Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:20-12-2015 Uruchomiony przez Marcin (administrator) PC (23-12-2015 08:23:45) Uruchomiony z C:\Users\Marcin\Downloads Załadowane profile: Marcin (Dostępne profile: Marcin) Platform: Windows 8.1 Pro (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Spotify Ltd) C:\Users\Marcin\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Flux Software LLC) C:\Users\Marcin\AppData\Local\FluxSoftware\Flux\flux.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13763800 2014-10-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKU\S-1-5-21-2234715902-4135885355-1448298309-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation) HKU\S-1-5-21-2234715902-4135885355-1448298309-1001\...\Run: [Spotify Web Helper] => C:\Users\Marcin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-11-09] (Spotify Ltd) HKU\S-1-5-21-2234715902-4135885355-1448298309-1001\...\Run: [f.lux] => C:\Users\Marcin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-12] (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{16112556-DEDE-401A-9857-0D9B3CE06CDA}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E860E49B-D30A-4FA0-B696-9DE73804937D}: [DhcpNameServer] 10.1.1.30 10.1.1.32 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-12] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-12] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-12-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-12] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-26] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-10-26] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\txwqqmzj.default FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-26] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-10-26] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Extension: Firebug - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i1e12p.dev-edition-default\Extensions\firebug@software.joehewitt.com.xpi [2015-11-19] FF Extension: Html Validator - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i1e12p.dev-edition-default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2015-12-23] FF Extension: Adblock Plus - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\j5i1e12p.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-18] StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe Chrome: ======= CHR Profile: C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-24] CHR Extension: (Dokumenty Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24] CHR Extension: (Dysk Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24] CHR Extension: (Adblock Plus) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25] CHR Extension: (Google Search) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Arkusze Google) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-24] CHR Extension: (Dokumenty Google offline) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19] CHR Extension: (AdBlock) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24] CHR Extension: (Gmail) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation) R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-24] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-21] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-22] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-23] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-21] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3787544 2015-06-30] (Intel Corporation) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-07-10] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-23 08:23 - 2015-12-23 08:24 - 00014474 _____ C:\Users\Marcin\Downloads\FRST.txt 2015-12-23 08:20 - 2015-12-23 08:23 - 00000000 ____D C:\FRST 2015-12-23 08:18 - 2015-12-23 08:18 - 02370560 _____ (Farbar) C:\Users\Marcin\Downloads\FRST64.exe 2015-12-23 07:59 - 2015-12-23 08:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-23 07:58 - 2015-12-23 07:58 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-12-23 07:58 - 2015-12-23 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-12-23 07:58 - 2015-12-23 07:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-23 07:58 - 2015-12-23 07:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-12-23 07:58 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-23 07:58 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-23 07:58 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-23 07:48 - 2015-12-23 07:56 - 22908888 _____ (Malwarebytes ) C:\Users\Marcin\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-23 07:38 - 2015-12-23 07:41 - 06805328 _____ (Piriform Ltd) C:\Users\Marcin\Downloads\ccsetup513.exe 2015-12-22 19:02 - 2015-12-22 19:02 - 00621273 _____ C:\Users\Marcin\Downloads\Projekt PPJ - dane.7z 2015-12-18 06:41 - 2015-12-18 18:02 - 00000000 ____D C:\Program Files (x86)\Firefox Developer Edition 2015-12-18 06:34 - 2015-12-18 06:34 - 00228864 _____ (Microsoft Corporation) C:\Users\Marcin\Downloads\PJ-64.exe 2015-12-14 20:44 - 2015-12-14 20:44 - 00001067 _____ C:\Users\Marcin\Downloads\w09 - src.7z 2015-12-14 20:43 - 2015-12-14 20:43 - 00000651 _____ C:\Users\Marcin\Downloads\w07.7z 2015-12-14 20:43 - 2015-12-14 20:43 - 00000523 _____ C:\Users\Marcin\Downloads\w06 - src.7z 2015-12-12 13:17 - 2015-12-12 13:17 - 00000475 _____ C:\Users\Marcin\Downloads\Fabryka.java 2015-12-09 14:31 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 14:31 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 14:31 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 14:31 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 14:31 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2015-12-09 14:31 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 14:31 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 14:31 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-12-09 14:30 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 14:30 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 14:30 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 14:30 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-12-09 14:30 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 14:30 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 14:30 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 14:30 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 14:30 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 14:30 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 14:30 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 14:30 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 14:30 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-12-09 14:30 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 14:30 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 14:30 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 14:30 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 14:30 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-12-09 14:30 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 14:30 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 14:30 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 14:30 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 14:30 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 14:30 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 14:30 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 14:30 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 14:30 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 14:30 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-12-09 14:30 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-12-09 14:30 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 14:30 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 14:30 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 14:30 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 14:30 