Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 18-02-2019 Uruchomiony przez Soska (administrator) SOSKA-KOMPUTER (19-02-2019 22:45:24) Uruchomiony z C:\Users\Soska\Downloads Załadowane profile: Soska (Dostępne profile: Soska) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\ProgramData\Logic Cramble\set.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (© pdfforge GmbH.) C:\Program Files\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe ( ) C:\Users\Soska\AppData\Roaming\0kyaxiaqvp1\2mwa1rquts0.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Users\Soska\AppData\Local\Temp\is-SF4SS.tmp\2mwa1rquts0.tmp (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-02-26] (Nero AG -> Nero AG) HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-01] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064520 2009-06-25] (Lenovo (Beijing) Limited -> Lenovo (Beijing) Limited) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-13] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle America, Inc. -> Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\Run: [Chromium] => c:\users\soska\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors) HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\Run: [2310927] => C:\Users\Soska\AppData\Roaming\0kyaxiaqvp1\2mwa1rquts0.exe [1585072 2019-02-19] ( ) HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\Run: [eyjqasr] => "C:\Users\Soska\hxdwxfve.exe" HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\MountPoints2: {33bd55f4-1c9d-11e9-b684-705ab6551158} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\MountPoints2: {c44b5ef8-11e4-11e9-b719-705ab6551158} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\...\MountPoints2: {d7f63514-485e-11e7-b0ea-705ab6551158} - F:\AutoRun.exe HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> IFEO\Polygen.exe: [GlobalFlag] C:\ProgramData\Windows Monitor\Monitor.exe %i deviceId=4379fd39-de27-dc7c-e869-241fb871ff62 channelId=3 distributer=APSF360dev processName=Polygen.exe statsAddress=hxxp://stats.utyuytjn.com/StatisticsService.svc/V1/JSON/LogEvent HKLM\...\SilentProcessExit\Polygen.exe: [MonitorProcess] C:\ProgramData\Windows Monitor\Monitor.exe %i deviceId=4379fd39-de27-dc7c-e869-241fb871ff62 channelId=3 distributer=APSF360dev processName=Polygen.exe statsAddress=hxxp://stats.utyuytjn.com/StatisticsService.svc/V1/JSON/LogEvent Startup: C:\Users\Soska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 2050 J510 series.lnk [2019-02-19] ShortcutTarget: Powiadomienia monitorowania tuszu - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Soska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\virstcec.lnk [2019-02-19] ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{2BBC475E-B9AA-4F20-A730-F4AF5B170C16}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{4EB492E1-6937-4904-BB71-CEC4E63848B6}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUXs70UwlfkZ581yt5tAdnVwV5HqzqDqxuuurEvvLO2Gq2R6kiA-XD0d0C8sFvVx4majumAkGFAc5UUrDY7_2SsnT46onnFxlPPt2GxXbseh8c-yHKdKwbYVWHqRpNiotOg57gHjvbE0AJc8kdI7gLF5Cvcxtm7KjSiLpfpR8&q={searchTerms} HKU\S-1-5-21-1196631564-2932191510-2940953793-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUXs70UwlfkZ581yt5tAdnVwV5HqzqDqxuuurEvvLO2Gq2R6kiA-XD0d0C8sFvVx4majumAkGFAc5UUrDY7_2SsnT46onnFxlPPt2GxXbseh8c-yHKdKwbYVWHqRpNiotOg57gHjvbE0AJc8kdI7gLF5Cvcxtm7KjSiLpfpR8&q={searchTerms} SearchScopes: HKU\S-1-5-21-1196631564-2932191510-2940953793-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2019-02-10] (Oracle America, Inc. -> Oracle Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2019-02-10] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: hb9fh4my.default-1550605003895 FF ProfilePath: C:\Users\Soska\AppData\Roaming\Mozilla\Firefox\Profiles\hb9fh4my.default-1550605003895 [2019-02-19] FF Homepage: Mozilla\Firefox\Profiles\hb9fh4my.default-1550605003895 -> onet.pl FF Extension: (Polski Language Pack) - C:\Users\Soska\AppData\Roaming\Mozilla\Firefox\Profiles\hb9fh4my.default-1550605003895\Extensions\langpack-pl@firefox.mozilla.org.xpi [2019-02-19] FF Extension: (Polish Spellchecker Dictionary) - C:\Users\Soska\AppData\Roaming\Mozilla\Firefox\Profiles\hb9fh4my.default-1550605003895\Extensions\pl@dictionaries.addons.mozilla.org.xpi [2019-02-19] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-26] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2019-02-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2019-02-10] (Oracle Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems Inc.) ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [172032 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2019-02-19] () [Brak podpisu cyfrowego] <==== UWAGA R2 PDF Architect 5 Manager; C:\Program Files\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (pdfforge GmbH -> © pdfforge GmbH.) S2 icnuewv; C:\Windows\system32\icnuewv\tweecaen.exe [X] S2 Smart Monitoring; "\SmartData\jkglskjdfhj.exe" /srv [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 6994BCAA5A43; C:\Windows\6994BCAA5A43.sys [493800 2019-02-19] (韵羽健康管理咨询(上海)有限公司 -> VxDriver) R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo (Beijing) Limited -> Lenovo Corporation) R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [5172224 2009-08-14] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [93632 2016-02-01] (Future Technology Devices International Ltd -> FTDI Ltd.) S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [82880 2016-02-01] (Future Technology Devices International Ltd -> FTDI Ltd.) S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [169472 2009-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [167936 2009-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Realtek ) S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [81920 2010-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.) S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [81920 2010-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [323736 2018-12-17] (Disc Soft Ltd -> Duplex Secure Ltd.) S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-02-19 22:31 - 2019-02-19 22:46 - 000012951 _____ C:\Users\Soska\Downloads\FRST.txt 2019-02-19 22:31 - 2019-02-19 22:45 - 000000000 ____D C:\FRST 2019-02-19 22:31 - 2019-02-19 22:31 - 001793024 _____ (Farbar) C:\Users\Soska\Downloads\FRST.exe 2019-02-19 21:57 - 2019-02-19 22:09 - 000000000 ____D C:\Windows\pss 2019-02-19 20:30 - 2019-02-19 20:30 - 000001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-02-19 20:30 - 2019-02-19 20:30 - 000001109 _____ C:\Users\Public\Desktop\Firefox.lnk 2019-02-19 20:29 - 2019-02-19 20:30 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2019-02-19 20:12 - 2019-02-19 20:12 - 000030165 _____ C:\Windows\system32\servers.def.lkg 2019-02-19 20:12 - 2019-02-19 