe () C:\Users\Amelka\AppData\Roaming\Jeiijdoe\Jeiijdoe.exe () C:\Users\Amelka\AppData\Roaming\Jeiijdoe\Miolroev.exe () C:\Users\Amelka\AppData\Roaming\Jeiijdoe\Yugyua.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (GG Network S.A.) C:\Users\Amelka\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) C:\Users\Amelka\AppData\Local\GG\Application\ggapp.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (GG Network S.A.) C:\Users\Amelka\AppData\Local\GG\Application\ggdrive\ggdrive.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" HKLM\...\Run: [IDSCCOMACE] => "C:\Program Files\SpaceSoundPro\idsccom_ACE.exe" HKLM\...\Run: [WINCOMEX7] => "C:\Program Files (x86)\sunnyday\wincom_EX7.exe" HKLM\...\Run: [IDSCCOMC33] => "C:\Program Files (x86)\Hostify\idsccom_C33.exe" HKLM\...\Run: [WINCOM5WV] => "C:\Program Files (x86)\sunnyday\wincom_5WV.exe" HKLM\...\Run: [IDSCCOMSGZ] => "C:\Program Files\SpaceSoundPro\idsccom_SGZ.exe" HKLM\...\Run: [IDSCCOM8IZ] => "C:\Program Files (x86)\Hostify\idsccom_8IZ.exe" HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe HKLM-x32\...\Run: [app] => C:\Program Files (x86)\badu\sys.exe HKLM-x32\...\Run: [sun21] => [X] HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [Spotify Web Helper] => C:\Users\Amelka\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-04] (Spotify Ltd) HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [Spotify] => C:\Users\Amelka\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-02-04] (Spotify Ltd) HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [GG] => C:\Users\Amelka\AppData\Local\GG\Application\gghub.exe [4078144 2016-01-27] (GG Network S.A.) HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd) HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [uTorrent] => C:\Users\Amelka\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-10] (BitTorrent Inc.) BootExecute: autocheck autochk * sh4native Sh4Removal ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{403e29d4-30f9-4ec5-a3c1-aa8541217d3a}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\user.js [2016-04-05] FF SearchPlugin: C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\searchplugins\avg-secure-search.xml [2015-07-22] FF SearchPlugin: C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\avg-secure-search.xml [2015-07-22] FF Extension: Fast Dial - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\fastdial@telega.phpnet.us [2016-04-08] FF Extension: Brak nazwy - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\arthurj8283@gmail.com [2016-04-05] [Brak podpisu cyfrowego] FF Extension: AVG Web TuneUp - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\avg@toolbar.xpi [2015-12-17] FF Extension: Fast Dial - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\fastdial@telega.phpnet.us [2016-03-29] FF Extension: BPH Sign Plugin - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\SignPlugin@bph.pl [2016-02-03] [Brak podpisu cyfrowego] FF Extension: Video DownloadHelper - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30] FF Extension: Adblock Plus - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] FF Extension: BPH Sign Plugin - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\SignPlugin@bph.pl [2016-04-05] [Brak podpisu cyfrowego] FF Extension: Video DownloadHelper - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30] FF Extension: Adblock Plus - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\extensions\arthurj8283@gmail.com Chrome: ======= CHR HomePage: Default -> search.mpc.am CHR StartupUrls: Default -> "search.mpc.am" CHR Profile: C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-11] CHR Extension: (Dokumenty Google) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11] CHR Extension: (Dysk Google) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11] CHR Extension: (YouTube) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11] CHR Extension: (Google Search) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11] CHR Extension: (Arkusze