Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:13-04-2016 Uruchomiony przez Lelo (administrator) KOMPUĆKALELO (13-04-2016 23:28:07) Uruchomiony z C:\Users\Lelo\Downloads Załadowane profile: Lelo (Dostępne profile: Lelo) Platform: Windows 7 Ultimate (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Users\Lelo\AppData\Roaming\Eepubseuig\Eepubseuig.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe () C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe () C:\Users\Lelo\AppData\Roaming\Eepubseuig\Vutonh.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () D:\LOL\RADS\system\rads_user_kernel.exe () D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe () D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe () D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-09-09] (Synaptics Incorporated) HKLM\...\Run: [gplyra] => C:\Users\Lelo\AppData\Roaming\gplyra\gplyra\start.cmd [216 2016-01-19] () HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-08-20] (Intel Corporation) HKLM-x32\...\Run: [WidgetPodatnikInfo] => C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe [260848 2016-04-13] (Podatnik.info Sp. z o.o.) HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\Run: [RocketDock] => D:\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Lelo\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.) HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd) HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\Run: [f.lux] => C:\Users\Lelo\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\Policies\Explorer: [] HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\MountPoints2: {564f599c-d32a-11e5-a4dc-a4db3041fea3} - G:\S3\Autorun.exe HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\MountPoints2: {564f59c3-d32a-11e5-a4dc-a4db3041fea3} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\MountPoints2: {a98309f7-cae9-11e5-8986-a4db3041fea3} - I:\setup.exe HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\MountPoints2: {f677abd4-92d4-11e5-a33b-a4db3041fea3} - H:\setup.exe HKU\S-1-5-21-3992996756-2334413397-797887538-1000\...\MountPoints2: {f677abd9-92d4-11e5-a33b-a4db3041fea3} - G:\setup.exe HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.) AppInit_DLLs: C:\ProgramData\Holdtam\RedZunity.dll => C:\ProgramData\Holdtam\RedZunity.dll [363520 2016-04-13] () AppInit_DLLs-x32: C:\ProgramData\Holdtam\Sandox.dll => C:\ProgramData\Holdtam\Sandox.dll [257536 2016-04-13] () ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) Startup: C:\Users\Lelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-03-01] () Startup: C:\Users\Lelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-10-27] () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) AutoConfigURL: [S-1-5-21-3992996756-2334413397-797887538-1000] => hxxp://un-stop.biz/wpad.dat?d1a3ef842eab019ed9b7774ee50457f78816381 Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712 2009-07-14] (Microsoft Corporation)UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448 2009-07-14] (Microsoft Corporation)UWAGA: LibraryPath powinno kierować na "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-14] (Microsoft Corporation)UWAGA: LibraryPath powinno kierować na "%SystemRoot%\System32\winrnr.dll" Winsock: Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-14] (Microsoft Corporation)UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\napinsp.dll" Winsock: Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\pnrpnsp.dll" Winsock: Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\pnrpnsp.dll" Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2C63FCC9-C3F4-4A8F-BF59-D820C7D6C61A}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{3F3ACCFD-AD2E-403D-9CE2-0811D5E774D6}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{74D7DA7B-95E7-4855-BD01-33698BB392E1}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{74D7DA7B-95E7-4855-BD01-33698BB392E1}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4 