Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:25-05-2016 02 Uruchomiony przez Kornik (administrator) AMD-952F5F2B18B (26-05-2016 23:29:47) Uruchomiony z C:\Documents and Settings\Kornik\Moje dokumenty\Downloads Załadowane profile: Kornik (Dostępne profile: Kornik & Administrator) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE (ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-12-22] (Realtek Semiconductor Corp.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5089480 2015-07-08] (ESET) HKLM Group Policy restriction on software: *.png*.com <====== UWAGA HKLM Group Policy restriction on software: *.bmp*.bat <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== UWAGA HKLM Group Policy restriction on software: *.rar*.com <====== UWAGA HKLM Group Policy restriction on software: *.ppt*.exe <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.wma*.exe <====== UWAGA HKLM Group Policy restriction on software: *.divx*.cmd <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.xlsx*.com <====== UWAGA HKLM Group Policy restriction on software: *.wma*.jse <====== UWAGA HKLM Group Policy restriction on software: *.xls*.bat <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\*.com <====== UWAGA HKLM Group Policy restriction on software: *.bmp*.pif <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.mp3*.bat <====== UWAGA HKLM Group Policy restriction on software: *.7z*.jse <====== UWAGA HKLM Group Policy restriction on software: *.png*.jse <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\*.js <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.doc*.pif <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.mp3*.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.ppt*.pif <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.cmd <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== UWAGA HKLM Group Policy restriction on software: *.gif*.cmd <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.xls*.pif <====== UWAGA HKLM Group Policy restriction on software: *.jpeg*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.pub*.scr <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.js <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.bat <====== UWAGA HKLM Group Policy restriction on software: lsassw86s.exe <====== UWAGA HKLM Group Policy restriction on software: *.avi*.jse <====== UWAGA HKLM Group Policy restriction on software: *.txt*.pif <====== UWAGA HKLM Group Policy restriction on software: *.doc*.scr <====== UWAGA HKLM Group Policy restriction on software: *.xlsx*.exe <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.png*.cmd <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== UWAGA HKLM Group Policy restriction on software: *.jpg*.exe <====== UWAGA HKLM Group Policy restriction on software: *.7z*.js <====== UWAGA HKLM Group Policy restriction on software: *.zip*.js <====== UWAGA HKLM Group Policy restriction on software: syskey.exe <====== UWAGA HKLM Group Policy restriction on software: *.png*.pif <====== UWAGA HKLM Group Policy restriction on software: *.xls*.scr <====== UWAGA HKLM Group Policy restriction on software: *.divx*.pif <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== UWAGA HKLM Group Policy restriction on software: *.divx*.scr <====== UWAGA HKLM Group Policy restriction on software: *.xlsx*.bat <====== UWAGA HKLM Group Policy restriction on software: *.rtf*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.mp4*.exe <====== UWAGA HKLM Group Policy restriction on software: *.xls*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.doc*.jse <====== UWAGA HKLM Group Policy restriction on software: *.wma*.com <====== UWAGA HKLM Group Policy restriction on software: *.doc*.com <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== UWAGA HKLM Group Policy restriction on software: *.xlsx*.scr <====== UWAGA HKLM Group Policy restriction on software: *.wma*.bat <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.jse <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.jse <====== UWAGA HKLM Group Policy restriction on software: *.ppt*.js <====== UWAGA HKLM Group Policy restriction on software: *.doc*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.bmp*.jse <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== UWAGA HKLM Group Policy restriction on software: *.txt*.com <====== UWAGA HKLM Group Policy restriction on software: *.xls*.jse <====== UWAGA HKLM Group Policy restriction on software: C:\Documents and Settings\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.zip*.exe <====== UWAGA HKLM Group Policy restriction on software: *.bmp*.js <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*.com <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*.js <====== UWAGA HKLM