Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:10-04-2016 01 Uruchomiony przez Amelka (administrator) DESKTOP-GTDN8QL (12-04-2016 14:10:09) Uruchomiony z C:\Users\Amelka\Desktop\Nowy folder Załadowane profile: Amelka (Dostępne profile: Amelka) Platform: Windows 10 Home (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Edge) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\WINDOWS\System32\atiesrxx.exe (AMD) C:\WINDOWS\System32\atieclxx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (GG Network S.A.) C:\Users\Amelka\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) C:\Users\Amelka\AppData\Local\GG\Application\ggapp.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (GG Network S.A.) C:\Users\Amelka\AppData\Local\GG\Application\ggdrive\ggdrive.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [Spotify Web Helper] => C:\Users\Amelka\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-04] (Spotify Ltd) HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [Spotify] => C:\Users\Amelka\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-02-04] (Spotify Ltd) HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [GG] => C:\Users\Amelka\AppData\Local\GG\Application\gghub.exe [4078144 2016-01-27] (GG Network S.A.) HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd) HKU\S-1-5-21-2027304882-3395841315-3700974283-1001\...\Run: [uTorrent] => C:\Users\Amelka\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-10] (BitTorrent Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{403e29d4-30f9-4ec5-a3c1-aa8541217d3a}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default FF DefaultSearchEngine: findit FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\user.js [2016-04-05] FF SearchPlugin: C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\searchplugins\avg-secure-search.xml [2015-07-22] FF Extension: AVG Web TuneUp - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\avg@toolbar.xpi [2015-12-17] FF Extension: Fast Dial - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\fastdial@telega.phpnet.us [2016-03-29] FF Extension: BPH Sign Plugin - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\SignPlugin@bph.pl [2016-02-03] [Brak podpisu cyfrowego] FF Extension: Video DownloadHelper - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30] FF Extension: Adblock Plus - C:\Users\Amelka\AppData\Roaming\Mozilla\Firefox\Profiles\to8bbm4r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] Chrome: ======= CHR Profile: C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-11] CHR Extension: (Dokumenty Google) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11] CHR Extension: (Dysk Google) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11] CHR Extension: (YouTube) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11] CHR Extension: (Google Search) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11] CHR Extension: (Arkusze Google) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11] CHR Extension: (Dokumenty Google offline) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-11] CHR Extension: (Gmail) - C:\Users\Amelka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd) S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2016-02-04] () [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 BCM43XX; C:\Windows\System32\drivers\bcmwl63al.sys [5170176 2015-07-10] (Broadcom Corporation) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-17] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-17] (Disc Soft Ltd) S3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-01] (Disc Soft Ltd) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R3 yukonw8; C:\Windows\System32\drivers\yk63x64.sys [295216 2015-07-10] (Marvell) S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X] S3 dot4usb; \SystemRoot\System32\drivers\dot4usb.sys [X] S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-12 14:04 - 2016-04-12 14:04 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-GTDN8QL_Amelka_HistoryPrediction.bin 2016-04-12 12:14 - 2016-04-12 13:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-04-12 12:01 - 2016-04-12 14:06 - 00000000 ____D C:\Users\Amelka\Desktop\Nowy folder 2016-04-12 11:52 - 2016-04-12 11:55 - 00030667 _____ C:\Users\Amelka\Downloads\Addition.txt 