Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:16-04-2016 01 Uruchomiony przez TomsonLBN (administrator) ADMIN-KOMPUTER (17-04-2016 11:06:30) Uruchomiony z C:\Users\TomsonLBN\Desktop\programy wuja Tomasza Załadowane profile: TomsonLBN (Dostępne profile: UpdatusUser & TomsonLBN) Platform: Microsoft Windows 8.1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: "c:\PROGRA~1\google\chrome\APPLIC~1\chrome.exe" -- "%1") Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x86__8wekyb3d8bbwe\livecomm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE (Microsoft Corporation) C:\Windows\System32\ThumbnailExtractionHost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation) HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) HKLM\...\Run: [ QQPCTray] => "C:\Program Files\Tencent\QQPCMgr\11.3.17195.214\QQPCTray.exe" /regrun HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-16] (AVAST Software) HKU\S-1-5-21-4227522351-578386421-3270892594-1002\...\MountPoints2: {70f571da-67ae-11e2-8bc5-806e6f6e6963} - "D:\install.exe" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-04-16] (AVAST Software) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{F2E6F9FE-83BC-40A1-A605-984A37EDDF07}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\S-1-5-21-4227522351-578386421-3270892594-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-05] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-16] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-05] (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM - Brak nazwy - {0124123D-61B4-456f-AF86-78C53A0790C5} - Brak pliku FireFox: ======== FF ProfilePath: C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-05] (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4227522351-578386421-3270892594-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TomsonLBN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS) FF user.js: detected! => C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\pepa8fe9.default\user.js [2016-04-04] FF user.js: detected! => C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-04-04] FF SearchPlugin: C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\pepa8fe9.default\searchplugins\yoursites123.xml [2016-03-17] FF SearchPlugin: C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yoursites123.xml [2016-03-17] FF Extension: Treasure Track - C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\pepa8fe9.default\Extensions\{54dc62bd-8641-4c3b-9f8b-1e64d497baef}.xpi [2015-10-28] [Brak podpisu cyfrowego] FF Extension: ReloadEvery - C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\pepa8fe9.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2016-02-13] FF Extension: Checked List 1.0.1 - C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\pepa8fe9.default\Extensions\{f79b4e0b-a5c0-4d29-8cd4-5887755c0d8e}.xpi [2016-04-02] [Brak podpisu cyfrowego] FF Extension: GsearchFinder - C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-29] FF Extension: Treasure Track - C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{54dc62bd-8641-4c3b-9f8b-1e64d497baef}.xpi [2015-10-28] [Brak podpisu cyfrowego] FF Extension: ReloadEvery - C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2016-02-13] FF Extension: Checked List 1.0.1 - C:\Users\TomsonLBN\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{f79b4e0b-a5c0-4d29-8cd4-5887755c0d8e}.xpi [2016-04-02] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-16] Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.pl/" CHR Profile: C:\Users\TomsonLBN\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\TomsonLBN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-04] CHR Extension: (Dysk Google) - C:\Users\TomsonLBN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04] CHR Extension: (YouTube) - C:\Users\TomsonLBN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-04] CHR Extension: (Arkusze Google) - C:\Users\TomsonLBN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-04] CHR Extension: (Dokumenty Google offline) - C:\Users\TomsonLBN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04] CHR Extension: (Avast Online Security) - C:\Users\TomsonLBN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\TomsonLBN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\TomsonLBN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-04] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-16] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-16] (AVAST