Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 04-10-2016 Uruchomiony przez Adam (administrator) ADAM-KOMPUTER (07-10-2016 18:08:16) Uruchomiony z C:\Users\Adam\Desktop\naprawa komputerow - zhackowana strona Załadowane profile: Adam (Dostępne profile: Adam) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\Winamp\winampa.exe () C:\Program Files\AVG Web TuneUp\vprot.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-05-04] (Nero AG) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [36352 2008-04-01] () HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5308688 2016-08-26] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2180680 2016-09-30] () HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-08-18] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1278920 2015-08-18] (NVIDIA Corporation) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-09-13] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-2696700359-2503137183-1314882984-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [149040 2007-05-04] (Nero AG) HKU\S-1-5-21-2696700359-2503137183-1314882984-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [29547136 2016-08-17] (Skype Technologies S.A.) HKU\S-1-5-21-2696700359-2503137183-1314882984-1001\...\MountPoints2: {878fd864-9dc3-11e4-aaad-806e6f6e6963} - G:\Launch.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-21] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-02-10] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{FFD1B602-5467-4350-8F2A-7F7384FEAB6F}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1445982696&z=1af9da319f2a64796c6a49cgcz5z8wdtabeo3q4tfq&from=dae&uid=st3250410as_6ry6dn07xxxx6ry6dn07&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1445982696&z=1af9da319f2a64796c6a49cgcz5z8wdtabeo3q4tfq&from=dae&uid=st3250410as_6ry6dn07xxxx6ry6dn07&q={searchTerms} HKU\S-1-5-21-2696700359-2503137183-1314882984-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP SearchScopes: HKLM -> DefaultScope - brak wartości SearchScopes: HKU\S-1-5-21-2696700359-2503137183-1314882984-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E4FE2881-5B5A-4992-988F-41AD1FA2BDEA}&mid=f7e1d75593dd47cd9fcdd1a95adf06da-477740586ab7e2ef46f330033230d3b792368eab&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=fr&d=2015-05-05 12:49:54&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-09-30] (AVG) FireFox: ======== FF DefaultProfile: kg0mj3w5.default FF DefaultProfile: aw2d3slu.default FF ProfilePath: C:\Users\Adam\AppData\Roaming\OpenFM\Profiles\kg0mj3w5.default [2015-06-07] FF ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\aw2d3slu.default [2016-10-07] FF Extension: (AVG Web TuneUp) - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\aw2d3slu.default\Extensions\avg@toolbar.xpi [2016-09-30] FF Extension: (Google Translator for Firefox) - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\aw2d3slu.default\Extensions\translator@zoli.bod.xpi [2016-04-28] FF Extension: (Adblock Plus) - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\aw2d3slu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF SearchPlugin: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\aw2d3slu.default\searchplugins\avg-secure-search.xml [2016-10-07] FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\aw2d3slu.default\extensions\deskCutv2@gmail.com => nie znaleziono FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-09-30] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [Brak pliku] FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-02-17] (Cuminas Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) Chrome: ======= CHR dev: Chrome dev build wykryto! <======= UWAGA ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [674552 2016-08-26] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4109856 2016-08-26] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [945936 2016-09-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [632632 2016-08-26] (AVG Technologies CZ, s.r.o.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2015-08-18] (NVIDIA Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [270600 2016-07-19] (McAfee, Inc.) S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer2749.exe [235776 2015-12-15] (MustangService) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2015-08-18] (NVIDIA Corporation) R2 vToolbarUpdater40.3.