Group Policy restriction on software: *.docx*.pif <====== UWAGA HKLM Group Policy restriction on software: *.doc*.js <====== UWAGA HKLM Group Policy restriction on software: *.divx*.com <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== UWAGA HKLM Group Policy restriction on software: *.pub*.exe <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*.jse <====== UWAGA HKLM Group Policy restriction on software: *.gif*.js <====== UWAGA HKLM Group Policy restriction on software: *.wav*.js <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.pptx*.cmd <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.wav*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.txt*.cmd <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.cmd <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.cmd <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.js <====== UWAGA HKLM Group Policy restriction on software: *.pdf*.jse <====== UWAGA HKLM Group Policy restriction on software: *.txt*.exe <====== UWAGA HKLM Group Policy restriction on software: *.png*.bat <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.doc*.bat <====== UWAGA HKLM Group Policy restriction on software: *.xlsx*.cmd <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== UWAGA HKLM Group Policy restriction on software: *.docx*.js <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.pub*.bat <====== UWAGA HKLM Group Policy restriction on software: *.pdf*.scr <====== UWAGA HKLM Group Policy restriction on software: *.png*.exe <====== UWAGA HKLM Group Policy restriction on software: *.jpg*.js <====== UWAGA HKLM Group Policy restriction on software: *.jpg*.com <====== UWAGA HKLM Group Policy restriction on software: *.rar*.jse <====== UWAGA HKLM Group Policy restriction on software: *.jpeg*.scr <====== UWAGA HKLM Group Policy restriction on software: *.gif*.exe <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.rar*.scr <====== UWAGA HKLM Group Policy restriction on software: *.ppt*.scr <====== UWAGA HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.pdf*.js <====== UWAGA HKLM Group Policy restriction on software: *.wav*.jse <====== UWAGA HKLM Group Policy restriction on software: *.docx*.jse <====== UWAGA HKLM Group Policy restriction on software: *.wmv*.pif <====== UWAGA HKLM Group Policy restriction on software: *.7z*.com <====== UWAGA HKLM Group Policy restriction on software: *.wmv*.jse <====== UWAGA HKLM Group Policy restriction on software: *.ppt*.bat <====== UWAGA HKLM Group Policy restriction on software: *.txt*.jse <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*.scr <====== UWAGA HKLM Group Policy restriction on software: *.pdf*.exe <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.divx*.jse <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.pdf*.bat <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.mp3*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.wav*.scr <====== UWAGA HKLM Group Policy restriction on software: *.gif*.bat <====== UWAGA HKLM Group Policy restriction on software: *.avi*.bat <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.bat <====== UWAGA HKLM Group Policy restriction on software: ** <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== UWAGA HKLM Group Policy restriction on software: C:\Documents and Settings\*.js <====== UWAGA HKLM Group Policy restriction on software: *.7z*.exe <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.js <====== UWAGA HKLM Group Policy restriction on software: *.jpeg*.com <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== UWAGA HKLM Group Policy restriction on software: *.gif*.scr <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\*.exe <====== UWAGA HKLM Group Policy restriction on software: *.bmp*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.rtf*.scr <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.jse <====== UWAGA HKLM Group Policy restriction on software: *.7z*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.jpg*.scr <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*.exe <====== UWAGA HKLM Group Policy restriction on software: *.ppt*.jse <====== UWAGA HKLM Group Policy restriction on software: *.zip*.com <====== UWAGA HKLM Group Policy restriction on software: *.gif*.com <====== UWAGA HKLM Group Policy restriction on software: *.rar*.js <====== UWAGA HKLM Group Policy restriction on software: *.jpg*.bat <====== UWAGA HKLM Group Policy restriction on software: *.pub*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.jpg*.jse <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.jse <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.wma*.pif <====== UWAGA HKLM Group Policy restriction on software: *.pptx*.pif <====== UWAGA HKLM Group Policy restriction