Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:17-10-2015 Uruchomiony przez Admin (administrator) ADMIN-HP (21-10-2015 17:36:36) Uruchomiony z C:\Users\Admin\Desktop Załadowane profile: Admin (Dostępne profile: Admin) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (ABBYY.) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-08] (IDT, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4124360 2014-09-24] (ESET) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation) HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS) HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [934152 2011-11-07] (ABBYY.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-4026836190-3788267660-437267313-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-4026836190-3788267660-437267313-1000\...\MountPoints2: {0162e944-fca4-11e1-bfa6-ec9a743dcb7f} - "G:\WD SmartWare.exe" autoplay=true ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-29] (EasyBits Software Corp.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{9C1B4C93-C3C0-4FE9-8CED-6C3409B59833}: [DhcpNameServer] 212.191.64.10 212.191.64.3 192.168.1.1 Tcpip\..\Interfaces\{DC264398-29C0-48A8-BBF6-E660021F0209}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {3A4C0C16-6307-4C5F-9682-4B022A4C6580} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {3A4C0C16-6307-4C5F-9682-4B022A4C6580} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-05] (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-05] (HP) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-09-12] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-21] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] () FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2015-10-18] [Brak cyfrowego] Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-21] CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-21] CHR Extension: (Dysk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21] CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-21] CHR Extension: (Arkusze Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-21] CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-21] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-21] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-21] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-09-22] (ABBYY) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [41672 2014-09-24] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1029704 2014-09-24] (ESET) S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190152 2014-09-24] (ESET) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [Brak podpisu cyfrowego] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-19] (Realsil Microelectronics Inc.) [Brak podpisu cyfrowego] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219696 2014-08-19] (ESET) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [155896 2014-08-19] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [147096 2014-09-10] (ESET) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-07-16] (Duplex Secure Ltd.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-10-21 17:36 - 2015-10-21 17:36 - 00016794 _____ C:\Users\Admin\Desktop\FRST.txt 2015-10-21 17:35 - 2015-10-21 17:35 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d10c16fbd97fe 2015-10-21 17:35 - 2015-10-21 17:35 - 00003790 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-10-21 17:35 - 2015-10-21 17:35 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-21 17:35 - 2015-10-21 17:35 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d10c16fbd97fe.job 2015-10-21 17:35 - 2015-10-21 17:35 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-21 17:35 - 2015-10-21 17:35 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-21 17:35 - 2015-10-21 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-10-18 14:38 - 2015-10-18 13:18 - 02196992 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2015-10-18 14:22 - 2015-10-18 14:22 - 628398780 _____ C:\Windows\MEMORY.DMP 2015-10-18 14:22 - 2015-10-18 14:22 - 00262144 _____ C:\Windows\Minidump\101815-32448-01.dmp 2015-10-18 14:22 - 2015-10-18 14:22 - 00000000 ____D C:\Windows\Minidump 2015-10-18 13:23 - 2015-10-18 13:53 - 00380416 _____ C:\Users\Admin\Downloads\fpglm0py.exe 2015-10-18 13:23 - 2015-10-18 13:23 - 00380416 _____ C:\Users\Admin\Downloads\r95cye7w.exe 2015-10-18 13:21 - 2015-10-18 13:21 - 00050605 _____ C:\Users\Admin\Downloads\Shortcut.txt 2015-10-18 13:20 - 2015-10-18 13:21 - 00027638 _____ C:\Users\Admin\Downloads\Addition.txt 2015-10-18 13:19 - 2015-10-18 13:21 - 00031757 _____ C:\Users\Admin\Downloads\FRST.txt 2015-10-18 13:18 - 2015-10-21 17:36 - 00000000 ____D C:\FRST 2015-10-18 13:18 - 2015-10-18 13:18 - 02196992 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2015-10-18 12:57 - 2015-10-18 12:57 - 00000080 _____ C:\Users\Admin\Desktop\W. Heltman, J. N. Janowski, Demokarcja polska na emigracji - skrót.lnk 2015-10-18 12:48 - 2015-10-18 12:48 - 00000000 ____D C:\Users\Admin\AppData\Local\ESET 2015-10-18 12:36 - 2015-10-18 12:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-18 12:35 - 2015-10-18 12:58 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-18 12:35 - 2015-10-18 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-18 12:35 - 2015-10-18 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-10-18 12:35 - 2015-10-18 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-18 12:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-18 12:35 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-18 12:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-18 12:17 - 2015-10-18 12:17 - 00005914 _____ C:\EamClean.log 2015-10-18 12:16 - 2015-10-18 12:16 - 00000000 ____D C:\ProgramData\Emsisoft 2015-10-18 11:55 - 2015-10-18 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-10-18 11:55 - 2015-10-18 11:55 - 00000000 ____D C:\ProgramData\ESET 2015-10-18 11:55 - 2015-10-18 11:55 - 00000000 ____D C:\Program Files\ESET 2015-10-17 19:15 - 2015-10-17 19:15 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Oracle 2015-10-17 19:06 - 2015-10-18 11:27 - 00000000 ____D C:\AdwCleaner 2015-10-10 21:46 - 2015-10-10 21:47 - 00000000 ____D C:\Users\Admin\Desktop\opinia publiczna 2015-10-10 21:43 - 2015-10-10 21:47 - 00000000 ____D C:\Users\Admin\Desktop\negockjacje i mediacje 2015-09-25 06:55 - 2015-09-25 09:23 - 00000000 ____D C:\Users\Admin\Documents\logopedia 2015-09-24 18:09 - 2015-09-24 18:52 - 00000000 ____D C:\Users\Admin\Desktop\LOGOPEDIA ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-10-21 17:35 - 2013-10-26 11:04 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-10-21 17:35 - 2013-10-26 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\Google 2015-10-21 17:35 - 2013-10-26 11:04 - 00000000 ____D C:\Program Files (x86)\Google 2015-10-21 17:35 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-21 17:35 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-21 17:34 - 2013-10-26 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment 2015-10-21 17:30 - 2012-09-12 08:37 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\AuthenTec 2015-10-21 17:24 - 2012-09-12 09:58 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-21 02:36 - 2011-09-23 01:38 - 01902840 _____ C:\Windows\WindowsUpdate.log 2015-10-20 19:03 - 2012-09-12 09:06 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{45A67C28-7AF9-4ACB-A03B-15D48E911332} 2015-10-19 21:44 - 2014-04-10 11:09 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAdmin 2015-10-19 21:44 - 2014-04-10 11:09 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForAdmin.job 2015-10-19 21:32 - 2015-02-14 15:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype 2015-10-19 21:24 - 2014-10-06 08:36 - 00000000 ____D C:\Program Files\Google 2015-10-19 21:24 - 2010-11-21 05:47 - 01362204 _____ C:\Windows\PFRO.log 2015-10-19 21:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-19 21:24 - 2009-07-14 06:51 - 00087805 _____ C:\Windows\setupact.log 2015-10-19 19:00 - 2013-01-04 16:50 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps 2015-10-18 14:44 - 2012-09-12 09:06 - 00001421 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-10-18 14:40 - 2015-07-18 15:34 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-10-18 14:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\GroupPolicy 2015-10-18 14:36 - 2011-07-29 22:50 - 00000000 ____D C:\ProgramData\Adobe 2015-10-18 12:58 - 2015-02-14 15:45 - 00002693 _____ C:\Users\Public\Desktop\Skype.lnk 2015-10-18 12:58 - 2012-09-12 12:18 - 00002905 _____ C:\Users\Public\Desktop\ABBYY FineReader 11.lnk 2015-10-18 12:58 - 2011-09-23 01:32 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-10-18 12:58 - 2011-09-23 01:32 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-10-18 12:58 - 2011-07-29 22:48 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-10-18 12:58 - 2011-07-29 22:48 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2015-10-18 12:58 - 2011-07-29 22:48 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2015-10-18 12:58 - 2011-07-29 22:47 - 00002474 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-10-18 12:58 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-10-18 12:58 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2015-10-18 12:58 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2015-10-18 12:58 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2015-10-18 12:58 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2015-10-18 12:57 - 2014-06-19 15:05 - 00002217 _____ C:\Users\Admin\Desktop\HP Support Assistant.lnk 2015-10-18 12:57 - 2012-09-12 12:19 - 00003003 _____ C:\Users\Admin\Desktop\Microsoft Excel 2010.lnk 2015-10-18 12:57 - 2012-09-12 12:19 - 00002983 _____ C:\Users\Admin\Desktop\Microsoft PowerPoint 2010.lnk 2015-10-18 12:57 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2015-10-18 12:57 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-10-18 12:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Globalization 2015-10-18 11:56 - 2011-07-30 08:10 - 00740688 _____ C:\Windows\system32\perfh015.dat 2015-10-18 11:56 - 2011-07-30 08:10 - 00156230 _____ C:\Windows\system32\perfc015.dat 2015-10-18 11:56 - 2009-07-14 07:13 - 01670590 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-18 11:24 - 2012-09-12 09:58 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-18 11:24 - 2012-09-12 09:58 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-18 11:24 - 2011-07-29 22:39 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-18 11:22 - 2012-09-12 09:27 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-10-17 18:58 - 2015-04-10 20:01 - 00000000 ___SD C:\Windows\system32\GWX 2015-10-17 18:55 - 2015-02-14 15:45 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-10-11 19:29 - 2015-04-10 20:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-10-11 15:44 - 2012-11-16 20:38 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-09-25 08:24 - 2013-01-18 09:45 - 00000000 ____D C:\Users\Admin\Documents\Ortografia - wykład 2015-09-24 22:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-09-24 22:10 - 2012-12-01 18:13 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForADMIN-HP$ 2015-09-24 22:10 - 2012-12-01 18:13 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForADMIN-HP$.job 2015-09-24 19:45 - 2009-07-14 06:45 - 00338912 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-24 19:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-24 18:37 - 2013-12-16 13:10 - 00000000 ____D C:\Windows\system32\MRT ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-10-21 00:28 ==================== Koniec FRST.txt ============================