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [1349704 2016-09-30] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-09-10] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-09-30] () ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [256256 2016-08-23] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [210176 2016-07-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [201984 2016-08-02] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.) R0 avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [Brak podpisu cyfrowego] R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [Brak podpisu cyfrowego] S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-01] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-08-18] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2015-08-18] (NVIDIA Corporation) R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [Brak podpisu cyfrowego] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-10-07 18:06 - 2016-10-07 18:08 - 00000000 ____D C:\FRST 2016-10-07 16:20 - 2016-10-07 18:08 - 00000000 ____D C:\Users\Adam\Desktop\naprawa komputerow - zhackowana strona 2016-10-07 14:38 - 2016-10-07 14:41 - 00000000 ____D C:\ProgramData\F-Secure 2016-10-07 14:38 - 2016-10-07 14:38 - 00000000 ____D C:\Users\Adam\AppData\Local\F-Secure 2016-10-07 14:38 - 2016-10-07 14:38 - 00000000 ____D C:\Users\Adam\AppData\Local\FSDART 2016-10-07 13:16 - 2016-10-07 13:17 - 06425184 _____ (Tim Kosse) C:\Users\Adam\Downloads\FileZilla_3.22.1_win32-setup.exe 2016-10-02 13:00 - 2016-10-02 12:34 - 02644395 _____ C:\Users\Adam\Desktop\marshall-rosenberg-porozumienie-bez-przemocy.pdf 2016-09-23 23:25 - 2016-09-25 19:43 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-09-21 13:30 - 2016-08-05 17:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-09-14 11:13 - 2016-09-01 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-09-14 11:13 - 2016-09-01 05:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-09-14 11:13 - 2016-09-01 04:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-09-14 11:13 - 2016-09-01 04:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-09-14 11:13 - 2016-09-01 04:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-09-14 11:13 - 2016-09-01 04:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-09-14 11:13 - 2016-09-01 04:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-09-14 11:13 - 2016-09-01 04:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-09-14 11:13 - 2016-09-01 04:14 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-09-14 11:13 - 2016-09-01 04:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-09-14 11:13 - 2016-09-01 03:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-09-14 11:13 - 2016-09-01 03:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-09-14 11:13 - 2016-09-01 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-09-14 11:13 - 2016-09-01 03:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-09-14 11:13 - 2016-09-01 03:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-09-14 11:13 - 2016-09-01 03:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-09-14 11:13 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-09-14 11:13 - 2016-09-01 03:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-09-14 11:13 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-09-14 11:13 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-09-14 11:12 - 2016-09-02 17:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2016-09-14 11:12 - 2016-09-02 17:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-09-14 11:12 - 2016-09-02 17:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-09-14 11:12 - 2016-09-02 17:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-09-14 11:12 - 2016-09-02 17:18 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-09-14 11:12 - 2016-09-02 17:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-09-14 11:12 - 2016-09-02 16:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-09-14 11:12 - 2016-09-02 16:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-09-14 11:12 - 2016-09-02 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-09-14 11:12 - 2016-09-02 16:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-09-14 11:12 - 2016-09-02 16:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-09-14 11:12 - 2016-09-02 16:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-09-14 11:12 - 2016-09-02 16:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-09-14 11:12 - 2016-09-02 16:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-09-14 11:12 - 2016-09-02 16:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-09-14 11:12 - 2016-09-02 16:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-09-14 11:12 - 2016-09-02 16:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-09-14 11:12 - 2016-09-02 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-09-14 11:12 - 2016-09-02 16:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-09-14 11:12 - 2016-09-01 05:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-09-14 11:12 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-09-14 11:12 - 2016-09-01 04:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-09-14 