ManualProxies: 0hxxp://un-stop.biz/wpad.dat?d1a3ef842eab019ed9b7774ee50457f78816381 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=pl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=pl HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=pl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=pl HKU\S-1-5-21-3992996756-2334413397-797887538-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptXiNjz3Ia7s7wvuKUl6x4obHlEbPS5NsOy-Xg_l5D-5vZPf-GTzbhCowvg1eog1jSgcbUNP7P_kU8oSUbpA_udo-6ZTdy5Ows9zU_-U8YvITrlJTsrTj2GXmWW4ziUx0Ic9MfPZNr9n82h3UybsNAIUnxCse3&q={searchTerms} HKU\S-1-5-21-3992996756-2334413397-797887538-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptXiNjz3Ia7s7wvuKUl6x4obHlEbPS5NsOy-Xg_l5D-5vZPf-GTzbhCowvg1eog1jSgcbUNP7P_kU8oSUbpA_udo-6ZTdy5Ows9zU_-U8YvITrlJTsrTj2GXmWW4ziUx0Ic9MfPZNr9n82h3UybsNAIUnxCse3&q={searchTerms} HKU\S-1-5-21-3992996756-2334413397-797887538-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptXiNjz3Ia7s7wvuKUl6x4obHlEbPS5NsOy-Xg_l5D-5vZPf-GTzbhCowvg1eog1jSgcbUNP7P_kU8oSUbpA_udo-6ZTdy5Ows9zU_-U8YvITrlJTsrTj2GXmWW4ziUx0Ic9MfPZNr9n82h3UybsNAIUnxCse3&q={searchTerms} HKU\S-1-5-21-3992996756-2334413397-797887538-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=pl SearchScopes: HKLM -> DefaultScope {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKU\S-1-5-21-3992996756-2334413397-797887538-1000 -> DefaultScope {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8 SearchScopes: HKU\S-1-5-21-3992996756-2334413397-797887538-1000 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8 BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-17] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-17] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-17] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptXiNjz3Ia7s7wvuKUl6x4obHlEbPS5NsOy-Xg_l5D-5vZPf-GTzbhCowvg1eog1jSgd08nTsPdzFtFvXUws8ROaJfToGOAyzF_6ym5ZvQdifhf9leAMwAh7LfPLvpmAuUgFN_VIYGDfE3ww-V7OWyOwA6Q3te CHR StartupUrls: Default -> "search.mpc.am" CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptXiNjz3Ia7s7wvuKUl6x4obHlEbPS5NsOy-Xg_l5D-5vZPf-GTzbhCowvg1eog1jSgdFYxkTkREXB_2QqUvHlJhZQBd1x_OZWZcM-6uvTjTGBPqKXJhmSwgXZbWZtRZIoRdKXN2hG_NJXrxkQw1zHUyu2veoS&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} CHR Profile: C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-13] CHR Extension: (Dysk Google) - C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-13] CHR Extension: (YouTube) - C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-13] CHR Extension: (Dokumenty Google offline) - C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13] CHR Extension: (AdBlock) - C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-13] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13] CHR Extension: (Gmail) - C:\Users\Lelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-13] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Brak podpisu cyfrowego] S2 DCHP; C:\ProgramData\\DCHP\\DCHP.exe [400384 2016-04-12] () [Brak podpisu cyfrowego] S3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-08-07] (NVIDIA Corporation) S2 Holdtam; C:\ProgramData\\Holdtam\\Holdtam.exe [1075200 2016-04-13] () [Brak podpisu cyfrowego] S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-07-10] (Intel Corporation) R2 Khiufa; C:\Users\Lelo\AppData\Roaming\Eepubseuig\Eepubseuig.exe [174432 2016-04-13] () S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-08-07] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-08-07] (NVIDIA Corporation) S2 pproupd; C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe [50416 2016-04-13] (Podatnik.info Sp. z o.o.