Google) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11] CHR Extension: (Dokumenty Google offline) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-11] CHR Extension: (Gmail) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd) R2 Idippicch; C:\Users\Amelka\AppData\Roaming\Jeiijdoe\Jeiijdoe.exe [174480 2016-04-05] () S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2016-02-04] () [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a S2 ktip; "C:\Program Files\ktip\ktip.exe" /s iid=6166472 did=APSFTuto4PC sid=11 ref=b490cf98-ca75-4a7d-4dc0-2d482b15d2ba-PolicyMac id=b2f57e148f4abea222d5c6496a3aef9c071b0ca53062305daeddda46a94c7f9b [X] S2 nytuqelezbt; C:\Program Files (x86)\4C4C4544-1459845417-4810-8059-B7C04F314B31\knsd6865.tmpfs [X] S2 Odapt; "C:\Users\Amelka\AppData\Roaming\GiljuAdei\Jotraom.exe" -cms [X] S2 rijufoze; C:\Program Files (x86)\4C4C4544-1459845417-4810-8059-B7C04F314B31\hnswA382.tmp [X] S2 rocufyky; C:\Program Files (x86)\4C4C4544-1459845417-4810-8059-B7C04F314B31\jnsc8B74.tmp [X] S2 zigipyro; C:\Users\Amelka\AppData\Local\4C4C4544-1459853606-4810-8059-B7C04F314B31\qnsh6099.tmp [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 BCM43XX; C:\Windows\System32\drivers\bcmwl63al.sys [5170176 2015-07-10] (Broadcom Corporation) R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2016-04-05] () R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-17] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-17] (Disc Soft Ltd) S3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-01] (Disc Soft Ltd) R3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] () S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R3 yukonw8; C:\Windows\System32\drivers\yk63x64.sys [295216 2015-07-10] (Marvell) S3 dot4usb; \SystemRoot\System32\drivers\dot4usb.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-12 11:59 - 2016-04-12 11:59 - 00013798 _____ C:\Users\Amelka\Desktop\FRST.txt 2016-04-12 11:52 - 2016-04-12 11:55 - 00030667 _____ C:\Users\Amelka\Downloads\Addition.txt 2016-04-12 11:50 - 2016-04-12 11:59 - 00000000 ____D C:\FRST 2016-04-12 11:50 - 2016-04-12 11:55 - 00044851 _____ C:\Users\Amelka\Downloads\FRST.txt 2016-04-12 11:49 - 2016-04-12 11:50 - 02375168 _____ (Farbar) C:\Users\Amelka\Desktop\FRST64.exe 2016-04-12 11:46 - 2016-04-12 11:51 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\Geek Uninstaller 2016-04-12 11:45 - 2016-04-12 11:45 - 02582089 _____ C:\Users\Amelka\Downloads\geek.zip 2016-04-12 11:38 - 2016-04-12 11:38 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-GTDN8QL_Amelka_HistoryPrediction.bin 2016-04-12 10:03 - 2016-04-12 10:03 - 00000000 ____D C:\Users\Amelka\AppData\Local\ElevatedDiagnostics 2016-04-12 10:01 - 2016-04-12 10:01 - 00003486 _____ C:\WINDOWS\System32\Tasks\{C321EFD5-7986-4087-960B-903A6BC0EB89} 2016-04-11 11:40 - 2016-04-11 11:40 - 00041984 ____H C:\Users\Amelka\Desktop\photothumb.db 2016-04-11 09:48 - 2016-04-11 11:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-04-08 21:02 - 2016-04-08 21:02 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-04-05 13:28 - 2016-04-12 11:13 - 01934094 _____ C:\spyhunter.fix 2016-04-05 13:28 - 2010-05-13 17:34 - 00014232 _____ C:\WINDOWS\SysWOW64\sh4native.exe 2016-04-05 12:46 - 2016-04-05 12:46 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\eCyber 2016-04-05 12:38 - 2013-10-18 15:01 - 00008192 _____ C:\shldr.mbr 2016-04-05 12:23 - 2016-04-05 12:23 - 00003258 _____ C:\WINDOWS\System32\Tasks\{0BB202A7-A1FF-45E7-89B2-533BCA656A58} 2016-04-05 12:09 - 2016-04-05 12:09 - 00001931 _____ C:\Users\Amelka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-05 12:03 - 2016-04-05 14:40 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd 2016-04-05 11:52 - 2016-04-05 11:52 - 00000000 ____D C:\WINDOWS\system32\taz 2016-04-05 11:06 - 2016-04-05 12:03 - 00015194 _____ C:\WINDOWS\System32\Tasks\WinTaske 2016-04-05 11:03 - 2016-04-05 11:03 - 00003338 _____ C:\WINDOWS\System32\Tasks\psv_Zaamsolojob 2016-04-05 11:03 - 2016-04-05 11:03 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\MCorp 2016-04-05 11:02 - 2016-04-05 14:40 - 00000000 ____D C:\ProgramData\CloudPrinter 2016-04-05 11:02 - 2016-04-05 11:02 - 06504960 _____ C:\Users\Amelka\AppData\Roaming\agent.