Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:15-09-2015 Uruchomiony przez user (administrator) GORZOW_GOSIA (16-09-2015 13:08:49) Uruchomiony z C:\Users\user\Downloads Załadowane profile: user (Dostępne profile: user) Platform: Windows Vista (TM) Business Service Pack 2 (X64) Język: Polski (Polska) Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE () C:\Program Files (x86)\Jealous Opening\Jealous Opening.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (The Ghokswa Authors) C:\Program Files (x86)\ghokswa Browser\ghokswa\chrome.exe (The Ghokswa Authors) C:\Program Files (x86)\ghokswa Browser\ghokswa\chrome.exe (The Ghokswa Authors) C:\Program Files (x86)\ghokswa Browser\ghokswa\chrome.exe (The Ghokswa Authors) C:\Program Files (x86)\ghokswa Browser\ghokswa\chrome.exe (The Ghokswa Authors) C:\Program Files (x86)\ghokswa Browser\ghokswa\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358936 2009-07-15] (Intel Corporation) HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3842048 2008-03-19] (Analog Devices, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] () HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company) HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2008-12-11] (Analog Devices, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-4009332864-2451881766-1519145934-1000\...\Run: [GG] => C:\Users\user\AppData\Local\GG\Application\gghub.exe [4078144 2015-06-17] (GG Network S.A.) HKU\S-1-5-21-4009332864-2451881766-1519145934-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-4009332864-2451881766-1519145934-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2014-09-08] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\..\Interfaces\{6AD7F52C-1F99-442A-A29A-A40C830C43C9}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B4A9A5CB-0248-4396-965E-FB41F3D4E2D8}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\S-1-5-21-4009332864-2451881766-1519145934-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-25] Chrome: ======= CHR dev: Chrome dev build wykryto! <======= UWAGA CHR HomePage: Profile 1 -> hxxp://www.delta-homes.com/?type=hp&ts=1437111755&z=0fdf8d2b6cbddc0e6182008g5z9cem3geg4g0mdqbg&from=wpm07173&uid=FUJITSUXMHZ2250BJXG2_K836T9525SL8 CHR StartupUrls: Profile 1 -> "hxxp://www.delta-homes.com/?type=hp&ts=1437111755&z=0fdf8d2b6cbddc0e6182008g5z9cem3geg4g0mdqbg&from=wpm07173&uid=FUJITSUXMHZ2250BJXG2_K836T9525SL8" CHR DefaultSearchURL: Profile 1 -> hxxp://search.delta-homes.com/web/?type=ds&ts=1437111755&z=0fdf8d2b6cbddc0e6182008g5z9cem3geg4g0mdqbg&from=wpm07173&uid=FUJITSUXMHZ2250BJXG2_K836T9525SL8&q={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> delta-homes CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Prezentacje Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-01] CHR Extension: (Dokumenty Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-01] CHR Extension: (Dysk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-01] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-01] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-01] CHR Extension: (MaskMe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2015-07-27] CHR Extension: (Arkusze Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-01] CHR Extension: (ShopAtHomecom extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igapgnpnmadafimalefljcfplikonjpp [2015-08-07] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-01] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [109056 2008-05-28] (Andrea Electronics Corporation) S2 browserServer_2015.08.20.11.46.56; C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [250592 2015-08-19] () S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) U0 nfwdyj; C:\Windows\System32\drivers\livy.sys [79064 2015-09-14] (Malwarebytes Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.) S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [55640 2006-09-18] (Realtek Semiconductor Corporation ) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-16 13:08 - 2015-09-16 13:09 - 00013551 _____ C:\Users\user\Downloads\FRST.txt 2015-09-16 13:07 - 2015-09-16 