on software: *.ppt*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.wav*.exe <====== UWAGA HKLM Group Policy restriction on software: *.wav*.bat <====== UWAGA HKLM Group Policy restriction on software: *.jpeg*.js <====== UWAGA HKLM Group Policy restriction on software: *.zip*.jse <====== UWAGA HKLM Group Policy restriction on software: *.pdf*.com <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.js <====== UWAGA HKLM Group Policy restriction on software: *.avi*.com <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.png*.js <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== UWAGA HKLM Group Policy restriction on software: *.rtf*.com <====== UWAGA HKLM Group Policy restriction on software: *.divx*.js <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== UWAGA HKLM Group Policy restriction on software: *.bmp*.exe <====== UWAGA HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== UWAGA HKLM Group Policy restriction on software: *.gif*.jse <====== UWAGA HKLM Group Policy restriction on software: *.ppt*.com <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*\*.js <====== UWAGA HKLM Group Policy restriction on software: *.jpeg*.pif <====== UWAGA HKLM Group Policy restriction on software: *:\RECYCLER <====== UWAGA HKLM Group Policy restriction on software: *.bmp*.scr <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== UWAGA HKLM Group Policy restriction on software: *.7z*.bat <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.xlsx*.pif <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== UWAGA HKLM Group Policy restriction on software: *.wma*.js <====== UWAGA HKLM Group Policy restriction on software: *.gif*.pif <====== UWAGA HKLM Group Policy restriction on software: *.wmv*.bat <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.docx*.scr <====== UWAGA HKLM Group Policy restriction on software: *.avi*.cmd <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.pub*.jse <====== UWAGA HKLM Group Policy restriction on software: *.docx*.exe <====== UWAGA HKLM Group Policy restriction on software: *.mp3*.pif <====== UWAGA HKLM Group Policy restriction on software: *.7z*.scr <====== UWAGA HKLM Group Policy restriction on software: *.divx*.bat <====== UWAGA HKLM Group Policy restriction on software: *.pptx*.jse <====== UWAGA HKLM Group Policy restriction on software: *.mp3*.scr <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.docx*.com <====== UWAGA HKLM Group Policy restriction on software: *.rar*.cmd <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.pptx*.exe <====== UWAGA HKLM Group Policy restriction on software: *.wmv*.js <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.js <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== UWAGA HKLM Group Policy restriction on software: *.mp4*.com <====== UWAGA HKLM Group Policy restriction on software: scsvserv.exe <====== UWAGA HKLM Group Policy restriction on software: *.bmp*.com <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\*.pif <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*.js <====== UWAGA HKLM Group Policy restriction on software: *.wma*.cmd <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.jse <====== UWAGA HKLM Group Policy restriction on software: *.mp4*.js <====== UWAGA HKLM Group Policy restriction on software: *.7z*.pif <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.bat <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.bat <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.pub*.pif <====== UWAGA HKLM Group Policy restriction on software: *.avi*.pif <====== UWAGA HKLM Group Policy restriction on software: *.divx*.exe <====== UWAGA HKLM Group Policy restriction on software: *.rtf*.bat <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== UWAGA HKLM Group Policy restriction on software: *.mp4*.scr <====== UWAGA HKLM Group Policy restriction on software: *.doc*.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\*.jse <====== UWAGA HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== UWAGA HKLM Group Policy restriction on software: C:\Documents and Settings\*.jse <====== UWAGA HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== UWAGA HKLM Group Policy restriction on software: *.rar*.pif <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.jse <====== UWAGA HKLM Group Policy restriction on software: *.wav*.pif <====== UWAGA HKLM Group Policy restriction on software: *.png*.scr <====== UWAGA HKLM Group Policy restriction on software: *.jpeg*.bat <====== UWAGA HKLM Group Policy restriction on software: *.pptx*.com <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.jpg*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.txt*.js <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.js <====== UWAGA HKLM Group Policy restriction on software: *.xls*.com <====== UWAGA HKLM Group Policy restriction on software: *.zip*.pif <====== UWAGA HKLM Group Policy restriction on software: *.zip*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.pptx*.scr <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\*.scr <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.cmd <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*.bat <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*.jse <====== UWAGA HKLM Group Policy restriction on software: *.jpeg*.exe <====== UWAGA HKLM Group Policy restriction on software: vssadmin.