11:12 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-09-14 11:12 - 2016-09-01 04:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-09-14 11:12 - 2016-09-01 04:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-09-14 11:12 - 2016-09-01 04:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-09-14 11:12 - 2016-09-01 04:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-09-14 11:12 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-09-14 11:12 - 2016-09-01 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-09-14 11:12 - 2016-09-01 03:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-09-14 11:12 - 2016-09-01 03:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-09-14 11:12 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-09-14 11:12 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-09-14 11:12 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-09-14 11:12 - 2016-08-16 04:48 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-09-14 11:12 - 2016-08-16 04:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-09-14 11:12 - 2016-08-12 18:21 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-09-14 11:12 - 2016-08-12 18:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-09-14 11:12 - 2016-08-12 18:21 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-09-14 11:12 - 2016-08-06 17:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-09-14 11:12 - 2016-07-07 17:20 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-09-14 11:12 - 2016-07-07 17:20 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2016-09-14 11:12 - 2016-07-07 17:20 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2016-09-14 11:12 - 2016-07-07 16:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2016-09-14 11:12 - 2016-07-01 17:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-09-14 11:12 - 2016-07-01 17:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-09-14 11:12 - 2016-06-06 17:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-09-14 11:12 - 2016-06-06 17:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-09-14 11:12 - 2016-06-06 17:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2016-09-14 11:12 - 2016-06-06 17:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2016-09-14 11:12 - 2016-05-13 23:50 - 02945536 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-09-14 11:12 - 2016-05-13 23:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-09-14 11:12 - 2016-05-13 23:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-09-14 11:12 - 2016-05-13 23:39 - 02060288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-09-14 11:12 - 2016-05-13 23:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-09-14 11:12 - 2016-05-13 23:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-09-14 11:12 - 2016-05-13 23:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-09-14 11:12 - 2016-05-13 23:38 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-09-14 11:12 - 2016-05-13 23:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-09-14 11:12 - 2016-05-13 23:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-09-14 11:12 - 2016-05-13 23:38 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-09-14 11:12 - 2016-05-12 17:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll 2016-09-14 11:12 - 2016-05-12 17:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-09-14 11:12 - 2016-05-04 19:21 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-09-14 11:12 - 2016-05-04 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-09-14 11:12 - 2016-05-04 19:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-09-14 11:12 - 2016-05-04 19:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-09-14 11:12 - 2016-05-04 19:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-09-14 11:12 - 2016-05-04 19:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-09-14 11:12 - 2016-05-04 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-10-07 18:05 - 2015-01-16 23:28 - 00000000 ____D C:\ProgramData\MFAData 2016-10-07 17:47 - 2009-07-14 06:34 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-07 17:47 - 2009-07-14 06:34 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-07 17:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf 2016-10-07 17:12 - 2015-01-16 23:58 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-10-07 16:01 - 2015-01-26 19:55 - 00009025 _____ C:\Users\Adam\Desktop\godz.txt 2016-10-07 13:21 - 2016-07-03 20:09 - 00000587 _____ C:\Users\Adam\Desktop\dbanie o ciało.txt 2016-10-07 13:17 - 2015-02-10 12:26 - 00000000 ____D C:\Users\Adam\AppData\Roaming\FileZilla 2016-10-07 09:17 - 2016-02-28 08:28 - 00000000 ____D C:\Users\Adam\AppData\Roaming\vlc 2016-10-07 06:33 - 2016-03-13 19:46 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Skype 