Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:23-11-2015 Uruchomiony przez MG (administrator) X (24-11-2015 18:07:30) Uruchomiony z C:\Users\MG\Downloads Załadowane profile: MG (Dostępne profile: MG) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe (Datpol) C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelterSrv.exe (AMD) C:\Windows\System32\atiesrxx.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Datpol) C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe (cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe (cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe (Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe () C:\Program Files\Kingo ROOT\tools\adb.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-10-14] (Realtek Semiconductor) HKLM\...\Run: [SonicMasterTray] => C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [6196888 2015-11-23] (Emsisoft Ltd) HKLM\...\Run: [SpyShelter] => C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe [3168008 2015-11-14] (Datpol) HKLM\...\Run: [cFosSpeed] => C:\Program Files\cFosSpeed\cFosSpeed.exe [1602472 2015-09-09] (cFos Software GmbH) HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc.) HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [StartMenuLogoff] 1 HKLM\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [634504 2015-10-22] (Sandboxie Holdings, LLC) HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-11-23] (Glarysoft Ltd) HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: F - F:\autorun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {747cdb73-8d39-11e5-a171-f46d04aa0bb2} - F:\autorun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {747cdb7f-8d39-11e5-a171-f46d04aa0bb2} - F:\autorun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {9f51611c-8aaa-11e5-aec9-f46d04aa0bb2} - F:\autorun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {a3e6866f-8b81-11e5-a713-f46d04aa0bb2} - F:\autorun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {a3e68687-8b81-11e5-a713-f46d04aa0bb2} - H:\autorun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {a3e686ad-8b81-11e5-a713-f46d04aa0bb2} - F:\autorun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {b3921618-8a01-11e5-80b2-f46d04aa0bb2} - F:\autorun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {dc8d58dd-a80f-11e4-be98-f46d04aa0bb2} - F:\AutoRun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {dc8d58e2-a80f-11e4-be98-f46d04aa0bb2} - F:\AutoRun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\...\MountPoints2: {ee264c37-892a-11e4-8b8e-f46d04aa0bb2} - G:\autorun.exe HKU\S-1-5-21-2226444264-1822766488-2759232319-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-12-22] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk [2015-01-07] ShortcutTarget: Windows Firewall Control.lnk -> C:\Program Files\Windows Firewall Control\wfc.exe (BiniSoft.org) BootExecute: autocheck autochk * ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 Tcpip\..\Interfaces\{95F532BC-79F1-46EF-AF29-A17FFAA293B7}: [DhcpNameServer] 208.67.222.222 208.67.220.220 Tcpip\..\Interfaces\{9CD5D196-A95E-418A-94C2-27F5B186B9A9}: [NameServer] 0.0.0.0 0.0.0.0 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default FF Homepage: about:blank FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\user.js [2014-12-21] FF Extension: Movable Firefox Button - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\extensions\movableAppButton@Merci.chao.xpi [2015-05-31] FF Extension: SmoothWheel (mozdev.org) - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2015-05-31] FF Extension: MinimizeToTray revived (MinTrayR) - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\extensions\mintrayr@tn123.ath.cx [2015-05-31] FF Extension: Flashblock - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-31] FF Extension: DownThemAll! - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-31] FF Extension: AniWeather - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2015-05-31] FF Extension: Greasemonkey - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-23] FF Extension: Brak nazwy - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\Extensions\firefox@ghostery.com.xpi [2015-11-05] [Brak podpisu cyfrowego] FF Extension: Self-Destructing Cookies - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-11-23] FF Extension: Brak nazwy - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\Extensions\trafficlight@bitdefender.com.xpi [2015-05-31] [Brak podpisu cyfrowego] FF Extension: uBlock - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-11-01] FF Extension: Configuration Mania - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\6vxpse13.default\Extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}.xpi [2015-11-05] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [7101240 2015-11-23] (Emsisoft Ltd) S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-01-04] (Adobe Systems) [Brak podpisu cyfrowego] R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-03] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [618920 2015-09-09] (cFos Software GmbH) S3 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [117552 