Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 16-09-2017 Uruchomiony przez dx-tech (administrator) LTD (17-09-2017 13:50:16) Uruchomiony z D:\Nowy folder (2) Załadowane profile: dx-tech & Gość & (Dostępne profile: dx-tech & _ashbackuppb_ & Gość) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Datpol) C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe (Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Datpol) C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe (Blue Ridge Networks) C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe (Flux Software LLC) C:\Users\dx-tech\AppData\Local\FluxSoftware\Flux\flux.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe (ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe (Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PSIService.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Blue Ridge Networks) C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardGUI.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe (MacPaw Inc.) C:\Program Files\CleanMyPC\CleanMyPCService.exe () C:\Program Files\Siber Systems\GoodSync\gs-server.exe (CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (MacPaw Inc.) C:\Program Files\CleanMyPC\ReminderSystem.exe () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe () C:\Users\dx-tech\Downloads\RepairDNS (1).exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Opera Software) C:\Program Files (x86)\Opera\46.0.2597.57_3\opera.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [484344 2016-07-23] (SHADOWDEFENDER.COM) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [588360 2017-06-22] () HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [233576 2008-08-06] (Creative Technology Ltd) HKLM-x32\...\Run: [AppGuardGUI] => C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardGUI.exe [14119280 2016-06-21] (Blue Ridge Networks) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-11-28] (Microsoft Corporation) HKU\S-1-5-21-618257460-3239430686-1694033563-1000\...\Run: [] => [X] HKU\S-1-5-21-618257460-3239430686-1694033563-1000\...\Run: [f.lux] => C:\Users\dx-tech\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC) HKU\S-1-5-21-618257460-3239430686-1694033563-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-24] (Siber Systems) HKU\S-1-5-21-618257460-3239430686-1694033563-1000\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [54832 2017-08-22] (Locktime Software) HKU\S-1-5-21-618257460-3239430686-1694033563-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5753296 2017-08-29] (SecureMix LLC) HKU\S-1-5-21-618257460-3239430686-1694033563-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2017-09-04] (Glarysoft Ltd) HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X] HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\dx-tech\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC) HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-24] (Siber Systems) HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [54832 2017-08-22] (Locktime Software) HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-12-11] (ZONER software) HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5753296 2017-08-29] (SecureMix LLC) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-11-28] (Microsoft Corporation) ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1809776 2017-06-09] (GP Software) ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [381296 2017-06-09] (GP Software) BootExecute: autocheck autochk * ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{2B3B0A9E-9DC8-4C2A-89F9-514B132D12A8}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{64864EED-F60A-4EAB-8C60-4CDC55F714CF}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{9209187B-5E4E-43DB-9AE4-5FA646979EE5}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-618257460-3239430686-1694033563-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ SearchScopes: HKU\S-1-5-21-618257460-3239430686-1694033563-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-618257460-3239430686-1694033563-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-14] (AO Kaspersky Lab) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-24] (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> Brak pliku BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-14] (AO Kaspersky Lab) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-24] (Siber Systems Inc.) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: FlashFXP - Link helper plugin for Internet Explorer -> {E5A1691B-D188-4419-AD02-90002030B8EE} -> C:\Program Files (x86)\FlashFXP 5\IEFlash.dll [2011-04-10] (OpenSight Software, LLC) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-24] (Siber Systems Inc.) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Brak pliku Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-14] (AO Kaspersky Lab) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-24] (Siber Systems Inc.) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-14] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-618257460-3239430686-1694033563-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-24] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-618257460-3239430686-1694033563-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-14] (AO Kaspersky Lab) IE Session Restore: HKU\S-1-5-21-618257460-3239430686-1694033563-1000 -> [funkcja włączona] Toolbar: HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-24] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-14] (AO Kaspersky Lab) IE Session Restore: HKU\S-1-5-21-618257460-3239430686-1694033563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> [funkcja włączona] Toolbar: HKU\S-1-5-21-618257460-3239430686-1694033563-501 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-14] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-618257460-3239430686-1694033563-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-14] (AO Kaspersky Lab) FireFox: ======== FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-19] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-24] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.) FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-24] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-07-28] (Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib Opera: ======= OPR Extension: (Ghostery) - C:\Users\dx-tech\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2017-09-02] OPR Extension: (Disconnect) - C:\Users\dx-tech\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2016-10-28] OPR Extension: (uBlock Origin) - C:\Users\dx-tech\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-08-02] OPR Extension: (Adblock Plus) - C:\Users\dx-tech\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-14] OPR Extension: (RoboForm Password Manager) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome [2016-12-18] StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files (x86)\Opera developer\Launcher.exe ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [955520 2016-04-28] (ABBYY Production LLC) R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1278720 2017-06-22] () S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.) R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2017-09-17] () R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 BRN_APPGUARD_SERVICE; C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe [800624 2016-06-21] (Blue Ridge Networks) S3 cfbackd; C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2016-09-29] (CleverFiles) S3 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [77872 2017-03-08] (CyberGhost S.R.L) R2 CleanMyPCService; C:\Program Files\CleanMyPC\CleanMyPCService.exe [476784 2017-08-02] (MacPaw Inc.) S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-11-28] (Creative Labs) [Brak podpisu cyfrowego] R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4420048 2017-08-29] (SecureMix LLC) R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [7232224 2017-08-04] () S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-05-21] (SurfRight B.V.) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) S3 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) S3 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd) S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [573312 2017-08-31] (Mailbird) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4795288 2017-02-13] (Acronis International GmbH) S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2908352 2017-01-06] (Acronis International GmbH) S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1617520 2017-06-22] () R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [332848 2017-08-22] (Locktime Software) S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3636936 2016-02-15] (O&O Software GmbH) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-27] (Electronic Arts) S3 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-27] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-02-27] () U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [Brak podpisu cyfrowego] R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-03] (CyberLink) R2 