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== UWAGA HKLM Group Policy restriction on software: *.wav*.com <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.js <====== UWAGA HKLM Group Policy restriction on software: *.txt*.bat <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== UWAGA HKLM Group Policy restriction on software: *.mp4*.jse <====== UWAGA HKLM Group Policy restriction on software: *.rar*.bat <====== UWAGA HKLM Group Policy restriction on software: *.pub*.js <====== UWAGA HKLM Group Policy restriction on software: *.mp3*.jse <====== UWAGA HKLM Group Policy restriction on software: *.txt*.scr <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*\*.com <====== UWAGA HKLM Group Policy restriction on software: *.wmv*.scr <====== UWAGA HKLM Group Policy restriction on software: *.xlsx*.js <====== UWAGA HKLM Group Policy restriction on software: *.wmv*.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== UWAGA HKLM Group Policy restriction on software: *.rtf*.exe <====== UWAGA HKLM Group Policy restriction on software: *.rtf*.jse <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.docx*.bat <====== UWAGA HKLM Group Policy restriction on software: *.jpeg*.jse <====== UWAGA HKLM Group Policy restriction on software: *.wmv*.com <====== UWAGA HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.jse <====== UWAGA HKLM Group Policy restriction on software: *.mp4*.pif <====== UWAGA HKLM Group Policy restriction on software: *.wma*.scr <====== UWAGA HKLM Group Policy restriction on software: *.zip*.bat <====== UWAGA HKLM Group Policy restriction on software: *.xls*.js <====== UWAGA HKLM Group Policy restriction on software: *.pptx*.bat <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== UWAGA HKLM Group Policy restriction on software: *.wmv*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.pdf*.pif <====== UWAGA HKLM Group Policy restriction on software: *.rtf*.pif <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.jse <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.js <====== UWAGA HKLM Group Policy restriction on software: *.mp3*.js <====== UWAGA HKLM Group Policy restriction on software: *.docx*.cmd <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.cmd <====== UWAGA HKLM Group Policy restriction on software: *.xls*.exe <====== UWAGA HKLM Group Policy restriction on software: C:\Documents and Settings\*.bat <====== UWAGA HKLM Group Policy restriction on software: *.jpg*.pif <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== UWAGA HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== UWAGA HKLM Group Policy restriction on software: *.mp4*.bat <====== UWAGA HKLM Group Policy restriction on software: *.avi*.exe <====== UWAGA HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.jse <====== UWAGA HKLM Group Policy restriction on software: *.rtf*.js <====== UWAGA HKLM Group Policy restriction on software: *.pdf*.cmd <====== UWAGA HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== UWAGA HKLM Group Policy restriction on software: *.xlsx*.jse <====== UWAGA HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.zip*.scr <====== UWAGA HKLM Group Policy restriction on software: *.avi*.js <====== UWAGA HKLM Group Policy restriction on software: *.pptx*.js <====== UWAGA HKLM Group Policy restriction on software: *.avi*.scr <====== UWAGA HKLM Group Policy restriction on software: cipher.exe <====== UWAGA HKLM Group Policy restriction on software: *.mp3*.com <====== UWAGA HKLM Group Policy restriction on software: *.mp4*.cmd <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.js <====== UWAGA HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== UWAGA HKLM Group Policy restriction on software: *.pub*.com <====== UWAGA HKLM Group Policy restriction on software: *.rar*.exe <====== UWAGA Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-10-15] (ATI Technologies Inc.) HKU\S-1-5-21-1060284298-1004336348-1177238915-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-1060284298-1004336348-1177238915-1003\...