Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 31-08-2016 Uruchomiony przez PF (administrator) MPF (04-09-2016 08:23:56) Uruchomiony z D:\ Załadowane profile: PF & MPF-user (Dostępne profile: PF & MPF-user & Paula & Karolina & SuperAdmin & Gość) Platform: Windows 8.1 (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (hxxp://kay-bruns.de) C:\Windows\SuRun.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.6.1.37\nf.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.6.1.37\tampmon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (AMD) C:\Windows\System32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.6.1.37\nf.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe (hxxp://kay-bruns.de) C:\Windows\SuRun.exe (hxxp://kay-bruns.de) C:\Windows\SuRun32.bin (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Opera Software) C:\Program Files (x86)\Opera\39.0.2256.48\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Rozszerzenie SuRun menu systemowego] => C:\Windows\SuRun.exe [733696 2016-01-15] (hxxp://kay-bruns.de) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor) HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\PF\AppData\Local\Temp\DeleteOnReboot.bat [236 2016-09-03] () <===== UWAGA HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-4135268763-1011209837-692898137-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation) HKU\S-1-5-21-4135268763-1011209837-692898137-1001\...\RunOnce: [Report] => AdwCleaner\AdwCleaner[C0].txt [1884 2016-09-03] () HKU\S-1-5-21-4135268763-1011209837-692898137-1002\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation) HKU\S-1-5-21-4135268763-1011209837-692898137-1002\...\MountPoints2: {09d00304-d944-11e4-82b0-bc5ff4e503b5} - "F:\LG_PC_Programs.exe" HKU\S-1-5-21-4135268763-1011209837-692898137-1002\...\MountPoints2: {79a75e7e-27e6-11e4-828e-bc5ff4e503b5} - "F:\Startme.exe" ShellExecuteHooks: SuRun Shell Extension - {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - C:\Windows\SuRunExt.dll [195072 2016-01-15] (hxxp://kay-bruns.de) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation) Startup: C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk [2014-05-28] ShortcutTarget: Wysyłanie do programu OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Brak pliku) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.11 194.204.152.34 78.133.216.87 Tcpip\..\Interfaces\{FCDF25F2-5182-46AD-ACF1-B58B3682CE06}: [DhcpNameServer] 10.0.0.11 194.204.152.34 78.133.216.87 Internet Explorer: ================== HKU\S-1-5-21-4135268763-1011209837-692898137-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-31] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) BHO: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine64\3.6.1.37\coIEPlg.dll [2016-06-24] (Symantec Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-31] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-07-31] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => Brak pliku BHO-x32: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine\3.6.1.37\coIEPlg.dll [2016-06-24] (Symantec Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-31] (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) Toolbar: HKU\S-1-5-21-4135268763-1011209837-692898137-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) Toolbar: HKU\S-1-5-21-4135268763-1011209837-692898137-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-31] (Microsoft Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-31] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFAddon FF Extension: (Norton™ Family) - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFAddon [2016-08-29] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon [2016-07-05] FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFFw FF Extension: (Norton Family) - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFFw [2016-01-10] [Brak podpisu cyfrowego] FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFAddon FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon Chrome: ======= CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-29] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.6.1.37\Extensions\Chrome.crx [2016-08-29] CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-29] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.6.1.37\Extensions\Chrome.crx [2016-08-29] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-05] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-31] (Microsoft Corporation) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] () R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe [289080 2016-08-16] (Symantec Corporation) R2 NSM; C:\Program Files (x86)\Norton Family\Engine\3.6.1.37\NF.exe [372672 2016-08-23] (Symantec Corporation) R2 SuRunSVC; C:\Windows\SuRun.exe [733696 2016-01-15] (hxxp://kay-bruns.de) [Brak podpisu cyfrowego] R2 TampMon; C:\Program Files (x86)\Norton Family\Engine\3.6.1.37\TampMon.exe [321312 2016-08-23] (Symantec Corporation) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 Update webget; "C:\Program Files (x86)\webget\updatewebget.exe" [X] S2 Util webget; "C:\Program Files (x86)\webget\bin\utilwebget.exe" [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 