Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:31-08-2015 Uruchomiony przez PIEJ (administrator) PIEJ-KOMPUTER (02-09-2015 20:03:37) Uruchomiony z C:\Users\PIEJ\Downloads Załadowane profile: PIEJ (Dostępne profile: PIEJ) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\WinRAR\WinRAR.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2473568 2010-11-12] (Synaptics Incorporated) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2012-05-17] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2012-05-17] (Lenovo(beijing) Limited) HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation) HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-09-17] (Comodo Security Solutions, Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2669568 2015-04-17] (Sony Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2815828409-2635610953-2662846679-1000\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [1379840 2011-08-16] () HKU\S-1-5-21-2815828409-2635610953-2662846679-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.) HKU\S-1-5-21-2815828409-2635610953-2662846679-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) AppInit_DLLs: C:\Windows\System32\guard64.dll => Brak pliku ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2003-02-14] (Autodesk) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-05-17] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-11-22] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Pobieracz w tle.lnk [2013-03-25] ShortcutTarget: SolidWorks Pobieracz w tle.lnk -> C:\Program Files (x86)\Common Files\Menedżer instalacji SolidWorks\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci..) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 89.161.65.247 89.161.65.246 192.168.1.1 Tcpip\..\Interfaces\{1240FDD2-BAA4-4727-89BA-A205AFA9E7F7}: [DhcpNameServer] 89.161.65.247 89.161.65.246 192.168.1.1 Tcpip\..\Interfaces\{182D7294-1591-4DF4-B38F-6E1847B9FCE7}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{FBC28E2D-BFA0-48C2-BF62-81A837A01D40}: [DhcpNameServer] 202.96.134.133 202.96.134.133 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA HKU\S-1-5-21-2815828409-2635610953-2662846679-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome SearchScopes: HKU\S-1-5-21-2815828409-2635610953-2662846679-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: YouTube To ALLPlayer -> {61DB16C5-B733-43F4-872E-B20DC9E72740} -> C:\Program Files (x86)\ALLPlayer\YouTubeToALLPlayer.dll [2010-04-18] (ALLPlayer.org) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\PIEJ\AppData\Roaming\Mozilla\Firefox\Profiles\6rppx7lf.default FF Homepage: hxxps://www.google.pl/webhp?ie=utf-8&oe=utf-8&gws_rd=cr&ei=vNvdVbb-M4GvygPuwbyoBw FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2815828409-2635610953-2662846679-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PIEJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-09-24] (Unity Technologies ApS) FF Extension: 20-20 3D Viewer - IKEA - C:\Users\PIEJ\AppData\Roaming\Mozilla\Firefox\Profiles\6rppx7lf.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-05-28] FF Extension: Iplex to ALLPlayer - C:\Users\PIEJ\AppData\Roaming\Mozilla\Firefox\Profiles\6rppx7lf.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2012-06-25] FF Extension: ALLYouTubeDownloader - C:\Users\PIEJ\AppData\Roaming\Mozilla\Firefox\Profiles\6rppx7lf.default\Extensions\YouTubetoALL@ALLPlayer.org.xpi [2012-10-26] Chrome: ======= CHR Profile: C:\Users\PIEJ\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\PIEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-10] CHR Extension: (Google Docs) - C:\Users\PIEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-10] CHR Extension: (Google Drive) - C:\Users\PIEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-10] CHR Extension: (YouTube) - C:\Users\PIEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-10] CHR Extension: (Google Search) - C:\Users\PIEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-10] CHR Extension: (Google Sheets) - C:\Users\PIEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-10] CHR Extension: (Google Wallet) - C:\Users\PIEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10] CHR Extension: (Gmail) - C:\Users\PIEJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-10] CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\PIEJ\AppData\Roaming\BabSolution\CR\Delta.crx Opera: ======= OPR Extension: (Jungle