SpyShelterSrv; C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe [61184 2017-07-10] (Datpol) R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7014728 2017-03-07] () R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1705752 2016-10-16] (Crystal Rich Ltd) S3 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [129360 2017-03-01] (VoodooSoft, LLC ) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14509296 2017-03-22] (Copyright 2017.) S2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [79056 2016-07-23] (SHADOWDEFENDER.COM) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 BrnFileLock; c:\windows\system32\drivers\brnfilelock.sys [80672 2016-01-08] (Blue Ridge Networks) R3 CLMirrorDriver; C:\Windows\System32\DRIVERS\CLMirrorDriver.sys [21264 2016-04-20] (CyberLink) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] () R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [420592 2016-07-23] (SHADOWDEFENDER.COM) S3 EverestDriver; C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [21120 2008-09-05] () R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [378712 2017-09-17] (Acronis International GmbH) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-02-27] (Glarysoft Ltd) R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [158848 2016-08-11] (Zemana Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195264 2017-07-19] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [314840 2017-07-19] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1038528 2017-07-19] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-14] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-18] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-13] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199640 2017-07-19] (AO Kaspersky Lab) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-17] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [47104 2016-05-20] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R0 nldrv; C:\Windows\System32\drivers\nldrv.sys [178040 2017-08-24] (Locktime Software) S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows (R) Win 7 DDK provider) S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation ) R1 Spyshelter; C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys [1877384 2017-07-10] (SpyShelter) R2 SpyshelterFw; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys [75144 2017-04-10] (SpyShelter) R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys [886152 2017-07-10] (SpyShelter) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2017-09-17] (Acronis International GmbH) R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [213336 2017-09-17] (Acronis International GmbH) S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [690520 2017-09-17] (Acronis International GmbH) R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [324952 2017-09-17] (Acronis International GmbH) R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.) S3 VSScanner; C:\Windows\System32\DRIVERS\vsscanner.sys [21064 2016-08-19] (VoodooSoft, LLC) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-04] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-04] (Zemana Ltd.) R4 fltsrv2275; system32\DRIVERS\fltsrv2275.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-17 13:15 - 2017-09-17 13:15 - 000000000 ____D C:\FRST 2017-09-17 13:05 - 2017-09-17 13:05 - 017016656 _____ C:\Users\dx-tech\Downloads\gup5setup.exe 2017-09-17 12:57 - 2017-09-17 12:57 - 002398720 _____ (Farbar) C:\Users\dx-tech\Downloads\FRST64.exe 2017-09-17 12:18 - 2017-09-17 12:14 - 000003270 _____ C:\Users\dx-tech\Desktop\Clean_DNS_17_09_2017_12.18.24.txt 2017-09-17 12:13 - 2017-09-17 12:18 - 000000000 ____D C:\Clean_Dns 2017-09-17 12:13 - 2017-09-17 12:13 - 003160488 _____ (SosVirus) C:\Users\dx-tech\Downloads\clean-dns_1_03.09.17.2.exe 2017-09-17 12:13 - 2017-09-17 12:13 - 000002596 _____ C:\Users\dx-tech\Desktop\RepairDNS.txt 2017-09-17 12:11 - 2017-09-17 12:11 - 002884992 _____ C:\Users\dx-tech\Downloads\ZHPCleaner.exe 2017-09-17 12:09 - 2017-09-17 12:09 - 001236864 _____ C:\Users\dx-tech\Downloads\RepairDNS (1).exe 2017-09-17 12:08 - 2017-09-17 12:08 - 001557616 _____ ( ) C:\Users\dx-tech\Downloads\RepairDNS.exe 2017-09-17 12:08 - 2017-09-17 12:08 - 000001087 _____ C:\Users\dx-tech\Desktop\Kontynuuj instalację RepairDNS.lnk 2017-09-17 10:46 - 2017-09-17 10:46 - 000001901 _____ C:\Users\Public\Desktop\GlassWire.lnk 2017-09-17 10:46 - 2017-09-17 10:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire 2017-09-17 10:46 - 2017-09-17 10:46 - 000000000 ____D C:\Program Files (x86)\GlassWire 