Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20-09-2017 Uruchomiony przez Bartek (administrator) BARTEK-KOMPUTER (22-09-2017 18:17:13) Uruchomiony z C:\Users\Bartek\Desktop Załadowane profile: Bartek (Dostępne profile: Bartek) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (TeamViewer GmbH) E:\Bartek\programy\teamviever\TeamViewer_Service.exe (Spotify Ltd) C:\Users\Bartek\AppData\Roaming\Spotify\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Disc Soft Ltd) D:\daemon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\RunOnce: [] => [X] HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [Spotify Web Helper] => C:\Users\Bartek\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-19] (Spotify Ltd) HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd) HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\Run: [DAEMON Tools Lite Automount] => D:\daemon tools\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd) HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\MountPoints2: H - H:\Install.exe HKU\S-1-5-21-360975752-3786565279-1083807947-1001\...\MountPoints2: {f65367bc-6bb0-11e6-987e-90e6ba8602e5} - H:\autorun.exe HKLM\...\Providers\hizyzp25: C:\Program Files (x86)_\local64spl.dll <==== UWAGA HKLM\...\Providers\yn2ca30o: C:\Program Files (x86)\\local64spl.dll <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) AutoConfigURL: [S-1-5-21-360975752-3786565279-1083807947-1001] => hxxp://noblok.org/wpad.dat?62d592959958fac48a576e4e8f715da726940803 Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 31.128.24.2 31.128.0.31 Tcpip\..\Interfaces\{052B51D9-5069-4E2A-9FE4-5C97E012B954}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{052B51D9-5069-4E2A-9FE4-5C97E012B954}: [DhcpNameServer] 31.128.24.2 31.128.0.31 ManualProxies: 0hxxp://noblok.org/wpad.dat?62d592959958fac48a576e4e8f715da726940803 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX&q={searchTerms} HKU\S-1-5-21-360975752-3786565279-1083807947-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131228475099067000&GUID=7AC3C52B-4561-4149-8F1C-D6D35F340265 SearchScopes: HKU\S-1-5-21-360975752-3786565279-1083807947-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2017-06-22] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2017-06-22] (Oracle Corporation) FireFox: ======== FF DefaultProfile: caqsj3n9.default FF ProfilePath: C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\caqsj3n9.default [2017-09-22] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2017-06-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2017-06-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-12] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\6416071.js [2017-03-26] <==== UWAGA (Linkuje do pliku *.cfg) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\6416071.cfg [2017-03-26] <==== UWAGA Chrome: ======= CHR StartupUrls: Default -> "search.mpc.am","hxxp://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX","hxxp://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX" CHR Profile: C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default [2017-09-22] CHR Extension: (Prezentacje Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-22] CHR Extension: (Dokumenty Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-22] CHR Extension: (Dysk Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-22] CHR Extension: (YouTube) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-22] CHR Extension: (Adblock Plus) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12] CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2017-01-22] CHR Extension: (Arkusze Google) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-22] CHR Extension: (Dokumenty Google offline) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-15] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-22] CHR Extension: (Chrome Media Router) - C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10] CHR Profile: C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-14] ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 cfbackd; D:\Program Files (x86)\CleverFiles\Pandora Recovery\cfbackd.w32.exe [211520 2015-09-25] (CleverFiles) R3 Disc Soft Lite Bus Service; D:\daemon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd) S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [172488 2017-04-02] (Mozilla Foundation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation) R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation) R2 TeamViewer; E:\Bartek\programy\teamviever\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-19] (Microsoft Corporation) S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== UWAGA S2 IlS; C:\ProgramData\Tencent\QQ\dr\qmdr.dll [X] S2 InterHop; "C:\Program Files (x86)\InterHop\InterHop.