20:12 - 000030165 _____ C:\Windows\system32\servers.def 2019-02-19 20:12 - 2019-02-19 20:12 - 000003333 _____ C:\Windows\system32\servers.def.vpx 2019-02-19 20:12 - 2019-02-19 20:12 - 000002814 _____ C:\Windows\system32\uat.vpx 2019-02-19 20:12 - 2019-02-19 20:12 - 000002158 _____ C:\Windows\system32\.tmp 2019-02-19 20:12 - 2019-02-19 20:12 - 000000526 _____ C:\Windows\system32\prod-pgm.vpx 2019-02-19 20:12 - 2019-02-19 20:12 - 000000341 _____ C:\Windows\system32\prod-vps.vpx 2019-02-19 19:41 - 2019-02-19 19:41 - 000000000 ___HD C:\$AV_ASW 2019-02-19 19:17 - 2019-02-19 19:17 - 000178320 _____ (AVAST Software) C:\Users\Soska\Downloads\avast_free_antivirus_setup_online.exe 2019-02-19 18:36 - 2019-02-19 18:36 - 000000011 _____ C:\Users\Soska\setup24.ini 2019-02-19 18:35 - 2019-02-19 18:36 - 006161408 _____ C:\Users\Soska\AppData\Local\dump007.dat 2019-02-19 18:34 - 2019-02-19 18:34 - 000000009 _____ C:\Users\Soska\rstr4.ini 2019-02-19 18:32 - 2019-02-19 19:40 - 000000004 _____ C:\ProgramData\lock.dat 2019-02-19 18:32 - 2019-02-19 19:30 - 000000008 _____ C:\ProgramData\irw.atsd 2019-02-19 18:32 - 2019-02-19 18:32 - 000000008 _____ C:\ProgramData\ts.dat 2019-02-19 18:27 - 2019-02-19 18:27 - 000174592 _____ C:\Users\Soska\AppData\Local\TempQce34.exE 2019-02-19 18:23 - 2019-02-19 18:25 - 000015602 _____ C:\Windows\system32\findit.xml 2019-02-19 18:23 - 2019-02-19 18:23 - 000000000 ____D C:\ProgramData\Polygens 2019-02-19 18:21 - 2019-02-19 18:22 - 000000000 ____D C:\ProgramData\Logic Cramble 2019-02-19 18:21 - 2019-02-19 18:21 - 001895382 _____ C:\Users\Soska\AppData\Local\Hometom.bin 2019-02-19 18:20 - 2019-02-19 19:51 - 000000000 ____D C:\Windows\system32\icnuewv 2019-02-19 18:20 - 2019-02-19 18:21 - 000000550 _____ C:\Windows\Tasks\daZUxYAWxkQuTWt.job 2019-02-19 18:20 - 2019-02-19 18:20 - 007881728 _____ C:\Users\Soska\AppData\Local\agent.dat 2019-02-19 18:20 - 2019-02-19 18:20 - 002034984 _____ C:\Users\Soska\AppData\Local\Zoolex.tst 2019-02-19 18:20 - 2019-02-19 18:20 - 000493800 ____N (VxDriver) C:\Windows\6994BCAA5A43.sys 2019-02-19 18:20 - 2019-02-19 18:20 - 000278510 _____ C:\Users\Soska\AppData\Local\FlexFax.tst 2019-02-19 18:20 - 2019-02-19 18:20 - 000126464 _____ C:\Users\Soska\AppData\Local\noah.dat 2019-02-19 18:20 - 2019-02-19 18:20 - 000070896 _____ C:\Users\Soska\AppData\Local\Config.xml 2019-02-19 18:20 - 2019-02-19 18:20 - 000018432 _____ C:\Users\Soska\AppData\Local\Main.dat 2019-02-19 18:20 - 2019-02-19 18:20 - 000005568 _____ C:\Users\Soska\AppData\Local\md.xml 2019-02-19 18:20 - 2019-02-19 18:20 - 000000584 _____ C:\Windows\Tasks\QYuopVyvriCPHaS.job 2019-02-19 18:20 - 2019-02-19 18:18 - 001632256 _____ (TODO: ) C:\Users\Soska\AppData\Local\Zoolex.exe 2019-02-19 18:20 - 2019-02-19 18:18 - 001632256 _____ (TODO: ) C:\Users\Soska\AppData\Local\FlexFax.exe 2019-02-19 18:18 - 2019-02-19 19:51 - 000000000 ____D C:\SmartData 2019-02-19 18:18 - 2019-02-19 18:41 - 000000000 ____D C:\Users\Soska\AppData\Roaming\WidModule 2019-02-19 18:18 - 2019-02-19 18:40 - 000722944 _____ C:\Users\Soska\AppData\Local\sha.db 2019-02-19 18:18 - 2019-02-19 18:39 - 000000000 ____D C:\Users\Soska\AppData\Local\WhiteClick 2019-02-19 18:18 - 2019-02-19 18:19 - 000016368 _____ C:\Users\Soska\AppData\Local\InstallationConfiguration.xml 2019-02-19 18:18 - 2019-02-19 18:18 - 001136176 _____ (Google Inc.) C:\Users\Soska\AppData\Local\ChromeSetup.exe 