Andbus; C:\Windows\System32\drivers\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.) S3 AndDiag; C:\Windows\system32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.) S3 AndGps; C:\Windows\system32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.) S3 ANDModem; C:\Windows\system32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.) S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160826.008\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation) S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-01-05] (BitRaider) R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0306010.025\ccSetx64.sys [174328 2016-06-30] (Symantec Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160902.001\IDSvia64.sys [876760 2016-07-09] (Symantec Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] () R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] () R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS [773360 2016-08-10] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NSx64\1607010.020\SymELAM.sys [24192 2015-07-11] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-08-29] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation) R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0306010.025\SymRdrS.SYS [232632 2016-04-19] (Symantec Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\SDSDefs\20160705.002\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\SDSDefs\20160705.002\EX64.SYS [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-04 08:21 - 2016-09-04 08:23 - 00000000 ____D C:\FRST 2016-09-04 00:44 - 2016-09-04 00:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-04 00:44 - 2016-09-04 00:44 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-04 00:44 - 2016-09-04 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-04 00:44 - 2016-09-04 00:44 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-09-04 00:44 - 2016-09-04 00:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-04 00:44 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-09-04 00:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-09-04 00:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-09-03 13:22 - 2016-09-04 01:55 - 00000000 ____D C:\ProgramData\Foxit Software 2016-09-03 13:22 - 2016-09-03 13:22 - 00001367 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2016-09-03 13:22 - 2016-09-03 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2016-09-03 13:22 - 2016-09-03 13:22 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform 2016-09-03 11:56 - 2016-09-03 11:56 - 00000908 _____ C:\Users\MPF-user\Desktop\adwcleaner_6.010_www.INSTALKI.pl.exe — skrót.lnk 2016-08-29 02:25 - 2016-08-29 02:25 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security 2016-08-29 02:24 - 2016-08-29 02:24 - 00003232 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task 2016-08-29 02:24 - 2016-08-29 02:24 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2016-08-10 23:04 - 2016-06-10 20:11 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2016-08-10 23:04 - 2016-05-06 19:13 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2016-08-10 23:04 - 2016-04-06 20:17 - 18825216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2016-08-10 23:03 - 2016-06-18 22:06 - 00590688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2016-08-10 23:03 - 2016-06-18 22:06 - 00072408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys 2016-08-10 23:03 - 2016-06-11 21:52 - 00379232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2016-08-10 23:03 - 2016-06-11 21:52 - 00057184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys 2016-08-10 23:03 - 2016-06-11 20:05 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe 2016-08-10 23:03 - 2016-06-11 19:14 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpresult.exe 2016-08-10 23:03 - 2016-06-11 18:50 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-10 23:03 - 2016-06-11 18:46 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll 2016-08-10 23:03 - 2016-06-11 18:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2016-08-10 23:03 - 2016-06-11 18:37 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-08-10 23:03 - 2016-06-11 18:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-10 23:03 - 2016-06-11 18:20 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2016-08-10 23:03 - 2016-06-11 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2016-08-10 23:03 - 2016-06-11 05:44 - 00107984 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2016-08-10 23:03 - 2016-06-11 05:44 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2016-08-10 23:03 - 2016-06-10 22:07 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2016-08-10 23:03 - 2016-06-10 22:03 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-10 23:03 - 2016-06-10 21:04 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-08-10 23:03 - 2016-06-10 20:11 - 01487992 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2016-08-10 23:03 - 2016-06-10 20:11 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2016-08-10 23:03 - 2016-06-10 20:11 - 00125024 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll 2016-08-10 23:03 - 