Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 27-02-2017 01 Uruchomiony przez Daniel (administrator) GATOR (01-03-2017 15:58:56) Uruchomiony z C:\Users\Daniel\Desktop\programy do czysczenia kompa\frst Załadowane profile: Daniel (Dostępne profile: Daniel) Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (ESET) C:\Program Files\ESET\ESET Smart Security Premium\egui.exe (ClanServers Hosting LLC) D:\Program Files (x86)\GameTracker\GSInGameService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (DEVGURU Co., LTD.) D:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-4075855626-25370417-906772903-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> Brak pliku ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{DC7DFA9E-965E-4950-A9B4-7E28A03A368C}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4075855626-25370417-906772903-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-10] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-10] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a1e0xbp2.default-1488379295630 [2017-03-01] FF Extension: (uBlock Origin) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a1e0xbp2.default-1488379295630\Extensions\uBlock0@raymondhill.net.xpi [2017-03-01] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] () FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-10] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe Chrome: ======= CHR DefaultProfile: Profile 4 CHR StartupUrls: Profile 4 -> "hxxps://www.google.pl/" CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-01] <==== UWAGA CHR Extension: (Dysk Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-28] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-28] CHR Extension: (Arkusze Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-28] CHR Extension: (Dokumenty Google offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-28] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-28] CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-28] CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-28] CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2017-03-01] CHR Extension: (Brak nazwy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-14] CHR Extension: (Brak nazwy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-14] CHR Extension: (Brak nazwy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14] CHR Extension: (Brak nazwy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-14] CHR Extension: (Brak nazwy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14] CHR Extension: (uBlock) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2015-11-14] CHR Extension: (Brak nazwy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-14] CHR Extension: (Brak nazwy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Adblocker for Youtube™) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgngmogcnpkcbknmcgpnooljecgadk [2017-02-28] CHR Extension: (Auto Replay for YouTube™) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2016-12-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (Brak nazwy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-14] CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-28] CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-01] CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-03-01] CHR Extension: (Prezentacje Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-01] CHR Extension: (Dokumenty Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-01] CHR Extension: (Dysk Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01] CHR Extension: (Arkusze Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-01] CHR Extension: (Dokumenty Google offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-01] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-01] CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01] CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-01] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 Disc Soft Lite Bus Service; D:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd) R2 ekrn; C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe [2836296 2016-12-14] (ESET) S3 EvoSvc; E:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-10-16] (Echobit LLC) R2 GS In-Game Service; D:\Program Files (x86)\GameTracker\GSInGameService.exe [1677080 2013-12-19] (ClanServers Hosting LLC) S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [51456888 2010-03-25] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-05-13] () S4 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies) R2 ss_conn_service; D:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.) S3 Te.Service; D:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Brak podpisu cyfrowego] R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony) S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-16] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-16] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106768 2017-01-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET) R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [49672 2017-01-17] (ESET) R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [77616 2017-01-17] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [60536 2017-01-17] (ESET) R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [96856 2017-01-17] (ESET) S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 V0260VID; C:\Windows\System32\DRIVERS\V0260Vid.sys [189664 2007-07-18] (Creative Technology Ltd.