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-11-24] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-08-07] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-09-09] (Synaptics Incorporated) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] R1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-13 23:28 - 2016-04-13 23:28 - 00015929 _____ C:\Users\Lelo\Downloads\FRST.txt 2016-04-13 23:27 - 2016-04-13 23:28 - 00000000 ____D C:\FRST 2016-04-13 23:00 - 2016-04-13 23:00 - 00380928 _____ C:\Users\Lelo\Downloads\8fvq34w5.exe 2016-04-13 22:59 - 2016-04-13 22:59 - 02375168 _____ (Farbar) C:\Users\Lelo\Downloads\FRST64.exe 2016-04-13 22:43 - 2016-04-13 22:43 - 00988160 _____ (SosVirus) C:\Users\Lelo\Downloads\processclose_1.0.0.3 (1).exe 2016-04-13 22:42 - 2016-04-13 22:42 - 00988160 _____ (SosVirus) C:\Users\Lelo\Downloads\processclose_1.0.0.3.exe 2016-04-13 22:29 - 2016-04-13 22:29 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Lelo\Downloads\sh-remover.exe 2016-04-13 22:29 - 2016-04-13 22:29 - 00000000 ____D C:\Program Files\Enigma Software Group 2016-04-13 22:21 - 2016-04-13 22:21 - 00116152 _____ C:\Users\Lelo\AppData\Local\GDIPFONTCACHEV1.DAT 2016-04-13 22:21 - 2016-04-13 22:21 - 00003360 _____ C:\Windows\System32\Tasks\MPC AdCleaner 2016-04-13 22:21 - 2016-04-13 22:21 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner 2016-04-13 22:21 - 2016-04-13 22:21 - 00000000 ____D C:\Program Files (x86)\MPC AdCleaner 2016-04-13 22:08 - 2016-04-13 22:26 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\MCorp 2016-04-13 15:39 - 2016-04-13 15:39 - 00000000 ____D C:\Windows\system32\rig 2016-04-13 14:01 - 2016-04-13 14:01 - 03465280 _____ C:\Users\Lelo\Downloads\adwcleaner_5.110_www.INSTALKI.pl.exe 2016-04-13 13:36 - 2016-04-13 15:38 - 00000000 ____D C:\Users\Lelo\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-04-13 13:36 - 2016-04-13 13:36 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-04-13 13:36 - 2016-04-13 13:36 - 00000000 ____D C:\extensions 2016-04-13 13:35 - 2016-04-13 13:35 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\gplyra 2016-04-13 13:29 - 2016-04-13 13:29 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\Eepubseuig 2016-04-13 13:29 - 2016-04-13 13:29 - 00000000 ____D C:\Users\Lelo\AppData\LocalLow\Company 2016-04-13 13:29 - 2016-04-13 13:29 - 00000000 ____D C:\Users\Lelo\AppData\Local\Tempfolder 2016-04-13 13:29 - 2016-04-13 13:29 - 00000000 ____D C:\uninst 2016-04-13 13:28 - 2016-04-13 22:34 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-04-13 13:25 - 2016-04-13 13:56 - 00000000 ____D C:\Program Files (x86)\badu 2016-04-13 13:23 - 2016-04-13 13:21 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-04-13 13:22 - 2016-04-13 13:22 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\Mozilla 2016-04-13 13:22 - 2016-04-13 13:22 - 00000000 ____D C:\ProgramData\DCHP 2016-04-13 13:21 - 2016-04-13 22:21 - 00003870 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-04-13 13:21 - 2016-04-13 22:21 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-04-13 13:21 - 2016-04-13 22:04 - 00000000 ____D C:\ProgramData\Holdtam 2016-04-13 13:21 - 2016-04-13 13:24 - 00000000 ____D C:\Users\Lelo\AppData\Local\Chromium 2016-04-13 13:21 - 2016-04-13 13:21 - 06504960 _____ C:\Users\Lelo\AppData\Roaming\agent.dat 2016-04-13 13:21 - 2016-04-13 13:21 - 01626416 _____ C:\Users\Lelo\AppData\Roaming\Ozerwarm.tst 2016-04-13 13:21 - 2016-04-13 13:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-04-13 13:21 - 2016-04-13 13:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-13 