2016-06-10 20:10 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll 2016-08-10 23:03 - 2016-06-10 20:07 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2016-08-10 23:03 - 2016-06-10 20:04 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-10 23:03 - 2016-06-09 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2016-08-10 23:03 - 2016-06-09 20:18 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2016-08-10 23:03 - 2016-06-07 20:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll 2016-08-10 23:03 - 2016-06-07 19:13 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll 2016-08-10 23:03 - 2016-06-04 02:38 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-08-10 23:03 - 2016-06-04 02:37 - 01970968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-08-10 23:03 - 2016-05-29 09:08 - 22361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-08-10 23:03 - 2016-05-28 20:31 - 19788688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-08-10 23:03 - 2016-05-18 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2016-08-10 23:03 - 2016-05-18 23:15 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2016-08-10 23:03 - 2016-05-18 22:56 - 01291776 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2016-08-10 23:03 - 2016-05-18 22:33 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2016-08-10 23:03 - 2016-05-18 22:28 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll 2016-08-10 23:03 - 2016-05-18 22:16 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll 2016-08-10 23:03 - 2016-05-14 22:26 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-08-10 23:03 - 2016-05-14 07:19 - 01134768 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-08-10 23:03 - 2016-05-14 01:08 - 00111616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2016-08-10 23:03 - 2016-05-14 01:08 - 00032768 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys 2016-08-10 23:03 - 2016-05-14 01:08 - 00032512 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2016-08-10 23:03 - 2016-05-14 00:24 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-08-10 23:03 - 2016-05-13 23:42 - 03667968 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-08-10 23:03 - 2016-05-13 23:30 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-08-10 23:03 - 2016-05-13 23:29 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-08-10 23:03 - 2016-05-13 23:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2016-08-10 23:03 - 2016-05-13 23:27 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-08-10 23:03 - 2016-05-13 23:26 - 02230784 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-08-10 23:03 - 2016-05-13 23:26 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-08-10 23:03 - 2016-05-13 23:18 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-08-10 23:03 - 2016-05-13 23:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-08-10 23:03 - 2016-05-13 23:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-08-10 23:03 - 2016-05-13 23:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-08-10 23:03 - 2016-05-12 20:36 - 00034600 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe 2016-08-10 23:03 - 2016-05-12 19:39 - 00030984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe 2016-08-10 23:03 - 2016-05-06 23:59 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2016-08-10 23:03 - 2016-05-05 20:28 - 01661072 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-08-10 23:03 - 2016-05-05 19:39 - 01212256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-08-10 23:03 - 2016-05-05 19:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-08-10 23:03 - 2016-05-05 19:02 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-08-10 23:03 - 2016-05-05 18:37 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-08-10 23:03 - 2016-05-05 18:34 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-08-10 23:03 - 2016-05-05 18:29 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-08-10 23:03 - 2016-05-05 17:28 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-08-10 23:03 - 2016-05-05 17:16 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-08-10 23:03 - 2016-04-16 15:56 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2016-08-10 23:03 - 2016-04-10 07:35 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys 2016-08-10 23:03 - 2016-04-10 00:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll 2016-08-10 23:03 - 2016-04-10 00:14 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Geolocation.dll 2016-08-10 23:03 - 2016-04-10 00:10 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2016-08-10 23:03 - 2016-04-10 00:09 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2016-08-10 23:03 - 2016-04-10 00:02 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll 2016-08-10 23:03 - 2016-04-09 23:59 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll 2016-08-10 23:03 - 2016-04-09 23:59 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll 2016-08-10 23:03 - 2016-04-09 23:56 - 00543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2016-08-10 23:03 - 2016-04-09 23:55 - 00881152 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2016-08-10 23:03 - 2016-04-09 23:52 