2016-04-12 11:50 - 2016-04-12 14:10 - 00000000 ____D C:\FRST 2016-04-12 11:50 - 2016-04-12 11:55 - 00044851 _____ C:\Users\Amelka\Downloads\FRST.txt 2016-04-12 11:46 - 2016-04-12 11:51 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\Geek Uninstaller 2016-04-12 11:45 - 2016-04-12 11:45 - 02582089 _____ C:\Users\Amelka\Downloads\geek.zip 2016-04-12 10:03 - 2016-04-12 10:03 - 00000000 ____D C:\Users\Amelka\AppData\Local\ElevatedDiagnostics 2016-04-11 11:40 - 2016-04-11 11:40 - 00041984 ____H C:\Users\Amelka\Desktop\photothumb.db 2016-04-11 09:48 - 2016-04-11 11:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-04-08 21:02 - 2016-04-08 21:02 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-04-05 13:28 - 2016-04-12 11:13 - 01934094 _____ C:\spyhunter.fix 2016-04-05 12:38 - 2013-10-18 15:01 - 00008192 _____ C:\shldr.mbr 2016-04-05 12:09 - 2016-04-05 12:09 - 00001931 _____ C:\Users\Amelka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-05 10:58 - 2016-04-05 10:58 - 00000266 __RSH C:\Users\Amelka\ntuser.pol 2016-04-05 10:47 - 2016-04-05 10:47 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group 2016-04-05 10:31 - 2016-04-05 10:31 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Amelka\Downloads\libeay32.dll 2016-04-05 10:31 - 2016-04-05 10:31 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Amelka\Downloads\ssleay32.dll 2016-04-05 09:14 - 2016-04-05 09:14 - 00054259 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-04-05_09-14-31.pdf 2016-04-01 21:52 - 2016-04-01 21:52 - 00127103 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz_#1_PITB_Piotr_Rozwandowicz_podatnik.pdf 2016-04-01 21:51 - 2016-04-01 21:51 - 00218079 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz(3).pdf 2016-04-01 21:27 - 2016-04-01 21:52 - 00027136 _____ C:\Users\Amelka\Documents\Fundusz Ubezpieczen Zdrowotnych (Automatycznie zapisany)2.xls 2016-04-01 19:33 - 2016-04-01 19:33 - 00218065 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz(2).pdf 2016-04-01 18:54 - 2016-04-01 18:54 - 00218068 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz(1).pdf 2016-04-01 18:53 - 2016-04-01 18:53 - 00150887 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz_#2_PITO_Piotr_Rozwandowicz_Sylwia_Rozwandowicz(1).pdf 2016-04-01 18:40 - 2016-04-01 18:40 - 00218068 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz.pdf 2016-04-01 18:39 - 2016-04-01 18:39 - 00150887 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_Sylwia_Rozwandowicz_#2_PITO_Piotr_Rozwandowicz_Sylwia_Rozwandowicz.pdf 2016-04-01 18:31 - 2016-04-01 18:31 - 00150264 _____ C:\Users\Amelka\Downloads\#1_PIT37_za_2015_Piotr_Rozwandowicz_#1_PITO_Piotr_Rozwandowicz.pdf 2016-04-01 18:26 - 2016-04-01 18:26 - 00150252 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_#2_PITO_Piotr_Rozwandowicz(1).pdf 2016-04-01 18:25 - 2016-04-01 18:25 - 00461147 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz.pdf 2016-04-01 18:25 - 2016-04-01 18:25 - 00150252 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_#2_PITO_Piotr_Rozwandowicz.pdf 2016-04-01 18:25 - 2016-04-01 18:25 - 00127100 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_#1_PITB_Piotr_Rozwandowicz_podatnik.pdf 2016-04-01 18:25 - 2016-04-01 18:25 - 00127100 _____ C:\Users\Amelka\Downloads\#1_PIT36_za_2015_Piotr_Rozwandowicz_#1_PITB_Piotr_Rozwandowicz_podatnik(1).pdf 2016-04-01 16:31 - 2016-04-01 16:31 - 00070352 _____ C:\Users\Amelka\Desktop\9555377_514981.csv 2016-04-01 12:09 - 2016-04-01 12:09 - 00053782 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-04-01_12-09-36.pdf 2016-04-01 12:02 - 2016-04-01 12:02 - 00156597 _____ C:\Users\Amelka\Documents\powierdzenie BPH.pdf 2016-04-01 11:20 - 2016-04-01 11:20 - 00053990 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-04-01_11-20-16.pdf 2016-04-01 11:20 - 2016-04-01 11:20 - 00053896 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-04-01_11-20-09.pdf 2016-04-01 10:00 - 2016-04-01 10:00 - 00000000 _____ C:\autoexec.bat 2016-04-01 09:56 - 2016-04-01 09:56 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys 2016-03-25 19:30 - 2016-04-07 09:13 - 00000000 ____D C:\Users\Amelka\AppData\Local\CrashDumps 2016-03-25 19:08 - 2016-04-01 20:23 - 00027136 _____ C:\Users\Amelka\Documents\Fundusz Ubezpieczen Zdrowotnych (Automatycznie zapisany).xls 2016-03-25 13:18 - 2016-03-25 13:18 - 00053643 _____ C:\Users\Amelka\Downloads\Szczegoly_operacji_2016-03-25_12-17-48.pdf 2016-03-25 11:41 - 2016-03-25 11:41 - 00134655 _____ C:\Users\Amelka\Downloads\74649227_41.pdf 2016-03-25 11:33 - 2016-03-25 11:33 - 00134652 _____ C:\Users\Amelka\Downloads\74649227_33.pdf 2016-03-25 11:27 - 2016-03-25 11:27 - 00139782 _____ C:\Users\Amelka\Downloads\74649227_32.pdf 2016-03-24 11:42 - 2015-03-09 12:57 - 00001411 _____ C:\Users\Amelka\Desktop\faktury.lnk 2016-03-23 15:50 - 2016-03-23 15:50 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\FileZilla Server 2016-03-23 11:28 - 2016-03-23 11:28 - 00000000 ____D C:\Users\Amelka\Desktop\Originals 2016-03-23 11:25 - 2016-03-23 17:04 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\PhotoScape 2016-03-23 11:20 - 2016-03-23 11:25 - 00000000 ____D C:\Program Files (x86)\PhotoScape 2016-03-23 11:20 - 2016-03-23 11:20 - 00001104 _____ C:\Users\Amelka\Desktop\PhotoScape.lnk 2016-03-23 11:20 - 2016-03-23 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape 2016-03-23 11:03 - 2016-03-23 11:20 - 21025552 _____ (Mooii) C:\Users\Amelka\Downloads\PhotoScapeSetup_V3.7.exe 2016-03-23 11:01 - 2016-03-23 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server 2016-03-23 11:01 - 2016-03-23 11:01 - 00000000 ____D C:\Program Files (x86)\FileZilla Server 2016-03-23 11:00 - 2016-03-23 11:00 - 02165056 _____ (FileZilla Project) C:\Users\Amelka\Downloads\FileZilla_Server-0_9_56_1.exe 2016-03-21 10:26 - 2016-03-21 10:26 - 00275504 _____ C:\WINDOWS\Minidump\032116-29546-01.dmp 2016-03-21 10:13 - 2016-03-21 10:26 - 00000000 ____D C:\WINDOWS\Minidump 2016-03-21 10:13 - 2016-03-21 10:25 - 484153261 _____ C:\WINDOWS\MEMORY.DMP 2016-03-21 10:13 - 2016-03-21 10:13 - 00431800 _____ C:\WINDOWS\Minidump\032116-23437-01.dmp 2016-03-16 18:55 - 2016-04-02 20:31 - 00000000 ____D C:\Users\Amelka\Downloads\Daddy's Home (2015) 2016-03-15 13:20 - 2016-03-15 13:20 - 00380200 _____ C:\Users\Amelka\Downloads\Potwierdzenie_3011.pdf 2016-03-14 10:45 - 2016-02-23 16:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL 2016-03-14 10:45 - 2016-02-23 16:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll 2016-03-14 10:45 - 2016-02-23 16:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll 2016-03-14 10:45 - 2016-02-23 15:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-03-14 10:45 - 2016-02-23 15:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2016-03-14 10:45 - 2016-02-23 15:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2016-03-14 10:45 - 2016-02-23 15:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL 2016-03-14 10:45 - 2016-02-23 15:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll 2016-03-14 10:45 - 2016-02-23 15:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll 2016-03-14 10:45 - 2016-02-23 15:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll 2016-03-14 10:45 - 2016-02-23 15:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll 2016-03-14 10:45 - 2016-02-23 14:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-03-14 10:45 - 2016-02-23 14:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-03-14 10:45 - 2016-02-23 14:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-03-14 10:45 - 2016-02-23 14:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-03-14 10:45 - 2016-02-23 14:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-03-14 10:45 - 2016-02-23 14:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-03-14 10:45 - 2016-02-23 14:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-03-14 10:45 - 2016-02-23 13:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe 2016-03-14 10:45 - 2016-02-23 13:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-03-14 10:45 - 2016-02-23 13:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-03-14 10:45 - 2016-02-23 13:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll 2016-03-14 10:45 - 2016-02-23 13:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2016-03-14 10:45 - 2016-02-23 13:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2016-03-14 10:45 - 2016-02-23 12:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-03-14 10:45 - 2016-02-23 12:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll 2016-03-14 10:45 - 2016-02-23 12:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-03-14 10:45 - 2016-02-23 12:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-03-14 10:45 - 2016-02-23 12:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll 2016-03-14 10:45 - 2016-02-23 12:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-03-14 10:45 - 2016-02-23 12:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-03-14 10:45 - 2016-02-23 12:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-03-14 10:45 - 2016-02-23 12:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-03-14 10:45 - 2016-02-23 12:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-03-14 10:45 - 2016-02-23 12:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll 2016-03-14 10:45 - 2016-02-23 12:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2016-03-14 10:45 - 2016-02-23 12:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-03-14 10:45 - 2016-02-23 12:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-03-14 10:45 - 2016-02-23 12:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2016-03-14 10:45 - 2016-02-23 12:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-03-14 10:45 - 2016-02-23 12:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-03-14 10:45 - 2016-02-23 11:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-03-14 10:41 - 2016-02-23 14:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-03-14 10:41 - 2016-02-23 13:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-03-14 10:41 - 2016-02-23 12:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2016-03-14 10:40 - 2016-02-23 16:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-03-14 10:40 - 2016-02-23 16:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-03-14 10:40 - 2016-02-23 16:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2016-03-14 10:40 - 2016-02-23 16:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2016-03-14 10:40 - 2016-02-23 16:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-03-14 10:40 - 2016-02-23 16:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll 2016-03-14 10:40 - 2016-02-23 16:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll 2016-03-14 10:40 - 2016-02-23 16:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-03-14 10:40 - 2016-02-23 16:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-03-14 10:40 - 2016-02-23 16:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-03-14 10:40 - 2016-02-23 16:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-03-14 10:40 - 2016-02-23 16:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-03-14 10:40 - 2016-02-23 15:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-03-14 10:40 - 2016-02-23 15:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2016-03-14 10:40 - 2016-02-23 15:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-03-14 10:40 - 2016-02-23 14:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-03-14 10:40 - 2016-02-23 14:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-03-14 10:40 - 2016-02-23 14:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-03-14 10:40 - 2016-02-23 14:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-03-14 10:40 - 2016-02-23 14:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2016-03-14 10:40 - 2016-02-23 14:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-03-14 10:40 - 2016-02-23 13:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll 2016-03-14 10:40 - 2016-02-23 13:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2016-03-14 10:40 - 2016-02-23 13:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-03-14 10:40 - 2016-02-23 13:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-03-14 10:40 - 2016-02-23 13:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-03-14 10:40 - 2016-02-23 13:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-03-14 10:40 - 2016-02-23 13:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-03-14 10:40 - 2016-02-23 13:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-03-14 10:40 - 2016-02-23 13:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-03-14 10:40 - 2016-02-23 13:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-03-14 10:40 - 2016-02-23 13:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2016-03-14 10:40 - 2016-02-23 13:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-03-14 10:40 - 2016-02-23 12:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-03-14 10:40 - 2016-02-23 12:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll 2016-03-14 10:39 - 2016-02-23 16:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-03-14 10:39 - 2016-02-23 16:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-03-14 10:39 - 2016-02-23 16:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-03-14 10:39 - 2016-02-23 16:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-03-14 10:39 - 2016-02-23 13:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll 2016-03-14 10:39 - 2016-02-23 13:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2016-03-13 22:29 - 2016-03-13 22:36 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\NapiProjekt 2016-03-13 22:29 - 2016-03-13 22:29 - 00001113 _____ C:\Users\Amelka\Desktop\NapiProjekt.lnk 2016-03-13 22:29 - 2016-03-13 22:29 - 00000000 ____D C:\Program Files (x86)\NapiProjekt 2016-03-13 22:27 - 2016-03-13 22:27 - 00000000 ____D C:\Users\Amelka\Documents\setup ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-12 14:04 - 2016-02-11 19:51 - 00001076 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-12 14:04 - 2016-02-09 15:06 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\GG 2016-04-12 14:03 - 2016-02-02 09:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-12 14:03 - 2016-02-01 22:22 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-04-12 14:02 - 2016-02-21 11:52 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-04-12 13:56 - 2016-02-11 19:51 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-12 13:39 - 2016-02-02 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-04-12 11:15 - 2016-02-03 03:58 - 00000000 ____D C:\Users\Amelka\AppData\Roaming\uTorrent 2016-04-12 08:55 - 2016-02-01 22:47 - 00000000 ____D C:\WINDOWS\INF 2016-04-12 08:51 - 2016-02-21 21:33 - 00004228 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{51CD208A-C859-4CE7-9457-338B59B44195} 2016-04-11 19:51 - 2016-02-01 22:51 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-11 19:46 - 2016-02-01 22:51 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-10 21:12 - 2016-02-02 16:10 - 00000000 ____D C:\Users\Amelka 2016-04-10 17:29 - 2016-02-02 09:30 - 01836100 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-10 17:29 - 2016-02-01 23:01 - 00813762 _____ C:\WINDOWS\system32\perfh015.dat 2016-04-10 17:29 - 2016-02-01 23:01 - 00156260 _____ C:\WINDOWS\system32\perfc015.dat 2016-04-08 21:02 - 2016-02-21 11:52 - 00003916 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-04-08 17:59 - 2016-02-11 19:53 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-08 17:59 - 2016-02-11 19:53 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-04-05 12:22 - 2016-02-17 14:36 - 00000266 __RSH C:\ProgramData\ntuser.pol 2016-04-05 12:21 - 2016-02-03 02:11 - 00001946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-04-05 12:21 - 2016-02-03 02:11 - 00001934 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-04-05 10:58 - 2016-02-19 12:23 - 00000000 ___RD C:\Users\Amelka\Podcasts 2016-04-05 10:58 - 2016-02-02 16:11 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-04-05 10:31 - 2016-02-01 22:51 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-03-21 10:12 - 2016-02-01 22:51 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-03-16 14:00 - 2016-02-02 09:12 - 00357080 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-03-16 13:57 - 2016-02-01 22:51 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-03-16 13:57 - 2016-02-01 22:51 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-03-16 13:57 - 2016-02-01 22:51 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-03-16 13:57 - 2016-02-01 22:51 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-03-14 11:10 - 2016-02-01 22:51 - 00000167 _____ C:\WINDOWS\win.ini 2016-03-14 11:08 - 2016-02-01 22:33 - 00000000 ____D C:\WINDOWS\CbsTemp Niektóre pliki w TEMP: ==================== C:\Users\Amelka\AppData\Local\Temp\dnsapi.dll Niektóre zerobajtowe pliki/foldery: ========================== C:\Windows\System32\jscript9diag.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-04-07 09:47 ==================== Koniec FRST.txt ============================