\MountPoints2: {1634f795-8051-11e2-a03a-000fea2b8bd0} - RunClubSanDisk.exe HKU\S-1-5-21-1060284298-1004336348-1177238915-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2009-09-10] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_134_pepper.exe -update pepperplugin ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-10-12] (Google) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Kornik\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Kornik\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Kornik\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Kornik\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Kornik\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Kornik\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Kornik\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Kornik\Dane aplikacji\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) Startup: C:\Documents and Settings\Kornik\Menu Start\Programy\Autostart\Dropbox.lnk [2016-05-26] ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Kornik\Dane aplikacji\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk /k:D * ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{442385E9-56A0-4B4F-9CD0-DB9BD9246EBD}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1060284298-1004336348-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1060284298-1004336348-1177238915-1003 -> DefaultScope {E4762FF2-41BD-4974-819C-F6A33CC19CFD} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKU\S-1-5-21-1060284298-1004336348-1177238915-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-1060284298-1004336348-1177238915-1003 -> {E4762FF2-41BD-4974-819C-F6A33CC19CFD} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms} BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-09] (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-09] (Sun Microsystems, Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-26] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-26] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-01-09] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-01-09] [Brak podpisu cyfrowego] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono Chrome: ======= CHR Profile: C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-26] CHR HKLM\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Bookmarks Import & Export) - C:\Documents and Settings\Kornik\Dane aplikacji\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2016-05-25] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [253952 2005-08-07] (ASUSTeK COMPUTER INC.) [Brak podpisu cyfrowego] R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1353720 2015-07-08] (ESET) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [113632 2016-05-22] (SurfRight B.V.) R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [4383952 2016-05-22] (SurfRight B.V.) R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-01-09] (Sun Microsystems, Inc.) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2304320 2004-12-22] (Realtek Semiconductor Corp.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43008 2005-03-09] (Advanced Micro Devices) R1 Amfilter; C:\WINDOWS\System32\DRIVERS\Amfilter.sys [9216 2007-05-14] (A4Tech Co.,Ltd.) [Brak podpisu cyfrowego] R3 Amusbprt; C:\WINDOWS\System32\DRIVERS\Amusbprt.sys [14336 2007-05-14] (A4Tech Co.,Ltd.) [Brak podpisu cyfrowego] R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [Brak podpisu cyfrowego] R1 asuskbnt; C:\WINDOWS\System32\drivers\atkkbnt.sys [23040 2005-06-09] (ASUSTeK COMPUTER INC.) [Brak podpisu cyfrowego] R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [218176 2011-01-15] (DT Soft Ltd) R3 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET) R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [11264 2005-08-31] (ASUSTeK Computer Inc.) [Brak podpisu cyfrowego] R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [185176 2015-07-14] (ESET) R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [48192 2015-07-14] (ESET) R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [71888 2015-07-14] (ESET) S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-05-19] () R3 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [142192 2016-05-22] (SurfRight B.V.) R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [75584 2016-05-22] (SurfRight B.V.) R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-26] (Malwarebytes) R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [105472 2009-09-10] (NVIDIA Corporation) [Brak podpisu cyfrowego] R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33536 2005-04-05] (NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [145952 2009-09-10] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-04-05] (NVIDIA Corporation) S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19056 