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 01626416 _____ C:\Users\Amelka\AppData\Roaming\Truein.tst 2016-04-05 11:02 - 2016-04-05 11:02 - 00126464 _____ C:\Users\Amelka\AppData\Roaming\noah.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 00126464 _____ C:\Users\Amelka\AppData\Roaming\lobby.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 00072699 _____ C:\Users\Amelka\AppData\Roaming\Kanlex.tst 2016-04-05 11:02 - 2016-04-05 11:02 - 00065424 _____ C:\Users\Amelka\AppData\Roaming\Config.xml 2016-04-05 11:02 - 2016-04-05 11:02 - 00054272 _____ C:\Users\Amelka\AppData\Roaming\ApplicationHosting.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 00018432 _____ C:\Users\Amelka\AppData\Roaming\Main.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 00005568 _____ C:\Users\Amelka\AppData\Roaming\md.xml 2016-04-05 11:02 - 2016-04-05 11:02 - 00003330 _____ C:\WINDOWS\System32\Tasks\psv_Freeair 2016-04-05 11:02 - 2016-04-05 11:02 - 00003318 _____ C:\WINDOWS\System32\Tasks\psv_Zotair 2016-04-05 11:02 - 2016-04-05 11:02 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml 2016-04-05 11:02 - 2016-04-05 11:02 - 00000000 ____D C:\ProgramData\Konksolexs 2016-04-05 11:00 - 2016-04-05 11:01 - 00017760 _____ C:\Users\Amelka\AppData\Roaming\InstallationConfiguration.xml 2016-04-05 11:00 - 2016-04-05 11:00 - 00127488 _____ C:\Users\Amelka\AppData\Roaming\Installer.dat 2016-04-05 11:00 - 2016-04-05 11:00 - 00119186 _____ C:\Users\Amelka\AppData\Roaming\inst.lat 2016-04-05 10:58 - 2016-04-05 10:58 - 00000266 __RSH C:\Users\Amelka\ntuser.pol 2016-04-05 10:54 - 2016-04-05 10:54 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys 2016-04-05 10:54 - 2016-04-05 10:54 - 00003420 _____ C:\WINDOWS\System32\Tasks\Savjy 2016-04-05 10:54 - 2016-04-05 10:54 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\Jeiijdoe 2016-04-05 10:54 - 2016-04-05 10:54 - 00000000 ____D C:\Users\Amelka\AppData\LocalLow\Company 2016-04-05 10:54 - 2016-04-05 10:54 - 00000000 ____D C:\Users\Amelka\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-04-05 10:54 - 2016-04-05 10:54 - 00000000 ____D C:\Users\Amelka\AppData\Local\Tempfolder 2016-04-05 10:53 - 2016-04-05 10:53 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results 2016-04-05 10:47 - 2016-04-05 12:48 - 00002363 _____ C:\Users\Amelka\Desktop\SpyHunter.lnk 2016-04-05 10:47 - 2016-04-05 12:48 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2016-04-05 10:47 - 2016-04-05 10:47 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group 2016-04-05 10:46 - 2016-04-05 12:48 - 00000000 ____D C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP 2016-04-05 10:46 - 2016-04-05 10:46 - 00000000 ____D C:\Users\Amelka\Downloads\SpyHunter_4.17.6.4336 [Eng] patch 2016-04-05 10:44 - 2016-04-05 10:45 - 45503175 _____ C:\Users\Amelka\Downloads\SpyHunter_4.17.6.4336 [Eng] patch.rar 2016-04-05 10:42 - 2016-04-05 10:43 - 00000000 ____D C:\Users\Amelka\AppData\Local\4C4C4544-1459852975-4810-8059-B7C04F314B31 2016-04-05 10:39 - 2016-04-05 10:54 - 00065856 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys 2016-04-05 10:38 - 2016-04-05 10:32 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2016-04-05 10:36 - 2016-04-05 14:41 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1459845417-4810-8059-B7C04F314B31 2016-04-05 10:31 - 2016-04-05 10:31 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Amelka\Downloads\libeay32.dll 2016-04-05 10:31 - 2016-04-05 10:31 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Amelka\Downloads\ssleay32.dll 2016-04-05 10:30 - 2016-04-05 10:30 - 00000000 _____ C:\Users\Amelka\Downloads\SpyHunter 4 Crack Setup File _No serial_ patch needed_ 2016-04-05 09:14 - 2016-04-05 09:14 - 00054259 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-04-05_09-14-31.pdf 