Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 25-09-2016 Uruchomiony przez Pentium (administrator) PENTIUM_3 (27-09-2016 13:46:47) Uruchomiony z C:\Users\Pentium\Desktop Załadowane profile: Pentium (Dostępne profile: Pentium) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Windows\System32\psxss.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\SysWOW64\ASGT.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32ST.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation) C:\Windows\System32\snmp.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FNRB32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FIH32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe (Microsoft Corporation) C:\Windows\System32\wusa.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1828160 2015-11-12] (NVIDIA Corporation) HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [349224 2015-06-11] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure TNB] => C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [1940520 2015-06-11] (F-Secure Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{062CA09E-2C2A-4DFD-925F-EF51F308B9DC}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{2C26875D-6026-4F22-A82F-A43D35C77318}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{2C26875D-6026-4F22-A82F-A43D35C77318}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{68EFE3F6-88E6-49B4-B1B5-E0FAE46B2E4C}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Internet Explorer: ================== HKU\S-1-5-21-310958543-235103612-3902852198-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.pl/ BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1473968547657 FireFox: ======== FF ProfilePath: C:\Users\Pentium\AppData\Roaming\Mozilla\Firefox\Profiles\hoi99e3w.default-1447510846242 FF Homepage: hxxps://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-23] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Pentium\AppData\Roaming\Mozilla\Firefox\Profiles\hoi99e3w.default-1447510846242\searchplugins\smod.xml [2016-09-21] FF Extension: (uBlock Origin) - C:\Users\Pentium\AppData\Roaming\Mozilla\Firefox\Profiles\hoi99e3w.default-1447510846242\Extensions\uBlock0@raymondhill.net.xpi [2016-09-25] FF Extension: (prturl Class) - C:\Users\Pentium\AppData\Roaming\Mozilla\Firefox\Profiles\hoi99e3w.default-1447510846242\Extensions\{92241CE9-8688-68B9-2C49-C7243455AD31} [2016-09-21] [Brak podpisu cyfrowego] Chrome: ======= CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G9Lzamobl8175AU,fc18b8b4-3da7-408c-a4dd-4045300da539,&vp=ch&prd=set_ch CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G9Lzamobl8175AU,fc18b8b4-3da7-408c-a4dd-4045300da539,&vp=ch&prd=set_ch" CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G9Lzamobl8175AU,fc18b8b4-3da7-408c-a4dd-4045300da539, CHR DefaultSearchKeyword: Default -> www-searching.com CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms} CHR Profile: C:\Users\Pentium\AppData\Local\Google\Chrome\User Data\Default [2016-09-23] CHR Extension: (Docs) - C:\Users\Pentium\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-19] CHR Extension: (Dysk Google) - C:\Users\Pentium\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-19] CHR Extension: (Gmail) - C:\Users\Pentium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-19] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [Brak podpisu cyfrowego] R2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [273448 2015-06-11] (F-Secure Corporation) R3 F-Secure Network Request Broker; C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [216616 2015-06-11] (F-Secure Corporation) R2 fsdevcon; C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe [539688 2015-06-11] (F-Secure