Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 25-09-2016 Uruchomiony przez sm (administrator) WIN8 (25-09-2016 20:31:58) Uruchomiony z C:\Users\sm\Desktop\Nowy folder Załadowane profile: sm (Dostępne profile: sm) Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () Q:\Program Files\3DsMax14\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.5.0\WsAppService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) P:\Program Files\Mozilla Firefox\firefox.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.) HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1846016 2015-12-09] (NVIDIA Corporation) HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd) HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2015-01-09] (Analog Devices, Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-11-07] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKU\S-1-5-21-3889843123-173433419-3160748714-1001\...\Run: [DAEMON Tools Lite] => J:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3889843123-173433419-3160748714-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) HKU\S-1-5-21-3889843123-173433419-3160748714-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{651EA570-BE25-4CF0-B508-399AD4E6479A}: [DhcpNameServer] 8.8.8.8 Internet Explorer: ================== BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-11-07] (Wondershare) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-24] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\sm\AppData\Roaming\Mozilla\Firefox\Profiles\4qxxra7c.default-1439284011294 FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-24] (Nero AG) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Extension: (Google Analytics Opt-out Browser Add-on) - C:\Users\sm\AppData\Roaming\Mozilla\Firefox\Profiles\4qxxra7c.default-1439284011294\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2016-04-14] FF Extension: (Javascript Injector for Firefox) - C:\Users\sm\AppData\Roaming\Mozilla\Firefox\Profiles\4qxxra7c.default-1439284011294\Extensions\jid1-wINRYApAU7qvFA@jetpack.xpi [2016-05-02] FF Extension: (Download YouTube Videos as MP4) - C:\Users\sm\AppData\Roaming\Mozilla\Firefox\Profiles\4qxxra7c.default-1439284011294\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-05] FF Extension: (Adblock Plus) - C:\Users\sm\AppData\Roaming\Mozilla\Firefox\Profiles\4qxxra7c.default-1439284011294\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.pl/" CHR Profile: C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default [2016-09-25] CHR Extension: (Prezentacje Google) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-16] CHR Extension: (Google update service) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpmfpgmlbdhaipikkikomnmkiecpgep [2016-05-01] CHR Extension: (Dokumenty Google) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-18] CHR Extension: (Dysk Google) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-18] CHR Extension: (YouTube) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-18] CHR Extension: (Szukaj w Google) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-16] CHR Extension: (Arkusze Google) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-16] CHR Extension: (Dokumenty Google offline) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-18] CHR Extension: (Google CSP) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gleekbfjekiniecknbkamfmkohkpodhe [2016-05-01] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-18] CHR Extension: (Gmail) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-18] CHR Extension: (Chrome Media Router) - C:\Users\sm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2015-01-09] (Andrea Electronics Corporation) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-01-31] (Creative Labs) [Brak podpisu cyfrowego] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-01-31] (Creative Labs) [Brak podpisu cyfrowego] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [Brak podpisu cyfrowego] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 mi-raysat_3dsmax2014_64; Q:\Program Files\3DsMax14\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () [Brak podpisu cyfrowego] R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation) S3 Origin Client Service; J:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-15] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-10-22] () S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.5.0\WsAppService.exe [382464 2015-12-02] (Wondershare) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-01-11] (DT Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 L6PODX3LV; C:\Windows\System32\Drivers\L6PODX3LV64.sys [772864 2013-07-11] (Line 6) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MCfilt; C:\Windows\system32\drivers\MCfilt64.sys [25600 2015-01-09] (Creative Technology Ltd.) