Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 10-02-2017 Uruchomiony przez Organeo (administrator) ORGANEO-HP (12-02-2017 06:04:49) Uruchomiony z C:\Users\Organeo\Desktop\cleaners\fixitpc\raporty Załadowane profile: Organeo (Dostępne profile: Organeo & DefaultAppPool) Platform: Windows 10 Home Wersja 1607 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (France Telecom SA) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\xdcla.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\pptd40nt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\PdfPro7Hook.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-12-17] (Synaptics Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAI-Shop.com Fiskalizator] => C:\Program Files (x86)\IAI\IAI-Shop.com Printer\IAI Printer.exe [3145216 2016-08-25] (IAI S.A.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\IndexSearch.exe [51616 2013-02-26] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\pptd40nt.exe [39328 2013-02-26] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort14reminder] => "C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini" HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\pdfpro7hook.exe [641424 2012-11-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-16614797-853428533-2425719548-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-02-18] (Glarysoft Ltd) HKU\S-1-5-21-16614797-853428533-2425719548-1001\...\Run: [GoogleChromeAutoLaunch_4D80983A864E20B640FB528D1EBC90B1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.) HKU\S-1-5-21-16614797-853428533-2425719548-1001\...\RunOnce: [Uninstall C:\Users\Organeo\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Organeo\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-16614797-853428533-2425719548-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-16614797-853428533-2425719548-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-16614797-853428533-2425719548-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Organeo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Organeo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Organeo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-28] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Organeo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-28] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Organeo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-28] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Organeo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-28] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageRetriever.lnk [2016-04-14] ShortcutTarget: ImageRetriever.lnk -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\xdcla.exe (Nuance Communications, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{68cdbe4b-b9d5-4852-9cd8-56acace90e9a}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKU\S-1-5-21-16614797-853428533-2425719548-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.onet.pl/ HKU\S-1-5-21-16614797-853428533-2425719548-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDF SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {43326F56-5EAB-497E-8A30-3F8685C81DEF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {43326F56-5EAB-497E-8A30-3F8685C81DEF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-16614797-853428533-2425719548-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-16614797-853428533-2425719548-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-16614797-853428533-2425719548-1001 -> {43326F56-5EAB-497E-8A30-3F8685C81DEF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-16614797-853428533-2425719548-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-16614797-853428533-2425719548-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-16614797-853428533-2425719548-1001 -> {FEA44BC9-6E77-402E-8F1E-23FDFF2E311D} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms} BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-11] (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-11] (Oracle Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Organeo\AppData\Roaming\Mozilla\Firefox\Profiles\b68nws8i.default [2017-02-12] FF Extension: (AVG SafePrice) - C:\Users\Organeo\AppData\Roaming\Mozilla\Firefox\Profiles\b68nws8i.default\Extensions\sp@avg.com.xpi [2016-11-21] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-27] [Brak podpisu cyfrowego] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-11] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2012-03-06] (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.pl/ CHR StartupUrls: Default -> "hxxp://www.onet.pl/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Brak pliku CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => Brak pliku CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => Brak pliku CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Brak pliku CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => Brak pliku CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => Brak pliku CHR Profile: C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default [2017-02-11] CHR Extension: (Dokumenty Google) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Dysk Google) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28] CHR Extension: (Google Search) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Muzyka Google Play) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-08] CHR Extension: (Dokumenty Google offline) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AVG SafePrice) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2016-12-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Gmail) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR Extension: (Chrome Media Router) - C:\Users\Organeo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR HKU\S-1-5-21-16614797-853428533-2425719548-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1824184 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 FTRTSVC; C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [90112 2011-02-23] (France Telecom SA) [Brak podpisu cyfrowego] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [Brak podpisu cyfrowego] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe [220488 2013-02-26] (Nuance Communications, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-12-17] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-03-03] (Advanced Micro Devices) S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] () R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-19] (Glarysoft Ltd) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-21] (REALiX(tm)) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-11] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-11] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-11] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-11] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-12] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-12-17] (Realtek ) R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Realtek Semiconductor Corporation ) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-11-16] (HP) U3 idsvc; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-12 06:02 - 2017-02-12 06:04 - 00000000 ____D C:\FRST 2017-02-11 21:07 - 2017-02-12 03:48 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-02-11 21:07 - 2017-02-11 22:39 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-02-11 21:07 - 2017-02-11 21:07 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-02-11 21:06 - 2017-02-11 22:39 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-11 21:06 - 2017-02-11 22:39 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-02-11 21:06 - 2017-02-11 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-11 21:06 - 2017-02-11 21:06 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-11 21:06 - 2017-02-11 21:06 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-11 21:06 