Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 04-03-2017 Uruchomiony przez tru (administrator) TRUCIZNA (05-03-2017 00:43:53) Uruchomiony z D:\Desktop Załadowane profile: tru (Dostępne profile: UpdatusUser & tru & postgres) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 10 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Kaspersky Lab ZAO) D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\avp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Kaspersky Lab ZAO) D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\avpui.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) D:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1771593470-3012635902-189330645-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => D:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) Startup: C:\Users\tru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ETDCtrl.exe — skrót.lnk [2015-02-19] ShortcutTarget: ETDCtrl.exe — skrót.lnk -> C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2E965ABA-A8F6-4298-AE9A-B7D3D0FC7102}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{2F999073-F6D2-45F0-9FFF-59CE6FB5B53A}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{31214389-2ACE-4F32-BA10-489AEE42F596}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{4b1281f5-f668-4569-938b-22c1fe2cea69}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{6E9A3D08-16FE-4BA3-8B1C-9144B305701D}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{98A879DE-04A0-4142-932B-B8AA0F529852}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{d134c524-bab0-4a99-b2ce-351057e1081f}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{F9BE131A-8061-482B-BF3C-2D177EBDA897}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1771593470-3012635902-189330645-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox BHO: Brak nazwy -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Brak pliku BHO: Brak nazwy -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Brak pliku BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\x64\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab) BHO: Brak nazwy -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Brak pliku BHO-x32: Brak nazwy -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Brak pliku BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-02] (Oracle Corporation) BHO-x32: Brak nazwy -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Brak pliku BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab) BHO-x32: Brak nazwy -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Brak pliku BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-02] (Oracle Corporation) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\x64\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\tru\AppData\Roaming\Mozilla\Firefox\Profiles\hm073fpv.default-1440373019633 [2017-03-05] FF Homepage: Mozilla\Firefox\Profiles\hm073fpv.default-1440373019633 -> www.google.com FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\tru\AppData\Roaming\Mozilla\Firefox\Profiles\hm073fpv.default-1440373019633\Extensions\ALone-live@ya.ru.xpi [2017-01-09] FF Extension: (Multirow Bookmarks Toolbar Plus) - C:\Users\tru\AppData\Roaming\Mozilla\Firefox\Profiles\hm073fpv.default-1440373019633\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2017-01-30] FF Extension: (Adblock Plus) - C:\Users\tru\AppData\Roaming\Mozilla\Firefox\Profiles\hm073fpv.default-1440373019633\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\tru\AppData\Roaming\Mozilla\Firefox\Profiles\hm073fpv.default-1440373019633\features\{1ab65c40-2e57-49fb-8c38-0ae40d8c8606}\disableSHA1rollout@mozilla.org.xpi [2017-03-03] FF Extension: (Skype) - D:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\FFExt\light_plugin_firefox FF Extension: (Kaspersky Protection) - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\FFExt\light_plugin_firefox [2016-12-26] FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> D:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> D:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-02] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> D:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npdjvu.dll [2009-07-31] (LizardTech) FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Widevine Content Decryption Module) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => Brak pliku CHR Plugin: (Shockwave Flash) - D:\Program Files\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Brak pliku CHR Profile: C:\Users\tru\AppData\Local\Google\Chrome\User Data\Default [2017-03-04] CHR Extension: (Adblock Plus) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Adobe Acrobat) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03] CHR Extension: (FBDown Video Downloader) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-02-03] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Chrome Media Router) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR Profile: C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-16] CHR Extension: (Prezentacje Google) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-04] CHR Extension: (Dokumenty Google) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-04] CHR Extension: (Dysk Google) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-04] CHR Extension: (YouTube) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-04] CHR Extension: (Google Search) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-04] CHR Extension: (Kaspersky Protection) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-04] CHR Extension: (Arkusze