2016-04-04 09:33 - 2016-04-05 11:58 - 00014838 _____ C:\WINDOWS\System32\Tasks\eAHPeNhIUJCheckTask 2016-04-04 09:33 - 2016-04-05 11:58 - 00003924 _____ C:\WINDOWS\System32\Tasks\eAHPeNhIUJBrowserUpdateCore 2016-04-04 09:33 - 2016-04-05 11:57 - 00014860 _____ C:\WINDOWS\System32\Tasks\eAHPeNhIUJBrowserUpdateUA 2016-04-01 21:52 - 2016-04-01 21:52 - 00127103 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz_#1_PITB_Piotr_Rozwandowicz_podatnik.pdf 2016-04-01 21:51 - 2016-04-01 21:51 - 00218079 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz(3).pdf 2016-04-01 21:27 - 2016-04-01 21:52 - 00027136 _____ C:\Users\Amelka\Documents\Fundusz Ubezpieczen Zdrowotnych (Automatycznie zapisany)2.xls 2016-04-01 19:33 - 2016-04-01 19:33 - 00218065 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz(2).pdf 2016-04-01 18:54 - 2016-04-01 18:54 - 00218068 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz(1).pdf 2016-04-01 18:53 - 2016-04-01 18:53 - 00150887 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz_#2_PITO_Piotr_Rozwandowicz_Sylwia_Rozwandowicz(1).pdf 2016-04-01 18:40 - 2016-04-01 18:40 - 00218068 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz.pdf 2016-04-01 18:39 - 2016-04-01 18:39 - 00150887 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz_#2_PITO_Piotr_Rozwandowicz_Sylwia_Rozwandowicz.pdf 2016-04-01 18:31 - 2016-04-01 18:31 - 00150264 _____ C:\Users\Amelka\Downloads\#1_PIT37_za_2015_Piotr_Rozwandowicz_#1_PITO_Piotr_Rozwandowicz.pdf 2016-04-01 18:26 - 2016-04-01 18:26 - 00150252 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_#2_PITO_Piotr_Rozwandowicz(1).pdf 2016-04-01 18:25 - 2016-04-01 18:25 - 00461147 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz.pdf 2016-04-01 18:25 - 2016-04-01 18:25 - 00150252 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_#2_PITO_Piotr_Rozwandowicz.pdf 2016-04-01 18:25 - 2016-04-01 18:25 - 00127100 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_#1_PITB_Piotr_Rozwandowicz_podatnik.pdf 2016-04-01 18:25 - 2016-04-01 18:25 - 00127100 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_#1_PITB_Piotr_Rozwandowicz_podatnik(1).pdf 2016-04-01 16:31 - 2016-04-01 16:31 - 00070352 _____ C:\Users\Amelka\Desktop\9555377_514981.csv 2016-04-01 12:09 - 2016-04-01 12:09 - 00053782 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-04-01_12-09-36.pdf 2016-04-01 12:02 - 2016-04-01 12:02 - 00156597 _____ C:\Users\Amelka\Documents\powierdzenie BPH.pdf 2016-04-01 11:20 - 2016-04-01 11:20 - 00053990 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-04-01_11-20-16.pdf 2016-04-01 11:20 - 2016-04-01 11:20 - 00053896 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-04-01_11-20-09.pdf 2016-04-01 10:24 - 2016-04-01 10:24 - 00000000 ____D C:\Users\Amelka\Downloads\PerdanaKun_-_SpyHunter_4.3 2016-04-01 10:23 - 2016-04-01 10:24 - 22146164 _____ C:\Users\Amelka\Downloads\PerdanaKun_-_SpyHunter_4.3.rar 2016-04-01 10:15 - 2016-04-01 10:15 - 00259584 _____ C:\Users\Amelka\Downloads\spyhunter.4.3.32-patch.exe 2016-04-01 10:00 - 2016-04-01 10:00 - 00000000 _____ C:\autoexec.bat 2016-04-01 09:56 - 2016-04-01 09:56 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys 2016-04-01 09:51 - 2016-04-01 09:53 - 50358924 _____ C:\Users\Amelka\Downloads\SpyHunter 4.21.10.4585 Full.7z 2016-04-01 09:31 - 2016-04-01 09:31 - 00000000 ____D C:\Users\Public\Documents\eAHPeNhIUJ 2016-03-31 12:20 - 2016-03-31 12:20 - 00001316 _____ C:\Users\Amelka\Downloads\free-videos 2016-03-29 12:09 - 2016-03-29 12:09 - 00000000 ____D C:\WINDOWS\system32\log 2016-03-25 19:30 - 2016-04-07 09:13 - 00000000 ____D C:\Users\Amelka\AppData\Local\CrashDumps 2016-03-25 19:08 - 2016-04-01 20:23 - 00027136 _____ C:\Users\Amelka\Documents\Fundusz Ubezpieczen Zdrowotnych (Automatycznie zapisany).xls 2016-03-25 13:18 - 2016-03-25 13:18 - 00053643 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-03-25_12-17-48.pdf 2016-03-25 11:41 - 2016-03-25 11:41 - 00134655 _____ C:\Users\Amelka\Downloads\74649227_41.pdf 