Net) - C:\Users\PIEJ\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahlaekhgkfadaoogdnoiliidaglgefbc [2015-08-11] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Brak podpisu cyfrowego] R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.) S3 C-DillaCdaC11BA; C:\Windows\SysWOW64\drivers\CDAC11BA.EXE [54784 2013-05-29] (Macrovision) [Brak podpisu cyfrowego] S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-09-19] (Comodo Security Solutions, Inc.) S3 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2012-12-27] (Dassault Systèmes) [Brak podpisu cyfrowego] S3 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-09-17] (Comodo Security Solutions, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [494592 2015-04-17] (Sony Corporation) S4 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [109624 2011-08-17] (Mentor Graphics Corporation) [Brak podpisu cyfrowego] S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-03-25] (SolidWorks) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 CdaC15BA; C:\Windows\SysWOW64\drivers\CDAC15BA.SYS [12464 2013-05-29] (Macrovision Europe Ltd) [Brak podpisu cyfrowego] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-25] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203104 2012-08-29] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation) R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U3 aftcyaog; \??\C:\Users\PIEJ\AppData\Local\Temp\aftcyaog.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-02 20:03 - 2015-09-02 20:03 - 00015952 _____ C:\Users\PIEJ\Downloads\FRST.txt 2015-09-02 18:20 - 2015-09-02 20:03 - 00000000 ____D C:\FRST 2015-09-02 18:19 - 2015-09-02 18:19 - 02188800 _____ (Farbar) C:\Users\PIEJ\Downloads\FRST64.exe 2015-09-02 18:13 - 2015-09-02 18:14 - 00012562 _____ C:\Users\PIEJ\Desktop\gmer.txt 2015-09-02 18:01 - 2014-01-28 18:36 - 00380416 _____ C:\Users\PIEJ\Desktop\gmer.exe 2015-09-02 17:55 - 2015-09-02 17:55 - 00370943 _____ C:\Users\PIEJ\Downloads\gmer.zip 2015-09-01 21:58 - 2015-09-01 23:13 - 00000000 ____D C:\AdwCleaner 2015-09-01 21:57 - 2015-09-01 21:57 - 01618432 _____ C:\Users\PIEJ\Downloads\AdwCleaner.pl 5.004.exe 2015-09-01 20:55 - 2015-09-01 20:55 - 00000000 _____ C:\Users\PIEJ\Desktop\Nowy dokument tekstowy.txt 2015-09-01 20:28 - 2015-09-01 20:28 - 00000000 ___RD C:\Users\PIEJ\Documents\Notes 2015-09-01 12:53 - 2015-09-01 12:53 - 00001934 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-09-01 12:53 - 2015-09-01 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-09-01 12:52 - 2015-09-01 12:53 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-08-21 15:21 - 2015-08-24 16:19 - 00000000 ____D C:\Users\PIEJ\Desktop\materac 2015-08-19 21:02 - 2015-08-19 21:07 - 13083878 _____ C:\Users\PIEJ\Downloads\4.zip 2015-08-19 21:01 - 2015-08-19 21:07 - 18692090 _____ C:\Users\PIEJ\Downloads\2(1).zip 2015-08-19 21:01 - 2015-08-19 21:07 - 13659789 _____ C:\Users\PIEJ\Downloads\3(1).zip 2015-08-19 21:01 - 2015-08-19 21:05 - 12337796 _____ C:\Users\PIEJ\Downloads\1(1).zip 2015-08-13 20:27 - 2015-08-24 09:59 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-13 20:20 - 2015-08-13 20:20 - 00000000 ____D C:\Users\PIEJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth 2015-08-13 20:18 - 2015-08-28 08:18 - 00000472 __RSH C:\ProgramData\ntuser.pol 2015-08-11 17:25 - 2015-08-11 17:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2015-08-11 17:08 - 2012-08-29 08:24 - 00203104 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudserd.sys 2015-08-11 17:08 - 2012-08-29 08:24 - 00203104 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-08-11 17:08 - 2012-08-29 08:24 - 00102368 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2015-08-11 17:08 - 2012-06-27 10:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2015-08-11 17:08 - 2012-06-27 10:37 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll 2015-08-11 17:07 - 2015-08-11 17:07 - 00000000 ____D C:\Program Files\SAMSUNG 2015-08-11 17:05 - 2015-08-11 17:05 - 00000000 ____D C:\Users\PIEJ\AppData\Roaming\Opera Software 2015-08-11 17:05 - 2015-08-11 17:05 - 00000000 ____D C:\ProgramData\Samsung 2015-08-11 17:04 - 2015-08-11 17:04 - 00000000 ____D C:\Users\PIEJ\.android 2015-08-11 17:03 - 2015-08-26 17:24 - 00000000 ____D C:\Users\PIEJ\AppData\Roaming\SyncDroid 2015-08-11 17:03 - 2015-08-11 17:30 - 00000000 ____D C:\Users\PIEJ\Documents\SyncDroid 2015-08-11 17:00 - 2015-08-11 17:01 - 00000000 ____D C:\ProgramData\gWinManProg 