Software) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-04-16] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-04-16] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-04-16] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-04-16] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-04-16] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-04-16] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-04-16] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [124808 2016-04-16] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221368 2016-04-16] (AVAST Software) R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation) R3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [190976 2014-11-21] (Microsoft Corporation) R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [190976 2014-11-21] (Microsoft Corporation) R3 yukonw8; C:\WINDOWS\system32\DRIVERS\yk63x86.sys [249288 2013-06-18] (Marvell) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-17 10:44 - 2016-04-17 10:44 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-04-17 10:44 - 2016-04-17 10:44 - 00002037 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-04-17 10:44 - 2016-04-17 10:44 - 00000000 ____D C:\ProgramData\Adobe 2016-04-17 10:44 - 2016-04-17 10:44 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-04-17 10:44 - 2016-04-17 10:44 - 00000000 ____D C:\Program Files\Adobe 2016-04-16 23:41 - 2016-04-16 23:41 - 00036658 _____ C:\Users\TomsonLBN\Downloads\Addition (1).txt 2016-04-16 23:12 - 2016-04-16 23:12 - 00022252 _____ C:\Users\TomsonLBN\Desktop\Fixlog_16-04-2016_23-12-10.txt 2016-04-16 23:01 - 2016-04-17 11:06 - 00000000 ____D C:\FRST 2016-04-16 22:47 - 2016-04-16 22:47 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-04-16 21:54 - 2016-04-16 21:54 - 00000000 ____D C:\Users\TomsonLBN\AppData\Local\ElevatedDiagnostics 2016-04-16 21:54 - 2016-04-16 21:54 - 00000000 ____D C:\MATS 2016-04-16 21:50 - 2016-04-16 21:50 - 00347816 _____ (Microsoft Corporation) C:\Users\TomsonLBN\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe 2016-04-16 21:41 - 2016-04-16 21:41 - 00000879 _____ C:\Users\TomsonLBN\AppData\Local\recently-used.xbel 2016-04-16 18:00 - 2016-04-16 18:00 - 00003489 _____ C:\Users\TomsonLBN\Downloads\FSS.txt 2016-04-16 17:40 - 2016-04-16 22:08 - 00062779 _____ C:\Users\TomsonLBN\Downloads\Shortcut.txt 2016-04-16 17:38 - 2016-04-16 22:08 - 00032804 _____ C:\Users\TomsonLBN\Downloads\Addition.txt 2016-04-16 17:37 - 2016-04-16 22:08 - 00090344 _____ C:\Users\TomsonLBN\Downloads\FRST.txt 2016-04-16 17:34 - 2016-04-16 17:34 - 00008587 _____ C:\Users\TomsonLBN\Downloads\AdwCleanerS0.txt 2016-04-16 17:28 - 2016-04-16 17:28 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2016-04-16 17:28 - 2016-04-16 17:28 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-04-16 17:27 - 2016-04-16 17:27 - 00000000 ____D C:\Users\TomsonLBN\AppData\Roaming\AVAST Software 2016-04-16 17:27 - 2016-04-16 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-04-16 17:26 - 2016-04-16 17:26 - 00221368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2016-04-16 17:26 - 2016-04-16 17:26 - 00000000 ____D C:\Program Files\Common Files\AV 2016-04-16 17:26 - 2016-04-16 17:25 - 00815792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2016-04-16 17:26 - 2016-04-16 17:25 - 00449640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2016-04-16 17:26 - 2016-04-16 17:25 - 00334280 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-04-16 17:26 - 2016-04-16 17:25 - 00124808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2016-04-16 17:26 - 2016-04-16 17:25 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2016-04-16 17:26 - 2016-04-16 17:25 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-04-16 17:26 - 2016-04-16 17:25 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-04-16 17:26 - 2016-04-16 17:25 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-04-16 17:25 - 2016-04-16 17:25 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-04-16 17:24 - 2016-04-16 17:28 - 00000000 ____D C:\ProgramData\AVAST Software 2016-04-16 17:24 - 2016-04-16 17:28 - 00000000 ____D C:\Program Files\AVAST Software 2016-04-16 17:24 - 2016-04-16 17:24 - 05066104 _____ (AVAST Software) C:\Users\TomsonLBN\Downloads\avast_free_antivirus_setup_online.exe 2016-04-16 16:33 - 2016-04-16 16:33 - 00003094 _____ C:\Users\TomsonLBN\Downloads\AdwCleanerC2.txt 2016-04-16 15:56 - 2016-04-16 23:30 - 00000000 ____D C:\AdwCleaner 2016-04-16 15:56 - 2016-04-16 15:56 - 03677760 _____ C:\Users\TomsonLBN\Downloads\adwcleaner_5.111.exe 2016-04-16 14:50 - 2016-04-16 14:52 - 22537784 _____ ( ) C:\Users\TomsonLBN\Downloads\AdbeRdr705_pol_full.exe 2016-04-16 