2016-10-07 06:31 - 2015-10-29 22:36 - 00000000 ____D C:\ProgramData\NVIDIA 2016-10-07 06:31 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-06 17:21 - 2015-01-18 21:44 - 00005648 _____ C:\Users\Adam\Desktop\godziny.txt 2016-10-06 06:52 - 2015-01-17 15:17 - 00000000 ____D C:\Program Files\Opera 2016-10-04 21:12 - 2011-04-12 07:08 - 00739694 _____ C:\Windows\system32\perfh015.dat 2016-10-04 21:12 - 2011-04-12 07:08 - 00155268 _____ C:\Windows\system32\perfc015.dat 2016-10-04 21:12 - 2010-11-20 23:01 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-04 19:09 - 2015-01-16 23:23 - 00000000 __SHD C:\Users\Adam\AppData\Local\EmieUserList 2016-10-04 19:09 - 2015-01-16 23:23 - 00000000 __SHD C:\Users\Adam\AppData\Local\EmieSiteList 2016-10-04 19:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF 2016-10-02 20:35 - 2015-06-06 19:14 - 00000000 ____D C:\Users\Adam\AppData\Local\GG 2016-10-02 13:01 - 2015-12-04 07:47 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashDumps 2016-10-02 07:35 - 2015-06-06 19:14 - 00000000 ____D C:\Users\Adam\AppData\Roaming\GG 2016-10-01 18:53 - 2016-08-08 15:37 - 00000000 ____D C:\Users\Adam\Desktop\muzyka klasyczna do nagrania na plyte 2016-09-30 17:00 - 2015-05-05 12:49 - 00000000 ____D C:\ProgramData\AVG Web TuneUp 2016-09-30 16:59 - 2015-05-05 12:49 - 00000000 ____D C:\Program Files\AVG Web TuneUp 2016-09-30 10:13 - 2015-12-14 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-09-29 22:01 - 2016-04-27 16:28 - 00005745 _____ C:\Users\Adam\Desktop\kuchnia.txt 2016-09-25 19:43 - 2015-01-16 23:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-09-23 19:58 - 2015-03-14 08:43 - 00000000 ____D C:\Users\Adam\Desktop\aukcje i moje 2016-09-23 19:57 - 2016-07-05 10:24 - 00000000 ____D C:\Users\Adam\Desktop\kotwy dlugie i rozpalacz do grilla 2016-09-23 19:57 - 2016-03-16 19:42 - 00000000 ____D C:\Users\Adam\Desktop\praca - pliki z pulpitu domowego komputera 2016-09-23 19:56 - 2015-12-06 20:45 - 00000000 ____D C:\Users\Adam\Desktop\bilety 2016-09-22 07:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2016-09-14 21:27 - 2009-07-14 06:33 - 00286192 _____ C:\Windows\system32\FNTCACHE.DAT 2016-09-14 21:24 - 2015-04-15 16:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-14 21:24 - 2011-04-12 07:17 - 00000000 ____D C:\Windows\ShellNew 2016-09-14 17:23 - 2015-04-15 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-14 11:12 - 2015-01-16 23:58 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-09-14 11:12 - 2015-01-16 23:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-09-14 11:12 - 2015-01-16 23:58 - 00000000 ____D C:\Windows\system32\Macromed 2016-09-14 09:59 - 2015-02-17 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-09-10 07:57 - 2016-03-13 19:46 - 00000000 ___RD C:\Program Files\Skype 2016-09-10 07:57 - 2016-03-13 19:45 - 00000000 ____D C:\ProgramData\Skype 2016-09-08 06:46 - 2009-07-14 06:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-03-03 18:38 - 2015-03-03 18:38 - 0000079 _____ () C:\Program Files\prefs.js 2016-03-02 17:49 - 2016-03-02 17:49 - 0000218 _____ () C:\Users\Adam\AppData\Local\recently-used.xbel 2015-01-16 23:23 - 2015-01-16 23:23 - 0007597 _____ () C:\Users\Adam\AppData\Local\Resmon.ResmonCfg 2015-12-13 19:43 - 2015-12-20 16:27 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt Niektóre pliki w TEMP: ==================== C:\Users\Adam\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Adam\AppData\Local\Temp\avguirn_081465799374.exe C:\Users\Adam\AppData\Local\Temp\avguirn_081777723638.exe C:\Users\Adam\AppData\Local\Temp\avguirn_082068159371.exe C:\Users\Adam\AppData\Local\Temp\avguirn_08277065155.exe C:\Users\Adam\AppData\Local\Temp\avguirn_08328538309.exe C:\Users\Adam\AppData\Local\Temp\avguirn_08440849054.exe C:\Users\Adam\AppData\Local\Temp\avguirn_0851351710.exe C:\Users\Adam\AppData\Local\Temp\avguirn_08607759324.exe C:\Users\Adam\AppData\Local\Temp\avguirn_08877461898.exe C:\Users\Adam\AppData\Local\Temp\avguirn_08891017476.exe C:\Users\Adam\AppData\Local\Temp\DTLite1010-0074.exe C:\Users\Adam\AppData\Local\Temp\GdiPlus.dll C:\Users\Adam\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Adam\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Adam\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\Adam\AppData\Local\Temp\installstats.exe C:\Users\Adam\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\Adam\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\Adam\AppData\Local\Temp\optprosetup.exe C:\Users\Adam\AppData\Local\Temp\sfamcc00001.dll C:\Users\Adam\AppData\Local\Temp\sfareca00001.dll C:\Users\Adam\AppData\Local\Temp\sfextra.dll C:\Users\Adam\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-10-05 07:38 ==================== Koniec FRST.txt ============================