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll 2016-08-10 23:03 - 2016-04-07 18:06 - 00927744 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2016-08-10 23:03 - 2016-04-06 23:21 - 00114528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys 2016-08-10 23:03 - 2016-04-06 20:20 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2016-08-10 23:03 - 2016-04-06 18:25 - 15158272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2016-08-10 23:03 - 2016-04-06 00:37 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys 2016-08-10 23:03 - 2016-04-02 15:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll 2016-08-10 23:03 - 2016-04-01 19:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll 2016-08-10 23:03 - 2016-04-01 18:53 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2016-08-10 23:03 - 2016-04-01 18:50 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2016-08-10 23:03 - 2016-02-04 18:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll 2016-08-10 23:03 - 2016-02-04 18:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll 2016-08-10 23:03 - 2016-02-04 18:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll 2016-08-10 22:58 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 22:58 - 2016-07-08 16:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-10 22:57 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 22:57 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 22:57 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 22:57 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 22:57 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 22:57 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 22:57 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 22:57 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 22:57 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 22:57 - 2016-08-02 07:46 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-08-10 22:57 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 22:57 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 22:57 - 2016-08-02 07:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 22:57 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 22:57 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 22:57 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 22:57 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 22:57 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 22:57 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 22:57 - 2016-08-02 07:20 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-08-10 22:57 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 22:57 - 2016-08-02 07:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 22:57 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 22:57 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 22:57 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 22:57 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 22:57 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 22:57 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 22:57 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 22:56 - 2016-07-12 16:08 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2016-08-10 22:56 - 2016-07-09 02:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 22:56 - 2016-07-09 02:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 22:56 - 2016-07-08 16:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2016-08-10 22:56 - 2016-07-08 16:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2016-08-10 22:56 - 2016-07-08 16:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 22:56 - 2016-07-08 16:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-08-10 22:56 - 2016-07-08 16:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll 2016-08-10 22:56 - 2016-07-08 00:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 22:56 - 2016-07-07 23:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 22:56 - 2016-07-07 22:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 22:56 - 2016-07-06 16:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-08-10 22:56 - 2016-07-06 16:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-08-10 22:56 - 2016-07-06 16:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-08-10 22:56 - 2016-07-06 16:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-08-10 22:56 - 2016-05-19 01:18 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-08-10 22:56 - 2016-05-19 01:18 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-08-10 22:56 - 2016-05-19 01:16 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-10 22:56 - 2016-05-19 00:28 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-08-10 21:41 - 2016-08-10 21:41 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-04 07:58 - 2014-02-13 00:46 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4135268763-1011209837-692898137-1002 2016-09-04 07:56 - 2014-02-14 19:27 - 00003976 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B6F9AF5-698C-4100-9420-EDEC7EC3DE08} 2016-09-04 02:36 - 2014-12-10 21:57 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-09-04 01:55 - 2014-02-23 12:08 - 00000000 ____D C:\Users\MPF-user\AppData\Roaming\Foxit Software 