Google) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-04] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04] CHR Extension: (Gmail) - C:\Users\tru\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-04] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AVP16.0.0; D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\avp.exe [194000 2016-07-17] (Kaspersky Lab ZAO) S3 dbupdate; D:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-14] (Dropbox, Inc.) S3 dbupdatem; D:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-14] (Dropbox, Inc.) S4 DbxSvc; C:\windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.) S2 gupdate; D:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-17] (Google Inc.) S3 gupdatem; D:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-17] (Google Inc.) S4 KMService; C:\windows\SysWOW64\srvany.exe [8192 2012-10-19] () [Brak podpisu cyfrowego] S4 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S4 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] () S2 osppsvc; D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5132888 2014-01-23] (Microsoft Corporation) S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Brak podpisu cyfrowego] S2 SAS Document Conversion Server; D:\SASHome\SASTextAnalyticsDocumentConversion\14.1\_tgwinsvc_wrapper.exe [19968 2013-03-25] () [Brak podpisu cyfrowego] S3 vssbrigde64; D:\Program Files\Kaspersky Lab\Kaspersky Internet Security Technical Preview 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab) S3 WinDefend; D:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft Corporation) R2 WMPNetworkSvc; D:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2016-07-17] (Microsoft Corporation) S4 FileZilla Server; "D:\Desktop\xampp-win32-1.8.2-3-VC9\xampp\FileZillaFTP\FileZillaServer.exe" [X] S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X] S4 SQLWriter; "d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [X] S4 STATISTICA License Manager; "D:\Program Files\StatSoft\FLEXlm\lmgrd.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) U5 AppMgmt; C:\windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R1 Asdids; C:\windows\System32\DRIVERS\asdids.sys [50584 2014-11-24] (Anvisoft) R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO) R3 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-14] (DT Soft Ltd) S3 ew_hwusbdev; C:\windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] U5 FontCache3.0.0.0; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation) S3 huawei_enumerator; C:\windows\System32\DRIVERS\ew_jubusenum.sys [90112 2012-04-23] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 hwdatacard; C:\windows\System32\DRIVERS\ewusbmdm.sys [225920 2011-12-31] (Huawei Technologies Co., Ltd.) [Brak podpisu cyfrowego] S3 IT9135BDA; C:\windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE ) R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\windows\System32\DRIVERS\kldisk.sys [77728 2016-07-17] (AO Kaspersky Lab) R3 klflt; C:\windows\System32\DRIVERS\klflt.sys [181640 2016-07-17] (AO Kaspersky Lab) R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [237480 2016-07-17] (AO Kaspersky Lab) R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [943536 2016-07-17] (AO Kaspersky Lab) R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [49240 2016-07-17] (AO Kaspersky Lab) R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [41352 2016-07-17] (AO Kaspersky Lab) R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 Neo_VPN; C:\windows\System32\DRIVERS\Neo_0049.sys [38432 2017-01-06] (SoftEther Corporation) R2 SGDrv; C:\windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R0 sptd; C:\windows\System32\Drivers\sptd.sys [564824 2013-06-07] (Duplex Secure Ltd.) U3 aa9hm8na; C:\Windows\System32\Drivers\aa9hm8na.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] U3 pwdyipog; \??\C:\Users\tru\AppData\Local\Temp\pwdyipog.sys [X] <==== UWAGA ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-03-04 21:07 - 2017-03-04 21:07 - 00000000 ____D C:\windows\System32\Tasks\youcam 2017-03-04 02:01 - 2017-03-04 02:01 - 00016716 _____ C:\windows\System32\Tasks\plugin-hang-ui 2017-03-03 20:19 - 2017-03-05 00:42 - 00016716 _____ C:\windows\System32\Tasks\plugin-container 2017-03-02 23:49 - 2017-03-04 23:37 - 00016716 _____ C:\windows\System32\Tasks\firefox 2017-03-02 23:36 - 2017-03-04 22:45 - 00000000 ____D C:\AdwCleaner 2017-03-02 22:11 - 2017-03-04 23:03 - 00016716 _____ C:\windows\System32\Tasks\90r5944M1252B652-dll 2017-03-02 22:10 - 2017-03-05 00:44 - 00016716 _____ C:\windows\System32\Tasks\90r5944M1252B652 2017-03-02 22:10 - 2017-03-02 22:10 - 00000000 ___HD C:\ProgramData\90r5944M1252B652 2017-03-02 21:50 - 2017-03-02 23:25 - 00002194 _____ C:\Users\tru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2017-03-02 21:50 - 2017-03-02 23:25 - 00000000 ___RD C:\Users\tru\OneDrive 2017-03-02 21:50 - 2017-03-02 21:50 - 00001912 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2017-03-02 21:50 - 2017-03-02 21:50 - 00001912 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2017-03-02 21:50 - 2017-03-02 21:50 - 00000000 ____D D:\Program Files\Microsoft OneDrive 2017-03-02 21:50 - 2017-03-02 21:50 - 00000000 ____D D:\Program Files\Microsoft OneDrive 2017-03-02 21:49 - 2017-03-02 21:49 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2017-03-02 21:49 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-03-02 21:49 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-03-02 21:46 - 2017-03-02 21:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-03-05 00:43 - 2015-08-25 14:08 - 00000000 ____D C:\FRST 2017-03-05 00:23 - 2016-07-17 13:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-03-05 00:22 - 2015-07-06 21:58 - 00000930 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2017-03-04 23:38 - 2009-07-14 05:45 - 00029168 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-04 23:38 - 2009-07-14 05:45 - 00029168 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-04 23:37 - 2012-11-30 10:38 - 00000000 ____D C:\windows\pss 2017-03-04 23:36 - 2016-11-20 19:47 - 00000000 ____D C:\Users\tru\AppData\LocalLow\Mozilla 2017-03-04 23:20 - 2012-09-09 16:10 - 00000000 ____D C:\Users\tru\AppData\Roaming\uTorrent 2017-03-04 23:18 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration 2017-03-04 23:17 - 2012-09-14 13:49 - 00000000 ____D D:\Program Files\FileZilla FTP Client 2017-03-04 23:17 - 2012-09-14 13:49 - 00000000 ____D D:\Program Files\FileZilla FTP Client 2017-03-04 23:14 - 2012-09-07 12:04 - 00000000 ____D D:\Program Files\RVG Software 2017-03-04 23:14 - 2012-09-07 12:04 - 00000000 ____D D:\Program Files\RVG Software 2017-03-04 23:03 - 2009-07-14 05:45 - 00507832 _____ C:\windows\system32\FNTCACHE.DAT 2017-03-04 22:58 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2017-03-04 22:51 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2017-03-04 21:13 - 2012-09-09 14:10 - 00000000 ____D C:\Users\tru\Documents\Youcam 2017-03-04 02:05 - 2016-10-18 13:25 - 00000000 ____D C:\Users\tru\AppData\Local\Deployment 2017-03-04 02:05 - 2016-03-07 15:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2017-03-04 02:03 - 2016-03-07 15:30 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-03-04 02:03 - 2012-10-19 19:03 - 00000000 ____D D:\Program Files\Microsoft Office 2017-03-04 02:03 - 2012-10-19 19:03 - 00000000 ____D D:\Program Files\Microsoft Office 2017-03-02 23:08 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-03-02 22:49 - 2012-09-04 20:45 - 00000000 ____D C:\Users\tru\AppData\Local\CrashDumps 2017-03-02 22:27 - 2013-02-23 21:11 - 00000000 ____D C:\Users\postgres.TRUCIZNA 2017-03-02 21:58 - 2014-10-24 11:17 - 00000000 ____D C:\Users\tru\AppData\Local\ElevatedDiagnostics 2017-03-02 21:58 - 2012-09-04 15:30 - 00129360 _____ C:\Users\tru\AppData\Local\GDIPFONTCACHEV1.DAT 2017-03-02 21:50 - 2012-09-04 14:48 - 00000000 ____D C:\Users\tru 2017-03-02 21:45 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2017-02-23 22:13 - 2015-12-07 01:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-23 00:53 - 2016-05-13 18:30 - 00000000 ____D C:\Users\tru\AppData\Roaming\AIMP 2017-02-14 16:22 - 2015-07-06 21:58 - 00003868 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2017-02-14 16:22 - 2015-04-01 20:19 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2017-02-14 16:22 - 2015-04-01 20:19 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-14 16:22 - 2012-09-04 20:36 - 00000000 ____D C:\windows\system32\Macromed 2017-02-14 16:22 - 2011-10-11 11:25 - 00000000 ____D C:\windows\SysWOW64\Macromed 2017-02-07 14:48 - 2012-11-09 23:40 - 00001975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-06 00:07 - 2011-10-12 02:37 - 00747906 _____ C:\windows\system32\perfh015.dat 2017-02-06 00:07 - 2011-10-12 02:37 - 00158918 _____ C:\windows\system32\perfc015.dat 2017-02-06 00:07 - 2009-07-14 06:13 - 01685610 _____ C:\windows\system32\PerfStringBackup.INI ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-02-23 18:56 - 2017-02-23 18:58 - 0009184 _____ () C:\Users\tru\AppData\Roaming\EnterpriseMinerWorkstationServer.log 2013-02-22 12:02 - 2013-02-22 12:02 - 0000045 _____ () C:\Users\tru\AppData\Local\machpro.dat 2015-09-23 21:27 - 2016-02-06 13:09 - 0000600 _____ () C:\Users\tru\AppData\Local\PUTTY.RND 2016-12-16 16:38 - 2014-12-14 20:42 - 0000779 _____ () C:\Users\tru\AppData\Local\recently-used.xbel 2015-05-15 10:08 - 2016-12-11 19:06 - 0007648 _____ () C:\Users\tru\AppData\Local\Resmon.ResmonCfg 2012-10-27 15:08 - 2012-10-27 15:08 - 0017408 _____ () C:\Users\tru\AppData\Local\WebpageIcons.db 2015-06-05 10:07 - 2015-06-05 10:07 - 0000000 _____ () C:\Users\tru\AppData\Local\{F07F50D2-E441-447B-AC2A-10BF506277DC} 2012-12-16 12:05 - 2012-12-16 12:23 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2011-10-11 12:30 - 2011-10-11 12:31 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-10-11 12:22 - 2011-10-11 12:24 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-10-11 12:28 - 2011-10-11 12:29 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-10-11 12:24 - 2011-10-11 12:28 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-10-11 12:29 - 2011-10-11 12:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Pliki do przeniesienia lub usunięcia: ==================== C:\Users\tru\maxout_2420.dat C:\Users\tru\maxout_452.dat C:\Users\tru\maxout_4552.dat C:\Users\tru\maxout_6532.dat Niektóre pliki w TEMP: ==================== 2017-03-04 22:55 - 2012-05-10 17:28 - 0032768 _____ () C:\Users\tru\AppData\Local\Temp\shutdown1488664534.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\windows\system32\wininit.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\windows\explorer.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\windows\system32\svchost.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\windows\system32\services.exe => Plik podpisany cyfrowo C:\windows\system32\User32.dll => Plik podpisany cyfrowo C:\windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\windows\system32\userinit.exe => Plik podpisany cyfrowo C:\windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-03-04 01:23 ==================== Koniec FRST.txt ============================