2016-03-25 11:33 - 2016-03-25 11:33 - 00134652 _____ C:\Users\Amelka\Downloads\74649227_33.pdf 2016-03-25 11:27 - 2016-03-25 11:27 - 00139782 _____ C:\Users\Amelka\Downloads\74649227_32.pdf 2016-03-24 15:38 - 2016-03-24 15:38 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\WinZiper 2016-03-24 14:35 - 2016-03-24 14:35 - 00015140 _____ C:\WINDOWS\System32\Tasks\Browser Updater Task(Core) 2016-03-24 11:42 - 2015-03-09 12:57 - 00001411 _____ C:\Users\Amelka\Desktop\faktury.lnk 2016-03-23 15:50 - 2016-03-23 15:50 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\FileZilla Server 2016-03-23 11:28 - 2016-03-23 11:28 - 00000000 ____D C:\Users\Amelka\Desktop\Originals 2016-03-23 11:25 - 2016-03-23 17:04 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\PhotoScape 2016-03-23 11:20 - 2016-03-23 11:25 - 00000000 ____D C:\Program Files (x86)\PhotoScape 2016-03-23 11:20 - 2016-03-23 11:20 - 00001104 _____ C:\Users\Amelka\Desktop\PhotoScape.lnk 2016-03-23 11:20 - 2016-03-23 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2016-03-23 11:03 - 2016-03-23 11:20 - 21025552 _____ (Mooii) C:\Users\Amelka\Downloads\PhotoScapeSetup_V3.7.exe 2016-03-23 11:02 - 2016-03-23 11:02 - 01026152 _____ (Nifalise ) C:\Users\Amelka\Downloads\Photoscape-12505-dp.exe 2016-03-23 11:01 - 2016-03-23 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server 2016-03-23 11:01 - 2016-03-23 11:01 - 00000000 ____D C:\Program Files (x86)\FileZilla Server 2016-03-23 11:00 - 2016-03-23 11:00 - 02165056 _____ (FileZilla Project) C:\Users\Amelka\Downloads\FileZilla_Server-0_9_56_1.exe 2016-03-22 22:11 - 2016-03-23 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-21 10:26 - 2016-03-21 10:26 - 00275504 _____ C:\WINDOWS\Minidump\032116-29546-01.dmp 2016-03-21 10:13 - 2016-03-21 10:26 - 00000000 ____D C:\WINDOWS\Minidump 2016-03-21 10:13 - 2016-03-21 10:25 - 484153261 _____ C:\WINDOWS\MEMORY.DMP 2016-03-21 10:13 - 2016-03-21 10:13 - 00431800 _____ C:\WINDOWS\Minidump\032116-23437-01.dmp 2016-03-16 18:55 - 2016-04-02 20:31 - 00000000 ____D C:\Users\Amelka\Downloads\Daddy's Home (2015) 2016-03-15 13:20 - 2016-03-15 13:20 - 00380200 _____ C:\Users\Amelka\Downloads\Potwierdzenie_3011.pdf 2016-03-14 10:45 - 2016-02-23 16:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL 2016-03-14 10:45 - 2016-02-23 16:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll 2016-03-14 10:45 - 2016-02-23 16:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll 2016-03-14 10:45 - 2016-02-23 15:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-03-14 10:45 - 2016-02-23 15:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2016-03-14 10:45 - 2016-02-23 15:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2016-03-14 10:45 - 2016-02-23 15:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL 2016-03-14 10:45 - 2016-02-23 15:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll 2016-03-14 10:45 - 2016-02-23 15:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll 2016-03-14 10:45 - 2016-02-23 15:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll 2016-03-14 10:45 - 2016-02-23 15:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll 2016-03-14 10:45 - 2016-02-23 14:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-03-14 10:45 - 2016-02-23 14:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-03-14 10:45 - 2016-02-23 14:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-03-14 10:45 - 2016-02-23 14:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-03-14 10:45 - 2016-02-23 14:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-03-14 10:45 - 2016-02-23 14:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-03-14 10:45 - 2016-02-23 14:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-03-14 10:45 - 2016-02-23 13:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe 2016-03-14 10:45 - 2016-02-23 13:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-03-14 10:45 - 2016-02-23 13:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-03-14 10:45 - 2016-02-23 13:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll 2016-03-14 10:45 - 2016-02-23 13:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2016-03-14 10:45 - 2016-02-23 13:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2016-03-14 10:45 - 2016-02-23 12:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-03-14 10:45 - 2016-02-23 12:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll 2016-03-14 10:45 - 2016-02-23 12:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-03-14 10:45 - 2016-02-23 12:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-03-14 10:45 - 2016-02-23 12:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll 2016-03-14 10:45 - 2016-02-23 12:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-03-14 10:45 - 2016-02-23 12:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-03-14 10:45 - 2016-02-23 12:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-03-14 10:45 - 2016-02-23 12:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-03-14 10:45 - 2016-02-23 12:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-03-14 10:45 - 2016-02-23 12:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll 2016-03-14 10:45 - 2016-02-23 12:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2016-03-14 10:45 - 2016-02-23 12:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-03-14 10:45 - 2016-02-23 12:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-03-14 10:45 - 2016-02-23 12:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2016-03-14 10:45 - 2016-02-23 12:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-03-14 10:45 - 2016-02-23 12:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-03-14 10:45 - 2016-02-23 11:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-03-14 10:41 - 2016-02-23 14:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-03-14 10:41 - 2016-02-23 13:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-03-14 10:41 - 2016-02-23 12:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2016-03-14 10:40 - 2016-02-23 16:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-03-14 10:40 - 2016-02-23 16:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-03-14 10:40 - 2016-02-23 16:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2016-03-14 10:40 - 2016-02-23 16:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2016-03-14 10:40 - 2016-02-23 16:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-03-14 10:40 - 2016-02-23 16:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll 2016-03-14 10:40 - 2016-02-23 16:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll 2016-03-14 10:40 - 2016-02-23 16:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-03-14 10:40 - 2016-02-23 16:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-03-14 10:40 - 2016-02-23 16:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-03-14 10:40 - 2016-02-23 16:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-03-14 10:40 - 2016-02-23 16:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-03-14 10:40 - 2016-02-23 15:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-03-14 10:40 - 2016-02-23 15:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2016-03-14 10:40 - 2016-02-23 15:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-03-14 10:40 - 2016-02-23 14:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-03-14 10:40 - 2016-02-23 14:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-03-14 10:40 - 2016-02-23 14:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-03-14 10:40 - 2016-02-23 14:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-03-14 10:40 - 2016-02-23 14:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2016-03-14 10:40 - 2016-02-23 14:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-03-14 10:40 - 2016-02-23 13:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll 2016-03-14 10:40 - 2016-02-23 13:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2016-03-14 10:40 - 2016-02-23 13:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-03-14 