14:49 - 2016-04-16 15:00 - 245713542 _____ C:\Users\TomsonLBN\Downloads\ut3patch1.2.exe 2016-04-16 14:49 - 2016-04-16 14:59 - 245453953 _____ C:\Users\TomsonLBN\Downloads\ut3patch1.1.exe 2016-04-16 11:30 - 2016-04-16 11:52 - 00000000 ____D C:\Users\TomsonLBN\Desktop\wykorzystaj czas 2016-04-13 20:58 - 2016-04-13 20:59 - 00054247 _____ C:\Users\TomsonLBN\Downloads\nowe-cv.odt 2016-04-13 08:29 - 2016-03-29 16:03 - 03509760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-04-13 08:29 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-04-13 08:29 - 2016-02-09 03:36 - 00223680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-04-13 08:29 - 2016-02-09 03:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-04-13 08:29 - 2016-02-09 03:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-04-13 08:29 - 2016-02-08 22:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-04-13 08:29 - 2016-02-08 22:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll 2016-04-13 08:29 - 2016-02-08 22:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-04-13 08:29 - 2016-02-08 21:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-04-13 08:29 - 2016-02-08 21:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-04-13 08:29 - 2016-02-08 21:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll 2016-04-13 08:29 - 2016-02-08 21:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2016-04-13 08:29 - 2016-02-08 21:37 - 01175040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-04-13 08:29 - 2016-02-08 21:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll 2016-04-13 08:29 - 2016-02-08 21:36 - 01619968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2016-04-13 08:29 - 2016-02-08 21:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-04-13 08:29 - 2016-02-08 21:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-04-13 08:29 - 2016-02-08 21:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-04-13 08:29 - 2016-02-08 21:32 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2016-04-13 08:29 - 2016-02-08 21:30 - 00768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-04-13 08:29 - 2016-02-07 00:46 - 00265048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2016-04-13 08:29 - 2016-02-05 21:12 - 00318296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-04-13 08:29 - 2016-01-31 18:53 - 00635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe 2016-04-13 08:29 - 2016-01-22 07:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-04-13 08:29 - 2014-11-08 04:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-04-13 08:28 - 2016-04-04 08:40 - 00042672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-04-13 08:28 - 2016-04-02 15:27 - 01218048 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-04-13 08:28 - 2016-04-02 15:27 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-04-13 08:28 - 2016-04-01 15:20 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-04-13 08:28 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-04-13 08:28 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-04-13 08:28 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-04-13 08:28 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-04-13 08:28 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-04-13 08:28 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2016-04-13 08:28 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2016-04-13 08:28 - 2016-03-31 01:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-04-13 08:28 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-04-13 08:28 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-04-13 08:28 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-04-13 08:28 - 2016-03-31 01:23 - 00689664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-04-13 08:28 - 2016-03-31 01:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-04-13 08:28 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-04-13 08:28 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-04-13 08:28 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-04-13 08:28 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-04-13 08:28 - 2016-03-19 01:06 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-04-13 08:28 - 2016-03-19 01:06 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-04-13 08:28 - 2016-03-19 01:06 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-04-13 08:28 - 2016-03-19 01:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-04-13 08:28 - 2016-03-16 01:06 - 00478800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-04-13 08:28 - 2016-03-15 16:05 