Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 28-01-2017 01 Uruchomiony przez Admin (administrator) ASUSP8Z68VLX (29-01-2017 13:20:18) Uruchomiony z C:\Users\Admin\Downloads Załadowane profile: Admin (Dostępne profile: Admin) Platform: Windows 7 Enterprise Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-05] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-2953119984-1137956692-2323332510-1000\...\Run: [zabsdll.exe] => C:\Users\Admin\AppData\Roaming\Micorsoft\NetProfiler\zabsdll.exe [994816 2015-08-16] () HKU\S-1-5-21-2953119984-1137956692-2323332510-1000\...\Run: [xHHuaTIlq7ah7lmg] => C:\Users\Admin\AppData\Roaming\lORoXkvpbymAtVNB\MKiWf5.lnk [740 2017-01-29] () HKU\S-1-5-21-2953119984-1137956692-2323332510-1000\...\Run: [msiql] => C:\Users\Admin\AppData\Local\Temp\00007460\msiql.exe [2072064 2017-01-29] () <===== UWAGA HKU\S-1-5-21-2953119984-1137956692-2323332510-1000\...\MountPoints2: {ec52d79c-a81a-11e2-917d-c8600069c87c} - E:\NokiaPCIA_Autorun.exe HKU\S-1-5-18\...\Run: [] => 0 ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> Brak pliku ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-01-29] () Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk [2014-11-20] ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\..\Interfaces\{7349778E-8954-41F6-9B57-37C4FEF42861}: [NameServer] 8.8.8.8 8.8.4.4 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2953119984-1137956692-2323332510-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\S-1-5-21-2953119984-1137956692-2323332510-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => Brak pliku CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => Brak pliku CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-01-29] CHR Extension: (Prezentacje Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-31] CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Dysk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Arkusze Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-31] CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-29] () R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [Brak podpisu cyfrowego] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [389392 2016-11-02] (EasyAntiCheat Ltd) S2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-01-29] () [Brak podpisu cyfrowego] <==== UWAGA S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Brak podpisu cyfrowego] S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-31] () [Brak podpisu cyfrowego] R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-01-29] () S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-24] (Electronic Arts) S2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-24] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-09-03] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony) S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [X] S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [Brak podpisu cyfrowego] R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2012-03-29] (ASUSTeK Computer Inc.) S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-04-22] (EnTech Taiwan) R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-01-29] (WinMount International Inc) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-29 13:20 - 2017-01-29 13:20 - 00016052 _____ C:\Users\Admin\Downloads\FRST.txt 2017-01-29 13:19 - 2017-01-29 13:20 - 00000000 ____D C:\FRST 2017-01-29 13:18 - 2017-01-29 13:19 - 02420736 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2017-01-29 13:02 - 2017-01-29 13:14 - 00000000 ____D C:\Program Files\Reimage 2017-01-29 13:02 - 2017-01-29 13:03 - 00000140 _____ C:\Windows\Reimage.ini 2017-01-29 13:02 - 2017-01-29 13:02 - 00604928 _____ (Reimage) C:\Users\Admin\Downloads\ReimageRepair.exe 2017-01-29 12:45 - 2017-01-29 12:45 - 00000000 ____D C:\ProgramData\TEMP 2017-01-29 12:39 - 2017-01-29 12:39 - 00000000 ____D C:\Users\Admin\AppData\Local\AdvinstAnalytics 2017-01-29 12:36 - 2017-01-29 12:45 - 00000000 ____D C:\Program Files\żěŃą 2017-01-29 12:36 - 2017-01-29 12:43 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-01-29 12:36 - 2017-01-29 12:36 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys 2017-01-29 12:36 - 2017-01-29 12:36 - 00003430 _____ C:\Windows\System32\Tasks\UCBrowserUpdater 2017-01-29 12:36 - 2017-01-29 12:36 - 00003382 _____ C:\Windows\System32\Tasks\KuaiZip_Update 2017-01-29 12:36 - 2017-01-29 12:36 - 00002556 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore 2017-01-29 12:36 - 2017-01-29 12:36 - 00000456 _____ C:\Windows\Tasks\UCBrowserUpdater.job 2017-01-29 12:36 - 2017-01-29 12:36 - 00000292 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job 2017-01-29 12:36 - 2017-01-29 12:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Softlink 