Corporation) R3 FSDFWD; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [953384 2015-06-11] (F-Secure Corporation) R2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [213544 2015-06-11] (F-Secure Corporation) R3 FSORSPClient; C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [60456 2015-11-04] (F-Secure Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation) R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation) R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [219352 2016-09-26] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [98008 2016-09-26] (F-Secure Corporation) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2016-07-10] () R1 FSES; C:\Windows\System32\drivers\fses.sys [44328 2015-06-11] (F-Secure Corporation) R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [99176 2015-06-11] (F-Secure Corporation) R3 fsni; C:\Program Files (x86)\F-Secure\NIF\bin\fsni64.sys [110800 2016-09-21] (F-Secure Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-22] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-14] (Microsoft Corporation) S4 F-Secure Filter; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [X] S4 F-Secure Recognizer; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-27 13:46 - 2016-09-27 13:47 - 00013181 ____X C:\Users\Pentium\Desktop\FRST.txt 2016-09-27 13:46 - 2016-09-27 13:46 - 00000000 ____D C:\FRST 2016-09-27 13:40 - 2016-09-27 13:40 - 00000000 ___HT C:\Windows\wusa.lock 2016-09-27 13:40 - 2016-09-27 13:40 - 00000000 ____D C:\bf19a8ccfec56db5f6848ecc506aaddc 2016-09-27 13:39 - 2016-09-27 13:39 - 09575735 _____ C:\Users\Pentium\Desktop\Windows6.1-KB3020369-x64.msu 2016-09-27 13:08 - 2016-09-27 13:08 - 02403328 _____ (Farbar) C:\Users\Pentium\Desktop\FRST64.exe 2016-09-26 22:35 - 2016-09-26 22:35 - 00313366 _____ C:\Users\Pentium\Desktop\WindowsUpdateDiagnostic.diagcab 2016-09-26 19:50 - 2016-09-26 19:50 - 102501474 ____X C:\Users\Pentium\Desktop\CBS.zip 2016-09-26 19:39 - 2016-09-26 19:39 - 00000000 ___DX C:\Users\Pentium\Desktop\CBS 2016-09-26 12:29 - 2016-09-26 12:29 - 00029694 ____X C:\Users\Pentium\Desktop\Gmer logi.txt 2016-09-26 11:14 - 2016-09-26 11:14 - 00051408 ____X C:\Users\Pentium\Desktop\Extras.Txt 2016-09-26 11:13 - 2016-09-26 11:13 - 00077208 ____X C:\Users\Pentium\Desktop\OTL.Txt 2016-09-26 10:33 - 2016-09-26 10:52 - 00865373 _____ C:\Users\Pentium\Desktop\87862 - Deklaracja przystąpienia do grupowego ubezpieczenia na życie i zdrowie PZU Opieka Medyczna S.pdf 2016-09-25 19:47 - 2016-09-25 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-25 19:11 - 2016-09-25 19:11 - 00380928 _____ C:\Users\Pentium\Desktop\7j365vtc.exe 2016-09-25 18:16 - 2016-09-25 18:17 - 00000000 ____D C:\1c52d1a4b204744e9c083f7043 2016-09-24 19:55 - 2016-09-24 19:55 - 00602112 _____ (OldTimer Tools) C:\Users\Pentium\Desktop\OTL_www.INSTALKI.pl.exe 2016-09-23 20:25 - 2016-09-23 20:25 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-23 20:25 - 2016-09-23 20:25 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-09-23 20:24 - 2016-09-27 13:29 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-23 20:24 - 2016-09-27 13:05 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-23 20:24 - 2016-09-23 20:24 - 00004046 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-09-23 20:24 - 2016-09-23 20:24 - 00003794 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-09-23 17:25 - 2016-09-25 19:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-09-23 15:15 - 2016-09-23 15:15 - 00000000 ____D C:\d5dd33b6629f78a238d61c40a6b5 2016-09-21 23:16 - 2016-09-21 23:16 - 00000000 ____D C:\9c2732b0ec142f00e108077096 2016-09-21 22:10 - 2016-09-21 22:13 - 00000000 ____D C:\Program Files (x86)\Microsoft programy 