13:08 - 00000000 ____D C:\FRST 2015-09-16 13:07 - 2015-09-16 13:07 - 02191360 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2015-09-14 15:54 - 2015-09-14 16:02 - 00000000 ____D C:\ProgramData\HitmanPro 2015-09-14 15:54 - 2015-09-14 15:54 - 11352032 _____ (SurfRight B.V.) C:\Users\user\Downloads\HitmanPro_x64.exe 2015-09-14 15:50 - 2015-09-14 15:50 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\livy.sys 2015-09-14 15:49 - 2015-09-14 15:49 - 00001122 _____ C:\o.txt 2015-09-14 15:18 - 2015-09-14 15:18 - 01800104 _____ (Malwarebytes Corporation) C:\Users\user\Downloads\JRT.exe 2015-09-14 15:17 - 2015-09-14 15:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-14 15:17 - 2015-09-14 15:17 - 00000941 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-14 15:17 - 2015-09-14 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-14 15:17 - 2015-09-14 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-14 15:17 - 2015-09-14 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-09-14 15:17 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-14 15:17 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-14 15:17 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-14 15:15 - 2015-09-14 15:16 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057 (1).exe 2015-09-14 15:07 - 2015-09-14 15:07 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-11 15:08 - 2015-09-11 15:08 - 00450690 ____R C:\Windows\system32\Drivers\etc\hosts.20150911-150825.backup 2015-09-11 15:08 - 2015-09-11 15:07 - 00450690 ____R C:\Windows\system32\Drivers\etc\hosts.20150911-150805.backup 2015-09-11 15:07 - 2006-09-18 23:37 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.20150911-150745.backup 2015-09-11 14:59 - 2015-09-11 15:02 - 00000000 ____D C:\AdwCleaner 2015-09-11 14:58 - 2015-09-11 14:58 - 01660416 _____ C:\Users\user\Downloads\AdwCleaner.exe 2015-09-11 14:55 - 2015-09-14 15:28 - 00417214 _____ C:\Windows\PFRO.log 2015-09-11 14:38 - 2015-09-11 14:38 - 00000000 ____D C:\Program Files\Common Files\AV 2015-09-11 14:28 - 2015-09-16 07:53 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2015-09-11 14:28 - 2015-09-14 15:29 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2015-09-11 14:28 - 2015-09-11 15:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-09-11 14:28 - 2015-09-11 14:55 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job 2015-09-11 14:28 - 2015-09-11 14:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-09-11 14:28 - 2015-09-11 14:28 - 00003800 _____ C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy) 2015-09-11 14:28 - 2015-09-11 14:28 - 00003446 _____ C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy) 2015-09-11 14:28 - 2015-09-11 14:28 - 00003022 _____ C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy) 2015-09-11 14:28 - 2015-09-11 14:28 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-09-11 14:28 - 2015-09-11 14:28 - 00001218 _____ C:\Users\user\Spybot-S&D Start Center.lnk 2015-09-11 14:28 - 2015-09-11 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-09-11 14:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-09-11 14:26 - 2015-09-11 14:26 - 00000000 _____ C:\autoexec.bat 2015-09-11 14:17 - 2015-09-11 14:19 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe 2015-09-11 14:16 - 2015-09-11 14:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe 2015-09-11 14:11 - 2015-09-11 14:11 - 00003366 _____ C:\Windows\System32\Tasks\Odkurzacz 2015-09-11 14:11 - 2015-09-11 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Odkurzacz 2015-09-11 14:06 - 2015-09-14 15:50 - 00000000 ____D C:\Program Files (x86)\PragmaGeneration 2015-09-11 14:05 - 2015-09-11 14:05 - 00000000 _____ C:\Users\user\AppData\Local\Temp.dat 2015-09-11 14:01 - 2015-09-11 14:11 - 00000898 _____ C:\Users\user\Odkurzacz.lnk 2015-09-11 14:01 - 2015-09-11 14:11 - 00000000 ____D C:\Program Files (x86)\Odkurzacz 2015-09-09 03:05 - 2015-07-10 16:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-09 03:05 - 2015-07-10 16:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-09 03:04 - 2015-08-13 16:36 