2017-09-17 10:46 - 2015-05-29 06:30 - 000008657 _____ C:\Windows\system32\Drivers\gwdrv.cat 2017-09-17 10:46 - 2015-05-29 06:15 - 000033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys 2017-09-17 10:35 - 2017-09-17 10:35 - 000370008 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys 2017-09-17 10:35 - 2017-09-17 10:35 - 000324952 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\virtual_file.sys 2017-09-17 10:35 - 2017-09-17 10:35 - 000213336 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys 2017-09-17 10:19 - 2017-09-17 10:32 - 513568528 _____ C:\Users\dx-tech\AppData\Local\AcronisTrueImage2017_8058.exe 2017-08-27 19:10 - 2017-08-30 21:16 - 000003111 _____ C:\Users\dx-tech\Desktop\Data Shredder 6.0.lnk 2017-08-27 19:10 - 2017-08-27 19:10 - 000000000 ____D C:\Users\dx-tech\AppData\Roaming\ProtectStar 2017-08-27 19:10 - 2017-08-27 19:10 - 000000000 ____D C:\Users\dx-tech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProtectStar 2017-08-27 19:10 - 2017-08-27 19:10 - 000000000 ____D C:\Program Files (x86)\ProtectStar 2017-08-27 15:18 - 2017-08-27 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4 2017-08-27 15:18 - 2017-08-27 15:18 - 000000000 ____D C:\Program Files\Locktime Software 2017-08-27 14:50 - 2017-08-27 14:54 - 000000000 ___SD C:\Users\dx-tech\Documents\Sticky Passwords 2017-08-27 14:50 - 2017-08-27 14:50 - 000001098 _____ C:\Users\Public\Desktop\Sticky Password.lnk 2017-08-27 14:50 - 2017-08-27 14:50 - 000000000 _RSHD C:\ProgramData\Key-Base 2017-08-27 14:50 - 2017-08-27 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Password 2017-08-27 14:50 - 2017-08-27 14:50 - 000000000 ____D C:\ProgramData\{F198528A-397A-D1FB-E30C-29D73A2B3AF7} 2017-08-27 14:50 - 2017-08-27 14:50 - 000000000 ____D C:\Program Files (x86)\Sticky Password 2017-08-27 14:49 - 2017-08-27 14:49 - 000001387 _____ C:\Users\dx-tech\Desktop\Stellar Phoenix Windows Data Recovery.lnk 2017-08-27 14:49 - 2017-08-27 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery 2017-08-27 14:49 - 2017-08-27 14:49 - 000000000 ____D C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery 2017-08-27 14:36 - 2017-08-27 14:36 - 000000000 ____D C:\ProgramData\MacPaw Inc 2017-08-27 14:35 - 2017-08-27 14:36 - 000000000 ____D C:\Program Files\CleanMyPC 2017-08-27 14:35 - 2017-08-27 14:35 - 000000824 _____ C:\Users\Public\Desktop\CleanMyPC.lnk 2017-08-27 14:35 - 2017-08-27 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMyPC 2017-08-27 14:32 - 2017-08-27 14:35 - 000000000 ____D C:\Program Files (x86)\Android Data Recovery Pro 2017-08-27 14:32 - 2017-08-27 14:32 - 000001243 _____ C:\Users\dx-tech\Desktop\Android Data Recovery Pro.lnk 2017-08-27 14:32 - 2017-08-27 14:32 - 000000000 ____D C:\Users\dx-tech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android Data Recovery Pro 2017-08-27 14:31 - 2017-08-27 14:31 - 000000000 ____D C:\Users\dx-tech\Documents\eReflect 2017-08-27 14:26 - 2017-08-27 14:26 - 000001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7 Speed Reading EX.lnk 2017-08-27 14:26 - 2017-08-27 14:26 - 000000991 _____ C:\Users\Public\Desktop\7 Speed Reading EX.lnk 2017-08-27 14:26 - 2017-08-27 14:26 - 000000000 ____D C:\Users\dx-tech\AppData\Roaming\com.er.ur.7SpeedReadingEX 2017-08-27 14:26 - 2017-08-27 14:26 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2017-08-27 14:26 - 2017-08-27 14:26 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2017-08-27 14:26 - 2017-08-27 14:26 - 000000000 ____D C:\ProgramData\Adobe 2017-08-27 14:26 - 2017-08-27 14:26 - 000000000 ____D C:\Program Files (x86)\Adobe 2017-08-27 14:26 - 2017-08-27 14:26 - 000000000 ____D C:\Program Files (x86)\7 Speed Reading EX 2017-08-27 14:24 - 2017-08-27 14:24 - 000000000 ____D C:\ProgramData\Etwok Software 2017-08-27 14:22 - 2017-08-27 14:22 - 000000316 _____ C:\Users\dx-tech\Desktop\NetSpot.appref-ms 2017-08-27 14:22 - 2017-08-27 14:22 - 000000000 ____D C:\Users\dx-tech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Etwok LLC 2017-08-27 14:17 - 2017-08-27 14:24 - 000000000 ____D C:\Users\dx-tech\AppData\Local\Deployment 2017-08-27 14:17 - 2017-08-27 14:17 - 000000000 ____D C:\Users\dx-tech\AppData\Local\Apps\2.0 2017-08-24 12:22 - 2017-08-24 12:22 - 000178040 _____ (Locktime Software) C:\Windows\system32\Drivers\nldrv.sys 2017-08-20 14:07 - 2017-08-20 14:08 - 000000825 _____ C:\Users\dx-tech\Desktop\Nowy dokument tekstowy (3).txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-17 13:50 - 2016-05-26 10:21 - 000118737 _____ C:\Windows\ZAM.krnl.trace 2017-09-17 13:50 - 2016-05-26 10:21 - 000082962 