Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 29-01-2017 Uruchomiony przez Wiktoria (administrator) WIKTORIA-HP (31-01-2017 19:52:46) Uruchomiony z C:\Users\Wiktoria\Desktop Załadowane profile: Wiktoria (Dostępne profile: Wiktoria) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Users\Wiktoria\Desktop\winsdk_web.exe (Microsoft) C:\df4dd9d5d8eb9f1cf4f734f057435ff4\setup.exe (Microsoft) C:\df4dd9d5d8eb9f1cf4f734f057435ff4\Setup\SDKSetup.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-10-18] (Motorola Solutions, Inc.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2290663448-2838584728-535068250-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-2290663448-2838584728-535068250-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2290663448-2838584728-535068250-1000\...\Policies\system: [DisableChangePassword] 0 ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-06-23] (EasyBits Software Corp.) Startup: C:\Users\Wiktoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 3510 series (sieć).lnk [2017-01-31] ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 3510 series (sieć).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.141.1 Tcpip\..\Interfaces\{11F34B6D-C96D-401C-9D79-42B5C6ACCB78}: [DhcpNameServer] 192.168.141.1 Tcpip\..\Interfaces\{8C7ABC78-4E47-4C2A-BBD3-2EAFECF0881F}: [DhcpNameServer] 192.168.141.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-2290663448-2838584728-535068250-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=180&d=20140616 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=180&d=20140616 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2290663448-2838584728-535068250-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ HKU\S-1-5-21-2290663448-2838584728-535068250-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {EC25EA9A-63F7-42F6-A76C-29C817088386} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {EC25EA9A-63F7-42F6-A76C-29C817088386} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2290663448-2838584728-535068250-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2290663448-2838584728-535068250-1000 -> {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20120821&user_guid=FED5EEED5E164A52B7773A65AF3F79D3&machine_id=a00745a25dd4f0ebb6ad3dd82f9a434a&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source} SearchScopes: HKU\S-1-5-21-2290663448-2838584728-535068250-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2290663448-2838584728-535068250-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=113679&tt=3412_6&babsrc=SP_ss&mntrId=9489022a000000000000ac7289c2f46c SearchScopes: HKU\S-1-5-21-2290663448-2838584728-535068250-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKU\S-1-5-21-2290663448-2838584728-535068250-1000 -> {CFCA8DF2-4245-4F5C-B411-99D560CDB861} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^FR&apn_uid=17003E8B-34DD-4072-A8E0-8BB896AF0391&apn_sauid=6F2AA961-C6EE-47C5-8243-285B60F6A9CB SearchScopes: HKU\S-1-5-21-2290663448-2838584728-535068250-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-2290663448-2838584728-535068250-1000 -> {EC25EA9A-63F7-42F6-A76C-29C817088386} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-17] (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Brak nazwy -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Brak pliku BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: StartNow Toolbar Helper -> {6E13D095-45C3-4271-9475-F3B48227DD9F} -> Brak pliku BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-17] (HP) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient.dll [2012-03-27] (Yontoo LLC) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-2290663448-2838584728-535068250-1000 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku FireFox: ======== FF ProfilePath: C:\Users\Wiktoria\AppData\Roaming\Mozilla\Firefox\Profiles\6y24tz6s.default [2017-01-31] FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\6y24tz6s.default -> Ask.com FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6y24tz6s.default -> Ask.com FF Homepage: Mozilla\Firefox\Profiles\6y24tz6s.default -> hxxp://www.gazeta.pl/0,0.html?p=180&d=20140616 FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2013-04-12] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll [2013-03-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll [2013-03-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Brak pliku] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp CHR StartupUrls: Default -> "hxxp://www.google.pl/" CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms} CHR DefaultSearchKeyword: Default -> search.ask.com CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => Brak pliku CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => Brak pliku CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => Brak pliku CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Brak pliku CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Brak pliku CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => Brak pliku CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Brak pliku CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => Brak pliku CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => Brak pliku