2017-01-29 12:36 - 2017-01-29 12:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\KuaiZip 2017-01-29 12:36 - 2017-01-29 12:36 - 00000000 ____D C:\Users\Admin\AppData\Local\UCBrowser 2017-01-29 12:35 - 2017-01-29 13:20 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job 2017-01-29 12:35 - 2017-01-29 13:20 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job 2017-01-29 12:35 - 2017-01-29 13:20 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job 2017-01-29 12:35 - 2017-01-29 12:39 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job 2017-01-29 12:35 - 2017-01-29 12:35 - 01620992 _____ C:\ProgramData\service.exe 2017-01-29 12:35 - 2017-01-29 12:35 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian 2017-01-29 12:35 - 2017-01-29 12:35 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard 2017-01-29 12:35 - 2017-01-29 12:35 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange 2017-01-29 12:35 - 2017-01-29 12:35 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater 2017-01-29 12:35 - 2017-01-29 12:35 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3 2017-01-29 12:35 - 2017-01-29 12:35 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2 2017-01-29 12:35 - 2017-01-29 12:35 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1 2017-01-29 12:35 - 2017-01-29 12:35 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-01-29 12:35 - 2017-01-29 12:35 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-01-29 12:35 - 2017-01-29 12:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microleaves 2017-01-29 12:35 - 2017-01-29 12:35 - 00000000 ____D C:\Users\Admin\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk 2017-01-29 12:35 - 2017-01-29 12:35 - 00000000 ____D C:\Program Files (x86)\Microleaves 2017-01-27 12:35 - 2017-01-27 12:35 - 00099031 _____ C:\Users\Admin\Downloads\ZK 15995_2016 (2).pdf 2017-01-27 12:32 - 2017-01-27 12:32 - 00098468 _____ C:\Users\Admin\Downloads\ZK 1514_2017 (1).pdf 2017-01-27 12:30 - 2017-01-27 12:30 - 00098468 _____ C:\Users\Admin\Downloads\ZK 1514_2017.pdf 2017-01-24 21:06 - 2017-01-24 21:06 - 00013223 _____ C:\Users\Admin\Desktop\matowe elementy na szkle wersja 1 (1).pdf 2017-01-24 21:05 - 2017-01-24 21:05 - 00014545 _____ C:\Users\Admin\Downloads\matowe elementy na szkle wersja 2.pdf 2017-01-24 21:05 - 2017-01-24 21:05 - 00013223 _____ C:\Users\Admin\Downloads\matowe elementy na szkle wersja 1 (1).pdf 2017-01-24 21:01 - 2017-01-24 21:01 - 00161762 _____ C:\Users\Admin\Desktop\bernard.pdf 2017-01-19 19:41 - 2017-01-23 22:22 - 00000814 _____ C:\Users\Public\Desktop\ChallengeMe.GG Client.lnk 2017-01-19 19:41 - 2017-01-23 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChallengeMe.GG Client 2017-01-17 18:04 - 2017-01-17 18:04 - 00000000 ____D C:\Users\Admin\AppData\Local\TeamSpeak 3 2017-01-17 18:04 - 2017-01-17 18:04 - 00000000 ____D C:\Users\Admin\.TeamSpeak 3 2017-01-17 18:03 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-01-17 18:03 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-01-16 18:43 - 2017-01-16 18:43 - 00142092 _____ C:\Users\Admin\Desktop\tymka akademia.pdf 2017-01-15 13:46 - 2016-11-02 20:22 - 00389392 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2017-01-14 11:59 - 2017-01-14 11:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia 2017-01-11 10:33 - 2017-01-11 10:33 - 00526345 _____ C:\Users\Admin\Downloads\ModlinBus.pl_bilety_2460427.pdf 2017-01-11 10:33 - 2017-01-11 10:33 - 00526345 _____ C:\Users\Admin\Downloads\ModlinBus.pl_bilety_2460427 (1).pdf 2017-01-10 20:05 - 2017-01-10 20:05 - 00132603 _____ C:\Users\Admin\Downloads\ADT BALLISTIC 30-20 KLEJ UV ŚREDNIEJ LEPKOŚCI.pdf 2017-01-10 19:42 - 2017-01-10 19:42 - 00000835 _____ C:\Users\Admin\Downloads\winmail.dat 2017-01-02 18:06 - 2017-01-02 18:06 - 00002214 _____ C:\Users\Public\Desktop\Xperia Companion.lnk 2017-01-02 18:06 - 2017-01-02 18:06 - 00000000 ____D C:\Users\Admin\Documents\Sony 2017-01-02 18:06 - 2017-01-02 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2017-01-02 18:06 - 2017-01-02 18:06 - 00000000 ____D C:\Program Files\Sony 2017-01-02 18:06 - 2017-01-02 18:06 - 00000000 ____D C:\Program Files (x86)\Sony 2017-01-02 18:05 - 2017-01-02 18:05 - 49290112 _____ (Sony) C:\Users\Admin\AppData\Local\pcc.exe 2016-12-31 12:47 - 2016-12-31 12:47 - 00017174 _____ C:\Users\Admin\Downloads\bariery.docx 2016-12-30 16:45 - 2016-12-30 16:45 - 00003402 _____ C:\Users\Admin\Downloads\bbara.docx ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-29 13:13 - 2016-10-08 18:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-29 13:13 - 2016-10-08 18:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Discord 2017-01-29 13:12 - 2012-03-29 20:38 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{82628F1C-6264-4803-A1A2-3A7A04150B0B} 