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-03-01 15:41 - 2017-03-01 15:41 - 00000000 ____D C:\Users\Daniel\Desktop\Stare dane programu Firefox 2017-03-01 15:32 - 2017-03-01 15:32 - 00000008 __RSH C:\ProgramData\ntuser.pol 2017-03-01 15:27 - 2017-03-01 15:52 - 00000000 ____D C:\Users\Daniel\Desktop\programy do czysczenia kompa 2017-02-28 18:33 - 2017-02-28 18:33 - 514644904 _____ C:\Windows\MEMORY.DMP 2017-02-28 18:33 - 2017-02-28 18:33 - 00274088 _____ C:\Windows\Minidump\022817-18595-01.dmp 2017-02-28 18:33 - 2017-02-28 18:33 - 00000000 ____D C:\Windows\Minidump 2017-02-28 18:11 - 2017-03-01 15:58 - 00000000 ____D C:\FRST 2017-02-28 18:10 - 2017-03-01 15:54 - 00001910 _____ C:\Users\Daniel\Desktop\NAPRAWA PC.txt 2017-02-28 17:49 - 2017-02-28 17:49 - 00020262 _____ C:\ComboFix.txt 2017-02-28 17:36 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2017-02-28 17:36 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2017-02-28 17:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-02-28 17:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-02-28 17:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-02-28 17:36 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2017-02-28 17:36 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2017-02-28 17:36 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2017-02-28 17:34 - 2017-02-28 17:49 - 00000000 ____D C:\Qoobox 2017-02-28 17:34 - 2017-02-28 17:47 - 00000000 ____D C:\Windows\erdnt 2017-02-28 17:33 - 2017-02-28 17:34 - 05660168 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe 2017-02-28 15:50 - 2017-02-28 15:50 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Lavasoft 2017-02-28 15:50 - 2017-02-28 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-Aware SE Personal 2017-02-28 15:50 - 2017-02-28 15:50 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2017-02-28 15:31 - 2017-03-01 15:49 - 00000000 ____D C:\AdwCleaner 2017-02-28 15:23 - 2017-02-28 15:23 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Ghokerkreuvock 2017-02-28 15:07 - 2017-03-01 15:32 - 00000008 __RSH C:\Users\Daniel\ntuser.pol 2017-02-28 15:01 - 2017-02-28 15:01 - 00000000 ____D C:\Users\Daniel\AppData\Local\ESET 2017-02-28 14:58 - 2017-02-28 14:58 - 00002083 _____ C:\Users\Public\Desktop\Ochrona bankowości internetowej.lnk 2017-02-28 14:58 - 2017-02-28 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2017-02-28 14:58 - 2017-02-28 14:58 - 00000000 ____D C:\ProgramData\ESET 2017-02-28 14:58 - 2017-02-28 14:58 - 00000000 ____D C:\Program Files\ESET 2017-02-28 14:02 - 2017-02-28 14:02 - 00006032 _____ C:\Windows\System32\Tasks\Butspplikule System 2017-02-28 14:01 - 2017-02-28 15:59 - 00000000 ____D C:\Program Files (x86)\Codtheraternity 2017-02-28 14:01 - 2017-02-28 14:53 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\isMiner 2017-02-28 14:01 - 2017-02-28 14:05 - 00000000 ____D C:\Users\Daniel\AppData\Local\Drertu 2017-02-28 14:01 - 2017-02-28 14:01 - 00001092 _____ C:\Users\Daniel\Desktop\Play Warframe.lnk 2017-02-28 14:01 - 2017-02-28 14:01 - 00001082 _____ C:\Users\Daniel\Desktop\Play WarThunder.lnk 2017-02-28 13:55 - 2017-03-01 15:29 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-02-28 13:54 - 2017-02-28 13:54 - 00000837 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk 2017-02-28 13:53 - 2017-02-28 13:53 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-02-28 13:53 - 2017-02-28 13:53 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-02-28 13:53 - 2017-02-28 13:53 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\UCChannel 2017-02-25 19:33 - 2017-02-25 19:33 - 00000000 ____D C:\Users\Daniel\Desktop\ProjectRome.b914 2017-02-24 15:06 - 2017-02-24 15:06 - 00001097 _____ C:\Users\Daniel\Desktop\Battlefield Bad Company 2 — skrót.lnk 2017-02-23 22:56 - 2017-02-23 22:56 - 00000020 _____ C:\Users\Daniel\Desktop\Nowy dokument tekstowy (6).txt 2017-02-23 21:37 - 2017-02-23 21:54 - 00000000 ____D C:\Users\Daniel\Documents\BFBC2 2017-02-21 02:12 - 2017-02-21 02:12 - 01988189 _____ C:\Users\Daniel\Desktop\minimap.otmm 2017-02-17 14:56 - 2017-02-17 17:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\GameTracker 2017-02-17 14:56 - 2017-02-17 14:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite 2017-02-16 23:51 - 2017-02-16 23:52 - 00000000 ____D C:\Users\Daniel\Desktop\bf2mini-skl 2017-02-16 23:51 - 2017-02-16 23:51 - 00193209 _____ C:\Users\Daniel\Desktop\bf2mini-skl.zip 2017-02-16 23:50 - 2017-02-16 23:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\Disc_Soft_Ltd 2017-02-16 23:49 - 2017-02-16 23:49 - 00000833 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2017-02-16 23:49 - 2017-02-16 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2017-02-16 23:45 - 2017-02-16 23:45 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2017-02-16 23:44 - 2017-02-16 23:44 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images 2017-02-16 23:43 - 2017-02-16 23:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite 2017-02-16 23:43 - 2017-02-16 