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-02-11 17:09 - 2017-02-11 18:25 - 00000000 ____D C:\Users\Organeo\AppData\Roaming\Wise Euask 2017-02-11 16:46 - 2017-02-12 05:50 - 00000000 ____D C:\Users\Organeo\AppData\Roaming\Wise Uninstaller 2017-02-11 16:46 - 2017-02-11 19:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner 2017-02-11 16:45 - 2017-02-11 19:04 - 00000000 ____D C:\Program Files (x86)\Wise 2017-02-11 16:45 - 2017-02-11 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller 2017-02-08 17:21 - 2017-02-08 17:21 - 00070036 _____ C:\Users\Organeo\Desktop\testowa__inpostbyiai_2017-02-08_17-20.pdf 2017-02-08 17:05 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-02-08 17:05 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-20 17:18 - 2017-01-20 17:18 - 00031941 _____ C:\Users\Organeo\Downloads\20170111135107-49.pdf 2017-01-20 16:01 - 2017-01-20 16:01 - 00064146 _____ C:\Users\Organeo\Downloads\dispatchbook-inpostbyiai_2017-01-20_16-01.pdf 2017-01-20 15:20 - 2017-01-20 15:21 - 00062782 _____ C:\Users\Organeo\Downloads\dispatchbook-dpd_2017-01-20_15-20.pdf 2017-01-20 14:18 - 2017-01-20 14:18 - 00071842 _____ C:\Users\Organeo\Downloads\label (17).pdf 2017-01-20 14:15 - 2017-01-20 14:15 - 00329121 _____ C:\Users\Organeo\Downloads\FV_169_PL_1701.pdf 2017-01-20 13:13 - 2017-01-20 13:13 - 00329155 _____ C:\Users\Organeo\Downloads\FV_168_PL_1701.pdf 2017-01-20 13:12 - 2017-01-20 13:12 - 00063644 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-20_at_13.12.pdf 2017-01-20 12:31 - 2017-01-20 12:31 - 00061355 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-20_at_12.31.pdf 2017-01-20 11:51 - 2017-01-20 11:51 - 00328985 _____ C:\Users\Organeo\Downloads\FV_167_PL_1701.pdf 2017-01-20 11:50 - 2017-01-20 11:50 - 00064156 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-20_at_11.50.pdf 2017-01-20 11:42 - 2017-01-20 11:42 - 00329307 _____ C:\Users\Organeo\Downloads\FV_166_PL_1701.pdf 2017-01-20 11:41 - 2017-01-20 11:41 - 00064141 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-20_at_11.41.pdf 2017-01-20 11:19 - 2017-01-20 11:19 - 00329211 _____ C:\Users\Organeo\Downloads\FV_165_PL_1701.pdf 2017-01-19 15:35 - 2017-01-19 15:35 - 00077207 _____ C:\Users\Organeo\Downloads\dispatchbook-inpostbyiai_2017-01-19_15-35.pdf 2017-01-19 15:20 - 2017-01-19 15:20 - 00061266 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-19_at_15.20.pdf 2017-01-19 15:16 - 2017-01-19 15:16 - 00061504 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-19_at_15.15.pdf 2017-01-19 15:15 - 2017-01-19 15:15 - 00328958 _____ C:\Users\Organeo\Downloads\FV_164_PL_1701.pdf 2017-01-19 14:50 - 2017-01-19 14:50 - 00063904 _____ C:\Users\Organeo\Downloads\dispatchbook-dpd_2017-01-19_14-50.pdf 2017-01-19 14:27 - 2017-01-19 14:27 - 00329845 _____ C:\Users\Organeo\Downloads\FV_163_PL_1701.pdf 2017-01-19 14:27 - 2017-01-19 14:27 - 00063566 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-19_at_14.27.pdf 2017-01-19 14:20 - 2017-01-19 14:20 - 00061321 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-19_at_14.20.pdf 2017-01-19 14:13 - 2017-01-19 14:13 - 00330183 _____ C:\Users\Organeo\Downloads\FV_162_PL_1701.pdf 2017-01-19 14:11 - 2017-01-19 14:11 - 00063763 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-19_at_14.11.pdf 2017-01-19 13:31 - 2017-01-19 13:31 - 00329200 _____ C:\Users\Organeo\Downloads\FV_161_PL_1701.pdf 2017-01-19 12:22 - 2017-01-19 12:22 - 00329739 _____ C:\Users\Organeo\Downloads\FV_160_PL_1701.pdf 2017-01-19 11:31 - 2017-01-19 11:31 - 00329023 _____ C:\Users\Organeo\Downloads\FV_159_PL_1701.pdf 2017-01-19 11:21 - 2017-01-19 11:21 - 00329205 _____ C:\Users\Organeo\Downloads\FV_158_PL_1701.pdf 2017-01-19 11:09 - 2017-01-19 11:09 - 00329243 _____ C:\Users\Organeo\Downloads\FV_157_PL_1701.pdf 2017-01-19 10:55 - 2017-01-19 10:55 - 00330303 _____ C:\Users\Organeo\Downloads\FV_156_PL_1701.pdf 2017-01-19 10:29 - 2017-01-19 10:29 - 00053764 _____ C:\Users\Organeo\Desktop\Szczegoly_operacji_2017-01-19_10-29-41.pdf 