13:21 - 2016-04-13 13:21 - 00126464 _____ C:\Users\Lelo\AppData\Roaming\noah.dat 2016-04-13 13:21 - 2016-04-13 13:21 - 00126464 _____ C:\Users\Lelo\AppData\Roaming\lobby.dat 2016-04-13 13:21 - 2016-04-13 13:21 - 00072699 _____ C:\Users\Lelo\AppData\Roaming\Ranplus.tst 2016-04-13 13:21 - 2016-04-13 13:21 - 00065424 _____ C:\Users\Lelo\AppData\Roaming\Config.xml 2016-04-13 13:21 - 2016-04-13 13:21 - 00054272 _____ C:\Users\Lelo\AppData\Roaming\ApplicationHosting.dat 2016-04-13 13:21 - 2016-04-13 13:21 - 00018432 _____ C:\Users\Lelo\AppData\Roaming\Main.dat 2016-04-13 13:21 - 2016-04-13 13:21 - 00005568 _____ C:\Users\Lelo\AppData\Roaming\md.xml 2016-04-13 13:21 - 2016-04-13 13:21 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-04-13 13:21 - 2016-04-13 13:21 - 00000000 ____D C:\Windows\system32\Macromed 2016-04-13 13:21 - 2016-04-13 13:21 - 00000000 ____D C:\ProgramData\Holdtams 2016-04-13 13:21 - 2016-04-13 13:19 - 01075200 _____ C:\Users\Lelo\AppData\Roaming\Ranplus.exe 2016-04-13 13:21 - 2016-04-13 13:19 - 01075200 _____ C:\Users\Lelo\AppData\Roaming\Ozerwarm.exe 2016-04-13 13:20 - 2016-04-13 13:20 - 00848437 _____ C:\Users\Lelo\AppData\Roaming\Bigzimtam.bin 2016-04-13 13:19 - 2016-04-13 13:20 - 00015840 _____ C:\Users\Lelo\AppData\Roaming\InstallationConfiguration.xml 2016-04-13 13:19 - 2016-04-13 13:19 - 00138198 _____ C:\Users\Lelo\AppData\Roaming\inst.lat 2016-04-13 13:19 - 2016-04-13 13:19 - 00127488 _____ C:\Users\Lelo\AppData\Roaming\Installer.dat 2016-04-13 10:31 - 2016-04-13 13:29 - 00082752 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2016-04-11 16:45 - 2016-04-12 16:04 - 00000368 _____ C:\Users\Lelo\Desktop\GRAFIK.txt 2016-04-06 15:44 - 2016-04-06 15:44 - 03199502 _____ C:\Users\Lelo\Desktop\PIT-37 (22) (zal. PIT_O)_ Lubanska Mirella 93082508186 [2016-04-06].pdf 2016-04-06 15:44 - 2016-03-31 13:20 - 03128081 _____ C:\Users\Lelo\Desktop\PIT-37 (22) (zal. PIT_O)_ Dawidson-Lubanska Marzena 61102600301 [2016-03-31].pdf 2016-04-06 14:37 - 2016-04-06 14:41 - 00000000 ____D C:\PIT Format 2015 2016-04-06 14:37 - 2016-04-06 14:37 - 00000690 _____ C:\Users\Public\Desktop\PIT Format 2015.lnk 2016-04-06 14:37 - 2016-04-06 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIT Format 2015 2016-03-22 20:54 - 2016-03-22 20:54 - 00000793 _____ C:\Users\Public\Desktop\The Settlers 3.lnk 2016-03-22 15:45 - 2016-03-22 15:45 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\Podatnik.info 2016-03-22 15:44 - 2016-03-22 15:44 - 00001215 _____ C:\Users\Public\Desktop\PIT pro 2015.lnk 2016-03-22 15:44 - 2016-03-22 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIT pro 2015 2016-03-22 15:44 - 2016-03-22 15:44 - 00000000 ____D C:\Program Files (x86)\Podatnik.info ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-13 22:21 - 2015-10-23 12:15 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-04-13 22:21 - 2015-09-17 20:26 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\uTorrent 2016-04-13 22:21 - 2015-08-19 12:52 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-04-13 22:21 - 2015-08-19 12:00 - 00000000 ____D C:\Windows\Panther 2016-04-13 22:21 - 2015-08-19 11:59 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-04-13 22:21 - 2015-08-19 11:59 - 00003804 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-04-13 22:21 - 2015-08-19 11:59 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-13 22:21 - 2015-08-19 11:59 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-13 22:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-04-13 22:13 - 2015-11-29 22:38 - 00000000 ____D C:\Program Files (x86)\Steam 2016-04-13 22:11 - 2009-07-14 06:45 - 00023888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-13 22:11 - 