Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 04-12-2016 Uruchomiony przez pro (administrator) MUSIC-KOMPUTER (05-12-2016 10:53:03) Uruchomiony z C:\ Załadowane profile: pro (Dostępne profile: pro) Platform: Windows 7 Home Premium (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Farbar) C:\FRST64 (program do raportu stanu komp).exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2638897488-2920314227-267183847-1000\...\MountPoints2: G - G:\Run.exe HKU\S-1-5-21-2638897488-2920314227-267183847-1000\...\MountPoints2: {4fc113c7-4af6-11e2-8c5d-806e6f6e6963} - G:\Run.exe GroupPolicy: Ograniczenia <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.251 Tcpip\..\Interfaces\{CCE21497-E57B-44C1-9AC1-20715A04B1AC}: [DhcpNameServer] 192.168.10.251 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 HKU\S-1-5-21-2638897488-2920314227-267183847-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 HKU\S-1-5-21-2638897488-2920314227-267183847-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=945&r=2013/06/13&hid=1078179105&lg=EN&cc=PL&unqvl=20 SearchScopes: HKU\S-1-5-21-2638897488-2920314227-267183847-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 SearchScopes: HKU\S-1-5-21-2638897488-2920314227-267183847-1000 -> {4BEC11CB-5388-47AB-A1E7-62C649414070} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_NL&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^NL&apn_uid=3CE4D79A-4EB9-4116-BE43-16BAE37755BF&apn_sauid=20EF0918-C6CC-4DD7-931F-032786455ADE SearchScopes: HKU\S-1-5-21-2638897488-2920314227-267183847-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=945&r=2013/06/13&hid=1078179105&lg=EN&cc=PL&unqvl=20 BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation) Toolbar: HKU\S-1-5-21-2638897488-2920314227-267183847-1000 -> Brak nazwy - {D4027C7F-154A-4066-A1AD-4243D8127440} - Brak pliku DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U848988489884&ts=1374860347 FireFox: ======== FF DefaultProfile: xz2k1ath.default FF ProfilePath: C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\xz2k1ath.default [2016-12-03] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: (Eset Plugin) - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-04-15] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-11-07] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-01-23] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-11-07] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-01-23] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2015-05-01] (Nexon) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-09-19] (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-09-19] (globalUpdate) FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [Brak pliku] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default [2016-01-21] CHR Extension: (summer games) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\agkocbbjgcfpodcpdfpenidadocpcmlj [2015-04-07] CHR Extension: (Dokumenty Google) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07] CHR Extension: (Dysk Google) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (Video Downloader professional) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-01-14] CHR Extension: (Dokumenty Google offline) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25] CHR Extension: (AdBlock) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-20] CHR Extension: (mopiffhbcoggbhmlnmgobalhofjjcoab) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopiffhbcoggbhmlnmgobalhofjjcoab [2015-04-07] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10] CHR Extension: (Gmail) - C:\Users\pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR HKLM-x32\...\Chrome\Extension: [odpccdgkmiicgocepijnaeihjnjnomca] - C:\Program Files (x86)\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx StartMenuInternet: Google Chrome.XMFX2T45ROI77KD2SZZDJDVNJM - C:\Users\pro\AppData\Local\Google\Chrome\Application\chrome.exe Opera: ======= OPR Extension: (summer games) - C:\Users\pro\AppData\Roaming\Opera Software\Opera Stable\Extensions\agkocbbjgcfpodcpdfpenidadocpcmlj [2015-04-07] OPR Extension: (TotalPlus01-3.1V19.09) - C:\Users\pro\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb [2014-09-19] OPR Extension: (Brak nazwy) - C:\Users\pro\AppData\Roaming\Opera Software\Opera Stable\Extensions\mopiffhbcoggbhmlnmgobalhofjjcoab [2015-04-07] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [Brak podpisu cyfrowego] S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [23296 2009-11-16] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [735960 2009-11-16] (ESET) S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Brak podpisu cyfrowego] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [Brak podpisu cyfrowego] S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1316080 2016-11-23] (Overwolf LTD) R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [Brak podpisu cyfrowego] R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-06] (Copyright 2013 SAMSUNG) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Brak podpisu cyfrowego] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 Update LinkSwift; "C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe" [X] S2 Util LinkSwift; "C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe" [X] S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () S3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited) R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [145336 2009-11-16] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [136584 2009-11-16] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [169080 2009-12-18] (ESET) R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33608 2010-01-08] (ESET) R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [44944 2009-12-18] (ESET) S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [126768 2013-07-08] (Focusrite Audio Engineering Limited.) S3 Forte_UAC2Audio; C:\Windows\System32\DRIVERS\Forte_UAC2Audio.sys [93568 2014-09-01] (Focusrite Audio Engineering Limited.) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-20] () S3 L6UX2; C:\Windows\System32\Drivers\L6UX264.sys [772224 2012-03-26] (Line 6) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-03] (Duplex Secure Ltd.) S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [120104 2013-09-20] (Yamaha Corporation) U3 a9dcpj59; C:\Windows\System32\Drivers\a9dcpj59.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder) U3 ap4a8kzb; C:\Windows\System32\Drivers\ap4a8kzb.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-05 10:50 - 2016-12-05 11:36 - 02419200 _____ (Farbar) C:\FRST64 (program do raportu stanu komp).exe 2016-12-05 10:50 - 2016-12-05 10:53 - 00016364 _____ C:\FRST.txt 2016-12-05 10:50 - 2016-12-05 10:50 - 00000000 ____D C:\FRST 2016-12-03 20:25 - 2016-12-03 20:50 - 00261480 _____ C:\Windows\ntbtlog.txt 2016-11-29 20:04 - 2016-11-29 20:04 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA% 2016-11-07 18:36 - 2016-11-09 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-12-05 10:52 - 2016-06-27 18:12 - 00003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings 2016-12-05 10:52 - 2016-05-31 19:57 - 00000000 ____D C:\Users\pro\AppData\Local\CrashDumps 2016-12-05 10:52 - 2015-04-07 11:21 - 00001322 _____ C:\Windows\Tasks\summer_games_notification_service.job 2016-12-05 10:52 - 2015-04-07 11:21 - 00000984 _____ C:\Windows\Tasks\C0FIP3aJax.job 2016-12-05 10:52 - 2014-09-19 23:14 - 00002442 _____ C:\Windows\Tasks\b2aa7731-cf88-46bb-a8bb-27eb5660b264-5_user.job 2016-12-05 10:52 - 2014-09-19 23:14 - 00002442 _____ C:\Windows\Tasks\b2aa7731-cf88-46bb-a8bb-27eb5660b264-5.job 2016-12-05 10:52 - 2014-09-19 23:14 - 00001478 _____ C:\Windows\Tasks\7db55852-7510-429d-b390-8f3d268ab42d.job 2016-12-05 10:52 - 2014-09-19 23:13 - 00004492 _____ C:\Windows\Tasks\b2aa7731-cf88-46bb-a8bb-27eb5660b264-11.job 2016-12-05 10:52 - 2014-09-19 23:13 - 00003810 _____ C:\Windows\Tasks\b2aa7731-cf88-46bb-a8bb-27eb5660b264-4.job 2016-12-05 10:52 - 2014-09-19 23:13 - 00003810 _____ C:\Windows\Tasks\b2aa7731-cf88-46bb-a8bb-27eb5660b264-3.job 2016-12-05 10:52 - 2014-09-19 23:13 - 00003466 _____ C:\Windows\Tasks\b2aa7731-cf88-46bb-a8bb-27eb5660b264-7.job 2016-12-05 10:52 - 2014-09-19 23:13 - 00003466 _____ C:\Windows\Tasks\b2aa7731-cf88-46bb-a8bb-27eb5660b264-6.job 2016-12-05 10:52 - 2014-09-19 23:13 - 00002782 _____ C:\Windows\Tasks\b2aa7731-cf88-46bb-a8bb-27eb5660b264-1.job 2016-12-05 10:52 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-05 10:50 - 2009-07-14 18:55 - 00751924 _____ C:\Windows\system32\perfh015.dat 2016-12-05 10:50 - 2009-07-14 18:55 - 00159302 _____ C:\Windows\system32\perfc015.dat 2016-12-05 10:50 - 2009-07-14 06:13 - 01693138 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-05 10:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-12-03 21:09 - 2014-04-10 09:28 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-03 20:46 - 2016-01-02 19:13 - 00000266 __RSH C:\ProgramData\ntuser.pol 2016-12-03 20:46 - 2013-07-24 20:55 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2016-12-03 20:43 - 2013-10-09 19:16 - 00000000 ____D C:\Windows\pss 2016-12-03 20:38 - 2015-09-18 16:36 - 00000000 ____D C:\Users\pro\AppData\Local\Overwolf 2016-11-29 20:02 - 2015-09-18 16:42 - 00000000 ____D C:\Program Files (x86)\Overwolf 2016-11-29 19:58 - 2016-06-27 18:12 - 00000002 _____ C:\END 2016-11-29 19:57 - 2012-12-29 18:16 - 00000000 ____D C:\Users\pro\AppData\Roaming\Ableton 2016-11-17 06:24 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-17 06:24 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-17 06:23 - 2013-01-13 20:21 - 00004350 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5CC9214E-31A9-4F78-A2B4-A218A0AEFEFA} 2016-11-17 06:19 - 2015-01-13 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-11-09 20:09 - 2014-04-10 09:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-11-09 20:09 - 2014-04-10 09:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-11-09 20:09 - 2014-04-10 09:28 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-11-09 20:09 - 2014-04-10 09:28 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-09 20:09 - 2013-06-03 15:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-11-07 17:57 - 2012-12-20 00:06 - 00000000 ____D C:\Users\pro\AppData\Roaming\AIMP3 ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-03-31 09:14 - 2015-03-31 09:14 - 0005655 _____ () C:\Users\pro\AppData\Roaming\C0FIP3aJax 2015-03-31 09:14 - 2015-03-31 09:14 - 0005655 _____ () C:\Users\pro\AppData\Roaming\cLE9HCg 2013-01-18 17:49 - 2015-08-17 16:28 - 0000208 _____ () C:\Users\pro\AppData\Roaming\msregsvv.dll 2013-12-28 14:42 - 2015-02-25 16:58 - 0013312 _____ () C:\Users\pro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-27 10:03 - 2014-12-27 10:04 - 0000000 _____ () C:\Users\pro\AppData\Local\{CAD0D4EF-42C8-4550-8990-E8590DA3B51E} 2013-01-18 17:49 - 2015-08-17 16:28 - 0000208 _____ () C:\ProgramData\autobk.inc ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-10-09 15:10 ==================== Koniec FRST.txt ============================