10:40 - 2016-02-23 13:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-03-14 10:40 - 2016-02-23 13:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-03-14 10:40 - 2016-02-23 13:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-03-14 10:40 - 2016-02-23 13:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-03-14 10:40 - 2016-02-23 13:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-03-14 10:40 - 2016-02-23 13:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-03-14 10:40 - 2016-02-23 13:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-03-14 10:40 - 2016-02-23 13:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2016-03-14 10:40 - 2016-02-23 13:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-03-14 10:40 - 2016-02-23 12:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-03-14 10:40 - 2016-02-23 12:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll 2016-03-14 10:39 - 2016-02-23 16:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-03-14 10:39 - 2016-02-23 16:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-03-14 10:39 - 2016-02-23 16:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-03-14 10:39 - 2016-02-23 16:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-03-14 10:39 - 2016-02-23 13:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll 2016-03-14 10:39 - 2016-02-23 13:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2016-03-13 22:29 - 2016-03-13 22:36 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\NapiProjekt 2016-03-13 22:29 - 2016-03-13 22:29 - 00001113 _____ C:\Users\Amelka\Desktop\NapiProjekt.lnk 2016-03-13 22:29 - 2016-03-13 22:29 - 00000000 ____D C:\Program Files (x86)\NapiProjekt 2016-03-13 22:27 - 2016-03-13 22:27 - 00000000 ____D C:\Users\Amelka\Documents\setup ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-12 11:56 - 2016-02-11 19:51 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-12 11:15 - 2016-02-03 03:58 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\uTorrent 2016-04-12 11:14 - 2016-02-11 19:51 - 00001076 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-12 11:14 - 2016-02-09 15:06 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\GG 2016-04-12 11:14 - 2016-02-02 09:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-12 11:13 - 2016-02-01 22:22 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-04-12 11:02 - 2016-02-21 11:52 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-04-12 08:55 - 2016-02-01 22:47 - 00000000 ____D C:\WINDOWS\INF 2016-04-12 08:51 - 2016-02-21 21:33 - 00004228 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{51CD208A-C859-4CE7-9457-338B59B44195} 2016-04-11 19:51 - 2016-02-01 22:51 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-11 19:46 - 2016-02-01 22:51 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-11 13:19 - 2016-02-02 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-04-10 21:12 - 2016-02-02 16:10 - 00000000 ____D C:\Users\Amelka 2016-04-10 17:29 - 2016-02-02 09:30 - 01836100 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-10 17:29 - 2016-02-01 23:01 - 00813762 _____ C:\WINDOWS\system32\perfh015.dat 2016-04-10 17:29 - 2016-02-01 23:01 - 00156260 _____ C:\WINDOWS\system32\perfc015.dat 2016-04-08 21:02 - 2016-02-21 11:52 - 00003916 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-04-08 17:59 - 2016-02-11 19:53 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-08 17:59 - 2016-02-11 19:53 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-04-05 12:22 - 2016-02-17 14:36 - 00000266 __RSH C:\ProgramData\ntuser.pol 2016-04-05 12:21 - 2016-02-03 02:11 - 00001946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-04-05 12:21 - 2016-02-03 02:11 - 00001934 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-04-05 10:58 - 2016-02-19 12:23 - 00000000 ___RD C:\Users\Amelka\Podcasts 2016-04-05 10:58 - 2016-02-02 16:11 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-04-05 10:31 - 2016-02-01 22:51 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-03-21 