2016-09-21 21:59 - 2016-09-21 21:59 - 00000000 ____D C:\Windows\system32\EventProviders 2016-09-21 21:57 - 2016-09-26 10:58 - 00000000 ___DX C:\Users\Pentium\Desktop\programy microsoft 2016-09-21 21:34 - 2016-09-21 21:34 - 00000000 ____D C:\Windows\CheckSur 2016-09-21 20:55 - 2016-09-22 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPlanet Software Assistant 2016-09-21 20:55 - 2016-09-21 20:55 - 00003312 _____ C:\Windows\System32\Tasks\SoftPlanet Software Assistant 2016-09-21 20:55 - 2016-09-21 20:55 - 00000000 ____D C:\Users\Pentium\AppData\Local\SoftPlanet 2016-09-21 20:53 - 2016-09-21 20:53 - 00000000 ____D C:\Users\Pentium\AppData\Roaming\Opera Software 2016-09-21 20:53 - 2016-09-21 20:53 - 00000000 ____D C:\Users\Pentium\AppData\Local\Opera Software 2016-09-21 20:53 - 2016-09-21 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin 2016-09-21 20:52 - 2016-09-21 20:52 - 00000000 ____D C:\Users\Pentium\AppData\Roaming\One System Care 2016-09-21 20:52 - 2016-09-21 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care 2016-09-21 20:52 - 2016-09-21 20:52 - 00000000 ____D C:\ProgramData\0f1bf1b9-33a7-0 2016-09-21 20:52 - 2016-09-21 20:52 - 00000000 ____D C:\ProgramData\0f1bf1b9-1133-1 2016-09-21 20:50 - 2016-09-21 21:18 - 00000000 ____D C:\Users\Pentium\AppData\Local\Ahvworks 2016-09-21 20:49 - 2016-09-21 21:06 - 00000000 ____D C:\Users\Pentium\AppData\Local\Adkvworks 2016-09-21 20:48 - 2016-09-21 21:17 - 00000000 ____D C:\ProgramData\SearchModule 2016-09-21 20:47 - 2016-09-21 21:17 - 00000000 ____D C:\Program Files (x86)\Windows Loader 2016-09-21 18:43 - 2016-09-21 21:17 - 00000000 ____D C:\40c3a6088209894440 2016-09-19 22:18 - 2016-09-19 22:18 - 00000000 ____D C:\3ef9578f9377e55f03949873d59228 2016-09-19 21:47 - 2016-09-19 21:49 - 564744309 _____ C:\Users\Pentium\Desktop\Windows6.1-KB947821-v34-x64.msu 2016-09-19 21:32 - 2016-09-19 21:32 - 00000000 ____D C:\411f75cae57fc3253d64 2016-09-17 20:59 - 2016-09-21 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast 2016-09-17 20:59 - 2016-09-21 21:17 - 00000000 ____D C:\Program Files (x86)\SopCast 2016-09-17 20:59 - 2016-09-17 20:59 - 00000000 ____D C:\Users\Pentium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast 2016-09-17 18:13 - 2016-09-17 18:13 - 00003538 _____ C:\Windows\System32\Tasks\PPI Update 2016-09-17 07:44 - 2016-09-21 21:18 - 00000000 ____D C:\978a62075b40bf7cbc0628e2a9988a6f 2016-09-15 21:21 - 2016-09-21 21:18 - 00000000 ____D C:\797215a677c2dbae3465 2016-09-15 17:28 - 2016-09-21 21:13 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits 2016-09-14 11:07 - 2016-09-21 21:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subsystem for UNIX-based Applications 2016-09-14 11:07 - 2016-09-21 21:17 - 00000000 ____D C:\Windows\system32\msmq 2016-09-14 11:07 - 2016-09-21 21:17 - 00000000 ____D C:\Windows\SUA 2016-09-14 08:28 - 2016-09-26 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-14 08:28 - 2016-09-14 08:28 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-09-14 08:28 - 2016-09-14 08:28 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-09-11 21:17 - 2016-09-13 21:03 - 00000000 ____D C:\Users\Pentium\Doctor Web 2016-09-10 19:33 - 2016-09-12 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WGA Remover 2016-09-07 19:55 - 2016-09-12 11:05 - 00000000 ____D C:\27acb90d9b821c2b5f3bebdaaa2e4527 2016-09-07 19:18 - 2016-09-12 11:05 - 00000000 ____D C:\a9a506632e5e72877477 2016-09-05 20:10 - 2016-09-05 20:21 - 29021806 ___RX C:\Users\Pentium\Desktop\Suntour (Workshop Book) Instrukcja Serwisowa.7z ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-27 13:46 - 2016-05-08 18:01 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-27 13:18 - 2009-07-14 06:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-27 13:18 - 2009-07-14 06:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-27 13:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-27 13:04 - 2008-01-01 01:37 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-26 22:29 - 2015-11-17 16:56 - 00000000 ____D C:\Users\Pentium\AppData\Roaming\uTorrent 2016-09-25 21:54 - 2015-12-03 22:23 - 00000000 ____D C:\Users\Pentium\AppData\Roaming\vlc 2016-09-25 19:16 - 2015-11-03 16:47 - 00000000 ____D C:\ProgramData\TEMP 2016-09-25 19:12 - 2015-11-09 14:34 - 00000000 ____D C:\Program Files (x86)\UltraISO 2016-09-22 13:03 - 2015-11-17 19:22 - 00000000 ___RD C:\Users\Pentium\Desktop\Nvidia 2016-09-22 12:51 - 2016-08-19 20:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-22 12:41 - 2015-11-03 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-22 12:41 - 2015-11-03 16:45 - 00000000 ____D C:\Users\Pentium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-21 23:20 - 2009-07-14 07:08 - 00032520 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-09-21 21:19 - 2015-10-23 13:15 - 00000000 ____D C:\Users\Pentium 2016-09-21 21:17 - 2010-11-21 15:03 - 00000000 ____D C:\Program Files\Windows Journal 2016-09-21 21:17 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-09-21 21:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2016-09-21 21:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv 2016-09-21 21:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2016-09-21 21:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PLA 2016-09-21 21:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-09-21 21:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-09-21 21:12 - 2016-07-13 21:53 - 00000000 ____D C:\inetpub 2016-09-19 21:16 - 2015-10-23 13:45 - 00000000 ____D C:\Program Files (x86)\Google 2016-09-17 18:41 - 2015-10-23 13:45 - 00000000 ____D C:\Users\Pentium\AppData\Local\Google 2016-09-17 18:39 - 2015-11-23 12:16 - 00000000 ____D C:\Program Files\Common Files\Canon 2016-09-16 20:19 - 2016-03-25 08:10 - 00850778 _____ C:\Windows\ntbtlog.txt 2016-09-14 19:12 - 2010-11-21 14:53 - 00753978 _____ C:\Windows\system32\perfh015.dat 2016-09-14 19:12 - 2010-11-21 14:53 - 00162210 _____ C:\Windows\system32\perfc015.dat 2016-09-14 09:51 - 2010-11-21 15:03 - 00000000 ____D C:\Windows\ShellNew 2016-09-14 09:41 - 2009-07-14 05:20 - 00000000 ____D C:\PerfLogs 2016-09-13 21:47 - 2016-05-08 18:01 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-09-13 21:47 - 2016-04-01 16:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-09-13 21:47 - 2016-04-01 16:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-13 21:46 - 2015-11-09 13:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-09-13 21:46 - 2015-11-09 13:57 - 00000000 ____D C:\Windows\system32\Macromed 2016-09-13 21:14 - 2016-04-01 17:04 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-12 11:05 - 2015-11-03 22:58 - 00000000 ____D C:\Program Files (x86)\WGA Remover 2016-09-10 19:16 - 2016-05-31 10:11 - 00000000 ____D C:\Users\Pentium\AppData\Local\ElevatedDiagnostics 2016-09-05 12:35 - 2015-11-17 20:30 - 00000000 ____D C:\Users\Pentium\AppData\Roaming\XMedia Recode 2016-09-05 12:35 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-10-23 13:53 - 2015-10-23 13:53 - 0007605 _____ () C:\Users\Pentium\AppData\Local\Resmon.ResmonCfg 2016-05-02 10:15 - 2016-05-02 10:15 - 0000000 _____ () C:\Users\Pentium\AppData\Local\{5045074D-431C-46D2-9964-FCB71CD1137C} Niektóre pliki w TEMP: ==================== C:\Users\Pentium\AppData\Local\Temp\Removewat Final__9774_il22934.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-09-17 19:02 ==================== Koniec FRST.txt ============================