2016-09-03 12:55 - 2015-07-31 12:22 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-09-03 11:54 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-03 11:53 - 2013-08-22 15:25 - 00786432 ___SH C:\Windows\system32\config\BBI 2016-09-03 08:59 - 2016-06-15 17:05 - 00000000 ____D C:\Users\Paula\Desktop\Karolina 2016-09-03 08:34 - 2014-02-15 11:41 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4135268763-1011209837-692898137-1003 2016-09-02 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2016-09-01 21:56 - 2014-02-14 21:49 - 00000000 ____D C:\Users\MPF-user\Documents\Pliki programu Outlook 2016-08-31 16:08 - 2016-05-28 20:17 - 00000000 ____D C:\Users\Karolina\Desktop\insta 2016-08-30 18:57 - 2016-02-13 18:55 - 00000000 ____D C:\Users\Karolina\Desktop\franiu 2016-08-30 17:30 - 2015-01-31 10:30 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4135268763-1011209837-692898137-1004 2016-08-29 20:33 - 2015-02-13 13:50 - 00003976 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ECF4CF1D-3A50-475E-846A-1708C0B4291A} 2016-08-29 08:56 - 2014-02-13 00:23 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-29 08:56 - 2013-08-23 01:12 - 00805918 _____ C:\Windows\system32\perfh015.dat 2016-08-29 08:56 - 2013-08-23 01:12 - 00163272 _____ C:\Windows\system32\perfc015.dat 2016-08-29 08:56 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2016-08-29 03:00 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-08-29 02:57 - 2014-02-14 20:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-08-29 02:51 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2016-08-29 02:47 - 2014-12-10 21:57 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-08-29 02:47 - 2014-11-02 22:12 - 00000000 ____D C:\Users\MPF-user\AppData\Local\Adobe 2016-08-29 02:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-08-29 02:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-08-29 02:46 - 2014-09-10 18:07 - 00000000 ____D C:\Users\PF\AppData\Local\Adobe 2016-08-29 02:39 - 2014-02-14 19:40 - 00000000 ____D C:\Windows\System32\Tasks\Norton Family 2016-08-29 02:34 - 2015-08-28 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Family 2016-08-29 02:34 - 2014-02-14 19:39 - 00000000 ____D C:\Windows\system32\Drivers\NSMx64 2016-08-29 02:31 - 2014-02-13 00:33 - 00101112 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2016-08-29 02:31 - 2014-02-13 00:33 - 00008270 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2016-08-29 02:25 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2016-08-29 02:24 - 2016-06-24 19:31 - 00002351 _____ C:\Users\MPF-user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive dla Firm.lnk 2016-08-29 02:24 - 2016-06-23 17:25 - 00003176 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4135268763-1011209837-692898137-1002 2016-08-29 02:24 - 2016-02-20 11:23 - 00002324 _____ C:\Users\Public\Desktop\Norton Security.lnk 2016-08-29 02:24 - 2016-02-20 11:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2016-08-29 02:24 - 2016-02-20 11:21 - 00000000 ____D C:\Windows\system32\Drivers\NSx64 2016-08-11 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2016-08-11 14:31 - 2015-07-17 14:57 - 00000000 ____D C:\Users\Karolina\Desktop\dressup 2016-08-11 13:20 - 2013-08-22 16:44 - 00484472 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-11 01:00 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2016-08-11 01:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates 2016-08-10 23:21 - 2014-02-13 01:23 - 00000000 ____D C:\Windows\system32\MRT 2016-08-10 23:18 - 2014-02-13 01:23 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-10 21:41 - 2014-05-18 10:38 - 00000000 ____D C:\Users\MPF-user\AppData\Roaming\MyPhoneExplorer 2016-08-10 20:21 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-08-10 17:55 - 2014-02-13 00:41 - 00000000 ____D C:\Users\MPF-user\AppData\Local\Packages 2016-08-09 19:15 - 2014-02-15 11:38 - 00003964 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{284FD68B-9391-4DC2-9083-DF3A8481BC81} 2016-08-08 20:52 - 2014-08-08 20:36 - 00000000 ____D C:\Users\MPF-user\AppData\Roaming\Skype 2016-08-05 18:44 - 2015-11-07 22:02 - 00003878 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1446926509 2016-08-05 18:44 - 2015-11-07 22:01 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-08-05 18:44 - 2014-02-16 21:29 - 00000000 ____D C:\Program Files (x86)\Opera ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-01-20 00:06 - 2016-01-20 00:06 - 0000017 _____ () C:\Users\PF\AppData\Local\resmon.resmoncfg 2014-02-13 00:29 - 2014-02-13 00:29 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-01-19 20:16 - 2016-01-19 20:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-08-27 12:05 - 2015-08-27 12:05 - 0000016 _____ () C:\ProgramData\mntemp 2015-08-27 12:05 - 2015-08-27 12:05 - 0004105 _____ () C:\ProgramData\wmzddnmb.cix Pliki do przeniesienia lub usunięcia: ==================== C:\Users\PF\AppData\Local\Temp\DeleteOnReboot.bat Niektóre pliki w TEMP: ==================== C:\Users\PF\AppData\Local\Temp\FoxitUpdater.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-08-29 03:17 ==================== Koniec FRST.txt ============================