2015-05-20] () R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-11-12] (SurfRight B.V.) R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-26] (SurfRight B.V.) S4 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [154928 2015-05-20] () R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S4 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655744 2012-09-22] () R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [137352 2015-10-22] (Sandboxie Holdings, LLC) R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [802448 2013-10-30] (Seagate) S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Brak podpisu cyfrowego] R2 SpyShelterSrv; C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelterSrv.exe [49320 2015-11-14] (Datpol) S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 _wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [97792 2015-01-07] (BiniSoft.org) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [14720 2011-10-14] (ASUSTek Computer Inc.) S3 awUSB; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2015-11-24] (Scott) R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1426856 2015-09-09] (cFos Software GmbH) S3 diagswitchdrv; C:\Windows\System32\DRIVERS\diagswitchdrv.sys [102912 2012-12-05] (Huawei Technologies Co., Ltd.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [15968 2014-11-18] () R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [102128 2015-11-12] (Emsisoft Ltd) S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10208 2014-11-18] () S4 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-05-17] (Sony Mobile Communications) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2015-11-23] (Glarysoft Ltd) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [75640 2014-12-21] () S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [195200 2015-05-07] (Huawei Technologies Co., Ltd.) S3 HWHandSetProLine; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [195200 2015-05-07] (Huawei Technologies Co., Ltd.) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [166024 2015-10-22] (Sandboxie Holdings, LLC) R1 Spyshelter; C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys [393992 2015-11-14] (SpyShelter) R1 SpyshelterKb; C:\Program Files\SpyShelter Free Anti-keylogger\SpyshelterKb.sys [139016 2015-11-07] (SpyShelter) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [888640 2014-12-24] (Acronis International GmbH) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-12-24] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [130488 2014-12-24] (Acronis) R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-12-24] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-12-24] (Acronis International GmbH) S3 amdiox86; system32\DRIVERS\amdiox86.sys [X] S2 APXACC; system32\DRIVERS\appexDrv.sys [X] U3 DfSdkS; Brak ImagePath S3 dgderdrv; System32\drivers\dgderdrv.sys [X] U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.) U3 pxldipow; \??\C:\Users\MG\AppData\Local\Temp\pxldipow.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-11-24 18:07 - 2015-11-24 18:08 - 00015019 _____ C:\Users\MG\Downloads\FRST.txt 2015-11-24 18:06 - 2015-11-24 18:07 - 00000000 ____D C:\FRST 2015-11-24 18:01 - 2015-11-24 18:01 - 02384712 _____ C:\Users\MG\Documents\Gmer.txt 2015-11-24 15:39 - 2015-11-24 15:39 - 00380416 _____ C:\Users\MG\Downloads\eh77uc4e.exe 2015-11-24 15:38 - 2015-11-24 15:38 - 01718784 _____ (Farbar) C:\Users\MG\Downloads\FRST.exe 2015-11-24 10:43 - 2015-11-24 10:44 - 00013824 _____ (Scott) C:\Windows\system32\Drivers\USBDrv.sys 2015-11-17 17:31 - 2015-11-17 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HuaweiUpdateExtractor 2015-11-17 17:07 - 2015-11-17 17:09 - 00000000 ___RD C:\Users\MG\Documents\MEGAsync 2015-11-17 17:01 - 2015-11-17 17:01 - 00000000 ____D C:\Users\MG\AppData\Local\Mega Limited 2015-11-17 17:01 - 2015-11-17 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync 2015-11-17 17:00 - 2015-11-17 17:01 - 00000000 ____D C:\ProgramData\MEGAsync 2015-11-17 16:58 - 2015-11-17 16:58 - 09989712 _____ (MEGA Limited) C:\Users\MG\Downloads\MEGAsyncSetup.exe 2015-11-15 19:31 - 2015-11-15 19:33 - 00000000 ____D C:\Users\MG\Documents\Tapety 2015-11-15 17:31 - 2015-11-15 17:31 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2015-11-15 17:30 - 2015-11-15 17:30 - 00000000 ____D C:\Users\MG\Documents\samsung 2015-11-15 13:51 - 2015-11-15 13:51 - 00000000 _____ C:\dll.log 2015-11-15 11:13 - 2015-11-15 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter 2015-11-14 12:59 - 2015-11-14 13:00 - 00000000 ____D C:\Program Files\Kingo ROOT 2015-11-14 12:59 - 2015-11-14 12:59 - 00000000 ____D C:\Users\MG\AppData\Local\Kingosoft 2015-11-14 12:59 - 2015-11-14 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT 2015-11-14 12:58 - 2015-11-14 12:58 - 19523944 _____ (Kingosoft Technology Ltd. ) C:\Users\MG\Downloads\android_root.exe 2015-11-14 12:44 - 2015-11-14 12:44 - 00000000 ____D C:\Program Files\ClockworkMod 2015-11-14 12:42 - 2015-11-14 12:42 - 00000000 ____D C:\Users\MG\AppData\Local\CrashDumps 2015-11-14 11:36 - 2015-11-14 11:36 - 00767523 _____ (Sam Rodberg ) C:\Users\MG\Downloads\minimal_adb_fastboot_v1.3.1_setup.exe 2015-11-14 11:07 - 2015-11-14 11:07 - 00000000 _____ C:\Users\MG\Documents\Your unlocking password is:2151022062312421.txt 2015-11-13 16:38 - 2015-11-14 12:37 - 00000000 ____D C:\Users\MG\Documents\HiSuite 2015-11-12 09:49 - 2015-11-03 18:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-11 08:31 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-11 08:31 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-11 08:31 - 2015-10-29 18:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-11 08:31 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-11 08:31 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-11-11 08:31 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-11 08:31 - 2015-10-20 01:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-11 08:31 - 2015-10-20 01:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-11 08:31 - 2015-10-20 01:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-11 08:31 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-11 08:31 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-11 08:31 - 2015-10-20 01:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-11 08:31 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-11 08:31 - 2015-10-20 01:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-11 08:31 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-11 08:31 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-11 08:31 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-11 08:31 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-11 08:31 - 2015-10-20 00:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-11 08:31 - 2015-10-20 00:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-11 08:31 - 2015-10-20 00:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-11 08:31 - 2015-10-13 17:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-11 08:31 - 2015-10-13 17:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-11 08:30 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-11 08:30 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-11 08:30 - 2015-10-30 23:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-11 08:30 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-11 08:30 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-11 08:30 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-11 08:30 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-11 08:30 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-11 08:30 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-11 08:30 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-11 08:30 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-11 08:30 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-11 08:30 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-11 08:30 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-11 08:30 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-11 08:30 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-11 08:30 - 2015-10-30 23:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-11 08:30 - 2015-10-30 23:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-11 08:30 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-11 08:30 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-11 08:30 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-11 08:30 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-11 08:30 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-11 08:30 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-11 08:30 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-11 08:30 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-11 08:30 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-11 08:30 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-11 08:30 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-11 08:30 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-11 08:30 - 2015-10-30 23:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-11 08:30 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-11 08:30 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-11 08:30 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-11 08:30 - 2015-10-13 05:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-11 08:30 - 2015-09-23 14:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-11 08:30 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-11 08:29 - 2015-10-20 18:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-11 08:29 - 2015-10-20 18:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-11 08:29 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-11 08:29 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-11 08:29 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-11 08:29 - 2015-10-20 18:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-11 08:29 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-11 08:29 - 2015-10-20 18:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-11 08:29 - 2015-10-20 18:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-11 08:29 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-11 