2017-01-18 17:25 - 2017-01-18 17:25 - 00061427 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-18_at_17.25.pdf 2017-01-18 17:19 - 2017-01-18 17:19 - 00061205 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-18_at_17.19.pdf 2017-01-18 16:41 - 2017-01-18 16:41 - 00061490 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-18_at_16.41.pdf 2017-01-18 16:31 - 2017-01-18 16:31 - 00328884 _____ C:\Users\Organeo\Downloads\FV_155_PL_1701.pdf 2017-01-18 16:29 - 2017-01-18 16:29 - 00063639 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-18_at_16.29.pdf 2017-01-18 16:21 - 2017-01-18 16:21 - 00063631 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-18_at_16.21.pdf 2017-01-18 16:19 - 2017-01-18 16:19 - 00328853 _____ C:\Users\Organeo\Downloads\FV_154_PL_1701.pdf 2017-01-18 16:05 - 2017-01-18 16:05 - 00061276 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-18_at_16.05.pdf 2017-01-18 15:00 - 2017-01-18 15:00 - 00063191 _____ C:\Users\Organeo\Downloads\dispatchbook-dpd_2017-01-18_15-00.pdf 2017-01-18 13:59 - 2017-01-18 13:59 - 00329074 _____ C:\Users\Organeo\Downloads\FV_153_PL_1701.pdf 2017-01-18 13:58 - 2017-01-18 13:58 - 00063569 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-18_at_13.58.pdf 2017-01-18 13:08 - 2017-01-18 13:08 - 00328902 _____ C:\Users\Organeo\Downloads\FV_152_PL_1701.pdf 2017-01-18 12:33 - 2017-01-18 12:33 - 00328710 _____ C:\Users\Organeo\Downloads\FV_151_PL_1701.pdf 2017-01-18 11:32 - 2017-01-18 11:32 - 00329643 _____ C:\Users\Organeo\Downloads\FV_150_PL_1701.pdf 2017-01-18 11:23 - 2017-01-18 11:23 - 00330589 _____ C:\Users\Organeo\Downloads\FV_149_PL_1701.pdf 2017-01-18 10:57 - 2017-01-18 10:57 - 00329842 _____ C:\Users\Organeo\Downloads\FV_148_PL_1701.pdf 2017-01-17 17:29 - 2017-01-17 17:29 - 00329186 _____ C:\Users\Organeo\Downloads\FV_147_PL_1701.pdf 2017-01-17 17:28 - 2017-01-17 17:28 - 00063652 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-17_at_17.28.pdf 2017-01-17 15:50 - 2017-01-17 15:50 - 00069857 _____ C:\Users\Organeo\Downloads\dispatchbook-inpostbyiai_2017-01-17_15-50.pdf 2017-01-17 15:19 - 2017-01-17 15:19 - 00328905 _____ C:\Users\Organeo\Downloads\FV_146_PL_1701.pdf 2017-01-17 15:19 - 2017-01-17 15:19 - 00064053 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-17_at_15.19.pdf 2017-01-17 15:11 - 2017-01-17 15:11 - 00061188 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-17_at_15.11.pdf 2017-01-17 14:06 - 2017-01-17 14:06 - 00329184 _____ C:\Users\Organeo\Downloads\FV_144_PL_1701.pdf 2017-01-17 14:03 - 2017-01-17 14:03 - 00063610 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-17_at_14.03.pdf 2017-01-17 13:30 - 2017-01-17 13:30 - 00328953 _____ C:\Users\Organeo\Downloads\FV_143_PL_1701.pdf 2017-01-17 13:29 - 2017-01-17 13:29 - 00064497 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-17_at_13.29.pdf 2017-01-17 13:14 - 2017-01-17 13:14 - 00061210 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-17_at_13.14.pdf 2017-01-17 13:04 - 2017-01-17 13:04 - 00329453 _____ C:\Users\Organeo\Downloads\FV_142_PL_1701.pdf 2017-01-17 13:04 - 2017-01-17 13:04 - 00063452 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-17_at_13.04.pdf 2017-01-17 12:51 - 2017-01-17 12:51 - 00329284 _____ C:\Users\Organeo\Downloads\FV_141_PL_1701.pdf 2017-01-17 12:33 - 2017-01-17 12:33 - 00329436 _____ C:\Users\Organeo\Downloads\FV_140_PL_1701.pdf 2017-01-17 12:26 - 2017-01-17 12:26 - 00328956 _____ C:\Users\Organeo\Downloads\FV_139_PL_1701.pdf 2017-01-17 12:11 - 2017-01-17 12:11 - 00329115 _____ C:\Users\Organeo\Downloads\FV_138_PL_1701.pdf 2017-01-17 12:02 - 2017-01-17 12:02 - 00329762 _____ C:\Users\Organeo\Downloads\FV_137_PL_1701.pdf 2017-01-17 11:31 - 2017-01-17 11:31 - 00329331 _____ C:\Users\Organeo\Downloads\FV_136_PL_1701.pdf 2017-01-17 11:30 - 2017-01-17 11:30 - 00063581 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-17_at_11.30.pdf 2017-01-17 11:20 - 2017-01-17 11:20 - 00329518 _____ C:\Users\Organeo\Downloads\FV_135_PL_1701.pdf 