2019-02-19 18:18 - 2019-02-19 18:18 - 000140800 _____ C:\Users\Soska\AppData\Local\installer.dat 2019-02-19 18:18 - 2019-02-19 18:18 - 000000000 ____D C:\Users\Soska\AppData\Roaming\0kyaxiaqvp1 2019-02-19 18:18 - 2019-02-19 18:18 - 000000000 ____D C:\Users\Soska\AppData\Local\Maurice 2019-02-19 18:18 - 2019-02-19 18:18 - 000000000 ____D C:\Program Files\GUM2DD4.tmp 2019-02-19 18:18 - 2019-02-19 18:18 - 000000000 ____D C:\Program Files\foldershare 2019-02-19 18:18 - 2019-02-19 18:18 - 000000000 ____D C:\DiskScan 2019-02-19 18:17 - 2019-02-19 19:50 - 000000000 ____D C:\ProgramData\localNETService 2019-02-19 18:17 - 2019-02-19 19:31 - 000000000 ____D C:\Program Files\FAP 2019-02-19 18:17 - 2019-02-19 18:17 - 000000003 _____ C:\Users\Soska\AppData\Local\wbem.ini 2019-02-19 18:04 - 2019-02-19 18:04 - 000001353 _____ C:\Users\Soska\pcmscan.cfg 2019-02-19 17:58 - 2010-03-12 18:22 - 000081920 _____ (Prolific Technology Inc.) C:\Windows\system32\Drivers\ser2pl.sys 2019-02-19 17:58 - 2005-08-03 16:05 - 000035892 _____ (Prolific Technology Inc.) C:\Windows\system32\SER9PL.sys 2019-02-19 17:58 - 2005-08-03 16:04 - 000026719 _____ C:\Windows\system32\SERSPL.VXD 2019-02-19 17:05 - 2019-02-19 17:05 - 000000000 ____D C:\SiLabs 2019-02-19 17:03 - 2019-02-19 17:03 - 000000303 _____ C:\Windows\ST6UNST.001 2019-02-19 17:03 - 1998-10-29 14:45 - 000306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2019-02-19 17:01 - 2019-02-19 17:03 - 000006218 _____ C:\Windows\SETUP.LST 2019-02-19 17:01 - 2019-02-19 17:01 - 000000303 _____ C:\Windows\ST6UNST.000 2019-02-19 16:59 - 2019-02-19 16:59 - 000000000 ____D C:\Users\Soska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCMSCAN 2019-02-19 16:59 - 2019-02-19 16:59 - 000000000 ____D C:\Program Files\PCMSCAN 2019-02-19 16:58 - 2019-02-19 16:58 - 000000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2019-02-18 20:18 - 2019-02-18 20:18 - 000069975 _____ C:\Users\Soska\Downloads\PULTUSK-PU-LAB01-20190218123805-33.pdf 2019-02-16 15:16 - 2019-02-17 09:44 - 000000000 ____D C:\Users\Soska\AppData\Local\Roblox 2019-02-16 15:16 - 2019-02-16 15:23 - 000000252 _____ C:\Users\Soska\AppData\LocalLow\rbxcsettings.rbx 2019-02-14 18:15 - 2019-02-19 20:30 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-02-10 18:07 - 2019-02-10 18:07 - 000000000 ____D C:\Users\Soska\.testycdt 2019-02-10 17:55 - 2019-02-10 17:55 - 000002001 _____ C:\Users\Public\Desktop\Testy kategorie C, D, T.lnk 2019-02-10 17:55 - 2019-02-10 17:55 - 000000000 ____D C:\Users\Soska\ePrawko 2019-02-10 17:55 - 2019-02-10 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Testy kategorie C, D, T 2019-02-10 17:49 - 2019-02-10 17:49 - 000000000 ____D C:\Program Files\Testy kategorie C, D, T 2019-02-10 17:48 - 2019-02-10 17:48 - 000264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2019-02-10 17:48 - 2019-02-10 17:48 - 000175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2019-02-10 17:48 - 2019-02-10 17:48 - 000174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2019-02-10 17:48 - 2019-02-10 17:48 - 000094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2019-02-10 17:48 - 2019-02-10 17:48 - 000000000 ____D C:\ProgramData\Sun 2019-02-10 17:48 - 2019-02-10 17:48 - 000000000 ____D C:\ProgramData\Oracle 2019-02-10 17:48 - 2019-02-10 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-02-10 17:48 - 2019-02-10 17:48 - 