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-09-17 13:26 - 2016-12-14 11:41 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-09-17 13:07 - 2017-05-21 09:19 - 000000346 _____ C:\Windows\Tasks\GlaryInitialize 5.job 2017-09-17 13:07 - 2016-06-16 18:13 - 000001080 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk 2017-09-17 13:07 - 2016-02-27 17:24 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2017-09-17 13:07 - 2016-02-27 17:24 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5 2017-09-17 13:03 - 2016-12-15 10:06 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-17 13:00 - 2015-11-28 22:10 - 000000000 ____D C:\Users\dx-tech\AppData\Local\Mirillis 2017-09-17 12:36 - 2015-11-28 20:17 - 000061880 _____ C:\Windows\system32\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx 2017-09-17 12:36 - 2015-11-28 20:17 - 000061880 _____ C:\Windows\system32\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx 2017-09-17 12:36 - 2015-11-28 20:17 - 000000796 _____ C:\Windows\system32\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx 2017-09-17 12:23 - 2009-07-14 06:45 - 000013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-17 12:23 - 2009-07-14 06:45 - 000013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-17 10:35 - 2016-11-24 11:51 - 001310552 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys 2017-09-17 10:35 - 2016-11-24 11:51 - 000690520 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tnd.sys 2017-09-17 10:35 - 2016-11-24 11:51 - 000378712 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys 2017-09-17 10:34 - 2016-11-24 11:51 - 000181592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys 2017-09-17 10:34 - 2016-11-24 11:51 - 000001229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk 2017-09-17 10:34 - 2016-11-24 11:51 - 000001217 _____ C:\Users\Public\Desktop\Acronis True Image.lnk 2017-09-17 10:23 - 2017-05-20 09:14 - 000000318 _____ C:\Windows\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job 2017-09-17 10:13 - 2009-07-14 19:55 - 000743144 _____ C:\Windows\system32\perfh015.dat 2017-09-17 10:13 - 2009-07-14 19:55 - 000157244 _____ C:\Windows\system32\perfc015.dat 2017-09-17 10:13 - 2009-07-14 07:13 - 001678796 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-17 10:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2017-09-17 10:06 - 2009-07-14 07:08 - 000032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-09-17 10:06 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-17 09:52 - 2016-02-27 21:42 - 000000000 ____D C:\Users\dx-tech\AppData\Local\CrashDumps 2017-09-17 09:17 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2017-09-03 19:13 - 2015-11-29 14:21 - 000000000 ____D C:\Program Files (x86)\Opera 2017-09-03 11:51 - 2016-05-26 09:54 - 000000000 ____D C:\Program Files (x86)\Opera developer 2017-08-31 21:11 - 2017-05-17 18:45 - 000000000 ____D C:\Users\dx-tech\AppData\Roaming\Mailbird 2017-08-31 21:11 - 2017-05-17 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mailbird 2017-08-31 21:11 - 2017-05-17 18:45 - 000000000 ____D C:\Program Files (x86)\Mailbird 2017-08-27 15:42 - 2017-05-20 08:41 - 000000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-08-27 15:42 - 2016-07-03 11:25 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-08-27 15:42 - 2016-07-03 11:25 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-27 15:41 - 2016-03-13 10:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-08-27 15:41 - 2016-03-13 10:05 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-27 15:18 - 2016-11-23 08:46 - 000001210 _____ C:\Users\Public\Desktop\NetLimiter 4 (x64).lnk 2017-08-27 15:17 - 2016-05-04 19:53 - 000000000 ____D C:\Users\dx-tech\AppData\Roaming\Locktime Software 2017-08-27 14:25 - 2016-03-13 10:05 - 000000000 ____D C:\Users\dx-tech\AppData\Local\Adobe 2017-08-27 14:25 - 2015-11-28 22:24 - 000000000 ____D C:\Users\dx-tech\AppData\Roaming\Adobe ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-02-27 18:12 - 2015-12-17 21:35 - 004727984 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\tdsskiller.exe 2017-09-17 10:19 - 2017-09-17 10:32 - 513568528 _____ () C:\Users\dx-tech\AppData\Local\AcronisTrueImage2017_8058.exe 2016-08-07 10:44 - 2016-08-10 18:02 - 000007602 _____ () C:\Users\dx-tech\AppData\Local\resmon.resmoncfg 2001-02-14 19:15 - 2001-02-14 19:15 - 000000000 ____H () C:\ProgramData\sdpsenv.dat Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\sdpsenv.dat ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-05-07 19:01 ==================== Koniec FRST.txt ============================