2017-01-16 17:13 - 2017-01-16 17:13 - 00061269 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_17.13.pdf 2017-01-16 16:49 - 2017-01-16 16:49 - 00061260 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_16.49.pdf 2017-01-16 16:40 - 2017-01-16 16:40 - 00061248 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_16.40.pdf 2017-01-16 16:35 - 2017-01-16 16:35 - 00061189 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_16.35.pdf 2017-01-16 16:04 - 2017-01-16 16:04 - 00329342 _____ C:\Users\Organeo\Downloads\FV_132_PL_1701.pdf 2017-01-16 16:03 - 2017-01-16 16:03 - 00064162 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_16.03.pdf 2017-01-16 15:27 - 2017-01-16 15:27 - 00329898 _____ C:\Users\Organeo\Downloads\FV_131_PL_1701.pdf 2017-01-16 15:25 - 2017-01-16 15:25 - 00064082 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_15.25.pdf 2017-01-16 15:15 - 2017-01-16 15:15 - 00061591 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_15.15.pdf 2017-01-16 15:11 - 2017-01-16 15:11 - 00068022 _____ C:\Users\Organeo\Downloads\dispatchbook-dpd_2017-01-16_15-11.pdf 2017-01-16 14:45 - 2017-01-16 14:45 - 00061090 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_14.45.pdf 2017-01-16 14:16 - 2017-01-16 14:16 - 00061644 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_14.16.pdf 2017-01-16 14:06 - 2017-01-16 14:06 - 00061234 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_mgapska_on_2017-01-16_at_14.05.pdf 2017-01-16 13:43 - 2017-01-16 13:43 - 00328997 _____ C:\Users\Organeo\Downloads\FV_130_PL_1701.pdf 2017-01-16 13:27 - 2017-01-16 13:27 - 00329247 _____ C:\Users\Organeo\Downloads\FV_129_PL_1701.pdf 2017-01-16 13:18 - 2017-01-16 13:18 - 00328929 _____ C:\Users\Organeo\Downloads\FV_128_PL_1701.pdf 2017-01-16 13:10 - 2017-01-16 13:10 - 00329765 _____ C:\Users\Organeo\Downloads\FV_127_PL_1701.pdf 2017-01-16 11:16 - 2017-01-16 11:16 - 00328908 _____ C:\Users\Organeo\Downloads\FV_126_PL_1701.pdf 2017-01-16 11:09 - 2017-01-16 11:10 - 00329394 _____ C:\Users\Organeo\Downloads\FV_125_PL_1701.pdf 2017-01-16 10:57 - 2017-01-16 10:57 - 00329510 _____ C:\Users\Organeo\Downloads\FV_124_PL_1701.pdf 2017-01-16 10:38 - 2017-01-16 10:38 - 00330415 _____ C:\Users\Organeo\Downloads\FV_123_PL_1701.pdf 2017-01-16 10:17 - 2017-01-16 10:17 - 00328635 _____ C:\Users\Organeo\Downloads\FV_122_PL_1701.pdf 2017-01-13 15:29 - 2017-01-13 15:29 - 00074309 _____ C:\Users\Organeo\Downloads\dispatchbook-inpostbyiai_2017-01-13_15-29.pdf 2017-01-13 15:14 - 2017-01-13 15:14 - 00063518 _____ C:\Users\Organeo\Downloads\dispatchbook-dpd_2017-01-13_15-13.pdf 2017-01-13 14:30 - 2017-01-13 14:30 - 00329410 _____ C:\Users\Organeo\Downloads\FV_121_PL_1701.pdf 2017-01-13 14:29 - 2017-01-13 14:29 - 00064135 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_wswiatek_on_2017-01-13_at_14.29.pdf 2017-01-13 14:23 - 2017-01-13 14:23 - 00328695 _____ C:\Users\Organeo\Downloads\FV_120_PL_1701.pdf 2017-01-13 14:05 - 2017-01-13 14:05 - 00053643 _____ C:\Users\Organeo\Desktop\Szczegoly_operacji_2017-01-13_14-05-10.pdf 2017-01-13 13:23 - 2017-01-13 13:23 - 00061440 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_wswiatek_on_2017-01-13_at_13.23.pdf 2017-01-13 13:16 - 2017-01-13 13:16 - 00063960 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_wswiatek_on_2017-01-13_at_13.16.pdf 2017-01-13 13:15 - 2017-01-13 13:15 - 00328948 _____ C:\Users\Organeo\Downloads\FV_119_PL_1701.pdf 2017-01-13 13:08 - 2017-01-13 13:08 - 00064071 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_wswiatek_on_2017-01-13_at_13.08.pdf 2017-01-13 13:05 - 2017-01-13 13:06 - 00328945 _____ C:\Users\Organeo\Downloads\FV_118_PL_1701.pdf 2017-01-13 13:01 - 2017-01-13 13:01 - 00061283 _____ C:\Users\Organeo\Downloads\PP_address_labels_generated_by_wswiatek_on_2017-01-13_at_13.01.pdf 2017-01-13 12:43 - 2017-01-13 12:43 - 00329174 _____ C:\Users\Organeo\Downloads\FV_117_PL_1701.pdf 2017-01-13 12:32 - 2017-01-13 12:32 - 00329127 _____ C:\Users\Organeo\Downloads\FV_116_PL_1701.pdf 2017-01-13 12:26 - 2017-01-13 12:26 - 00328849 _____ C:\Users\Organeo\Downloads\FV_115_PL_1701.pdf 2017-01-13 12:08 - 2017-01-13 12:08 - 00329907 _____ C:\Users\Organeo\Downloads\FV_114_PL_1701.pdf 2017-01-13 10:57 - 2017-01-13 10:57 - 00329132 _____ C:\Users\Organeo\Downloads\FV_113_PL_1701.