2010-11-06] () R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R0 Si3112; C:\WINDOWS\system32\Drivers\Si3112.sys [62336 2009-09-10] (Silicon Image, Inc.) [Brak podpisu cyfrowego] S0 Si3114r5; C:\WINDOWS\system32\Drivers\Si3114r5.sys [195072 2009-09-10] (Silicon Image, Inc) R0 Si3124; C:\WINDOWS\system32\Drivers\Si3124.sys [69248 2009-09-10] (Silicon Image, Inc.) [Brak podpisu cyfrowego] R0 Si3132; C:\WINDOWS\system32\Drivers\Si3132.sys [74672 2009-09-10] (Silicon Image, Inc.) R0 Si3132r5; C:\WINDOWS\system32\Drivers\Si3132r5.sys [215856 2009-09-10] (Silicon Image, Inc) R0 Si3531; C:\WINDOWS\system32\Drivers\Si3531.sys [212520 2009-09-10] (Silicon Image, Inc) R1 VD_FileDisk; C:\WINDOWS\system32\Drivers\VD_FileDisk.sys [16384 2009-10-25] (Flint Incorporation) [Brak podpisu cyfrowego] U1 eamon; system32\DRIVERS\eamon.sys [X] S4 IntelIde; Brak ImagePath U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-26 23:10 - 2016-05-26 23:29 - 00000000 ____D C:\FRST 2016-05-26 22:33 - 2016-05-26 22:33 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-05-26 22:23 - 2016-05-26 22:23 - 02530304 _____ (BitTorrent Inc.) C:\Documents and Settings\Kornik\Moje dokumenty\uTorrent.exe 2016-05-26 21:12 - 2016-05-26 21:12 - 00001825 _____ C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome.lnk 2016-05-26 21:12 - 2016-05-26 21:12 - 00001819 _____ C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2016-05-26 21:03 - 2016-05-26 21:03 - 00987728 _____ (Google Inc.) C:\Documents and Settings\Kornik\Moje dokumenty\ChromeSetup.exe 2016-05-26 20:08 - 2016-05-26 20:09 - 38137464 _____ (Vivaldi Technologies AS) C:\Documents and Settings\Kornik\Moje dokumenty\Vivaldi.1.1.453.59.exe 2016-05-26 00:36 - 2016-05-26 00:36 - 00000000 ____D C:\Documents and Settings\Kornik\Dane aplikacji\MPC-HC 2016-05-26 00:13 - 2016-05-26 00:13 - 00000000 ____D C:\Program Files\K-Lite Codec Pack 2016-05-26 00:13 - 2016-05-26 00:13 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\K-Lite Codec Pack 2016-05-25 23:56 - 2016-05-25 23:57 - 03677760 _____ C:\Documents and Settings\Kornik\Moje dokumenty\AdwCleaner.exe 2016-05-25 23:53 - 2016-05-25 23:55 - 35622617 _____ (KLCP ) C:\Documents and Settings\Kornik\Moje dokumenty\K-Lite_Codec_Pack_1215_Full_[www.programosy.pl].exe 2016-05-25 23:28 - 2016-05-25 23:28 - 00253748 _____ C:\Documents and Settings\Kornik\Moje dokumenty\Bookmarks.html 2016-05-25 22:35 - 2016-05-25 22:34 - 00090112 _____ C:\WINDOWS\Minidump\Mini052516-04.dmp 2016-05-25 22:30 - 2016-05-25 22:30 - 00090112 _____ C:\WINDOWS\Minidump\Mini052516-03.dmp 2016-05-25 22:15 - 2016-05-25 22:15 - 00090112 _____ C:\WINDOWS\Minidump\Mini052516-02.dmp 2016-05-25 22:00 - 2016-05-25 22:00 - 00090112 _____ C:\WINDOWS\Minidump\Mini052516-01.dmp 2016-05-23 23:49 - 2016-05-23 23:49 - 00090112 _____ C:\WINDOWS\Minidump\Mini052316-05.dmp 2016-05-23 23:41 - 2016-05-23 23:41 - 00090112 _____ C:\WINDOWS\Minidump\Mini052316-04.dmp 2016-05-23 23:25 - 2016-05-23 23:25 - 00090112 _____ C:\WINDOWS\Minidump\Mini052316-03.dmp 2016-05-23 23:15 - 2016-05-23 23:15 - 00090112 _____ C:\WINDOWS\Minidump\Mini052316-02.dmp 2016-05-23 23:02 - 2016-05-23 23:01 - 00090112 _____ C:\WINDOWS\Minidump\Mini052316-01.dmp 2016-05-23 22:09 - 2016-05-23 22:10 - 00651504 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Kornik\Moje dokumenty\rannohdecryptor.exe 2016-05-22 18:46 - 2016-05-22 18:46 - 00053248 _____ C:\WINDOWS\system32\zlib.dll 2016-05-22 18:46 - 2016-05-22 18:46 - 00000865 _____ C:\Documents and Settings\All Users\Pulpit\CryptoPrevent.lnk 2016-05-22 18:46 - 2016-05-22 18:46 - 00000000 ____D C:\Program Files\Foolish IT 2016-05-22 18:46 - 2016-05-22 18:46 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Foolish IT 2016-05-22 18:25 - 2016-05-26 23:01 - 00000000 ____D C:\WINDOWS\CryptoGuard 2016-05-22 18:25 - 2016-05-26 22:45 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro.Alert 2016-05-22 18:25 - 2016-05-22 18:25 - 00016384 _____ C:\WINDOWS\system32\0e! 2016-05-22 18:24 - 2016-05-22 18:24 - 00767696 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll 2016-05-22 18:24 - 2016-05-22 18:24 - 00142192 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys 2016-05-22 18:24 - 2016-05-22 18:24 - 00075584 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys 2016-05-22 18:24 - 2016-05-22 18:24 - 00000000 ____D C:\Program Files\HitmanPro.Alert 2016-05-22 18:24 - 2016-05-22 18:24 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\HitmanPro.Alert 2016-05-22 18:11 - 2016-05-22 18:11 - 00001652 _____ C:\Documents and Settings\All Users\Pulpit\HitmanPro.lnk 2016-05-22 18:11 - 2016-05-22 18:11 - 00000000 ____D C:\Program Files\HitmanPro 2016-05-22 18:11 - 2016-05-22 18:11 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\HitmanPro 2016-05-22 