Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 12.05.2018 Uruchomiony przez Dominik (administrator) DESKTOP-D9U2UGO (15-05-2018 22:37:56) Uruchomiony z C:\Users\Dominik\Desktop Załadowane profile: Dominik (Dostępne profile: Dominik) Platform: Windows 10 Home Wersja 1803 17134.1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe () C:\Program Files (x86)\DFX\DFX.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated) HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1596920 2016-10-13] () HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-4073070726-1496470457-1597898839-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4096056 2018-03-16] (Tonec Inc.) HKU\S-1-5-21-4073070726-1496470457-1597898839-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 AlternateShell: GroupPolicy: Ograniczenia <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{a85e01ed-bb00-4c4a-a0e5-5e85c841e832}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{a9b4ad0b-7eda-46eb-a68c-3fb81407d93a}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-4073070726-1496470457-1597898839-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Internet Download Manager, Tonec Inc.) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Internet Download Manager, Tonec Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: xwvm6fvm.default FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\xwvm6fvm.default [2018-05-15] FF Homepage: Mozilla\Firefox\Profiles\xwvm6fvm.default -> www.google.pl FF Session Restore: Mozilla\Firefox\Profiles\xwvm6fvm.default -> [funkcja włączona] FF HKU\S-1-5-21-4073070726-1496470457-1597898839-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28] FF HKU\S-1-5-21-4073070726-1496470457-1597898839-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Dominik\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Dominik\AppData\Roaming\IDM\idmmzcc5 [2017-05-29] [Przestarzałe] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-4073070726-1496470457-1597898839-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Przestarzałe] FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-02-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01] Opera: ======= StartMenuInternet: (HKLM) Operabeta - C:\Program Files\Opera beta\Launcher.exe ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AEADIFilters; C:\WINDOWS\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation) S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-03] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-03] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider) R3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-15] (Windows (R) Win 7 DDK provider) R3 HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-29] (REALiX(tm)) R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation) R3 RICOH SmartCard Reader; C:\WINDOWS\system32\DRIVERS\rismcx64.sys [79488 2006-10-03] (RICOH Company, Ltd.) R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [3821064 2016-10-01] (Realtek Semiconductor Corporation ) U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-12] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-03] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-05-03] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-03] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-05-15 22:37 - 2018-05-15 22:39 - 000011650 _____ C:\Users\Dominik\Desktop\FRST.txt 2018-05-15 22:37 - 2018-05-15 22:37 - 000000000 ____D C:\FRST 2018-05-15 22:35 - 2018-05-15 22:35 - 002404864 _____ (Farbar) C:\Users\Dominik\Desktop\FRST64.exe 2018-05-15 21:00 - 2018-05-15 21:00 - 000000000 ____D C:\WINDOWS\Minidump 2018-05-13 21:13 - 2018-05-13 21:13 - 000094045 _____ C:\Users\Dominik\Desktop\2018_05_IGSP_FVK_073895_signed.pdf 2018-05-13 00:27 - 2018-05-13 00:27 - 002255064 _____ (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe 2018-05-13 00:27 - 2018-05-13 00:27 - 002232024 _____ (Broadcom Corporation.) C:\WINDOWS\system32\BcmBtRSupport.dll 2018-05-13 00:27 - 2018-05-13 00:27 - 000170712 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\bcbtums.sys 2018-05-13 00:27 - 2018-05-13 00:27 - 000166104 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwampfl.sys 2018-05-13 00:27 - 2018-05-13 00:27 - 000066264 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btwdi.dll 2018-05-12 23:56 - 2018-05-15 22:32 - 000003412 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1516827158 2018-05-12 23:56 - 2018-05-12 23:56 - 000001207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera beta.lnk 2018-05-12 23:55 - 2018-05-12 23:55 - 001332344 _____ (Opera Software) C:\Users\Dominik\Downloads\OperaSetupBeta.exe 2018-05-12 23:51 - 2018-05-12 23:51 - 000000000 ____D C:\Users\Dominik\Desktop\Nowy folder 2018-05-12 23:47 - 2018-05-12 23:47 - 000000000 ____D C:\ProgramData\Driver-Soft 2018-05-12 23:36 - 2018-05-12 23:36 - 000000000 ____D C:\Users\Dominik\AppData\Local\D3DSCache 2018-05-12 23:24 - 2018-05-12 23:31 - 000000000 ____D C:\AMD 2018-05-12 23:16 - 2018-05-01 23:22 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-05-12 23:16 - 2018-05-01 23:22 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-05-12 23:08 - 2018-05-12 22:40 - 000000000 ____D C:\Windows.old 2018-05-12 23:07 - 2018-05-12 23:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2018-05-12 23:03 - 2018-05-12 23:03 - 000000020 ___SH C:\Users\Dominik\ntuser.ini 2018-05-12 22:37 - 2018-05-15 21:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-05-12 22:37 - 2018-05-12 23:52 - 000003924 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-05-12 22:37 - 2018-05-12 23:52 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-05-12 22:37 - 2018-05-12 22:38 - 000002280 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2018-05-12 22:37 - 2018-05-12 22:37 - 000002946 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-05-12 22:37 - 2018-05-12 22:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2018-05-12 22:36 - 2018-05-12 22:37 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2018-05-12 22:36 - 2018-05-12 22:37 - 000007623 _____ C:\WINDOWS\diagerr.xml 2018-05-12 22:28 - 2018-05-15 21:08 - 001763504 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-05-12 22:16 - 2018-05-12 23:03 - 000000000 ____D C:\Users\Dominik 2018-05-12 22:16 - 2018-05-12 22:19 - 000000000 ____D C:\Users\Dominik\AppData\Roaming\hpqLog 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\Ustawienia lokalne 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\Szablony 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\Moje dokumenty 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\Menu Start 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\Documents\Moje wideo 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\Documents\Moje obrazy 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\Documents\Moja muzyka 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\Dane aplikacji 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\AppData\Local\Historia 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 _SHDL C:\Users\Dominik\AppData\Local\Dane aplikacji 2018-05-12 22:16 - 2018-05-12 22:16 - 000000000 ____D C:\ProgramData\USOShared 2018-05-12 22:16 - 2018-04-12 01:34 - 000001105 _____ C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-05-12 22:16 - 2017-05-29 04:33 - 000000000 ____D C:\Users\Dominik\AppData\Local\Microsoft Help 2018-05-12 22:15 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2018-05-12 22:10 - 2018-05-15 21:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-05-12 22:09 - 2018-05-12 22:21 - 000407880 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-05-12 21:46 - 2018-05-12 23:08 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2018-05-12 21:43 - 2018-05-12 21:46 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2018-05-12 21:37 - 2018-05-12 21:37 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2018-05-12 21:37 - 2018-05-12 21:37 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2018-05-12 21:37 - 2018-05-12 21:37 - 000000000 ____D C:\Program Files\Reference Assemblies 2018-05-12 21:37 - 2018-05-12 21:37 - 000000000 ____D C:\Program Files\MSBuild 2018-05-12 21:37 - 2018-05-12 21:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2018-05-12 21:37 - 2018-05-12 21:37 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-05-12 21:35 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2018-05-12 21:35 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2018-05-12 21:35 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2018-05-12 21:35 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2018-05-12 21:35 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2018-05-12 21:35 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2018-05-12 21:23 - 2018-05-12 21:23 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2018-05-12 21:00 - 2018-05-12 22:39 - 000000000 ___DC C:\WINDOWS\Panther 2018-05-09 23:04 - 2018-05-10 00:11 - 000000000 ____D C:\Users\Dominik\Downloads\Chucky III 2018-05-08 22:20 - 2018-05-08 22:21 - 016522225 _____ C:\Users\Dominik\Desktop\im_pregnant.mp4 2018-05-07 21:14 - 2018-05-13 20:35 - 000000000 ____D C:\Users\Dominik\Desktop\Aukcja 2018-05-06 22:40 - 2018-05-13 11:57 - 000000779 _____ C:\Users\Dominik\Desktop\Nowy dokument tekstowy.txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-05-15 22:36 - 2017-05-27 22:07 - 000000000 ___RD C:\Users\Dominik\Desktop\IDM 2018-05-15 22:26 - 2017-05-29 12:25 - 000000000 ____D C:\ProgramData\ProductData 2018-05-15 21:08 - 2018-04-12 17:51 - 000783576 _____ C:\WINDOWS\system32\perfh015.dat 2018-05-15 21:08 - 2018-04-12 17:51 - 000151702 _____ C:\WINDOWS\system32\perfc015.dat 2018-05-15 21:08 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2018-05-15 21:05 - 2017-05-29 01:15 - 000000000 ____D C:\Users\Dominik\AppData\LocalLow\Mozilla 2018-05-15 21:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-05-15 21:01 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-05-15 21:00 - 2017-05-28 21:27 - 000160557 ____N C:\WINDOWS\Minidump\051518-29296-01.dmp 2018-05-14 23:46 - 2018-04-11 23:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2018-05-14 23:46 - 2017-05-29 11:52 - 000000000 ____D C:\Users\Dominik\AppData\Roaming\DMCache 2018-05-14 21:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\appcompat 2018-05-13 20:01 - 2018-01-29 01:25 - 000000000 ____D C:\Users\Dominik\AppData\Local\PlaceholderTileLogoFolder 2018-05-12 23:56 - 2018-01-24 22:52 - 000000000 ____D C:\Program Files\Opera beta 2018-05-12 23:24 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-05-12 23:24 - 2017-11-06 17:31 - 000000000 ____D C:\Users\Dominik\AppData\Local\Packages 2018-05-12 23:16 