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-12 05:50 - 2015-10-24 12:00 - 00000000 ____D C:\Program Files\Easeware 2017-02-12 05:45 - 2016-09-28 09:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-12 05:30 - 2016-06-07 10:09 - 00000000 ____D C:\ProgramData\MFAData 2017-02-12 02:19 - 2016-10-07 08:30 - 00000000 ____D C:\Users\Public\Documents\AdobeGC 2017-02-12 02:01 - 2014-07-11 14:20 - 00000000 ____D C:\Users\Organeo\AppData\Local\Adobe 2017-02-12 01:58 - 2016-09-28 10:51 - 00003904 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-02-12 01:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-12 01:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-12 01:58 - 2014-01-15 11:42 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-02-11 22:52 - 2017-01-03 18:21 - 00000000 ___RD C:\Users\Organeo\Creative Cloud Files 2017-02-11 22:52 - 2016-01-07 10:29 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-02-11 22:42 - 2016-09-28 10:51 - 00003024 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Organeo) 2017-02-11 22:38 - 2016-09-28 10:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-11 22:38 - 2015-04-10 19:45 - 00000000 ____D C:\ProgramData\Ashampoo 2017-02-11 22:37 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-02-11 18:27 - 2016-09-28 10:51 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2017-02-11 17:30 - 2016-09-28 10:07 - 00000000 ____D C:\Users\Organeo 2017-02-11 17:29 - 2016-09-28 10:07 - 03145728 ____H C:\Users\Organeo\NTUSER.bak 2017-02-11 16:55 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2017-02-11 16:55 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-11 16:53 - 2016-08-11 10:02 - 00000000 ____D C:\Temp 2017-02-11 16:50 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-11 16:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-11 16:50 - 2015-10-24 11:29 - 00000000 ____D C:\Users\Organeo\AppData\Local\Packages 2017-02-11 01:07 - 2016-10-02 15:35 - 00000000 ____D C:\Users\Organeo\Desktop\cleaners 2017-02-10 17:36 - 2016-10-07 08:28 - 00000000 ____D C:\WINDOWS\Minidump 2017-02-09 12:17 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-08 17:49 - 2016-07-16 07:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM 2017-02-08 17:30 - 2013-09-22 14:20 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-08 17:07 - 2013-09-22 18:10 - 00000000 ____D C:\Users\Organeo\AppData\Roaming\Macromedia 2017-02-08 17:07 - 2013-09-22 14:18 - 00000000 ____D C:\Users\Organeo\AppData\Local\VirtualStore 2017-02-08 16:57 - 2015-11-09 09:58 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-20 13:32 - 2013-09-22 16:58 - 00000000 ____D C:\Users\Organeo\AppData\Roaming\SoftGrid Client 2017-01-13 13:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-13 13:13 - 2016-06-23 16:39 - 01427282 _____ C:\WINDOWS\ProcessedPackets.KTL 2017-01-13 13:13 - 2016-06-23 16:39 - 00579401 _____ C:\WINDOWS\Packet.KTL 2017-01-13 13:13 - 2016-06-23 16:39 - 00009999 _____ C:\WINDOWS\SentOSPackets.KTL 2017-01-13 13:13 - 2016-06-23 16:39 - 00000361 _____ C:\WINDOWS\NGIControl.KTL 2017-01-13 13:13 - 2015-11-13 13:51 - 00064418 _____ C:\WINDOWS\Control.KTL ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-02-04 13:22 - 2016-04-08 10:12 - 0000034 _____ () C:\Users\Organeo\AppData\Roaming\AdobeWLCMCache.dat 2015-01-08 17:58 - 2015-01-08 17:58 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-09-23 08:57 - 2015-01-22 11:39 - 0004993 _____ () C:\ProgramData\hpzinstall.log 2013-09-23 10:10 - 2013-09-23 10:17 - 0000293 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-02-10 20:41 ==================== Koniec FRST.txt ============================