18:10 - 2016-05-22 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro 2016-05-21 07:16 - 2016-05-21 07:19 - 00000000 ____D C:\rec 2016-05-21 06:58 - 2016-05-23 01:39 - 00000000 ____D C:\Program Files\Recuva 2016-05-21 06:58 - 2016-05-21 06:58 - 00001512 _____ C:\Documents and Settings\Kornik\Pulpit\Recuva.lnk 2016-05-21 06:58 - 2016-05-21 06:58 - 00000000 ____D C:\Documents and Settings\Kornik\Menu Start\Programy\Recuva 2016-05-21 06:55 - 2016-05-21 06:56 - 00002152 _____ C:\RannohDecryptor.1.9.1.0_21.05.2016_06.55.43_log.txt 2016-05-21 06:32 - 2016-05-21 06:55 - 00002808 _____ C:\RannohDecryptor.1.9.1.1_21.05.2016_06.32.23_log.txt 2016-05-20 22:36 - 2016-05-20 22:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\ESET 2016-05-20 22:36 - 2016-05-20 22:36 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ESET 2016-05-20 10:51 - 2016-05-20 11:16 - 00000000 ____D C:\Documents and Settings\Kornik\Pulpit\Nowy folder (9) 2016-05-20 03:10 - 2016-05-23 22:21 - 00000381 _____ C:\Documents and Settings\Kornik\Pulpit\Nowy Dokument tekstowy (2).txt 2016-05-20 02:20 - 2016-05-20 02:21 - 00002160 _____ C:\RakhniDecryptor.1.15.9.0_20.05.2016_02.20.12_log.txt 2016-05-20 02:12 - 2016-05-20 02:19 - 01693942 _____ C:\XoristDecryptor.2.4.0.0_20.05.2016_02.12.37_log.txt 2016-05-20 02:11 - 2016-05-20 02:12 - 00003496 _____ C:\RectorDecryptor.2.7.0.0_20.05.2016_02.11.54_log.txt 2016-05-20 01:51 - 2016-05-20 02:11 - 03438708 _____ C:\XoristDecryptor.2.4.0.0_20.05.2016_01.51.46_log.txt 2016-05-20 01:07 - 2016-05-20 01:51 - 00003440 _____ C:\RannohDecryptor.1.9.1.0_20.05.2016_01.07.11_log.txt 2016-05-20 00:12 - 2016-05-26 22:52 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-05-20 00:10 - 2016-05-20 00:14 - 00000777 _____ C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2016-05-20 00:10 - 2016-05-20 00:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-05-20 00:10 - 2016-05-20 00:14 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes Anti-Malware 2016-05-20 00:10 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-05-20 00:10 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-05-19 22:51 - 2016-05-19 23:28 - 00000000 ____D C:\Documents and Settings\Kornik\Dane aplikacji\Enigma Software Group 2016-05-19 22:50 - 2016-05-19 22:50 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys 2016-05-19 22:48 - 2016-05-19 22:48 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Kornik\Moje dokumenty\SpyHunter-Installer.exe 2016-05-19 20:53 - 2016-05-19 20:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini051916-01.dmp 2016-05-16 23:05 - 2016-05-16 23:06 - 00023875 _____ C:\Documents and Settings\Kornik\Moje dokumenty\the.good.wife.s07.e22.end.(2016).pol.1cd.(6620370).zip 2016-05-13 22:36 - 2016-05-13 22:37 - 00024429 _____ C:\Documents and Settings\Kornik\Moje dokumenty\risen.(2016).pol.1cd.(6617821).zip 2016-05-12 20:07 - 2016-05-12 20:07 - 00090112 _____ C:\WINDOWS\Minidump\Mini051216-02.dmp 2016-05-12 20:01 - 2016-05-12 20:01 - 00028161 _____ C:\Documents and Settings\Kornik\Moje dokumenty\queen.of.the.desert.(2015).pol.1cd.(6603091).zip 2016-05-12 19:53 - 2016-05-12 19:53 - 00090112 _____ C:\WINDOWS\Minidump\Mini051216-01.dmp 2016-05-10 22:53 - 2016-05-10 22:53 - 00090112 _____ C:\WINDOWS\Minidump\Mini051016-01.dmp 2016-05-06 20:53 - 2016-05-06 20:53 - 00027165 _____ C:\Documents and Settings\Kornik\Moje dokumenty\the.good.wife.s07.e20.party.(2016).pol.1cd.(6604663).zip 2016-05-03 22:07 - 2016-05-03 22:07 - 00024139 _____ C:\Documents and Settings\Kornik\Moje dokumenty\maze.runner.the.scorch.trials.(2015).pol.1cd.(6431826).zip 2016-04-30 11:58 - 2016-04-30 11:59 - 00000000 ____D C:\Documents and Settings\Kornik\Pulpit\pit 2016-04-30 11:44 - 2016-04-30 11:44 - 00000000 ____D C:\Documents and Settings\Kornik\Dane aplikacji\com.efile.epity2015 2016-04-30 11:43 - 2016-04-30 11:43 - 00000810 _____ C:\Documents and Settings\Kornik\Menu Start\Programy\e-pity 2015 - program, pity roczne, e-deklaracje.lnk 2016-04-30 11:43 - 2016-04-30 11:43 - 00000804 _____ C:\Documents and Settings\Kornik\Pulpit\e-pity 2015 - program, pity roczne, e-deklaracje.lnk 2016-04-30 11:42 - 2016-04-30 11:43 - 22835323 _____ (e-file sp. z o.o. ) C:\Documents and Settings\Kornik\Moje dokumenty\setup_e-pity2015_adglpoep.exe 2016-04-30 11:20 - 2016-04-30 11:19 - 00090112 _____ C:\WINDOWS\Minidump\Mini043016-01.dmp 2016-04-26 00:59 - 2016-04-26 00:59 - 00090112 _____ C:\WINDOWS\Minidump\Mini042616-01.dmp ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-26 23:30 - 2011-01-08 17:24 - 00000000 ____D C:\Documents and Settings\Kornik\Ustawienia lokalne\Temp 2016-05-26 23:25 - 2014-10-11 19:59 - 00000464 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{D83BB471-9CB2-4A9D-9616-8B2413E4E1A8}.job 