Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 29-01-2017 Uruchomiony przez Seba (administrator) SEBAPC (30-01-2017 21:20:01) Uruchomiony z C:\Users\Seba\Downloads\FRST Załadowane profile: Seba (Dostępne profile: Seba & DefaultAppPool) Platform: Windows 10 Home Wersja 1511 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-23] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google) HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\Run: [Google Update] => C:\Users\Seba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-19] (Google Inc.) HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\Run: [GoogleChromeAutoLaunch_A3AE2B88709917E29C176A59EC07D358] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.) HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\Run: [USB Safely Remove] => C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [6519064 2016-10-16] (Crystal Rich Ltd) HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\...\MountPoints2: {f12e9507-1d97-11e6-b308-bc5ff40a7c84} - "G:\autorun.exe" ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-13] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-01-29] () GroupPolicy: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254 Tcpip\..\Interfaces\{96da6e7f-43f9-4a6d-9947-4daab09f4c9f}: [DhcpNameServer] 37.8.214.2 31.11.202.254 Internet Explorer: ================== HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/ BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\ibf23961.default [2017-01-30] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-03-15] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension FF Extension: (PDF Architect 3 Creator) - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-07-19] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-02-27] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-2441937318-2594584175-3204281650-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Seba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2441937318-2594584175-3204281650-1000: @talk.google.com/O1DPlugin -> C:\Users\Seba\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2441937318-2594584175-3204281650-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Seba\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin HKU\S-1-5-21-2441937318-2594584175-3204281650-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Seba\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Seba\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Seba\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default [2017-01-30] CHR Extension: (Dokumenty Google) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Dysk Google) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Adblock Plus) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28] CHR Extension: (Google Search) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Dropbox dla Gmaila) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-05] CHR Extension: (Adobe Acrobat) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30] CHR Extension: (Dokumenty Google offline) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Gmail) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Extension: (Chrome Media Router) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR Profile: C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-30] CHR Extension: (From Dust) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-01-15] CHR Extension: (Dysk Google) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18] CHR Extension: (YouTube) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18] CHR Extension: (Google Search) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18] CHR Extension: (Gmail offline) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-01-15] CHR Extension: (busuu.com) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\epadnjldocmkadjbopkanclaamocokoo [2014-01-15] CHR Extension: (Pulpit zdalny Chrome) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-19] CHR Extension: (Webcam Toy) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-02-18] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19] CHR Extension: (Picasa) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-15] CHR Extension: (Click&Clean App) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-04-19] CHR Extension: (Gmail) - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18] CHR Profile: C:\Users\Seba\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30] CHR HKU\S-1-5-21-2441937318-2594584175-3204281650-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Brak podpisu cyfrowego] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-23] (NVIDIA Corporation) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-23] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-23] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-23] (NVIDIA Corporation) S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH) S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH) R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego] S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Brak podpisu cyfrowego] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1705752 2016-10-16] (Crystal Rich Ltd) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] () R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-30] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-01-30] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-30] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-01-30] (Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2014-01-12] (Intel Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-01-12] (Synaptics Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-30 21:04 - 2017-01-30 21:04 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-01-30 21:03 - 2017-01-30 21:03 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-01-30 21:03 - 2017-01-30 21:03 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-01-30 21:03 - 2017-01-30 21:03 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-01-30 21:03 - 2017-01-30 21:03 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-01-30 21:03 - 2017-01-30 21:03 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-01-30 21:03 - 2017-01-30 21:03 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-30 21:03 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-01-30 21:02 - 2017-01-30 21:03 - 55566792 _____ (Malwarebytes ) C:\Users\Seba\Downloads\mb3-setup-consumer-3.0.6.1469.exe 2017-01-30 21:01 - 2017-01-30 21:02 - 00002796 _____ C:\Users\Seba\Downloads\FSS.txt 2017-01-30 21:01 - 2017-01-30 21:01 - 00899584 _____ (Farbar) C:\Users\Seba\Downloads\FSS.exe 2017-01-30 20:37 - 2017-01-30 20:37 - 02420736 _____ (Farbar) C:\Users\Seba\Downloads\FRST64 (2).exe 2017-01-30 20:35 - 2017-01-30 21:20 - 00000000 ____D C:\Users\Seba\Downloads\FRST 2017-01-30 09:55 - 2017-01-30 09:55 - 00000189 ____H C:\Users\Seba\Documents\Drawing1.dwl2 2017-01-30 09:55 - 2017-01-30 09:55 - 00000039 ____H C:\Users\Seba\Documents\Drawing1.dwl 2017-01-29 22:21 - 2017-01-29 22:21 - 00000785 _____ C:\Users\Seba\Desktop\Pobrane — skrót.lnk 2017-01-29 22:14 - 2017-01-29 22:22 - 47683808 _____ (Microsoft Corporation) C:\Users\Seba\Downloads\Windows-KB890830-x64-V5.44.exe 2017-01-29 15:33 - 2017-01-29 15:33 - 00000000 ____D C:\Users\Seba\AppData\Local\TeamViewer 2017-01-29 15:30 - 2017-01-29 15:37 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-01-29 15:30 - 2017-01-29 15:30 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-01-29 15:30 - 2017-01-29 15:30 - 00001104 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-01-29 15:30 - 2017-01-29 15:30 - 00000000 ____D C:\Users\Seba\AppData\Roaming\TeamViewer 2017-01-29 15:27 - 2017-01-29 15:29 - 12974632 _____ (TeamViewer GmbH) C:\Users\Seba\Downloads\TeamViewer_Setup_pl.exe 2017-01-29 15:21 - 2017-01-29 15:21 - 142435608 _____ (Microsoft Corporation) C:\Users\Seba\Downloads\msert.exe 2017-01-29 14:17 - 2017-01-29 14:17 - 01304400 _____ C:\Users\Seba\Downloads\Autoruns.zip 2017-01-29 14:02 - 2017-01-29 14:16 - 00000266 __RSH C:\ProgramData\ntuser.pol 2017-01-29 14:02 - 2017-01-29 14:02 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Seba\Downloads\rufus-2.12.exe 2017-01-29 13:59 - 2017-01-29 13:59 - 00119600 _____ (Microsoft Corporation) C:\Users\Seba\Downloads\Windows-KB841290-x86-ENU.exe 2017-01-29 13:59 - 2017-01-29 13:59 - 00000000 ____D C:\Users\Seba\Downloads\md5 2017-01-29 12:23 - 2017-01-29 12:23 - 00668672 _____ (HeiDoc.net) C:\Users\Seba\Downloads\Windows ISO Downloader.exe 2017-01-29 11:33 - 2017-01-29 11:33 - 00380928 _____ C:\Users\Seba\Downloads\wdqsc3ne.exe 2017-01-29 11:29 - 2017-01-29 11:29 - 00380928 _____ C:\Users\Seba\Downloads\pvuq6zlc.exe 2017-01-29 11:24 - 2017-01-29 11:24 - 00380928 _____ C:\Users\Seba\Downloads\53jcshm1.exe 2017-01-29 10:56 - 2017-01-29 10:57 - 02420736 _____ (Farbar) C:\Users\Seba\Downloads\FRST64 (1).exe 2017-01-29 10:41 - 2017-01-29 10:41 - 00359516 _____ C:\WINDOWS\Minidump\012917-63015-01.dmp 2017-01-29 10:20 - 2017-01-30 20:50 - 00000000 ____D C:\Users\Seba\AppData\Roaming\USBSafelyRemove 2017-01-29 10:20 - 2017-01-29 10:20 - 00000000 ____D C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB Safely Remove 2017-01-29 10:20 - 2017-01-29 10:20 - 00000000 ____D C:\ProgramData\USBSRService 2017-01-29 10:19 - 2017-01-29 10:20 - 00000000 ____D C:\Program Files (x86)\USB Safely Remove 2017-01-29 10:19 - 2017-01-29 10:19 - 05707624 _____ (SafelyRemove.com ) C:\Users\Seba\Downloads\usbsafelyremovesetup_5-4-6.exe 2017-01-27 14:19 - 2017-01-27 14:19 - 00539956 _____ C:\WINDOWS\Minidump\012717-25343-01.dmp 2017-01-27 14:08 - 2017-01-27 14:08 - 05145687 _____ C:\Users\Seba\Desktop\Paweł foty.pdf 2017-01-27 14:02 - 2017-01-27 14:02 - 01681717 _____ C:\Users\Seba\Downloads\BATOREGO-umowa rezerwacyjna.pdf 2017-01-26 18:46 - 2017-01-26 18:46 - 00043868 _____ C:\ProgramData\1485452791.428.bin 2017-01-26 18:46 - 2017-01-26 18:46 - 00002053 _____ C:\ProgramData\1485452791.5820.bin 2017-01-26 18:46 - 2017-01-26 18:46 - 00000418 _____ C:\ProgramData\1485452791.80.bin 2017-01-26 13:55 - 2017-01-26 13:55 - 00045260 _____ C:\ProgramData\1485435293.bdinstall.bin 2017-01-26 13:54 - 2017-01-26 18:46 - 10606640 _____ C:\Users\Seba\Downloads\Antivirus_Free_Edition_x64.exe 2017-01-26 13:54 - 2017-01-26 13:54 - 00000000 ____D C:\Users\Seba\AppData\Roaming\QuickScan 2017-01-26 13:53 - 2017-01-26 13:54 - 00196944 _____ C:\Users\Seba\Downloads\Antivirus_Free_Edition.exe 2017-01-25 16:51 - 2017-01-25 16:51 - 00685267 _____ C:\Users\Seba\Downloads\Rekuperacja co to jest jak działa.pdf 2017-01-25 15:39 - 2017-01-25 15:39 - 00414828 _____ C:\WINDOWS\Minidump\012517-29843-01.dmp 2017-01-19 18:16 - 2017-01-19 18:18 - 00000000 ____D C:\Users\Seba\Desktop\z pendrive 01_19 2017-01-19 17:43 - 2017-01-19 17:43 - 00000189 ____H C:\Users\Seba\Downloads\zabudowa tarasu-1387_4-ZMIANA PROPONOWANA.dwl2 2017-01-19 17:43 - 2017-01-19 17:43 - 00000039 ____H C:\Users\Seba\Downloads\zabudowa tarasu-1387_4-ZMIANA PROPONOWANA.dwl 2017-01-19 16:11 - 2017-01-20 16:47 - 00000000 ____D C:\Users\Seba\AppData\Roaming\vlc 2017-01-19 16:11 - 2017-01-19 16:11 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk 2017-01-19 16:11 - 2017-01-19 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2017-01-19 16:10 - 2017-01-19 16:10 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2017-01-19 16:09 - 2017-01-19 16:10 - 30533688 _____ C:\Users\Seba\Downloads\vlc-2.2.4-win32.exe 2017-01-19 16:06 - 2017-01-20 10:45 - 00000000 ____D C:\Users\Seba\Desktop\Nagrania 13.01.2017 2017-01-17 16:21 - 2017-01-17 16:21 - 01590889 _____ C:\Users\Seba\Downloads\Paweł (1).pdf 2017-01-17 16:10 - 2017-01-17 16:10 - 00059739 _____ C:\Users\Seba\Downloads\pko_trans_details_20170117_161002.pdf 2017-01-17 16:10 - 2017-01-17 16:10 - 00059730 _____ C:\Users\Seba\Downloads\przelew_pomoc_Paweł Bogusz.pdf 2017-01-17 16:00 - 2017-01-17 16:00 - 01840667 _____ C:\Users\Seba\Downloads\zabudowa tarasu-1387_4-ZMIANA PROPONOWANA.dwg 2017-01-17 15:53 - 2017-01-17 15:53 - 01590889 _____ C:\Users\Seba\Downloads\Paweł.pdf 2017-01-17 15:50 - 2017-01-17 15:50 - 01590889 _____ C:\Users\Seba\Desktop\Paweł.pdf 2017-01-17 15:50 - 2017-01-17 15:50 - 00000775 _____ C:\Users\Seba\Documents\Pulpit — skrót.lnk 2017-01-13 15:18 - 2017-01-13 15:18 - 00579446 _____ C:\Users\Seba\Downloads\stół sąd Jasło wersja 5.pdf 2017-01-12 18:25 - 2017-01-12 18:25 - 00673188 _____ C:\Users\Seba\Downloads\PZT Renata i Dawid Trybus_ GAZ.dwg 2017-01-12 17:57 - 2017-01-12 17:58 - 01112394 _____ C:\Users\Seba\Downloads\Projekt budowlany - wykonawczy.rar 2017-01-12 16:30 - 2017-01-12 16:31 - 58908464 _____ C:\Users\Seba\Downloads\Załącznik nr 2 - Dokumentacja techniczna.zip ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-30 21:20 - 2014-01-29 12:27 - 00000000 ____D C:\FRST 2017-01-30 21:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-01-30 21:03 - 2014-02-08 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-30 20:53 - 2015-11-29 14:11 - 02128776 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-30 20:53 - 2015-10-30 20:19 - 00921548 _____ C:\WINDOWS\system32\perfh015.dat 2017-01-30 20:53 - 2015-10-30 20:19 - 00203630 _____ C:\WINDOWS\system32\perfc015.dat 2017-01-30 20:53 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2017-01-30 20:48 - 2016-02-19 19:18 - 00000000 ____D C:\ProgramData\NVIDIA 2017-01-30 20:48 - 2015-11-29 14:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-01-30 20:38 - 2014-01-12 16:21 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-30 16:50 - 2014-01-12 21:51 - 00004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE19EDE1-045F-4924-972D-EC87D616A401} 2017-01-30 02:00 - 2014-07-22 05:28 - 00000000 ____D C:\Users\Seba\AppData\Local\Adobe 2017-01-29 22:22 - 2014-01-14 00:17 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-01-29 15:45 - 2015-11-29 14:03 - 04891832 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-01-29 15:15 - 2015-11-29 14:32 - 00000000 ____D C:\Users\Seba\AppData\Local\Packages 2017-01-29 14:26 - 2016-02-19 21:01 - 00000000 ____D C:\Users\Seba\AppData\Local\CrashDumps 2017-01-29 14:06 - 2014-01-29 16:54 - 00105614 _____ C:\WINDOWS\diagerr.xml 2017-01-29 14:06 - 2014-01-29 16:54 - 00002207 _____ C:\WINDOWS\diagwrn.xml 2017-01-29 14:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2017-01-29 14:02 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-01-29 11:30 - 2015-11-29 14:11 - 00000000 ____D C:\Users\Seba 2017-01-29 11:01 - 2016-02-18 20:27 - 00074407 _____ C:\Users\Seba\Downloads\Shortcut.txt 2017-01-29 11:01 - 2016-02-18 20:26 - 00054902 _____ C:\Users\Seba\Downloads\Addition.txt 2017-01-29 11:01 - 2016-02-18 20:25 - 00030850 _____ C:\Users\Seba\Downloads\FRST.txt 2017-01-29 10:41 - 2016-06-15 13:59 - 00000000 ____D C:\WINDOWS\Minidump 2017-01-26 18:48 - 2014-01-12 16:19 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-26 18:47 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2017-01-26 14:03 - 2015-09-16 14:39 - 00000000 ____D C:\Users\Seba\AppData\Local\ElevatedDiagnostics 2017-01-25 15:45 - 2016-01-28 15:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-17 16:57 - 2016-02-16 17:20 - 12469364 _____ C:\Users\Seba\Desktop\ekologika FOLDER.cdr 2017-01-14 21:51 - 2016-02-17 13:10 - 12068720 _____ C:\Users\Seba\Desktop\Kopia_zapasowa_ekologika FOLDER.cdr 2017-01-12 16:45 - 2014-01-26 11:19 - 00000000 ____D C:\Users\Seba\Desktop\tymczasowe 2017-01-12 11:01 - 2014-12-24 16:45 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-01-11 11:38 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-01-11 11:38 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-01-10 19:35 - 2016-12-16 18:38 - 02171992 _____ C:\Users\Seba\Downloads\KONSTRUKCJA-DO WGLĄDU.dwg ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-02-08 18:04 - 2014-02-08 18:05 - 0005813 _____ () C:\Users\Seba\AppData\Roaming\LiveSupport.exe_log.txt 2014-02-13 19:24 - 2014-02-13 19:24 - 0000132 _____ () C:\Users\Seba\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG 2014-02-08 18:04 - 2014-02-08 18:05 - 0000092 _____ () C:\Users\Seba\AppData\Roaming\regsvr32.exe_log.txt 2014-01-16 15:14 - 2016-04-22 14:05 - 0001496 _____ () C:\Users\Seba\AppData\Local\Adobe Zapisz dla Internetu 12.0 Prefs 2014-09-12 00:29 - 2014-09-12 00:29 - 0007604 _____ () C:\Users\Seba\AppData\Local\Resmon.ResmonCfg 2017-01-26 13:55 - 2017-01-26 13:55 - 0045260 _____ () C:\ProgramData\1485435293.bdinstall.bin 2017-01-26 18:46 - 2017-01-26 18:46 - 0043868 _____ () C:\ProgramData\1485452791.428.bin 2017-01-26 18:46 - 2017-01-26 18:46 - 0002053 _____ () C:\ProgramData\1485452791.5820.bin 2017-01-26 18:46 - 2017-01-26 18:46 - 0000418 _____ () C:\ProgramData\1485452791.80.bin 2014-01-13 07:20 - 2015-12-02 00:02 - 0007947 _____ () C:\ProgramData\hpzinstall.log 2014-01-13 14:00 - 2014-01-13 14:00 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-27 09:54 ==================== Koniec FRST.txt ============================