CHR Profile: C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default [2017-01-31] CHR Extension: (Website Logon) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2014-10-27] CHR Extension: (Adblock Plus) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27] CHR Extension: (Adobe Acrobat) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30] CHR Extension: (Bing) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-06] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Chrome Media Router) - C:\Users\Wiktoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR HKU\S-1-5-21-2290663448-2838584728-535068250-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11] CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Wiktoria\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Wiktoria\AppData\Local\Temp\YontooLayers.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-20] (ESET) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [Brak podpisu cyfrowego] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 AVerAF35; C:\Windows\System32\Drivers\HPAF35.sys [511104 2009-10-19] (Hewlett-Packard) R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-20] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-20] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-20] (ESET) S3 HPIR; C:\Windows\System32\DRIVERS\HPIR.sys [93184 2009-11-16] (Hewlett-Packard) S3 AIDA64Driver; \??\C:\Users\Wiktoria\Desktop\Portable AIDA64 5.75.3900 Business PL\Portable AIDA64 5.75.3900 Business PL\App\AIDA64Business\kerneld.x64 [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-31 19:55 - 2017-01-31 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64) 2017-01-31 19:55 - 2017-01-31 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64) 2017-01-31 19:55 - 2017-01-31 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier 2017-01-31 19:55 - 2017-01-31 19:55 - 00000000 ____D C:\Program Files\Debugging Tools for Windows (x64) 2017-01-31 19:55 - 2017-01-31 19:55 - 00000000 ____D C:\Program Files\Application Verifier (x64) 2017-01-31 19:55 - 2017-01-31 19:55 - 00000000 ____D C:\Program Files (x86)\Application Verifier 2017-01-31 19:52 - 2017-01-31 19:56 - 00024107 _____ C:\Users\Wiktoria\Desktop\FRST.txt 2017-01-31 19:52 - 2017-01-31 19:52 - 00000000 ____D C:\FRST 2017-01-31 19:50 - 2017-01-31 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1 2017-01-31 19:50 - 2017-01-31 19:51 - 02420736 _____ (Farbar) C:\Users\Wiktoria\Desktop\FRST64.exe 2017-01-31 19:50 - 2017-01-31 19:50 - 00000000 ____D C:\Program Files\Microsoft SDKs 2017-01-31 19:47 - 2017-01-31 19:47 - 00509264 _____ (Microsoft Corporation) C:\Users\Wiktoria\Desktop\winsdk_web.exe 2017-01-31 19:47 - 2017-01-31 19:47 - 00000000 ____D C:\df4dd9d5d8eb9f1cf4f734f057435ff4 2017-01-31 19:43 - 2017-01-31 19:43 - 00998056 _____ (Microsoft Corporation) C:\Users\Wiktoria\Desktop\sdksetup.exe 2017-01-31 19:42 - 2017-01-31 19:42 - 01735400 _____ (Microsoft Corporation) C:\Users\Wiktoria\Desktop\adksetup.exe 2017-01-31 18:53 - 2017-01-31 18:53 - 00267514 _____ C:\Users\Wiktoria\Documents\cc_20170131_185326.reg 2017-01-31 18:52 - 2017-01-31 18:52 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-01-31 18:52 - 2017-01-31 18:52 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-01-31 18:51 - 2017-01-31 18:52 - 08813488 _____ (Piriform Ltd) C:\Users\Wiktoria\Desktop\ccsetup526.exe 2017-01-31 13:54 - 2017-01-31 13:54 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{0B6F9A5C-5FBE-4F75-A8A5-D824B10C35D5} 2017-01-31 09:06 - 2017-01-31 09:06 - 00024064 _____ C:\Users\Wiktoria\Desktop\wesele.wiz 2017-01-26 19:54 - 2017-01-26 19:54 - 00183390 _____ C:\Users\Wiktoria\Downloads\P.Marta Legocka (3).pdf 2017-01-26 19:48 - 2017-01-26 19:48 - 00183390 _____ C:\Users\Wiktoria\Downloads\P.Marta Legocka (2).pdf 2017-01-26 15:23 - 2017-01-26 15:23 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{E7AB5BF8-FB28-4F18-9E40-C09890A2FFAF} 2017-01-25 17:35 - 2017-01-25 17:35 - 00183390 _____ C:\Users\Wiktoria\Downloads\P.Marta Legocka (1).pdf 2017-01-25 15:24 - 2017-01-25 15:24 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{125149E8-5DA7-456F-A8B2-0507219C2B69} 2017-01-25 14:14 - 2017-01-25 14:14 - 00183390 _____ C:\Users\Wiktoria\Downloads\P.Marta Legocka.pdf 2017-01-23 12:09 - 2017-01-23 12:09 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{18746879-F7B1-4171-BE5F-76B374A141FC} 2017-01-21 11:06 - 2017-01-21 11:06 - 00035730 _____ C:\Users\Wiktoria\Downloads\201702 luty.pdf 2017-01-19 18:38 - 2017-01-19 18:38 - 00039377 _____ C:\Users\Wiktoria\Downloads\pdfdoc-1.pdf 2017-01-17 19:08 - 2017-01-17 19:08 - 00038265 _____ C:\Users\Wiktoria\Downloads\Potwierdzenie_transakcji_nr_0001464109_170117.pdf 2017-01-17 16:31 - 2017-01-17 16:31 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{3960D5C1-0358-4BB6-90FF-CDDFAB85A07B} 2017-01-17 13:02 - 2017-01-17 13:02 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{081D0039-7E9B-4BD2-8A57-72CA8D8B5BE9} 2017-01-17 12:46 - 2017-01-17 12:46 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{D4EBD7BE-8BF1-4826-8D2D-123982097961} 2017-01-13 19:55 - 2017-01-13 19:55 - 00029368 _____ C:\ComboFix.txt 2017-01-13 19:45 - 2017-01-13 19:56 - 00000000 ____D C:\ComboFix 