2016-05-26 23:10 - 2015-02-28 19:48 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-26 23:02 - 2016-03-25 00:09 - 00000000 ____D C:\AdwCleaner 2016-05-26 22:52 - 2014-12-07 16:26 - 00002641 _____ C:\Documents and Settings\Kornik\Pulpit\µTorrent.lnk 2016-05-26 22:52 - 2014-12-07 16:26 - 00002641 _____ C:\Documents and Settings\Kornik\Menu Start\µTorrent.lnk 2016-05-26 22:52 - 2011-01-09 20:13 - 00000000 ____D C:\Documents and Settings\Kornik\Dane aplikacji\uTorrent 2016-05-26 22:45 - 2015-04-05 09:41 - 00000458 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1428219659.job 2016-05-26 22:45 - 2015-02-28 19:48 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-26 22:45 - 2012-11-18 19:04 - 00000000 ____D C:\Program Files\PeerBlock 2016-05-26 22:45 - 2011-01-09 12:30 - 00000000 ____D C:\Program Files\Opera 2016-05-26 22:45 - 2011-01-08 18:11 - 00000000 ____D C:\WINDOWS\security 2016-05-26 22:45 - 2011-01-08 17:24 - 00000188 ___SH C:\Documents and Settings\Kornik\ntuser.ini 2016-05-26 22:45 - 2011-01-08 17:23 - 00032514 _____ C:\WINDOWS\SchedLgU.Txt 2016-05-26 22:45 - 2011-01-08 17:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-26 22:23 - 2011-01-08 17:24 - 00000000 ___RD C:\Documents and Settings\Kornik\Moje dokumenty 2016-05-26 21:12 - 2015-02-28 19:48 - 00000000 ____D C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\Google 2016-05-26 21:12 - 2011-01-08 18:14 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2016-05-26 21:12 - 2011-01-08 18:14 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2016-05-26 21:11 - 2015-02-28 19:48 - 00000000 ____D C:\Program Files\Google 2016-05-26 21:10 - 2011-01-08 17:24 - 00000000 ___HD C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji 2016-05-26 01:12 - 2011-07-29 22:50 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt 2016-05-26 00:36 - 2011-01-08 17:24 - 00000000 __RHD C:\Documents and Settings\Kornik\Dane aplikacji 2016-05-26 00:02 - 2011-01-08 17:24 - 00000000 ___RD C:\Documents and Settings\Kornik\Menu Start\Programy\Autostart 2016-05-25 22:35 - 2013-10-06 12:40 - 00000000 ____D C:\WINDOWS\Minidump 2016-05-25 22:35 - 2011-01-15 13:27 - 00000000 __SHD C:\WINDOWS\CSC 2016-05-25 22:00 - 2009-09-10 15:45 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2016-05-23 01:11 - 2011-01-08 17:24 - 00000000 ____D C:\Documents and Settings\Kornik\Pulpit 2016-05-22 18:25 - 2011-01-08 18:14 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2016-05-22 18:10 - 2014-11-23 07:00 - 00000000 ____D C:\Documents and Settings\Kornik\Pulpit\Nowy folder (6) 2016-05-21 06:58 - 2011-01-08 17:24 - 00000000 ___RD C:\Documents and Settings\Kornik\Menu Start\Programy 2016-05-20 22:36 - 2011-01-08 18:11 - 00000000 ___HD C:\WINDOWS\inf 2016-05-20 11:04 - 2011-01-08 18:13 - 00000211 ___SH C:\boot.ini 2016-05-20 11:04 - 2009-09-10 15:45 - 00000582 _____ C:\WINDOWS\win.ini 2016-05-20 11:04 - 2009-09-10 15:45 - 00000227 _____ C:\WINDOWS\system.ini 2016-05-20 00:38 - 2011-01-08 18:11 - 00000000 ____D C:\WINDOWS\mui 2016-05-20 00:35 - 2013-12-13 21:00 - 00000000 ____D C:\Documents and Settings\Kornik\Pulpit\operapassview 2016-05-20 00:10 - 2012-11-05 13:34 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2016-05-19 22:50 - 2011-01-08 17:24 - 00000000 ____D C:\Documents and Settings\Kornik 2016-05-09 22:26 - 2011-01-08 17:24 - 00000000 ___RD C:\Documents and Settings\Kornik\Moje dokumenty\Moje obrazy 2016-04-30 12:01 - 2015-04-19 18:59 - 00000000 ____D C:\Documents and Settings\Kornik\Moje dokumenty\efile-backup 2016-04-30 11:44 - 2013-04-14 14:55 - 00000000 ____D C:\Documents and Settings\Kornik\Moje dokumenty\efile 2016-04-30 11:43 - 2014-04-29 02:59 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\e-pity 2016-04-30 11:43 - 2011-03-06 14:28 - 00000000 ____D C:\Program Files\e-file ==================== Pliki w katalogu głównym wybranych folderów ======= 2011-01-09 12:02 - 2011-01-09 12:02 - 0000131 _____ () C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2013-04-29 19:45 - 2013-04-29 19:45 - 0002595 _____ () C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\unins000.dat 2013-04-29 19:45 - 2013-04-29 19:45 - 0707504 _____ () C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\unins000.exe 2013-04-29 19:45 - 2013-04-29 19:45 - 0011761 _____ () C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\unins000.msg 2016-04-07 21:33 - 2016-04-07 21:33 - 0000000 _____ () C:\Documents and Settings\Kornik\Ustawienia lokalne\Dane aplikacji\{547E64BD-D1C6-470D-8CB3-598813043609} Niektóre pliki w TEMP: ==================== C:\Documents and Settings\Kornik\Ustawienia lokalne\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpteqlde.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================