2009-07-14 06:45 - 00023888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-13 22:09 - 2009-07-14 19:55 - 00739932 _____ C:\Windows\system32\perfh015.dat 2016-04-13 22:09 - 2009-07-14 19:55 - 00155474 _____ C:\Windows\system32\perfc015.dat 2016-04-13 22:09 - 2009-07-14 07:13 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-13 22:06 - 2015-08-19 11:59 - 00000000 ____D C:\Users\Lelo\AppData\Local\Deployment 2016-04-13 22:05 - 2015-08-19 12:40 - 00000000 __SHD C:\Users\Lelo\IntelGraphicsProfiles 2016-04-13 22:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-13 15:44 - 2015-08-19 11:15 - 00001417 _____ C:\Users\Lelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-04-13 15:44 - 2015-08-19 11:14 - 00001451 _____ C:\Users\Lelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-04-13 14:01 - 2015-11-24 19:57 - 00000000 ____D C:\AdwCleaner 2016-04-13 13:35 - 2015-11-30 18:59 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\NVIDIA 2016-04-13 13:21 - 2016-01-07 22:17 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\vlc 2016-04-10 22:41 - 2015-08-19 17:12 - 00000000 ____D C:\Users\Lelo\AppData\Local\Battle.net 2016-04-10 18:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-04-02 13:48 - 2015-09-27 23:44 - 00000000 ___SD C:\Users\Lelo\AppData\LocalLow\Temp 2016-03-23 20:08 - 2015-11-24 22:28 - 00000000 ____D C:\Users\Lelo\AppData\Roaming\DAEMON Tools Lite 2016-03-23 19:59 - 2015-08-20 12:29 - 00000000 ____D C:\Windows\Minidump 2016-03-23 19:46 - 2016-01-22 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT 2016-03-23 19:46 - 2015-08-19 11:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-23 19:45 - 2016-02-06 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2016-03-23 19:45 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-04-13 13:21 - 2016-04-13 13:21 - 6504960 _____ () C:\Users\Lelo\AppData\Roaming\agent.dat 2016-04-13 13:21 - 2016-04-13 13:21 - 0054272 _____ () C:\Users\Lelo\AppData\Roaming\ApplicationHosting.dat 2016-04-13 13:20 - 2016-04-13 13:20 - 0848437 _____ () C:\Users\Lelo\AppData\Roaming\Bigzimtam.bin 2016-04-13 13:21 - 2016-04-13 13:21 - 0065424 _____ () C:\Users\Lelo\AppData\Roaming\Config.xml 2016-01-06 20:40 - 2015-10-27 21:14 - 0028382 ___SH () C:\Users\Lelo\AppData\Roaming\home.vbe 2016-04-13 13:19 - 2016-04-13 13:19 - 0138198 _____ () C:\Users\Lelo\AppData\Roaming\inst.lat 2016-04-13 13:19 - 2016-04-13 13:20 - 0015840 _____ () C:\Users\Lelo\AppData\Roaming\InstallationConfiguration.xml 2016-04-13 13:19 - 2016-04-13 13:19 - 0127488 _____ () C:\Users\Lelo\AppData\Roaming\Installer.dat 2016-04-13 13:21 - 2016-04-13 13:21 - 0126464 _____ () C:\Users\Lelo\AppData\Roaming\lobby.dat 2016-04-13 13:21 - 2016-04-13 13:21 - 0018432 _____ () C:\Users\Lelo\AppData\Roaming\Main.dat 2016-04-13 13:21 - 2016-04-13 13:21 - 0005568 _____ () C:\Users\Lelo\AppData\Roaming\md.xml 2016-04-13 13:21 - 2016-04-13 13:21 - 0126464 _____ () C:\Users\Lelo\AppData\Roaming\noah.dat 2016-04-13 13:21 - 2016-04-13 13:19 - 1075200 _____ () C:\Users\Lelo\AppData\Roaming\Ozerwarm.exe 2016-04-13 13:21 - 2016-04-13 13:21 - 1626416 _____ () C:\Users\Lelo\AppData\Roaming\Ozerwarm.tst 2016-04-13 13:21 - 2016-04-13 13:19 - 1075200 _____ () C:\Users\Lelo\AppData\Roaming\Ranplus.exe 2016-04-13 13:21 - 2016-04-13 13:21 - 0072699 _____ () C:\Users\Lelo\AppData\Roaming\Ranplus.tst 2016-04-13 13:21 - 2016-04-13 13:21 - 0032038 _____ () C:\Users\Lelo\AppData\Roaming\uninstall_temp.ico 2016-01-06 20:40 - 2015-10-27 21:14 - 0028382 ___SH () C:\Users\Lelo\AppData\Roaming\Microsoft\home.vbe 2015-11-10 16:31 - 2015-11-10 16:31 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-04-08 08:09 ==================== Koniec FRST.txt ============================