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-04-13 08:28 - 2016-03-11 16:44 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-04-13 08:28 - 2016-03-10 19:46 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-04-13 08:28 - 2016-03-10 19:45 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-04-13 08:28 - 2016-03-10 19:45 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-04-13 08:28 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-04-13 08:28 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2016-04-13 08:28 - 2016-03-03 18:11 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2016-04-13 08:28 - 2016-02-07 01:10 - 00410968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2016-04-13 08:28 - 2016-02-05 17:08 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2016-04-13 08:28 - 2016-02-05 17:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2016-04-13 08:28 - 2016-02-05 16:56 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-04-13 08:28 - 2016-02-05 16:45 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2016-04-13 08:28 - 2016-02-04 19:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll 2016-04-13 08:28 - 2016-02-04 18:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2016-04-13 08:28 - 2016-02-03 17:10 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys 2016-04-13 08:28 - 2016-02-03 17:08 - 01273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2016-04-13 08:28 - 2016-02-02 19:37 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2016-04-13 08:28 - 2016-02-02 19:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll 2016-04-13 08:28 - 2016-02-02 18:56 - 01318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe 2016-04-13 08:28 - 2016-02-02 18:54 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2016-04-13 08:28 - 2016-02-02 18:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll 2016-04-13 08:28 - 2016-02-02 18:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2016-04-13 08:28 - 2016-02-02 18:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll 2016-04-13 08:28 - 2016-01-28 03:00 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2016-04-13 08:28 - 2016-01-21 20:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-04-13 08:28 - 2016-01-21 00:44 - 00083800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys 2016-04-13 08:27 - 2016-03-10 20:47 - 05764448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-04-13 08:27 - 2016-03-10 20:45 - 01396696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-04-13 08:27 - 2016-03-10 20:45 - 01285608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-04-13 08:27 - 2016-03-10 20:45 - 01272192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-04-13 08:27 - 2016-03-10 20:45 - 01172000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-04-13 08:27 - 2016-03-10 20:44 - 00888896 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-04-13 08:27 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll 2016-04-13 08:27 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-04-11 16:49 - 2016-04-11 16:49 - 00052500 _____ C:\Users\TomsonLBN\Downloads\Produkcja_V-XII_2016_1_.pdf 2016-04-11 16:48 - 2016-04-11 16:48 - 00027572 _____ C:\Users\TomsonLBN\Downloads\Produkcja V-XII 2016 (1).xlsx 2016-04-11 16:47 - 2016-04-11 16:47 - 00027572 _____ C:\Users\TomsonLBN\Downloads\Produkcja V-XII 2016.xlsx 2016-04-11 16:46 - 2016-04-11 16:46 - 00024114 _____ C:\Users\TomsonLBN\Downloads\Warehouse V-XII 2016.xlsx 2016-04-10 16:02 - 2016-04-10 16:24 - 462952531 _____ C:\Users\TomsonLBN\Downloads\Przybysz ze średniowiecza - LukasTV.mp4 2016-04-04 17:57 - 2016-04-04 17:57 - 00103020 ____H C:\WINDOWS\system32\mlfcache.dat 2016-04-04 16:55 - 2016-04-16 23:11 - 00000008 __RSH C:\Users\TomsonLBN\ntuser.pol 2016-03-29 20:08 - 2016-03-29 20:47 - 3204161795 _____ C:\Program Files\Resident Evil 4.rar ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-04-17 11:06 - 2016-03-16 02:35 - 00000000 ____D C:\Users\TomsonLBN\Desktop\dzk 2016-04-17 11:06 - 2016-03-01 21:58 - 00000000 ____D C:\Users\TomsonLBN\Desktop\programy wuja Tomasza 2016-04-17 11:06 - 2016-02-19 23:09 - 00000000 ___DO C:\Users\TomsonLBN\OneDrive 2016-04-17 11:03 - 2015-05-10 17:52 - 00000000 ____D C:\ProgramData\NVIDIA 2016-04-17 11:03 - 2013-08-22 09:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-17 11:02 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\MUI 2016-04-17 11:02 - 2013-08-22 08:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-04-17 11:01 - 2016-03-01 21:57 - 00000000 ____D C:\Users\TomsonLBN\Desktop\beasty kozak 2016-04-17 11:01 - 