08:29 - 2015-10-20 18:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-11 08:29 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-09 17:39 - 2015-11-09 17:39 - 00000000 ____D C:\Users\MG\AppData\Local\CEF 2015-11-08 07:42 - 2015-11-24 11:53 - 00027212 _____ C:\Windows\setupact.log 2015-11-08 07:42 - 2015-11-08 07:42 - 00000000 ____D C:\Users\MG\AppData\Roaming\ATI 2015-11-08 07:42 - 2015-11-08 07:42 - 00000000 _____ C:\Windows\setuperr.log 2015-11-08 07:41 - 2015-11-15 11:14 - 00000990 _____ C:\Windows\PFRO.log 2015-11-05 10:51 - 2015-11-05 10:51 - 04399176 _____ (UltimateOutsider) C:\Users\MG\Downloads\GWX_control_panel.exe 2015-11-04 15:20 - 2015-11-04 16:26 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-11-03 19:01 - 2015-11-03 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2015-10-25 13:09 - 2015-10-25 13:09 - 00022952 _____ C:\Users\MG\Downloads\config.bin ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-11-24 18:08 - 2015-07-09 10:45 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2015-11-24 17:41 - 2015-07-20 13:48 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-24 11:54 - 2014-12-20 19:58 - 01705002 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-24 11:54 - 2009-07-14 09:07 - 00756488 _____ C:\Windows\system32\perfh015.dat 2015-11-24 11:54 - 2009-07-14 09:07 - 00161710 _____ C:\Windows\system32\perfc015.dat 2015-11-24 11:29 - 2015-01-07 11:04 - 01874598 _____ C:\Windows\WindowsUpdate.log 2015-11-24 10:52 - 2009-07-14 05:34 - 00023520 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-24 10:52 - 2009-07-14 05:34 - 00023520 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-24 10:17 - 2015-05-17 12:58 - 00000000 ____D C:\Users\MG\Downloads\Android 2015-11-24 10:02 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-23 22:52 - 2014-12-21 19:57 - 00000000 ____D C:\Windows\CryptoGuard 2015-11-23 13:17 - 2015-01-06 10:19 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2015-11-23 13:17 - 2015-01-06 10:18 - 00017472 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2015-11-23 13:17 - 2015-01-06 10:16 - 00000000 ____D C:\Program Files\Glary Utilities 5 2015-11-19 14:34 - 2015-01-07 10:40 - 00003582 _____ C:\Windows\Sandboxie.ini 2015-11-17 17:31 - 2015-05-21 09:43 - 00000000 ____D C:\Program Files\HuaweiUpdateExtractor 2015-11-17 17:31 - 2014-12-20 20:58 - 00000000 ____D C:\Users\MG\AppData\Local\Downloaded Installations 2015-11-15 14:03 - 2015-05-24 14:51 - 00000000 ____D C:\Users\MG\Documents\Kopia Huawei 2015-11-15 11:14 - 2015-09-14 09:13 - 00000000 ____D C:\Program Files\SpyShelter Free Anti-keylogger 2015-11-14 13:00 - 2015-05-17 08:59 - 00000000 ____D C:\Users\MG\.android 2015-11-13 08:52 - 2009-07-14 05:33 - 00336912 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-12 14:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2015-11-12 09:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-11-12 09:01 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\pl-PL 2015-11-11 18:52 - 2014-12-20 21:21 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-11-11 18:51 - 2014-12-20 20:40 - 00000000 ____D C:\Windows\system32\MRT 2015-11-11 18:42 - 2014-12-20 20:40 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-11 08:25 - 2015-01-01 12:05 - 00000000 ____D C:\Program Files\Steam 2015-11-10 19:41 - 2014-12-21 20:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-11-10 19:41 - 2014-12-21 20:48 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-11-09 18:07 - 2015-06-23 11:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-09 17:39 - 2014-12-21 22:22 - 00000000 ____D C:\Users\MG\AppData\Roaming\Adobe 2015-11-09 10:20 - 2014-12-21 20:34 - 00000000 ____D C:\Users\MG\AppData\Roaming\Mozilla 2015-11-07 20:22 - 2015-09-19 19:07 - 00000000 ____D C:\Users\MG\AppData\Roaming\Everything 2015-11-07 14:36 - 2015-09-21 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive 2015-11-07 14:36 - 2015-08-23 11:23 - 00000000 ____D C:\Users\MG\Documents\Mount&Blade Warband 2015-11-07 14:36 - 2015-05-17 09:39 - 00000000 ____D C:\ProgramData\Samsung 2015-11-07 14:36 - 2015-01-04 11:28 - 00000000 ____D C:\Users\MG\AppData\Local\Adobe 2015-11-07 14:36 - 2015-01-02 15:49 - 00000000 ____D C:\Users\MG\Documents\Empire Earth II 2015-11-07 14:36 - 2014-12-24 17:06 - 00000000 ____D C:\ProgramData\Seagate 2015-11-07 14:36 - 2014-12-21 17:51 - 00000000 ____D C:\Users\MG\AppData\Local\Zemana 2015-11-07 14:36 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default 2015-11-05 10:47 - 2014-12-21 20:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-10-25 12:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-02-16 18:19 - 2015-02-16 20:25 - 0008273 _____ () C:\Users\MG\AppData\Local\unins000.dat 2015-02-16 20:24 - 2015-02-16 20:24 - 0707744 _____ () C:\Users\MG\AppData\Local\unins000.exe 2015-02-16 18:19 - 2015-02-16 20:25 - 0011761 _____ () C:\Users\MG\AppData\Local\unins000.msg Niektóre pliki w TEMP: ==================== C:\Users\MG\AppData\Local\Temp\gusetup0.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-11-20 15:27 ==================== Koniec FRST.txt ============================