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-11-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-16] (NVIDIA Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell) U3 pxrdqpow; \??\C:\Users\sm\AppData\Local\Temp\pxrdqpow.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-25 20:30 - 2016-09-25 20:30 - 00004404 _____ C:\Users\sm\Desktop\Nowy dokument tekstowy.txt 2016-09-25 19:30 - 2016-09-25 19:30 - 00000000 ____D C:\Users\sm\Desktop\Nowy folder (4) 2016-09-25 18:32 - 2016-09-25 20:31 - 00000000 ____D C:\Users\sm\Desktop\Nowy folder 2016-09-25 18:32 - 2016-09-25 18:32 - 00000000 ____D C:\Users\sm\Desktop\FRST-OlderVersion 2016-09-25 18:17 - 2016-09-25 18:17 - 00856013 _____ C:\Users\sm\Desktop\RansomNoteCleaner.zip 2016-09-25 18:17 - 2016-09-25 18:17 - 00000000 ____D C:\Users\sm\Desktop\RansomNoteCleaner 2016-09-25 16:50 - 2016-09-25 16:50 - 00380928 _____ C:\Users\sm\Desktop\rup650n9.exe 2016-09-25 16:37 - 2016-09-25 20:31 - 00000000 ____D C:\FRST 2016-09-25 15:58 - 2016-09-25 15:58 - 00002574 _____ C:\RakhniDecryptor.1.16.0.0_25.09.2016_15.58.02_log.txt 2016-09-25 15:57 - 2016-09-25 15:57 - 05235616 _____ (Kaspersky Lab ZAO) C:\Users\sm\Desktop\rakhnidecryptor.exe 2016-09-25 15:56 - 2016-09-25 15:57 - 00002118 _____ C:\WildfireDecryptor.1.0.0.2_25.09.2016_15.56.10_log.txt 2016-09-25 15:55 - 2016-09-25 15:55 - 02806384 _____ C:\Users\sm\Desktop\WildfireDecryptor.zip 2016-09-25 15:51 - 2016-09-25 15:53 - 01172298 _____ C:\XoristDecryptor.2.5.1.0_25.09.2016_15.51.54_log.txt 2016-09-25 15:51 - 2016-09-25 15:51 - 00801040 _____ (Kaspersky Lab ZAO) C:\Users\sm\Desktop\xoristdecryptor.exe 2016-09-25 15:33 - 2016-09-25 15:35 - 00002856 _____ C:\ScraperDecryptor.1.0.0.2_25.09.2016_15.33.20_log.txt 2016-09-25 15:32 - 2016-09-25 15:32 - 00470235 _____ C:\Users\sm\Desktop\ScraperDecryptor.zip 2016-09-25 15:17 - 2016-09-25 15:17 - 00000904 _____ C:\Users\sm\Desktop\thebat — skrót.lnk 2016-09-25 13:37 - 2016-09-25 13:37 - 25219144 _____ C:\Users\sm\Downloads\RogueKillerX64.exe 2016-09-25 12:58 - 2016-09-25 12:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\sm\Downloads\HijackThis_2.0.4.exe 2016-09-25 12:57 - 2016-09-25 12:58 - 01244848 _____ ( ) C:\Users\sm\Desktop\HijackThis-12030-dp.exe 2016-09-25 12:48 - 2016-09-25 12:48 - 03439864 _____ (Symantec Corporation) C:\Users\sm\Desktop\NPE.exe 2016-09-24 02:12 - 2016-09-24 10:10 - 136139776 _____ C:\Users\sm\Desktop\Josh Homme - Guitar Moves - Episode 3.mp4 2016-09-13 21:17 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-09-13 21:17 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-09-13 21:17 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-09-13 21:17 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-09-13 21:17 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-09-13 21:17 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-09-13 21:17 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-09-13 21:17 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-09-13 21:17 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-09-13 21:17 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-09-13 21:17 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-09-13 21:17 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-09-13 21:17 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-09-13 21:17 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-09-13 21:17 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-09-13 21:17 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-09-13 21:17 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-09-13 21:17 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-09-13 21:17 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-09-13 21:17 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-09-13 21:17 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-09-13 21:17 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-09-13 21:17 - 2016-08-26 06:41 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2016-09-13 21:17 - 2016-08-26 06:00 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2016-09-13 21:17 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-09-13 21:17 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-09-13 21:17 