23:44 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2017-02-16 23:43 - 2017-02-16 23:43 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2017-02-16 23:42 - 2017-02-16 23:42 - 00694672 _____ (Disc Soft Ltd.) C:\Users\Daniel\Desktop\DTLiteInstaller_www.INSTALKI.pl.exe 2017-02-16 23:18 - 2017-02-16 23:18 - 00001109 _____ C:\Users\Public\Desktop\Graj teraz w BF2 JS!.lnk 2017-02-16 23:18 - 2017-02-16 23:18 - 00001087 _____ C:\Users\Public\Desktop\Battlefield 2 Jednostki specjalne.lnk 2017-02-16 23:08 - 2017-02-16 23:08 - 00001003 _____ C:\Users\Public\Desktop\Graj w Battlefield 2 w sieci!.lnk 2017-02-16 23:08 - 2017-02-16 23:08 - 00000981 _____ C:\Users\Public\Desktop\Battlefield 2.lnk 2017-02-16 23:04 - 2017-02-17 00:35 - 00000000 ____D C:\Users\Daniel\Documents\Battlefield 2 2017-02-16 23:01 - 2017-02-16 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2017-02-15 16:58 - 2017-02-15 16:58 - 00176086 _____ C:\Users\Daniel\Desktop\Daniel Rząd CV.pdf 2017-02-12 21:36 - 2017-02-12 21:38 - 00000000 ____D C:\Users\Daniel\medivia 2017-02-12 21:36 - 2017-02-12 21:36 - 00000751 _____ C:\Users\Public\Desktop\Medivia Online - OpenGL.lnk 2017-02-12 21:36 - 2017-02-12 21:36 - 00000751 _____ C:\Users\Public\Desktop\Medivia Online - DirectX.lnk 2017-02-12 21:36 - 2017-02-12 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medivia Online 2017-02-12 21:35 - 2017-02-12 21:35 - 16024042 _____ (COMADSOFT ) C:\Users\Daniel\Desktop\medivia-2.1.0-windows-32bits.exe 2017-02-03 00:06 - 2017-02-03 00:06 - 00001503 _____ C:\Users\Public\Desktop\League of Legends.lnk 2017-02-03 00:06 - 2017-02-03 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-03-01 15:58 - 2009-07-14 05:45 - 00026016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-01 15:58 - 2009-07-14 05:45 - 00026016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-01 15:51 - 2016-03-18 03:06 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS 2017-03-01 15:51 - 2016-03-18 03:06 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job 2017-03-01 15:50 - 2016-10-03 16:29 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2017-03-01 15:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-01 15:32 - 2015-11-14 18:14 - 00000000 ____D C:\Users\Daniel 2017-03-01 15:30 - 2015-11-22 22:54 - 00000742 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-03-01 15:30 - 2015-11-22 22:54 - 00000742 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-03-01 15:30 - 2015-11-18 11:42 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\Temp 2017-03-01 15:30 - 2015-11-14 19:11 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-01 15:30 - 2015-11-14 19:11 - 00001288 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-01 15:30 - 2015-11-14 18:15 - 00001148 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-03-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\GroupPolicy 2017-02-28 18:34 - 2016-04-14 14:32 - 00000000 ____D C:\Users\Daniel\Desktop\Behaviors 2017-02-28 17:45 - 2009-07-14 03:34 - 00000246 _____ C:\Windows\system.ini 2017-02-28 15:46 - 2016-01-08 13:11 - 00023988 _____ C:\Users\Daniel\AppData\Roaming\Notepad2.ini 2017-02-28 15:14 - 2009-07-14 18:55 - 00740098 _____ C:\Windows\system32\perfh015.dat 2017-02-28 15:14 - 2009-07-14 18:55 - 00155672 _____ C:\Windows\system32\perfc015.dat 2017-02-28 15:14 - 2009-07-14 06:13 - 01669190 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-28 15:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-02-28 15:08 - 2015-11-19 15:47 - 00000000 ____D C:\Users\Daniel\Desktop\xeno10.82 2017-02-28 13:51 - 2016-10-15 09:53 - 00000533 _____ C:\Users\Public\Desktop\Age of Mythology.lnk 2017-02-28 13:51 - 2016-10-15 09:53 - 00000533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology.lnk 2017-02-28 13:41 - 2015-11-15 19:57 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent 2017-02-22 22:45 - 2015-11-15 23:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Tibia 2017-02-22 22:36 - 2016-03-18 14:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-16 23:39 - 2016-03-01 19:30 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2017-02-16 23:15 - 2015-11-14 19:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-02-15 12:55 - 2015-11-20 15:27 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TS3Client 2017-02-10 15:15 - 2016-05-13 00:02 - 00103736 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2017-02-05 17:03 - 2015-11-14 23:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\Steam 2017-02-04 00:45 - 2016-01-30 23:15 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\MPC-HC 2017-02-03 13:49 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-02-03 00:06 - 2016-01-15 16:11 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Riot Games 2017-02-02 14:40 - 2017-01-27 13:14 - 00000000 ____D C:\Users\Daniel\Desktop\olx 2017-01-31 21:11 - 2015-11-22 22:42 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-01-08 13:11 - 2017-02-28 15:46 - 0023988 _____ () C:\Users\Daniel\AppData\Roaming\Notepad2.ini 2015-12-06 23:18 - 2015-12-06 23:18 - 0977851 _____ () C:\Users\Daniel\AppData\Local\AVI-Player_749.rar ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-07-07 11:45 ==================== Koniec FRST.txt ============================