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-05-12 23:09 - 2018-04-12 01:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2018-05-12 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-05-12 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2018-05-12 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2018-05-12 23:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\spool 2018-05-12 23:09 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2018-05-12 23:09 - 2017-05-31 22:30 - 000000000 ____D C:\WINDOWS\SysWOW64\GPBAK 2018-05-12 23:09 - 2017-05-30 09:08 - 000000000 ____D C:\WINDOWS\WindowsMobile 2018-05-12 23:08 - 2018-04-12 01:41 - 000000000 ____D C:\WINDOWS\Setup 2018-05-12 23:08 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-05-12 23:08 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-05-12 23:08 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\System 2018-05-12 23:08 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-05-12 23:08 - 2017-09-08 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2018-05-12 23:08 - 2017-05-29 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2018-05-12 23:08 - 2017-05-29 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2018-05-12 23:08 - 2017-05-29 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2018-05-12 23:08 - 2017-05-29 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer 2018-05-12 23:08 - 2017-05-29 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-05-12 23:08 - 2017-05-29 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2018-05-12 23:08 - 2017-05-29 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X5 2018-05-12 23:08 - 2017-05-29 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO 2018-05-12 23:08 - 2017-05-29 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2018-05-12 23:08 - 2017-05-29 01:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2018-05-12 23:08 - 2017-05-29 01:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-05-12 23:08 - 2015-10-30 21:23 - 000000000 ____D C:\WINDOWS\ShellNew 2018-05-12 23:08 - 2015-10-30 09:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-05-12 23:05 - 2017-05-28 22:58 - 000000000 ____D C:\Users\Dominik\AppData\Local\ConnectedDevicesPlatform 2018-05-12 23:03 - 2017-11-06 17:55 - 000000000 ___RD C:\Users\Dominik\3D Objects 2018-05-12 23:03 - 2017-05-28 21:40 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-05-12 22:39 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-05-12 22:39 - 2017-05-28 21:43 - 000000000 ___HD C:\$GetCurrent 2018-05-12 22:38 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\windows nt 2018-05-12 22:37 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Defender 2018-05-12 22:35 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Registration 2018-05-12 22:27 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2018-05-12 22:26 - 2017-05-28 22:54 - 000023140 _____ C:\WINDOWS\system32\emptyregdb.dat 2018-05-12 22:19 - 2017-05-29 13:39 - 000000000 ____D C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2018-05-12 22:19 - 2017-05-29 11:52 - 000000000 ____D C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2018-05-12 22:17 - 2017-05-29 01:17 - 000000000 ____D C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-05-12 22:16 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\USOPrivate 2018-05-12 22:14 - 2017-06-03 21:07 - 000000000 ____D C:\WINDOWS\QLB 2018-05-12 21:52 - 2018-04-12 01:38 - 000000000 __RHD C:\Users\Public\Libraries 2018-05-12 21:46 - 2017-06-03 21:08 - 000000000 ____D C:\Program Files\Synaptics 2018-05-12 21:46 - 2017-06-03 21:08 - 000000000 ____D C:\Program Files\CONEXANT 2018-05-12 21:46 - 2017-06-03 21:07 - 000000000 ____D C:\Program Files (x86)\Analog Devices 2018-05-12 21:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2018-05-12 21:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MUI 2018-05-12 21:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2018-05-12 20:59 - 2017-05-28 21:57 - 000000036 _____ C:\WINDOWS\progress.ini 2018-05-10 00:54 - 2018-03-07 22:24 - 000000000 ____D C:\Users\Dominik\AppData\Roaming\uTorrent 2018-05-09 23:27 - 2018-02-25 22:36 - 000000000 ____D C:\ProgramData\DVD Shrink 2018-05-09 23:14 - 2017-05-29 14:32 - 000000000 ____D C:\Users\Dominik\AppData\Roaming\vlc 2018-05-04 00:18 - 2017-05-29 01:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-05-04 00:18 - 2017-05-29 01:15 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-05-03 23:59 - 2015-10-30 09:24 - 000000167 _____ C:\WINDOWS\win.ini 2018-05-03 21:20 - 2018-03-03 22:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-09-21 22:05 - 2015-09-21 22:05 - 000936960 _____ (AutoIt Team) C:\ProgramData\NYDjAc.exe 2017-05-29 13:48 - 2017-05-29 13:48 - 000000024 ___SH () C:\Users\Dominik\AppData\Roaming\1D959CA221C7573.sys 2017-05-29 13:48 - 2017-05-29 13:48 - 000000024 ___SH () C:\Users\Dominik\AppData\Roaming\System5908ConfigCollection.dat 2017-05-28 23:04 - 2017-05-28 23:04 - 000000000 _____ () C:\Users\Dominik\AppData\Local\AtStart.txt 2017-05-28 23:04 - 2017-05-28 23:04 - 000000000 _____ () C:\Users\Dominik\AppData\Local\DSwitch.txt 2017-05-28 23:04 - 2017-05-28 23:04 - 000000000 _____ () C:\Users\Dominik\AppData\Local\QSwitch.txt ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-05-12 22:09 ==================== Koniec FRST.txt ============================