2017-01-29 13:11 - 2014-09-12 07:09 - 00002520 _____ C:\Users\Admin\Desktop\Program uruchamiający aplikacje Chrome.lnk 2017-01-29 13:11 - 2012-11-28 18:22 - 00002476 _____ C:\Users\Admin\Desktop\Google Chrome.lnk 2017-01-29 13:11 - 2012-11-28 18:22 - 00002412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-29 13:11 - 2012-03-29 20:05 - 00001502 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-01-29 13:11 - 2012-03-29 20:05 - 00001468 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2017-01-29 12:59 - 2009-07-14 13:43 - 00743786 _____ C:\Windows\system32\perfh015.dat 2017-01-29 12:59 - 2009-07-14 13:43 - 00157268 _____ C:\Windows\system32\perfc015.dat 2017-01-29 12:59 - 2009-07-14 06:13 - 01679338 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-29 12:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-01-29 12:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2017-01-29 12:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-29 12:37 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-01-29 01:58 - 2016-04-16 16:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Battle.net 2017-01-28 21:58 - 2016-04-16 16:46 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-01-28 10:31 - 2009-07-14 05:45 - 00444528 _____ C:\Windows\system32\FNTCACHE.DAT 2017-01-27 21:12 - 2012-03-29 20:23 - 00113872 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2017-01-27 21:03 - 2012-12-05 18:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TS3Client 2017-01-27 16:27 - 2016-10-25 18:32 - 00000000 ____D C:\Users\Admin\Desktop\zz 2017-01-22 17:11 - 2016-09-03 17:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Curse Client 2017-01-21 12:30 - 2015-10-31 18:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-19 19:13 - 2015-05-27 18:41 - 00000000 ____D C:\Users\Admin\AppData\Local\Arma 3 Launcher 2017-01-18 18:20 - 2012-04-03 16:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer 2017-01-17 18:04 - 2012-03-29 20:04 - 00000000 ____D C:\Users\Admin 2017-01-17 18:03 - 2014-10-22 15:20 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-16 13:20 - 2012-06-05 19:52 - 00000151 _____ C:\Windows\PhotoSnapViewer.INI 2017-01-15 00:04 - 2016-10-08 18:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\discord 2017-01-11 18:52 - 2015-10-31 18:37 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Pliki w katalogu głównym wybranych folderów ======= 2012-11-01 13:06 - 2013-03-27 20:33 - 0000000 _____ () C:\Users\Admin\AppData\Roaming\adu.xml 2015-11-28 16:18 - 2015-11-28 16:17 - 5920256 _____ () C:\Users\Admin\AppData\Roaming\setup.msi 2013-06-08 11:28 - 2013-06-08 11:28 - 0043008 ___SH () C:\Users\Admin\AppData\Roaming\Thumbs.db 2017-01-02 18:05 - 2017-01-02 18:05 - 49290112 _____ (Sony) C:\Users\Admin\AppData\Local\pcc.exe 2012-03-30 19:36 - 2012-03-31 20:57 - 0007604 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2015-11-29 20:53 - 2015-11-29 20:53 - 0000000 _____ () C:\ProgramData\4euF3LPU 2015-11-28 16:18 - 2015-11-28 16:18 - 0675856 _____ () C:\ProgramData\MKiWf5 2015-11-28 16:18 - 2015-11-28 16:18 - 0078496 _____ () C:\ProgramData\MKiWf5.au3 2015-11-29 20:53 - 2015-11-28 16:18 - 7715745 _____ (Microsoft Corporation) C:\ProgramData\MKiWf5.backup 2015-11-28 16:18 - 2015-11-28 16:18 - 0750320 _____ (AutoIt Team) C:\ProgramData\MKiWf5.exe 2015-11-29 20:53 - 2015-11-29 20:53 - 0000046 _____ () C:\ProgramData\MKiWf5.folder 2015-11-29 20:53 - 2015-11-29 20:53 - 0000056 _____ () C:\ProgramData\MKiWf5.path 2017-01-29 12:35 - 2017-01-29 12:35 - 1620992 _____ () C:\ProgramData\service.exe 2014-06-13 16:03 - 2014-06-13 16:03 - 0000000 _____ () C:\ProgramData\spds90.txt Pliki do przeniesienia lub usunięcia: ==================== C:\Users\Admin\AppData\Local\Temp\00007460\msiql.exe C:\ProgramData\MKiWf5.exe C:\ProgramData\service.exe Niektóre pliki w TEMP: ==================== 2017-01-29 13:02 - 2017-01-29 13:02 - 13414504 _____ (Reimage) C:\Users\Admin\AppData\Local\Temp\ReimagePackage.exe 2016-08-07 12:57 - 2016-08-07 12:57 - 42012288 _____ (Skype Technologies S.A.) C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe 2011-11-03 15:13 - 2011-11-03 15:13 - 1786688 _____ () C:\Users\Admin\AppData\Local\Temp\sonarinst.exe 2017-01-14 14:03 - 2017-01-17 18:02 - 14773216 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe 2017-01-02 18:05 - 2017-01-02 18:05 - 48843976 _____ (Sony) C:\Users\Admin\AppData\Local\Temp\xcs75DE.tmp.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll [2012-03-30 18:34] - [2012-07-08 17:28] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2012-03-30 19:33] - [2012-07-08 17:28] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-23 15:48 ==================== Koniec FRST.txt ============================