2017-01-13 19:41 - 2017-01-13 19:41 - 05659349 ____R (Swearware) C:\ComboFix.exe 2017-01-13 16:37 - 2017-01-13 16:37 - 00779631 _____ C:\Users\Wiktoria\Downloads\344450.pdf 2017-01-11 08:15 - 2017-01-11 08:15 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{742EDC22-7FD0-4E78-B883-F583A3CA246C} 2017-01-11 07:58 - 2017-01-05 19:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-01-11 07:58 - 2017-01-05 19:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-01-11 07:58 - 2017-01-05 19:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-01-11 07:58 - 2017-01-05 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-01-11 07:58 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-01-11 07:58 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-01-11 07:58 - 2017-01-05 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-01-11 07:58 - 2017-01-05 18:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-01-11 07:58 - 2017-01-05 18:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-01-11 07:58 - 2017-01-05 18:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-01-11 07:58 - 2017-01-05 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-01-11 07:58 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-01-11 07:58 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-01-10 10:05 - 2017-01-10 10:05 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{3CF71513-09C3-4435-B658-6C26E3CF392B} 2017-01-10 09:37 - 2017-01-10 09:37 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{57B0BDA3-69DC-4EDE-B883-AB934F058D84} 2017-01-09 13:37 - 2017-01-09 13:37 - 00028278 _____ C:\Users\Wiktoria\Downloads\transfer_20170109.pdf 2017-01-09 11:19 - 2017-01-09 11:19 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{39D32816-CC54-46A7-8C50-C66F21BD7FEF} 2017-01-09 11:05 - 2017-01-09 11:05 - 00137886 _____ C:\Users\Wiktoria\Downloads\68406148_926.pdf 2017-01-06 12:21 - 2017-01-06 12:21 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{087035D1-814F-4174-AF2F-730A66EAA3F3} 2017-01-04 20:57 - 2017-01-04 20:57 - 00137643 _____ C:\Users\Wiktoria\Downloads\68406148_850.pdf 2017-01-04 10:35 - 2017-01-04 10:36 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{F2F015B8-4CB8-4A08-A04D-C5024ABE3686} 2017-01-02 11:57 - 2017-01-02 11:57 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\{B1FD7DD6-2EE3-428F-9CF2-7D427951FB36} ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-01-31 19:50 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-01-31 19:37 - 2012-06-12 09:37 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B6E5BDF0-B39E-423A-BFB1-939FC650FCE2} 2017-01-31 19:24 - 2016-08-31 20:01 - 00007667 _____ C:\Users\Wiktoria\AppData\Local\resmon.resmoncfg 2017-01-31 19:14 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-31 19:14 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-31 19:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-01-31 19:03 - 2012-06-12 09:33 - 00000000 ____D C:\Users\Wiktoria\AppData\LocalLow\AuthenTec 2017-01-31 19:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-31 18:56 - 2012-08-21 13:23 - 00000000 ____D C:\Users\Wiktoria\AppData\Roaming\Media Player Classic 2017-01-31 18:56 - 2012-07-19 04:39 - 00000000 ____D C:\Windows\Minidump 2017-01-31 18:56 - 2012-07-09 14:22 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\CrashDumps 2017-01-31 18:55 - 2012-06-12 14:53 - 00000000 ____D C:\Users\Wiktoria\AppData\Roaming\Skype 2017-01-31 18:52 - 2016-08-29 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-01-31 18:52 - 2016-08-29 21:56 - 00000000 ____D C:\Program Files\CCleaner 2017-01-31 15:02 - 2016-09-06 23:53 - 00000280 _____ C:\Windows\Tasks\WinThruster_DEFAULT.job 2017-01-30 13:34 - 2016-05-18 22:28 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForWiktoria 2017-01-30 13:34 - 2016-05-18 22:28 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForWiktoria.job 2017-01-24 10:03 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-01-21 14:21 - 2016-09-06 19:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-20 18:30 - 2016-03-22 08:43 - 00000000 ____D C:\Users\Wiktoria\AppData\Local\ElevatedDiagnostics 2017-01-16 21:25 - 2011-06-24 01:41 - 00740688 _____ C:\Windows\system32\perfh015.dat 2017-01-16 21:25 - 2011-06-24 01:41 - 00156230 _____ C:\Windows\system32\perfc015.dat 2017-01-16 21:25 - 2009-07-14 06:13 - 01670590 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-14 09:37 - 2012-06-12 14:53 - 00000000 ____D C:\ProgramData\Skype 2017-01-13 19:55 - 2016-08-31 19:41 - 00000000 ____D C:\Qoobox 2017-01-13 19:53 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2017-01-11 18:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2017-01-11 15:21 - 2014-12-26 08:19 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-01-11 12:50 - 2013-08-03 06:26 - 00000000 ____D C:\Windows\system32\MRT 2017-01-11 12:46 - 2012-07-18 21:12 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-08-31 20:18 - 2016-08-31 20:18 - 0001281 _____ () C:\Users\Wiktoria\AppData\Local\PDLSetup.20160831.211801.txt 2016-08-31 20:01 - 2017-01-31 19:24 - 0007667 _____ () C:\Users\Wiktoria\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-01-23 08:45 ==================== Koniec FRST.txt ============================