000000000 ____D C:\Program Files\Java 2019-02-10 17:48 - 2019-02-10 17:48 - 000000000 ____D C:\Program Files\Common Files\Java 2019-02-10 17:47 - 2019-02-10 17:47 - 000000000 ____D C:\Users\Soska\AppData\LocalLow\Sun 2019-01-30 19:19 - 2019-01-30 19:19 - 000000000 ____D C:\ProgramData\Mozilla 2019-01-28 11:20 - 2019-01-28 12:55 - 000000000 ____D C:\Users\Soska\Desktop\seat ==================== Jeden miesiąc (zmodyfikowane) ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2019-02-19 22:44 - 2016-11-19 18:54 - 000000000 ____D C:\Users\Soska\AppData\LocalLow\Mozilla 2019-02-19 22:19 - 2009-07-14 05:34 - 000028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-02-19 22:19 - 2009-07-14 05:34 - 000028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-02-19 22:10 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-02-19 20:46 - 2018-12-17 14:52 - 000000000 ____D C:\Users\Soska\AppData\Local\AVAST Software 2019-02-19 20:46 - 2017-05-26 15:36 - 000000000 ____D C:\ProgramData\AVAST Software 2019-02-19 18:49 - 2018-01-01 13:51 - 000000000 ____D C:\Program Files\Google 2019-02-19 18:47 - 2018-01-01 13:51 - 000000000 ____D C:\Users\Soska\AppData\Local\Google 2019-02-19 18:46 - 2016-10-24 06:37 - 000000000 ___HD C:\Program Files\InstallShield Installation Information 2019-02-19 18:42 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf 2019-02-19 18:36 - 2016-10-23 20:53 - 000000000 ____D C:\Users\Soska 2019-02-19 18:26 - 2016-10-23 20:54 - 000001437 _____ C:\Users\Soska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-02-19 18:17 - 2016-11-02 16:47 - 000000000 ___HD C:\Program Files\Temp 2019-02-19 17:27 - 2011-04-12 06:08 - 000738706 _____ C:\Windows\system32\perfh015.dat 2019-02-19 17:27 - 2011-04-12 06:08 - 000154784 _____ C:\Windows\system32\perfc015.dat 2019-02-19 17:27 - 2010-11-20 22:01 - 001664708 _____ C:\Windows\system32\PerfStringBackup.INI 2019-02-19 17:16 - 2017-06-20 13:29 - 000000000 ____D C:\Program Files\DIFX 2019-02-18 17:24 - 2018-02-24 21:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-02-18 13:16 - 2016-12-28 19:07 - 000000000 ____D C:\Users\Soska\AppData\Local\Deployment 2019-01-30 19:30 - 2018-12-04 20:58 - 000000000 ____D C:\Users\Soska\Desktop\Asia ==================== Pliki w katalogu głównym wybranych folderów ======= 2019-02-19 18:32 - 2019-02-19 19:40 - 000000004 _____ () C:\ProgramData\lock.dat 2019-02-19 18:32 - 2019-02-19 18:32 - 000000008 _____ () C:\ProgramData\ts.dat 1601-01-03 21:26 - 1601-01-03 21:26 - 000073216 ____N (Microsoft Corporation) C:\Users\Soska\AeWteMpiUea.exe 1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Program Files\HLUiFBNyOYuVy.exe 1601-01-03 21:26 - 1601-01-03 21:26 - 000073216 ____N (Microsoft Corporation) C:\Program Files\Common Files\deuNeyt.exe 2016-10-24 11:50 - 2016-10-24 11:50 - 000272384 _____ (Microsoft Corporation) C:\Users\Soska\AppData\Roaming\1d8f9911fea172f938a4d417ec13160e.exe 2019-02-19 18:20 - 2019-02-19 18:20 - 007881728 _____ () C:\Users\Soska\AppData\Local\agent.dat 2019-02-19 18:18 - 2019-02-19 18:18 - 001136176 _____ (Google Inc.) C:\Users\Soska\AppData\Local\ChromeSetup.exe 2019-02-19 18:20 - 2019-02-19 18:20 - 000070896 _____ () C:\Users\Soska\AppData\Local\Config.xml 2019-02-19 18:35 - 2019-02-19 18:36 - 006161408 _____ () C:\Users\Soska\AppData\Local\dump007.dat 2019-02-19 18:20 - 2019-02-19 18:18 - 001632256 _____ (TODO: ) C:\Users\Soska\AppData\Local\FlexFax.exe 2019-02-19 18:20 - 2019-02-19 18:20 - 000278510 _____ () C:\Users\Soska\AppData\Local\FlexFax.tst 2019-02-19 18:21 - 2019-02-19 18:21 - 001895382 _____ () C:\Users\Soska\AppData\Local\Hometom.bin 2019-02-19 18:18 - 2019-02-19 18:19 - 000016368 _____ () C:\Users\Soska\AppData\Local\InstallationConfiguration.xml 2019-02-19 18:18 - 2019-02-19 18:18 - 000140800 _____ () C:\Users\Soska\AppData\Local\installer.dat 2019-02-19 18:20 - 2019-02-19 18:20 - 000018432 _____ () C:\Users\Soska\AppData\Local\Main.dat 2019-02-19 18:20 - 2019-02-19 18:20 - 000005568 _____ () C:\Users\Soska\AppData\Local\md.xml 2019-02-19 18:20 - 2019-02-19 18:20 - 000126464 _____ () C:\Users\Soska\AppData\Local\noah.dat 2019-02-19 18:18 - 2019-02-19 18:40 - 000722944 _____ () C:\Users\Soska\AppData\Local\sha.db 2019-02-19 18:27 - 2019-02-19 18:27 - 000174592 _____ () C:\Users\Soska\AppData\Local\TempQce34.exE 2019-02-19 18:22 - 2019-02-19 18:22 - 000032038 _____ () C:\Users\Soska\AppData\Local\uninstall_temp.ico 2019-02-19 18:17 - 2019-02-19 18:17 - 000000003 _____ () C:\Users\Soska\AppData\Local\wbem.ini 2019-02-19 18:20 - 2019-02-19 18:18 - 001632256 _____ (TODO: ) C:\Users\Soska\AppData\Local\Zoolex.exe 2019-02-19 18:20 - 2019-02-19 18:20 - 002034984 _____ () C:\Users\Soska\AppData\Local\Zoolex.tst Niektóre pliki w TEMP: ==================== 2019-02-19 18:19 - 2019-02-19 18:19 - 000097280 _____ () C:\Users\Soska\AppData\Local\Temp\5072.tmp.exe 2019-02-19 18:18 - 2019-02-19 18:18 - 000588800 _____ () C:\Users\Soska\AppData\Local\Temp\699C.tmp.exe 2019-02-19 17:20 - 2013-07-29 13:40 - 000086392 _____ () C:\Users\Soska\AppData\Local\Temp\dp-chooser.exe 2019-02-19 17:20 - 2013-07-29 13:41 - 000676288 _____ (Microsoft Corporation) C:\Users\Soska\AppData\Local\Temp\dpinst-amd64.exe 2019-02-19 17:20 - 2013-07-29 13:41 - 000550848 _____ (Microsoft Corporation) C:\Users\Soska\AppData\Local\Temp\dpinst-x86.exe 2019-02-19 18:33 - 2019-02-19 20:51 - 000000000 ____D () C:\Users\Soska\AppData\Local\Temp\ImagingEngine.dll 2019-02-19 18:17 - 2019-02-19 18:17 - 000790324 _____ (fQpOrZ7JVby2EVv3wcHM ) C:\Users\Soska\AppData\Local\Temp\installer.exe 2019-02-19 18:17 - 2019-02-19 18:17 - 002526208 _____ () C:\Users\Soska\AppData\Local\Temp\installer_mi.exe 2019-02-19 18:17 - 2019-02-19 18:17 - 001892472 _____ (Google Inc.) C:\Users\Soska\AppData\Local\Temp\mcasin.exe 2006-10-27 23:14 - 2006-10-27 23:14 - 000145184 ____R (Microsoft Corporation) C:\Users\Soska\AppData\Local\Temp\ose00000.exe 2019-02-19 18:17 - 2019-02-19 18:17 - 000670528 _____ (ZRFXRD ) C:\Users\Soska\AppData\Local\Temp\pixel.exe 2019-02-19 18:17 - 2019-02-19 18:18 - 013205167 _____ (MAL ) C:\Users\Soska\AppData\Local\Temp\pxohoo124bo.exe 2019-02-19 18:17 - 2019-02-19 18:17 - 000707392 _____ (FAZD ) C:\Users\Soska\AppData\Local\Temp\speedycar.exe 2019-02-19 18:45 - 2019-02-19 18:19 - 000099897 _____ () C:\Users\Soska\AppData\Local\Temp\Uninstall.exe 2019-02-19 18:17 - 2019-02-19 18:17 - 000355680 _____ (Lavasoft) C:\Users\Soska\AppData\Local\Temp\WcInstaller.exe 2019-02-19 18:17 - 2019-02-19 18:17 - 001104159 _____ (WhiteClick ) C:\Users\Soska\AppData\Local\Temp\whiteclick.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\dllhost.exe => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2019-02-16 17:29 ==================== Koniec FRST.txt ============================