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 14:30 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 14:30 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-12-09 14:30 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 14:30 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 14:30 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 14:29 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 14:28 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-12-09 14:28 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-12-09 14:28 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-12-09 14:28 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-12-09 14:28 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-12-09 14:28 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-12-09 14:28 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-12-09 14:28 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-12-09 14:28 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-12-09 14:28 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 14:28 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 14:28 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 14:28 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 14:27 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 14:27 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 14:27 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 14:27 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 14:27 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 14:27 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-12-09 14:27 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 14:27 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 14:27 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 14:27 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 14:27 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 14:27 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 14:27 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 14:27 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-12-09 14:27 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-12-05 19:57 - 2015-12-05 19:57 - 00000684 _____ C:\Users\Marcin\Downloads\Pulpit — skrót.lnk 2015-12-05 19:56 - 2015-12-05 19:56 - 00000226 _____ C:\Users\Marcin\Downloads\Element (1).java 2015-12-05 16:33 - 2015-12-05 16:33 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\workspace3 2015-12-02 20:58 - 2015-12-02 20:58 - 00000000 ____D C:\ProgramData\Synaptics 2015-12-02 14:01 - 2015-12-02 14:01 - 00001165 _____ C:\Users\Marcin\Downloads\MyList.java 2015-12-02 14:01 - 2015-12-02 14:01 - 00000226 _____ C:\Users\Marcin\Downloads\Element.java 2015-12-02 14:00 - 2015-12-02 14:00 - 00000542 _____ C:\Users\Marcin\Downloads\Main.java 2015-11-28 18:45 - 2015-11-28 18:45 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux 2015-11-28 18:45 - 2015-11-28 18:45 - 00000000 ____D C:\Users\Marcin\AppData\Local\FluxSoftware 2015-11-28 18:44 - 2015-11-28 18:44 - 00597304 _____ C:\Users\Marcin\Downloads\flux-setup.exe 2015-11-28 11:37 - 2015-11-30 04:25 - 00000000 ____D C:\Users\Marcin\Desktop\zarzadzanie 2015-11-27 17:28 - 2015-11-27 17:28 - 00130488 _____ C:\Users\Marcin\Desktop\PPJ c16.pdf 2015-11-27 17:06 - 2015-12-19 17:52 - 00000000 ____D C:\Users\Marcin\Desktop\workspace3 2015-11-23 05:52 - 2015-11-23 05:52 - 00194826 _____ C:\Users\Marcin\Desktop\Reorganizacja-ośrodka-badawczo-rozwojowego.pptx 2015-11-23 05:52 - 2015-11-23 05:52 - 00000000 ____D C:\Users\Marcin\Documents\Niestandardowe szablony pakietu Office ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-23 08:20 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-23 08:04 - 2015-10-24 12:13 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2234715902-4135885355-1448298309-1001 2015-12-23 07:35 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-23 07:34 - 2015-10-24 13:24 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-23 07:34 - 2015-10-24 12:14 - 00003964 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{237435EF-9ECE-4848-9A88-8A661C64CD3F} 2015-12-23 07:32 - 2015-10-24 12:11 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-23 07:32 - 2013-08-23 00:12 - 00807160 _____ C:\Windows\system32\perfh015.dat 2015-12-23 07:32 - 2013-08-23 00:12 - 00163478 _____ C:\Windows\system32\perfc015.dat 2015-12-23 07:31 - 2015-10-24 13:24 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-22 17:31 - 2015-10-24 18:43 - 00000600 _____ C:\Users\Marcin\AppData\Local\PUTTY.RND 2015-12-22 17:31 - 2015-10-24 18:36 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\FileZilla 2015-12-21 08:00 - 2015-10-24 18:21 - 00000000 ____D C:\Users\Marcin\AppData\Local\Eclipse 2015-12-21 07:14 - 2015-11-12 00:11 - 00000000 ____D C:\Users\Marcin\Desktop\matematyka 2015-12-20 16:29 - 2015-10-26 07:13 - 00000000 ____D C:\Users\Marcin\AppData\Local\ElevatedDiagnostics 2015-12-19 20:48 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF 2015-12-19 18:45 - 2015-11-11 18:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-12-19 18:45 - 2015-11-11 18:41 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-19 18:45 - 2015-10-29 10:18 - 00000000 ____D C:\Windows\system32\MRT 2015-12-19 18:45 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-12-19 18:38 - 2015-10-29 10:18 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-18 18:30 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\tracing 2015-12-18 18:02 - 2015-11-19 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-16 08:36 - 2015-10-24 13:27 - 00002209 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-12 13:44 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-12 13:43 - 2015-10-26 07:29 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-12-10 17:48 - 2015-11-15 15:02 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\AIMP3 2015-12-10 05:35 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-10 05:35 - 2013-08-22 15:44 - 00482320 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-10 05:35 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-09 08:06 - 2015-10-24 13:24 - 00000000 ____D C:\Users\Marcin\AppData\Local\Google 2015-12-09 04:39 - 2015-10-26 08:09 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-12-06 17:46 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-12-05 16:32 - 2015-11-11 10:16 - 00000000 ____D C:\Users\Marcin\Desktop\Marcin 2015-12-02 14:23 - 2015-10-27 13:58 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-02 14:01 - 2015-10-24 18:42 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Notepad++ 2015-12-02 12:29 - 2015-10-24 13:24 - 00004034 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-02 12:29 - 2015-10-24 13:24 - 00003798 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-01 23:04 - 2015-11-01 07:10 - 00000000 ____D C:\Users\Marcin\AppData\Local\CrashDumps 2015-12-01 18:19 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-01 18:19 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-27 17:20 - 2015-10-24 18:20 - 00000000 ____D C:\Users\Marcin\.eclipse 2015-11-24 18:07 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-11-23 08:33 - 2015-10-24 12:00 - 00000000 ____D C:\Users\Marcin\AppData\Local\Packages 2015-11-23 05:52 - 2015-11-19 21:37 - 00172284 _____ C:\Users\Marcin\Downloads\Reorganizacja-ośrodka-badawczo-rozwojowego.pptx ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-10-24 18:43 - 2015-12-22 17:31 - 0000600 _____ () C:\Users\Marcin\AppData\Local\PUTTY.RND 2015-10-24 13:14 - 2015-10-24 13:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Niektóre pliki w TEMP: ==================== C:\Users\Marcin\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Marcin\AppData\Local\Temp\npp.6.8.6.Installer.exe C:\Users\Marcin\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-12-20 16:29 ==================== Koniec FRST.txt ============================