2015-08-11 16:54 - 2015-08-11 16:54 - 00842424 _____ (Application ) C:\Users\PIEJ\Downloads\SyncDroid-59471-dp.exe 2015-08-05 18:38 - 2015-08-19 21:21 - 00000000 ____D C:\Users\PIEJ\Desktop\do wywołania ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-02 20:02 - 2012-08-23 18:42 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-02 20:02 - 2012-08-23 18:42 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-02 19:34 - 2012-05-18 16:14 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-02 17:53 - 2012-05-17 18:25 - 01052963 _____ C:\Windows\WindowsUpdate.log 2015-09-02 05:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-02 05:41 - 2009-07-14 06:51 - 00185088 _____ C:\Windows\setupact.log 2015-09-01 23:11 - 2012-05-21 13:53 - 00108474 _____ C:\Windows\PFRO.log 2015-09-01 20:30 - 2009-07-14 19:55 - 00739932 _____ C:\Windows\system32\perfh015.dat 2015-09-01 20:30 - 2009-07-14 19:55 - 00155474 _____ C:\Windows\system32\perfc015.dat 2015-09-01 20:30 - 2009-07-14 07:13 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-31 18:00 - 2012-12-09 13:04 - 00000000 ____D C:\Users\PIEJ\AppData\Roaming\Skype 2015-08-29 19:57 - 2012-08-23 18:42 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-29 19:57 - 2012-08-23 18:42 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-25 10:01 - 2014-10-26 09:34 - 00009906 _____ C:\Users\PIEJ\Desktop\WAGA.xlsx 2015-08-19 22:07 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-18 17:11 - 2013-03-25 18:36 - 00000000 ____D C:\Users\PIEJ\AppData\Roaming\SolidWorks 2015-08-13 15:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\GroupPolicy 2015-08-11 17:04 - 2012-05-17 18:34 - 00000000 ____D C:\Users\PIEJ ==================== Pliki w katalogu głównym wybranych folderów ======= 2013-09-30 20:15 - 2013-09-30 20:15 - 0000017 _____ () C:\Users\PIEJ\AppData\Local\resmon.resmoncfg 2014-04-15 20:15 - 2015-04-19 22:32 - 0005918 _____ () C:\Users\PIEJ\AppData\Local\unins000.dat 2015-04-19 22:32 - 2015-04-19 22:32 - 0707744 _____ () C:\Users\PIEJ\AppData\Local\unins000.exe 2014-04-15 20:15 - 2015-04-19 22:32 - 0011761 _____ () C:\Users\PIEJ\AppData\Local\unins000.msg 2012-07-02 17:14 - 2010-11-20 14:17 - 100573184 ___SH () C:\ProgramData\msinrjdr.exe Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\msinrjdr.exe Niektóre pliki w TEMP: ==================== C:\Users\PIEJ\AppData\Local\Temp\catchme.dll C:\Users\PIEJ\AppData\Local\Temp\cdo1548329062.dll C:\Users\PIEJ\AppData\Local\Temp\cdo1648086655.dll C:\Users\PIEJ\AppData\Local\Temp\cdo1765548488.dll C:\Users\PIEJ\AppData\Local\Temp\cdo1990763443.dll C:\Users\PIEJ\AppData\Local\Temp\cdo2551926954.dll C:\Users\PIEJ\AppData\Local\Temp\cdo2574221171.dll C:\Users\PIEJ\AppData\Local\Temp\cdo3334136900.dll C:\Users\PIEJ\AppData\Local\Temp\cdo4082752916.dll C:\Users\PIEJ\AppData\Local\Temp\ICReinstall_SyncDroid-59471-dp.exe C:\Users\PIEJ\AppData\Local\Temp\syncdroid.exe C:\Users\PIEJ\AppData\Local\Temp\WZCPlugin_VISTA.exe C:\Users\PIEJ\AppData\Local\Temp\{10AAEB22-F4D8-449A-BD39-0E49C158029A}.dll C:\Users\PIEJ\AppData\Local\Temp\{1ACE94D5-BC6E-4D21-9454-8708AE252E5C}.dll C:\Users\PIEJ\AppData\Local\Temp\{1C87D9FF-595F-4158-903C-D9C728FB9A49}.dll C:\Users\PIEJ\AppData\Local\Temp\{4BECF275-B5F2-4ECB-88E9-799D9EE864B3}.dll C:\Users\PIEJ\AppData\Local\Temp\{5BA55AA1-6682-4A60-9CAC-AA7BBC163D4E}.dll C:\Users\PIEJ\AppData\Local\Temp\{6A69C49C-D340-4815-9734-001CB77F7C44}.dll C:\Users\PIEJ\AppData\Local\Temp\{6DB54429-3DD7-4AB3-A263-65AA662C9756}.dll C:\Users\PIEJ\AppData\Local\Temp\{850612C5-3411-48B8-ABC5-D5EB33053DDC}.dll C:\Users\PIEJ\AppData\Local\Temp\{935E7234-CF6E-40F9-83B7-F8D3C939F0C3}.dll C:\Users\PIEJ\AppData\Local\Temp\{944772DB-8F21-4DC7-9878-AACF51E23F6D}.dll C:\Users\PIEJ\AppData\Local\Temp\{9C5B8859-ACF9-46CF-A3C2-7F912BDE0A44}.dll C:\Users\PIEJ\AppData\Local\Temp\{9FE6B799-6A24-4488-B1A8-7BF5645D046D}.dll C:\Users\PIEJ\AppData\Local\Temp\{ABA66BC3-ED7D-43A3-8602-194D8A6CB765}.dll C:\Users\PIEJ\AppData\Local\Temp\{C5E036F9-0B15-4715-ADC3-A8ADA91B8080}.dll C:\Users\PIEJ\AppData\Local\Temp\{D5B84460-94C0-4A78-AC9A-E9F7ABBCB676}.dll C:\Users\PIEJ\AppData\Local\Temp\{E44C3556-089F-4117-B218-4A4938FEC52C}.dll C:\Users\PIEJ\AppData\Local\Temp\{E5AC7C74-C23C-470F-A9CF-CFC0D20C0116}.dll C:\Users\PIEJ\AppData\Local\Temp\{F568FAA0-CE20-49B0-8BC6-0D99E1EC3213}.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-09-01 14:47 ==================== Koniec FRST.txt ============================