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-09-09 03:04 - 2015-08-13 16:36 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2015-09-09 03:03 - 2015-09-02 23:26 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-09 03:03 - 2015-09-02 23:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-09 03:03 - 2015-09-02 23:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-09 03:03 - 2015-09-02 23:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-09 03:00 - 2015-09-02 23:26 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-09 03:00 - 2015-09-02 23:25 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-09 03:00 - 2015-09-02 22:17 - 02797056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-09 03:00 - 2015-09-02 22:16 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-09 03:00 - 2015-09-02 21:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-09 03:00 - 2015-08-05 17:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-08 22:44 - 2015-08-17 19:56 - 17890304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-08 22:44 - 2015-08-17 19:53 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-08 22:44 - 2015-08-17 19:49 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-08 22:44 - 2015-08-17 19:48 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-08 22:44 - 2015-08-17 19:47 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-08 22:44 - 2015-08-17 19:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-08 22:44 - 2015-08-17 19:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-08 22:44 - 2015-08-17 19:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-08 22:44 - 2015-08-17 19:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-08 22:44 - 2015-08-17 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-09-08 22:44 - 2015-08-17 19:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-09-08 22:44 - 2015-08-17 19:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-09-08 22:44 - 2015-08-17 19:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-08 22:44 - 2015-08-17 19:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-08 22:44 - 2015-08-17 19:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-09-08 22:44 - 2015-08-17 19:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-08 22:44 - 2015-08-17 19:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-08 22:44 - 2015-08-17 19:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-08 22:44 - 2015-08-17 19:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-08 22:44 - 2015-08-17 19:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-09-08 22:44 - 2015-08-17 19:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-09-08 22:44 - 2015-08-17 19:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-09-08 22:44 - 2015-08-17 19:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-09-08 22:44 - 2015-08-17 19:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-09-07 13:14 - 2015-09-11 14:42 - 00000000 ____D C:\Users\user\Desktop\delegacje 2015-09-07 12:05 - 2015-09-07 13:13 - 00016384 _____ C:\Users\user\Desktop\DELEGACJE VIII 2015.xls 2015-08-28 08:49 - 2015-08-28 08:49 - 00000929 _____ C:\Users\user\Desktop\GG.lnk 2015-08-28 08:48 - 2015-08-28 08:48 - 00000937 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG.lnk 2015-08-28 08:39 - 2015-08-28 08:39 - 00400744 _____ C:\Users\user\Downloads\gg-install (2).exe 2015-08-28 08:37 - 2015-08-28 08:37 - 00400744 _____ C:\Users\user\Downloads\gg-install (1).exe 2015-08-20 11:47 - 2015-08-20 11:47 - 00015062 _____ C:\Windows\System32\Tasks\ghokswaBrowserUpdateUA 2015-08-20 11:47 - 2015-08-20 11:47 - 00004122 _____ C:\Windows\System32\Tasks\ghokswaBrowserUpdateCore 2015-08-20 11:47 - 2015-08-20 11:47 - 00000000 ____D C:\Users\user\AppData\Local\ghokswa 2015-08-20 11:46 - 2015-08-20 11:46 - 00000000 ____D C:\Users\Public\Documents\ghokswa 2015-08-20 11:46 - 2015-08-20 11:46 - 00000000 ____D C:\Program Files (x86)\ghokswa Browser ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-09-16 13:06 - 2006-11-02 17:20 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-16 13:06 - 2006-11-02 17:20 