10:12 - 2016-02-01 22:51 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-03-16 14:00 - 2016-02-02 09:12 - 00357080 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-03-16 13:57 - 2016-02-01 22:51 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-03-16 13:57 - 2016-02-01 22:51 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-03-16 13:57 - 2016-02-01 22:51 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-03-16 13:57 - 2016-02-01 22:51 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-03-14 11:10 - 2016-02-01 22:51 - 00000167 _____ C:\WINDOWS\win.ini 2016-03-14 11:08 - 2016-02-01 22:33 - 00000000 ____D C:\WINDOWS\CbsTemp ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-04-05 11:02 - 2016-04-05 11:02 - 6504960 _____ () C:\Users\Amelka\AppData\Roaming\agent.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 0054272 _____ () C:\Users\Amelka\AppData\Roaming\ApplicationHosting.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 0065424 _____ () C:\Users\Amelka\AppData\Roaming\Config.xml 2016-04-05 11:00 - 2016-04-05 11:00 - 0119186 _____ () C:\Users\Amelka\AppData\Roaming\inst.lat 2016-04-05 11:00 - 2016-04-05 11:01 - 0017760 _____ () C:\Users\Amelka\AppData\Roaming\InstallationConfiguration.xml 2016-04-05 11:00 - 2016-04-05 11:00 - 0127488 _____ () C:\Users\Amelka\AppData\Roaming\Installer.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 0072699 _____ () C:\Users\Amelka\AppData\Roaming\Kanlex.tst 2016-04-05 11:02 - 2016-04-05 11:02 - 0126464 _____ () C:\Users\Amelka\AppData\Roaming\lobby.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 0018432 _____ () C:\Users\Amelka\AppData\Roaming\Main.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 0005568 _____ () C:\Users\Amelka\AppData\Roaming\md.xml 2016-04-05 11:02 - 2016-04-05 11:02 - 0126464 _____ () C:\Users\Amelka\AppData\Roaming\noah.dat 2016-04-05 11:02 - 2016-04-05 11:02 - 1626416 _____ () C:\Users\Amelka\AppData\Roaming\Truein.tst 2016-04-05 11:02 - 2016-04-05 11:02 - 0032038 _____ () C:\Users\Amelka\AppData\Roaming\uninstall_temp.ico Niektóre pliki w TEMP: ==================== C:\Users\Amelka\AppData\Local\Temp\0ABECXC01D.exe C:\Users\Amelka\AppData\Local\Temp\0YP672YFZN.exe C:\Users\Amelka\AppData\Local\Temp\3B0IMEGPSY.exe C:\Users\Amelka\AppData\Local\Temp\3JA32ZKTIW.exe C:\Users\Amelka\AppData\Local\Temp\3Z8YZAUILB.exe C:\Users\Amelka\AppData\Local\Temp\4BBEQON5L8.exe C:\Users\Amelka\AppData\Local\Temp\59JGDKV06O.exe C:\Users\Amelka\AppData\Local\Temp\7ROP4AGJSG.exe C:\Users\Amelka\AppData\Local\Temp\7V03EWL3U0.exe C:\Users\Amelka\AppData\Local\Temp\83A6.tmp.exe C:\Users\Amelka\AppData\Local\Temp\9PSQEY7NQN.exe C:\Users\Amelka\AppData\Local\Temp\AUUZ45I7PO.exe C:\Users\Amelka\AppData\Local\Temp\BONBAA0BZH.exe C:\Users\Amelka\AppData\Local\Temp\Browser_V5.6.10551.6_f_4713_(Build1602291105).exe C:\Users\Amelka\AppData\Local\Temp\CBU19JACYV.exe C:\Users\Amelka\AppData\Local\Temp\FKQJXTQBPZ.exe C:\Users\Amelka\AppData\Local\Temp\G728XGOK57.exe C:\Users\Amelka\AppData\Local\Temp\hib6049.exe C:\Users\Amelka\AppData\Local\Temp\hibADA9.exe C:\Users\Amelka\AppData\Local\Temp\hibC797.exe C:\Users\Amelka\AppData\Local\Temp\nsi23FB.exe C:\Users\Amelka\AppData\Local\Temp\PZ5R9LX2IQ.exe C:\Users\Amelka\AppData\Local\Temp\set.exe C:\Users\Amelka\AppData\Local\Temp\setup_758.exe C:\Users\Amelka\AppData\Local\Temp\setup_ra.exe C:\Users\Amelka\AppData\Local\Temp\Uninstall.exe C:\Users\Amelka\AppData\Local\Temp\UV3590KR8F.exe Niektóre zerobajtowe pliki/foldery: ========================== C:\Windows\System32\jscript9diag.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll [2015-07-10 13:00] - [2015-07-10 13:00] - 0680256 ____A (Microsoft Corporation) 5BB42439197E4B3585EF0C4CC7411E4E C:\WINDOWS\SysWOW64\dnsapi.dll [2015-07-10 13:00] - [2015-07-10 13:00] - 0534064 ____A (Microsoft Corporation) 4F1AB9478DA2E252F36970BD4E2C643E C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-04-07 09:47 ==================== Koniec FRST.txt ============================