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-09-13 21:17 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-09-13 21:17 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-09-13 21:17 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-09-13 21:17 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-09-13 21:17 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-09-13 21:17 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-09-13 21:17 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-09-13 21:17 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-09-13 21:16 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-09-13 21:16 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-09-13 21:16 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-09-13 21:16 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-09-13 21:16 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-09-13 21:16 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-09-13 21:16 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-09-13 21:16 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-09-13 21:16 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-09-13 21:16 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-09-13 21:16 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-09-13 21:16 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2016-09-13 21:16 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2016-09-13 21:16 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll 2016-09-13 21:16 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll 2016-09-13 21:16 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys 2016-09-13 21:16 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll 2016-09-13 21:16 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll 2016-09-13 21:16 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll 2016-09-13 21:16 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll 2016-09-13 21:16 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2016-09-13 21:16 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll 2016-09-13 21:16 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll 2016-09-13 21:16 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll 2016-09-13 21:16 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2016-09-13 21:16 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll 2016-09-13 21:16 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll 2016-09-13 21:16 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll 2016-09-13 21:16 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-09-13 21:16 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-09-13 21:16 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll 2016-09-13 21:16 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll 2016-09-13 21:16 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll 2016-09-13 21:16 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2016-09-13 21:16 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe 2016-09-13 21:16 - 2016-07-04 05:37 - 02897920 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2016-09-13 21:16 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2016-09-13 21:16 - 2016-07-04 05:04 - 02539008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2016-09-13 21:16 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2016-09-13 21:16 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-09-13 21:16 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll 2016-09-13 21:16 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll 2016-09-13 21:16 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2016-09-13 21:14 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-09-13 21:14 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-09-13 21:14 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-09-13 21:14 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-09-13 21:13 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-09-13 21:13 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-09-13 21:13 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-09-13 21:13 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-09-13 21:13 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-09-13 21:13 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-09-13 21:13 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll 2016-09-13 21:13 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll 2016-09-13 21:13 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll 2016-09-06 23:49 - 2016-09-24 02:26 - 00032590 _____ C:\Users\sm\Desktop\Kopia Wycena końcowa-M.Patel.xls 2016-09-06 02:30 - 2016-09-24 10:13 - 744738310 _____ C:\Users\sm\Desktop\Wyszczepieni - od TUSZOWANIA faktów do KATASTROFY.mp4 2016-08-31 23:41 - 2016-09-24 10:11 - 466116507 _____ C:\Users\sm\Desktop\Stanisław Lem ✖ Grzegorz Braun.mp4 2016-08-30 13:40 - 2016-09-24 02:26 - 00061783 _____ C:\Users\sm\Desktop\pko_trans_details_20160830_134049.pdf 2016-08-28 13:09 - 2016-08-28 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-09-25 20:15 - 2016-07-18 22:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-25 20:14 - 2015-01-09 19:32 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-25 20:14 - 2013-08-23 01:12 - 00805918 _____ C:\Windows\system32\perfh015.dat 2016-09-25 20:14 - 2013-08-23 01:12 - 00163272 _____ C:\Windows\system32\perfc015.dat 2016-09-25 20:14 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2016-09-25 20:07 - 2016-07-18 22:04 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-25 20:07 - 2015-08-06 19:44 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-25 20:07 - 2015-08-05 21:11 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3889843123-173433419-3160748714-1001 2016-09-25 20:07 - 2015-02-13 00:55 - 00000000 ____D C:\Windows\Minidump 2016-09-25 20:07 - 2015-01-09 19:28 - 00252352 ____N C:\Windows\Minidump\092516-34453-01.dmp 2016-09-25 20:07 - 2015-01-09 19:28 - 00000000 ____D C:\Users\sm 2016-09-25 20:07 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-25 20:00 - 2015-09-13 15:16 - 00003956 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{959FE3B6-9B25-4ADD-B8B3-67F1D824C94E} 2016-09-25 19:59 - 2016-04-13 21:46 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-25 18:57 - 2016-03-01 18:01 - 00000008 __RSH C:\ProgramData\ntuser.pol 2016-09-25 18:55 - 2015-01-18 17:30 - 00000000 ____D C:\Users\sm\AppData\LocalLow\Temp 2016-09-25 18:33 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-09-25 18:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2016-09-25 17:21 - 2015-01-13 22:28 - 00000000 ____D C:\Users\sm\AppData\Roaming\ClassicShell 2016-09-25 14:41 - 2016-08-20 00:04 - 00000000 ____D C:\Users\sm\Desktop\Raised By Swans 2010 No Ghostless Place 2016-09-25 14:40 - 2015-03-21 18:46 - 00000000 ___SD C:\THEBAT! 2016-09-25 14:35 - 2015-04-19 14:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-25 13:45 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2016-09-25 13:04 - 2016-01-02 19:56 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate 2016-09-24 20:16 - 2016-01-03 18:21 - 00000000 ____D C:\Users\sm\AppData\Roaming\IrfanView 2016-09-24 20:16 - 2015-04-04 20:10 - 00000000 ___SD C:\Windows\system32\GWX 2016-09-24 20:16 - 2015-01-12 01:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-24 20:16 - 2015-01-11 21:39 - 00000000 ____D C:\Users\sm\AppData\Roaming\uTorrent 2016-09-24 20:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-24 20:16 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2016-09-24 20:15 - 2016-06-02 02:02 - 00000000 ____D C:\Program Files (x86)\ESET 2016-09-24 20:15 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\registration 2016-09-24 20:15 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\Sysprep 2016-09-24 10:20 - 2016-01-24 21:24 - 396916345 _____ C:\Users\sm\Downloads\Władcy marionetek cały dokument.mp4 2016-09-24 10:20 - 2015-02-02 04:01 - 999506927 _____ C:\Users\sm\Downloads\Ukrywane wyniki badań astronomów - niezwykła prawda o kosmosie PL. HD.mp4 2016-09-24 10:18 - 2015-02-06 02:10 - 999506927 _____ C:\Users\sm\Downloads\Ukrywane wyniki badań astronomów - niezwykła prawda o kosmosie PL. HD(1).mp4 2016-09-24 08:08 - 2016-01-03 16:52 - 30396714 _____ C:\Users\sm\Downloads\wizki_Galeria.zip 2016-09-24 08:08 - 2015-01-09 19:50 - 51742217 _____ C:\Users\sm\Downloads\SoundMax_V51026605_XPVistaWin7.zip 2016-09-24 08:07 - 2016-01-27 00:26 - 21518453 _____ C:\Users\sm\Downloads\Indiańska instrukcja życia.mp4 2016-09-24 08:07 - 2016-01-03 02:45 - 67226092 _____ C:\Users\sm\Downloads\SaNet.me_DVD-Cloner.13.10.1412(1).rar 2016-09-24 08:07 - 2015-10-17 15:39 - 105965041 _____ C:\Users\sm\Downloads\Guitar Cover - Whitewater by Kyuss.mp4 2016-09-24 08:07 - 2015-01-09 19:50 - 24172448 _____ C:\Users\sm\Downloads\IMSM_V8901023.zip 2016-09-24 08:04 - 2016-08-21 22:52 - 41493879 _____ C:\Users\sm\Desktop\The Prestige- Analyse.mp4 2016-09-24 08:04 - 2016-08-20 00:01 - 124657667 _____ C:\Users\sm\Desktop\Raised_By_Swans_2010_No_Ghostless_Place.rar 2016-09-24 08:04 - 2016-03-26 00:24 - 74322536 _____ C:\Users\sm\Desktop\Nowy folder (3).rar 2016-09-24 04:04 - 2016-04-09 02:55 - 00000000 ____D C:\Users\sm\Documents\XLN Online Installer Logs 2016-09-24 04:04 - 2016-02-13 00:47 - 00763322 _____ C:\Users\sm\Downloads\sub2divx332_videoaudio.pl_.zip 2016-09-24 04:04 - 2016-02-13 00:42 - 00269464 _____ C:\Users\sm\Downloads\sub2divx332.zip 2016-09-24 04:04 - 2016-02-12 23:54 - 00894934 _____ C:\Users\sm\Downloads\AVIAddXSub915.zip 2016-09-24 04:04 - 2015-10-29 00:14 - 00000000 ____D C:\Users\sm\Documents\Nowy folder 2016-09-24 04:04 - 2015-10-17 01:54 - 03448438 _____ C:\Users\sm\Downloads\pbsetuplegacy.zip 2016-09-24 04:04 - 2015-05-03 02:25 - 11284961 _____ C:\Users\sm\Downloads\MPC-BE.1.4.4.x64-installer.zip 2016-09-24 04:04 - 2015-01-11 18:09 - 00000000 ____D C:\Users\sm\Documents\Diablo III 2016-09-24 04:04 - 2015-01-09 19:50 - 04972361 _____ C:\Users\sm\Downloads\Intel_Chipset_V9111019_XPVistaWin7.zip 2016-09-24 02:26 - 2016-08-21 22:52 - 11084808 _____ C:\Users\sm\Desktop\Arcade Fire Afterlife.mp4 2016-09-24 02:26 - 2016-08-21 14:07 - 01808375 _____ C:\Users\sm\Desktop\Siemens siwamat xl528.pdf 2016-09-24 02:26 - 2016-08-21 13:04 - 00338410 _____ C:\Users\sm\Desktop\14106562_1302492283124508_1991765493_n.mp4 2016-09-24 02:26 - 2016-06-11 03:17 - 00036686 _____ C:\Users\sm\Desktop\Wycena Roman-Domoteka.xls 2016-09-24 02:26 - 2016-06-11 03:16 - 00023374 _____ C:\Users\sm\Desktop\Wycena Szacunkowa-Domoteka popr.rabat.xls 2016-09-24 02:26 - 2016-06-03 20:12 - 00629644 _____ C:\Users\sm\Desktop\DWU_nr_1_plyta_7A.pdf 2016-09-24 02:26 - 2016-06-03 20:09 - 00057215 _____ C:\Users\sm\Desktop\SchematyZamocowanPlytZaPomoca_SystemuBlick.pdf 2016-09-24 02:26 - 2016-05-12 00:54 - 11334710 _____ C:\Users\sm\Desktop\próba 12.05.16.zip 2016-09-24 02:26 - 2016-03-26 00:41 - 00000000 ____D C:\Users\sm\Desktop\Nowy folder (3) 2016-09-24 02:26 - 2016-03-18 23:55 - 12148685 _____ C:\Users\sm\Desktop\PolishReaperUserGuide416.pdf 2016-09-24 02:26 - 2015-05-07 20:46 - 00000000 ____D C:\Users\sm\Desktop\NATIVE AMERICAN INDIANS 2016-09-24 02:26 - 2015-03-27 20:24 - 00781527 _____ C:\Users\sm\Desktop\mapa4k-Model.pdf 2016-09-24 02:26 - 2015-03-15 14:50 - 00018488 _____ C:\Users\sm\Desktop\lista_produktow.xlsx 2016-09-21 00:28 - 2015-01-15 00:07 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2016-09-21 00:28 - 2015-01-15 00:07 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2016-09-21 00:24 - 2016-01-02 20:31 - 00000000 ____D C:\Users\sm\AppData\Local\CrashDumps 2016-09-20 00:18 - 2015-01-15 00:07 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2016-09-20 00:13 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-09-18 23:01 - 2015-01-11 18:08 - 00000000 ____D C:\Users\sm\AppData\Local\Battle.net 2016-09-18 15:11 - 2015-01-11 18:08 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-09-17 01:17 - 2015-01-09 19:41 - 00002229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-17 01:17 - 2015-01-09 19:41 - 00002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-09-14 06:46 - 2015-09-13 15:16 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-14 05:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2016-09-13 23:14 - 2013-08-22 16:44 - 00430384 _____ C:\Windows\system32\FNTCACHE.DAT 2016-09-13 23:13 - 2015-01-09 20:28 - 00000000 ____D C:\Windows\system32\MRT 2016-09-13 23:13 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup 2016-09-13 23:13 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup 2016-09-13 23:04 - 2015-01-09 20:28 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-09-13 23:03 - 2013-08-23 01:14 - 00000000 ____D C:\Windows\ShellNew 2016-09-13 12:59 - 2016-04-13 21:46 - 00003818 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-09-13 12:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-09-13 12:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-09-07 03:11 - 2013-08-22 17:38 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-09-07 03:11 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-08-29 00:07 - 2015-01-11 18:04 - 00000000 ____D C:\ProgramData\Origin ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-02-20 23:11 - 2016-02-20 23:11 - 0003584 _____ () C:\Users\sm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-21 03:53 - 2016-01-24 04:08 - 0007600 _____ () C:\Users\sm\AppData\Local\resmon.resmoncfg 2016-09-24 02:25 - 2016-09-24 13:07 - 12816384 _____ () C:\ProgramData\encfiles.log ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-09-19 04:52 ==================== Koniec FRST.txt ============================