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-16 12:23 - 2015-01-27 10:36 - 00000121 _____ C:\Users\Public\LMDebug.log 2015-09-16 11:44 - 2014-03-05 18:00 - 01452409 _____ C:\Windows\WindowsUpdate.log 2015-09-16 10:04 - 2014-09-06 09:00 - 00000000 ____D C:\Users\user\Desktop\kierowcy 2015-09-15 15:02 - 2014-09-08 09:13 - 00000000 ____D C:\Users\user\AppData\Roaming\GG 2015-09-15 11:16 - 2015-02-09 10:48 - 00080384 _____ C:\Users\user\Desktop\UW Gorzów 2015.xls 2015-09-15 11:02 - 2014-09-10 08:25 - 00000028 _____ C:\Users\user\Documents\Asystent7-2.dat 2015-09-15 10:48 - 2014-09-08 13:00 - 00000000 ____D C:\Users\user\Documents\Scan 2015-09-14 15:50 - 2015-05-21 07:01 - 00000000 ____D C:\Program Files (x86)\QR Code Maker and Decoder 2015-09-14 15:50 - 2015-03-17 07:45 - 00000000 ____D C:\Program Files (x86)\ezLinkPreview 2015-09-14 15:50 - 2015-02-11 00:18 - 00000000 ____D C:\Program Files (x86)\Facebook Messenger Platinum 2015-09-14 15:50 - 2015-01-16 07:48 - 00000000 ____D C:\Users\user\AppData\Local\Temp{78A7637D-8D05-4178-8F91-C8A4469CBC8D} 2015-09-14 15:50 - 2015-01-16 07:48 - 00000000 ____D C:\Program Files (x86)\Elex-tech 2015-09-14 15:50 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\PLA 2015-09-14 15:35 - 2009-04-13 16:14 - 01613794 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-14 15:35 - 2009-04-13 16:13 - 00714160 _____ C:\Windows\system32\perfh015.dat 2015-09-14 15:35 - 2009-04-13 16:13 - 00151000 _____ C:\Windows\system32\perfc015.dat 2015-09-14 15:28 - 2006-11-02 17:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-14 15:24 - 2014-03-05 18:01 - 00000012 _____ C:\Windows\bthservsdp.dat 2015-09-14 15:24 - 2006-11-02 17:38 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-09-11 15:02 - 2015-01-16 07:48 - 00000000 ____D C:\Windows\system32\log 2015-09-11 15:02 - 2014-03-05 18:08 - 00000917 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-09-11 15:02 - 2014-03-05 18:07 - 00000917 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-09-11 14:11 - 2014-09-06 09:00 - 00000000 ____D C:\Users\user\Desktop\bonus 2015-09-11 14:09 - 2014-09-06 09:00 - 00000000 ____D C:\Users\user\Desktop\gosia 2015-09-09 03:40 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache 2015-09-09 03:24 - 2006-11-02 17:20 - 00373616 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-09 03:22 - 2006-11-02 17:05 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-09 03:22 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-07 08:46 - 2015-01-22 15:54 - 00000000 ____D C:\Users\user\Desktop\paliwa 2015-08-28 08:48 - 2014-09-08 09:13 - 00000000 ____D C:\Users\user\AppData\Local\GG 2015-08-20 11:46 - 2014-09-06 11:20 - 00001833 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-03-06 18:55 - 2014-03-06 18:55 - 0000000 _____ () C:\Users\user\AppData\Local\AtStart.txt 2014-09-18 06:40 - 2014-09-18 06:40 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat 2014-03-05 18:07 - 2014-03-06 19:22 - 0000732 _____ () C:\Users\user\AppData\Local\d3d9caps64.dat 2015-01-23 13:27 - 2015-01-23 13:27 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-08 10:18 - 2014-09-08 10:19 - 0453166 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI4670.txt 2014-09-08 10:19 - 2014-09-08 10:20 - 0458186 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI4710.txt 2014-09-08 10:18 - 2014-09-08 10:19 - 0023662 _____ () C:\Users\user\AppData\Local\dd_vcredistUI4670.txt 2014-09-08 10:19 - 2014-09-08 10:20 - 0023742 _____ () C:\Users\user\AppData\Local\dd_vcredistUI4710.txt 2014-03-06 18:55 - 2014-03-06 18:55 - 0000000 _____ () C:\Users\user\AppData\Local\DSwitch.txt 2014-03-06 18:55 - 2014-03-06 18:55 - 0000000 _____ () C:\Users\user\AppData\Local\QSwitch.txt 2015-09-11 14:05 - 2015-09-11 14:05 - 0000000 _____ () C:\Users\user\AppData\Local\Temp.dat 2014-03-06 19:28 - 2015-09-14 15:28 - 0000180 _____ () C:\ProgramData\HPWALog.txt Niektóre pliki w TEMP: ==================== C:\Users\user\AppData\Local\Temp\odk_setup.exe C:\Users\user\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-09-14 15:35 ==================== Koniec FRST.txt ============================