2013-08-22 10:05 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-04-17 10:59 - 2013-08-22 08:21 - 00000000 ____D C:\WINDOWS\inf 2016-04-17 10:55 - 2016-03-01 21:58 - 00000000 ____D C:\Users\TomsonLBN\Desktop\Tu jest wsdzystko 2016-04-17 10:45 - 2016-01-06 19:48 - 00000000 ____D C:\Users\TomsonLBN\AppData\Local\Adobe 2016-04-17 10:42 - 2015-10-24 20:17 - 00000000 ____D C:\Program Files\Mio 2016-04-17 10:25 - 2014-11-21 01:06 - 00794216 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-16 23:34 - 2015-05-10 17:56 - 00002239 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-16 23:34 - 2015-05-10 17:56 - 00002227 ____H C:\Users\Public\Desktop\Google Chrome.lnk 2016-04-16 23:11 - 2015-06-05 05:45 - 00000008 __RSH C:\ProgramData\ntuser.pol 2016-04-16 23:11 - 2015-05-10 17:34 - 00000000 ____D C:\Users\TomsonLBN 2016-04-16 23:03 - 2016-03-01 21:57 - 00000000 ____D C:\Users\TomsonLBN\Desktop\gry 2016-04-16 23:02 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2016-04-16 22:59 - 2012-11-08 15:26 - 00000000 ____D C:\Games 2016-04-16 21:49 - 2016-01-06 23:25 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-04-16 21:45 - 2015-07-29 14:21 - 00000000 ____D C:\Users\TomsonLBN\.gimp-2.8 2016-04-16 21:38 - 2015-09-04 20:31 - 00000000 ____D C:\Users\TomsonLBN\AppData\Local\gtk-2.0 2016-04-16 17:08 - 2016-02-13 14:43 - 00000000 ___HD C:\$WINDOWS.~BT 2016-04-16 17:00 - 2015-05-10 18:27 - 00000000 ___DC C:\WINDOWS\Panther 2016-04-16 16:14 - 2015-05-10 17:34 - 00000000 ____D C:\Users\admin 2016-04-16 15:04 - 2015-12-25 11:56 - 00000000 ____D C:\Users\TomsonLBN\AppData\Local\Downloaded Installations 2016-04-15 20:49 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-15 13:50 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\rescache 2016-04-13 20:35 - 2013-08-22 09:22 - 00353360 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-13 20:30 - 2013-08-22 10:17 - 00000000 ___RD C:\WINDOWS\ToastData 2016-04-13 20:29 - 2015-05-14 21:00 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-04-13 14:41 - 2016-03-03 14:42 - 00000000 ____D C:\Users\TomsonLBN\Desktop\do śłuchania nuty 2016-04-13 10:58 - 2015-05-12 12:13 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-04-13 10:47 - 2015-05-12 12:13 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-13 08:27 - 2016-01-13 11:52 - 00148312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-04-13 08:23 - 2016-03-09 13:53 - 01471536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-04-13 08:23 - 2016-03-09 13:53 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-04-08 09:59 - 2016-03-05 12:05 - 00000000 ____D C:\Users\TomsonLBN\Desktop\krzysiek dokumenty 2016-04-07 21:03 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-04-05 23:53 - 2016-02-11 18:34 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-04-05 23:53 - 2016-02-11 18:34 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-04-04 18:10 - 2016-01-11 00:53 - 00000000 ____D C:\ProgramData\MEGAsync 2016-04-04 18:10 - 2015-07-09 20:26 - 00000000 ____D C:\ProgramData\Oracle 2016-04-04 18:10 - 2015-06-06 14:53 - 00000000 ___HD C:\ProgramData\CanonIJScan 2016-04-04 18:10 - 2015-05-16 20:46 - 00000000 ___HD C:\ProgramData\CanonIJEGV 2016-04-04 18:04 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\registration 2016-04-04 16:37 - 2015-07-28 17:25 - 00000000 ____D C:\Users\TomsonLBN\AppData\Local\VirtualStore 2016-04-04 16:36 - 2015-12-20 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resident Evil 4 2016-04-01 07:00 - 2015-05-16 20:33 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-03-26 09:57 - 2015-05-14 21:00 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-03-21 11:44 - 2016-02-20 00:46 - 00000000 ____D C:\Program Files\Image-Line 2016-03-18 10:26 - 2015-05-10 17:34 - 00000000 ____D C:\Users\UpdatusUser ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-03-29 20:08 - 2016-03-29 20:47 - 3204161795 _____ () C:\Program Files\Resident Evil 4.rar 2015-12-25 13:13 - 2016-01-16 01:13 - 0000084 _____ () C:\Users\TomsonLBN\AppData\Roaming\WB.CFG 2016-04-16 21:41 - 2016-04-16 21:41 - 0000879 _____ () C:\Users\TomsonLBN\AppData\Local\recently-used.xbel 2016-01-08 13:30 - 2016-01-08 13:30 - 0000000 _____ () C:\Users\TomsonLBN\AppData\Local\{DA82A928-648C-4A65-9494-6355D9042397} Niektóre pliki w TEMP: ==================== C:\Users\TomsonLBN\AppData\Local\Temp\libeay32.dll C:\Users\TomsonLBN\AppData\Local\Temp\msvcr120.dll C:\Users\TomsonLBN\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-04-12 16:38 ==================== Koniec FRST.txt ============================