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X] S3 OverwolfUpdater; "C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X] S2 UvConverter; "C:\Program Files (x86)\UvConverter\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-26] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-26] (Disc Soft Ltd) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-07] (Malwarebytes) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-21] () R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider) S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-22 18:17 - 2017-09-22 18:17 - 000015631 _____ C:\Users\Bartek\Desktop\FRST.txt 2017-09-22 18:16 - 2017-09-22 18:17 - 000000000 ____D C:\FRST 2017-09-22 18:15 - 2017-09-22 18:15 - 002399744 _____ (Farbar) C:\Users\Bartek\Desktop\FRST64.exe 2017-09-22 17:45 - 2017-09-22 17:46 - 087212422 _____ C:\Users\Bartek\Desktop\recovery.rar 2017-09-22 17:39 - 2017-09-22 17:39 - 000059455 _____ C:\Users\Bartek\Desktop\UsbFix [Listing 1] BARTEK-KOMPUTER.txt 2017-09-22 17:38 - 2017-09-22 17:38 - 000059452 _____ C:\Users\Bartek\Desktop\UsbFix_Report.txt 2017-09-22 17:36 - 2017-09-22 17:36 - 000071790 _____ C:\Users\Bartek\Desktop\UsbFix [Scan 1] BARTEK-KOMPUTER.txt 2017-09-22 17:33 - 2017-09-22 17:35 - 000001448 _____ C:\Users\Bartek\Desktop\UsbFix.lnk 2017-09-22 17:33 - 2017-09-22 17:35 - 000000000 ____D C:\UsbFix 2017-09-22 17:32 - 2017-09-22 17:32 - 003823920 _____ (SOSVirus) C:\Users\Bartek\Downloads\UsbFix Free 9.065 [1].exe 2017-09-21 22:16 - 2017-09-21 22:16 - 000000000 ____D C:\Users\Bartek\Desktop\recov 2017-09-21 21:56 - 2017-09-21 22:16 - 000000045 _____ C:\Windows\ddconfig.ini 2017-09-21 21:55 - 2017-09-21 21:56 - 000000000 ____D C:\Users\Bartek\AppData\Local\DiskDrill 2017-09-21 21:55 - 2017-09-21 21:55 - 000003071 _____ C:\Users\Bartek\Desktop\Pandora Recovery.lnk 2017-09-21 21:55 - 2017-09-21 21:55 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pandora Recovery 2017-09-21 21:55 - 2017-09-21 21:55 - 000000000 ____D C:\Users\Bartek\AppData\Local\CrashRpt 2017-09-21 21:55 - 2017-09-21 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery 2017-09-21 21:53 - 2017-09-21 21:53 - 016507392 _____ C:\Users\Bartek\Desktop\pandora-disk-drill.msi 2017-09-21 21:25 - 2017-09-21 21:37 - 261480448 _____ C:\Users\Bartek\Desktop\redobackup-livecd-1.0.4.iso 2017-09-20 00:21 - 2017-09-20 00:21 - 003818793 _____ C:\Users\Bartek\Desktop\2017_czerwiec_pp_odp.pdf 2017-09-20 00:06 - 2017-09-20 00:06 - 000455267 _____ C:\Users\Bartek\Desktop\2017_sierpien_pp.pdf 2017-09-20 00:06 - 2017-09-20 00:06 - 000436119 _____ C:\Users\Bartek\Desktop\2017_czerwiec_pp.pdf 2017-09-20 00:04 - 2017-09-20 00:04 - 000499938 _____ C:\Users\Bartek\Desktop\MMA-P1_1P-172.pdf 2017-09-18 20:23 - 2017-09-18 21:55 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\CoreFTP 2017-09-18 20:23 - 2017-09-18 20:23 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64) 2017-09-18 20:16 - 2017-09-18 20:16 - 000012992 _____ C:\Users\Bartek\AppData\Local\recently-used.xbel 2017-08-30 00:33 - 2017-08-30 02:31 - 1887700351 _____ C:\Users\Bartek\Desktop\Office.16.2016.Professional.Plus.Luty.16.x64.PL.rar ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-09-22 17:36 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-22 17:36 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-22 17:34 - 2011-02-04 19:55 - 000155474 _____ C:\Windows\system32\perfc015.dat 2017-09-22 17:34 - 2011-02-04 19:55 - 000012470 _____ C:\Windows\system32\perfh015.dat 2017-09-22 17:34 - 2009-07-14 07:13 - 000936636 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-22 17:34 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2017-09-22 17:28 - 2016-10-07 09:45 - 000000320 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2017-09-22 17:28 - 2016-08-27 11:57 - 000000000 ____D C:\ProgramData\NVIDIA 2017-09-22 17:28 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-21 21:23 - 2017-05-21 22:22 - 000000000 ____D C:\ProgramData\TEMP 2017-09-20 22:29 - 2016-08-26 20:26 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\TS3Client 2017-09-19 22:32 - 2016-09-20 11:45 - 000000000 ____D C:\Users\Bartek\AppData\Roaming\Spotify 2017-09-19 21:34 - 2016-09-20 11:47 - 000000000 ____D C:\Users\Bartek\AppData\Local\Spotify 2017-09-19 15:35 - 2016-11-22 22:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-09-18 21:16 - 2016-11-22 22:32 - 000000000 ____D C:\Users\Bartek\AppData\LocalLow\Mozilla 2017-09-18 20:18 - 2016-09-12 00:38 - 000000000 ____D C:\Users\Bartek\.gimp-2.8 2017-09-18 20:14 - 2016-09-12 00:48 - 000000000 ____D C:\Users\Bartek\AppData\Local\gtk-2.0 2017-09-03 23:29 - 2017-06-19 23:04 - 000000000 ____D C:\Users\Bartek\AppData\Local\Microsoft Games 2017-09-03 18:07 - 2016-08-29 23:03 - 000000000 ____D C:\Users\Bartek\AppData\Local\CrashDumps 2017-09-02 21:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2017-08-29 23:34 - 2017-03-21 23:42 - 000000000 ____D C:\Users\Bartek\Downloads\Telegram Desktop 2017-08-28 21:37 - 2017-01-22 22:24 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-28 00:12 - 2016-08-31 00:15 - 000000000 ____D C:\Users\Bartek\AppData\Local\SHU ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-08-27 01:00 - 2016-08-27 01:00 - 000000020 ____H () C:\Program Files (x86)\local64spl.dll.ini 2017-04-23 17:00 - 2017-05-05 00:12 - 000000600 _____ () C:\Users\Bartek\AppData\Roaming\winscp.rnd 2017-09-18 20:16 - 2017-09-18 20:16 - 000012992 _____ () C:\Users\Bartek\AppData\Local\recently-used.xbel 2016-11-11 19:56 - 2016-11-11 19:56 - 000007605 _____ () C:\Users\Bartek\AppData\Local\Resmon.ResmonCfg 2017-03-24 22:40 - 2017-03-24 22:40 - 000000552 _____ () C:\Users\Bartek\AppData\Local\TroubleshooterConfig.json ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-09-20 20:19 ==================== Koniec FRST.txt ============================